SOC Analyst with 4+ years of cybersecurity experience in federal contracting. Specialized in threat hunting, alert triage, incident response, and security engineering. Building cloud security engineering capabilities through hands-on multi-cloud implementations, purple team operations, and Infrastructure as Code automation.

Current Focus: CISSP certification preparation (Exam: September 2026) integrated with practical lab implementations
Education: M.S. Cybersecurity Technology - UMGC
Certifications: Security+ CE, CISSP (In Progress)
Location: DMV Area

SOC Analyst - Federal Contractor (Current)

• Threat hunting and incident response in AWS cloud environments
• Enterprise security tool operations: Splunk, CrowdStrike, Tenable, Zscaler
• ISO27001:2022 compliance program leadership
• Security alert triage and investigation

Security Analyst - Federal Contractor

• Security engineering projects: Terraform automation, AWS IAM architecture
• Jenkins CI/CD pipeline security implementation
• ISO27001 compliance framework implementation

4+ years of cybersecurity experience in federal contracting

AWS IAM, Azure AD/RBAC, CloudTrail, Azure Activity Logs, IAM Access Analyzer, Security Groups, NSGs

Terraform (AWS & Azure multi-cloud implementations)

Threat Hunting, Incident Response, Alert Triage, Detection Engineering, SIEM Rule Development

Wazuh, Graylog, OpenSearch, Splunk, CrowdStrike Falcon, Tenable, Zscaler

Kali Linux, Metasploit, Nmap, Wireshark, Docker, Unraid

ISO27001:2022, NIST Cybersecurity Framework, CIS Benchmarks, MITRE ATT&CK

Multi-cloud security engineering portfolio demonstrating IAM architecture, least-privilege design, and Infrastructure as Code automation

Production-quality cloud security implementations across AWS and Azure, built entirely with Terraform.

Completed Implementations:

• ✅ Account Security Baselines: CloudTrail/Activity Log configuration, MFA enforcement, budget monitoring
• ✅ Custom IAM Policies: Least-privilege security auditor roles with granular permission boundaries
• ✅ IAM Access Analyzer: External access detection and privilege escalation monitoring
• ✅ MFA-Enforced Role Assumption: Tested temporary credential workflows and session policies
• ✅ AWS vs Azure IAM Comparison: Comprehensive architectural analysis of identity management approaches

Planned Enhancements (Post-CISSP September 2026):

• 📋 GuardDuty & Microsoft Sentinel threat detection deployment
• 📋 Network security architectures (VPC/VNet with security group design)
• 📋 Purple team cloud attack/defense scenarios (IAM privilege escalation, lateral movement)

Tech Stack: Terraform, AWS IAM/CloudTrail, Azure AD/RBAC/Activity Logs, Python

View Repository → | AWS vs Azure IAM Analysis →

MITRE ATT&CK-mapped security testing environment demonstrating offensive and defensive security capabilities

Production-grade purple team infrastructure built on Unraid, showcasing detection engineering and attack simulation expertise.

Architecture:

• Attack Platform: Kali Linux (Raspberry Pi 4), Metasploitable 3, DVWA
• Detection Stack: Wazuh SIEM, Graylog, OpenSearch, MongoDB
• Methodology: MITRE ATT&CK technique mapping with custom detection rules
• Coverage: 20+ techniques across Initial Access, Privilege Escalation, Credential Access, Lateral Movement

Key Implementations:

• Custom Wazuh detection rules for container escape (T1611), credential theft (T1552), privilege escalation (T1548)
• Automated vulnerable environment deployment with Bash scripting
• Attack scenario documentation with detection validation
• Network protocol security analysis (SSH, FTP, NFS, SMB, Docker API)

Planned Additions (CISSP Study Integration):

• 📋 Network detection layer (Suricata) for SMB/RPC enumeration gaps
• 📋 Cryptographic implementations (TLS for Docker API, encrypted credentials)
• 📋 Formal penetration test report demonstrating assessment methodology

View Repository → | Blog →

Personal blog at gregqlewis.com exploring the intersection of faith and technology in cybersecurity.

First technical post coming Q2 2026 - documenting CISSP study methodology with hands-on lab implementations.

Exam Date: September 2026
Study Approach: Integrating Sybex Official Study Guide with hands-on purple team lab exercises to reinforce security architecture, cryptography, IAM, and network security concepts.

Building production-quality cloud security implementations to support future Cloud Security Engineer progression within federal healthcare sector.

• Purple Team Lab: MITRE ATT&CK technique coverage expansion
• Cloud Security Labs: IAM architecture and least-privilege design refinement
• CISSP study integration with practical lab scenarios

Focus: Building from SOC operations to Cloud Security Engineering through practical implementations, purple team methodologies, and CISSP certification.

Current: SOC Analyst (4+ years cybersecurity experience)
2026-2027: CISSP Certification + Cloud Security Portfolio Development
Target: Cloud Security Engineer role in federal sector

• GitHub: @gregqlewis
• LinkedIn: linkedin.com/in/gregqlewis
• Blog: gregqlewis.com
• Email: greg@gregqlewis.com

Building in public - documenting the journey from SOC operations to Cloud Security Engineering with faith and intentionality.