Steven J. Vik
Incident Response / SOC Tier II Analyst • Seattle Area
40% faster IR • CJIS L4 • NIST 800-53

Renton, WA • Open to $100K+ Incident Response / SOC Tier II roles • Hybrid Seattle or secure remote

Incident Response, threat containment, and high-uptime SOC operations — not Tier I ticket clearing.

I run live incidents. I triage high-signal alerts, contain compromised endpoints, and protect regulated environments. I’ve driven a 40% faster response cycle across 3,000+ endpoints, kept 99.9% uptime, and handled 150+ security incidents per month using Splunk ES, SolarWinds, and custom Python/PowerShell automation. My background spans transit, law enforcement (CJIS L4), and DoD — so I’m comfortable operating where “we can’t go down” and “we can’t leak.”

See Experience Email LinkedIn Resume PDF

Who I am

Incident Response / SOC Tier II analyst with 5+ years in high-pressure, regulated, always-on environments. I specialize in that window between “we saw it” and “it’s contained.”

Experience across transit infrastructure, CJIS-governed law enforcement networks, and DoD DISA STIG–hardened systems. I move fast without breaking compliance — NIST 800-53, HIPAA, CJIS, STIG, IR playbooks, chain of custody.

Credentials that matter on day one

  • Security / Regulatory: CJIS Level 4 eligibility • HIPAA • NIST 800-53 • DISA STIG-hardened Windows environments
  • Core certs (active): CompTIA Security+, Network+, A+, ITIL Foundation, Linux Essentials, Google Cybersecurity Professional
  • Currently pursuing (2025): CCNA, CySA+, PenTest+, SSCP, CEH, Linux+
  • Degree (in progress): B.S. Cybersecurity & Information Assurance — Western Governors University Currently enrolled, expected completion Dec 2025
Security+ CySA+ (in progress) CCNA (in progress) CJIS L4 NIST 800-53 DISA STIG

What I Do

Incident Response

150+ incidents/month across 3,000+ endpoints. Malware, credential abuse, lateral movement attempts, and service outages. I don’t just escalate — I contain, document, and brief impact/next steps.

IR Playbooks Root Cause MTTR ↓40% Forensics Triage

Threat Detection & Automation

Built Splunk searches and Python/PowerShell workflows to reduce manual log review and false positives ~40%. Result: cleaner Tier I→II handoffs and faster containment.

Splunk ES LogRhythm PowerShell Python

Regulated Uptime Environments

Transit ops with 99.9% uptime targets. CJIS workloads for law enforcement. DoD Windows 10 hardened to DISA STIG. I operate where evidence, continuity, and audit trail matter.

99.9% Uptime CJIS HIPAA NIST 800-53

Leadership / SOC maturity

I’ve authored playbooks, tuned escalation paths, and mentored analysts on log analysis and regulated handling. Onboarding time for new analysts dropped ~25% after I standardized procedures and handoff criteria.

Tier I → Tier II Handoffs Escalation Criteria Runbooks Training

Recent roles (impact-first)

IT Operations Center Analyst — Sound Transit (Infojini Inc.)

Seattle, WA • Mar 2024 – Mar 2025

  • Cut incident response time ~40% across ~3,000 endpoints by automating alert validation, tightening escalation, and standardizing IR playbooks in Splunk ES.
  • Monitored, triaged, and contained 150+ security incidents/month (malware, credential abuse, outages) while maintaining ~99.9% uptime expectations.
  • Built Python/PowerShell log-correlation and reporting workflows that reduced manual review effort ~40% and raised signal quality for Tier II escalation.
  • Reworked ServiceNow workflows and wrote SOPs / playbooks, reducing new analyst onboarding time ~25% and improving documentation for audit (NIST 800-53, HIPAA).

Enterprise Technology Auditor — TES USA Inc. (Smart Source Inc.)

Tukwila, WA • Jul 2023 – Jan 2024

  • Audited AV / collaboration infrastructure across 20+ Amazon buildings, improving asset accuracy ~30% and supporting reliable conference / remote work capability.
  • Standardized documentation and asset tracking in high-usage shared spaces, shortening audit cycles and enabling faster remediation/upgrade planning.
  • Coordinated with internal teams to identify gaps in readiness, reconcile inventory, and reduce friction during buildouts and refreshes.

Cybersecurity / IT Consultant — Seattle University & City of Medina Police Dept. (Robert Half & TIG)

Hybrid • Mar 2020 – Mar 2021

  • Enabled secure remote access for 200+ users (including sworn law enforcement) under CJIS requirements during COVID without compromising evidence integrity.
  • Tuned SolarWinds monitoring and response workflows, improving SOC efficiency ~20% and stabilizing incident intake during surge remote operations.
  • Documented IR playbooks and escalation guidance for consistent response, defensible reporting, and team training.

IT Security Specialist — Joint Base Lewis-McChord (TEKsystems)

Tacoma, WA • Mar 2017 – Mar 2018

  • Hardened Windows 10 baselines to DISA STIG for 500+ DoD users, cutting unauthorized access incidents ~25% through improved configuration and access hygiene.
  • Ran threat hunting and vulnerability management in Splunk, improving overall security posture ~35% and escalating only validated findings with evidence trail.
  • Maintained 100% audit readiness through recurring security reviews aligned to federal standards, and trained junior specialists on STIG and compliance expectations.

Hands-On Proof

IR workflow & MTTR reduction

Built escalation / containment workflows and IR playbooks that cut mean time to respond by ~40%. Includes decision trees for isolation, comms, evidence capture, and post-incident lessons learned.

MTTR ↓40% Runbooks Tier II Escalation

Automation & dashboards

Wrote Python and PowerShell to correlate Splunk/SolarWinds data and filter noisy alerts. Cut repetitive manual review ~40%, increased signal quality, and gave leadership cleaner reporting.

Python PowerShell Splunk ES

Compliance sandbox

Built a Proxmox sandbox with Linux/Windows targets, logging into Grafana-style dashboards and simulated SOC handoffs. Used to train analysts on IR flow in NIST/CJIS-style environments without risking prod.

Proxmox Forensics Triage CJIS Mindset

GitHub / sample work

Selected tooling, runbook outlines, and lab notes are on GitHub. Redacted where needed to respect CJIS / HIPAA / STIG boundaries.

GitHub: github.com/stevenjvik

Let’s talk

I’m actively targeting Incident Response / SOC Tier II / Threat Analyst roles (~$100K+ base, Seattle-area hybrid or secure remote).

If you’re a hiring manager who needs someone who can take the handoff, stabilize the situation, and talk to leadership in plain English: that’s literally what I do.

Email: steven@stevenjvik.tech
LinkedIn: linkedin.com/in/stevenjvik
GitHub: github.com/stevenjvik
Resume PDF: Download

Referrals / contract-to-hire are absolutely welcome.

What to expect if we talk

I’ll walk you through:

  • How I cut IR time ~40% without blowing audit trails
  • How I separate noise vs. real incidents fast
  • How I brief leadership in 90 seconds, not 9 pages

I’ll also bring questions about your alert volume, on-call model, uptime expectations, and regulatory surface — because that’s what I’m walking into.