AJT icon mark Aaron Johnson Tech — Security Operations, Detection Engineering, AI Security

Aaron Johnson Tech / AJT

Security operations proof for teams that need cleaner triage, stronger detections, and faster response.

I build practical security workflows that turn noisy alerts, lab telemetry, and analyst notes into clear investigations, tuned detections, and repeatable response playbooks.

Security Operations Detection Engineering Incident Response AI-Assisted SOC Workflows Remote preferred • Las Vegas, NV
Portrait of Aaron Johnson
StatusOpen to SOC / MDR / Detection roles
FocusSIEM, triage, response, tuning
AI layerPrivate RAG + SecAI+ workflows
BSCSIA

B.S. Cybersecurity & Information Assurance, WGU

SecAI+

AI security credential layered onto SOC and detection work

HSOC

Cyber apprenticeship with lab, team, and purple-team leadership

5 yrs

Cybersecurity experience across operations, labs, and documented projects

Proof, not claims

Every major claim is backed by a project artifact.

The site is built as a recruiter-ready evidence trail: what I can do, where I proved it, and why it matters in a real SOC or detection workflow.

SIEM monitoring

Wazuh lab showing telemetry flow, alert review, custom rule logic, and threat-hunting validation.

Detection tuning

Custom detection work with MITRE ATT&CK mapping and a focus on reducing noisy alerts.

Secure access

Linux hardening baseline with SSH key-only access, UFW default-deny, validation, and rollback planning.

AI-assisted SOC

Private RAG stack for local SOC notes using Ollama, OpenWebUI, Qdrant, Docker Compose, and FastAPI.

Hiring alignment

What I bring to a security team.

Read the full story →
Hiring needPortfolio evidence
SOC alert triageWazuh alert review, threat-hunting workflow, investigation documentation
Detection engineeringCustom rule logic, validation steps, MITRE ATT&CK coverage mapping
Incident response supportPhishing workflow, evidence handling, escalation logic, repeatable playbooks
System hardeningLinux secure access baseline, firewall validation, SSH control implementation
AI security workflowsPrivate RAG stack, local model tooling, privacy-aware retrieval design
Leadership and processHSOC lab leadership plus operations leadership background

Featured case studies

Project proof mapped to SOC, detection, and AI-security work.

See all projects →
Linux hardening project thumbnail
Hardening and recovery

Linux secure access baseline

SSH key-only authentication, UFW default-deny, root-login reduction, validation, logging, and rollback planning.

View case study →
Wazuh detection lab dashboard thumbnail
Detection engineering

Wazuh SSH brute-force detection

Controlled SSH activity converted into Windows telemetry, Wazuh rule logic, and threat-hunting review.

View case study →
Private RAG SOC notes architecture thumbnail
AI-assisted SOC

Private RAG stack for SOC notes

Local AI-assisted SOC knowledge retrieval using Ollama, OpenWebUI, Qdrant, Docker Compose, and FastAPI.

View case study →

Tool stack

Practical tooling, not buzzwords.

The portfolio emphasizes tools that show up in security operations work: logs, rules, endpoints, Linux, playbooks, and workflow automation.

WazuhSplunkMicrosoft DefenderMITRE ATT&CKLinuxUFWSSHWiresharkDockerOllamaQdrantOpenWebUIFastAPIPythonPowerShellBash

Career story

Operations discipline applied to security work.

My background combines high-pressure operations leadership with an HSOC Cyber apprenticeship, a cybersecurity degree, security certifications, and hands-on labs. The result is a security-operations profile built around process, documentation, escalation, and measurable improvement.

More about AJT

Hiring packet

A faster path for recruiters.

This one-page recruiter packet pulls together role fit, certifications, resume, proof matrix, interview angles, and contact paths.

Next step

Recruiters and hiring teams: let’s connect.

Targeting remote SOC, MDR, Detection Analyst, and Incident Response roles where SIEM tuning, phishing defense, documentation, and AI-assisted workflows matter.

Playbook library

Security operations playbooks

A dedicated playbooks page now shows how I document investigations, escalation logic, evidence, validation, rollback, and AI-assisted guardrails.

View playbooks →

Recruiter packet

One-page hiring brief

A fast PDF summary for recruiters and hiring managers who need target roles, certifications, project proof, and contact links in one page.