Amanpreet Singh Matharu

Operations Associate

London, England, United Kingdom5 yrs 10 mos experience
Most Likely To SwitchHighly Stable

Key Highlights

  • Expert in detection engineering and incident response.
  • Hands-on experience with SIEM tools like Splunk and Microsoft Sentinel.
  • Strong background in cybersecurity education and training.
Stackforce AI infers this person is a Cybersecurity professional with a focus on detection engineering and incident response.

Contact

LinkedIn

Skills

Core Skills

It Infrastructure ManagementIncident ResponseDetection EngineeringCybersecurity Education

Other Skills

Microsoft 365Endpoint ProtectionRemote MonitoringIncident InvestigationSecurity Best PracticesSplunkPythonHoneypotsIoT SecuritySIEMActive DirectoryThreat HuntingNetwork SecuritySecurity ControlsIncident Handling

About

I am a Cyber Security Infrastructure and Detection Engineer with hands-on experience across SOC operations, detection engineering, incident response, and secure infrastructure design. My background combines strong infrastructure fundamentals with advanced defensive security, allowing me to build controls that work reliably in real operational environments. My experience includes designing and operating SIEM-based detections using Microsoft Sentinel (KQL) and Splunk (SPL), working closely with SOC teams to investigate incidents, tune alerts, reduce false positives, and improve detection quality. I build detections aligned to MITRE ATT&CK, covering identity abuse, MFA fatigue, PowerShell misuse, ransomware indicators, suspicious authentication behaviour, and lateral movement. I have strong hands-on experience with endpoint and identity security, including Microsoft Defender XDR, Defender for Identity, Azure AD / Entra ID, MFA, Windows security logging, Sysmon, and endpoint encryption. I have implemented BitLocker via Group Policy and worked extensively with Active Directory design, naming standards, and GPO enforcement to enable scalable security controls. From an infrastructure perspective, I bring practical knowledge of TCP/IP, DNS, DHCP, VLANs, firewalls, VPNs, and traffic analysis using Wireshark. I have designed DNS security monitoring pipelines, including DNSSEC-enabled recursive resolution, secure log forwarding, and SIEM-based detection of malicious and anomalous domains. My early career included NOC and data centre operations, network rack builds, device configuration, and enterprise server migration support. Alongside industry work, I have delivered advanced cybersecurity teaching in SIEM operations, incident response, Active Directory attacks, threat hunting, and CTF-based defensive security. This experience strengthened my ability to document incidents clearly, communicate risk to non-technical stakeholders, and align technical controls with organisational needs. Overall, I bring infrastructure depth, SOC maturity, and strong ownership, and I am seeking a role where I can contribute immediately to security operations while continuing to grow as a detection-focused security engineer.

Experience

5 yrs 10 mos
Total Experience
2 yrs 11 mos
Average Tenure
4 yrs 1 mo
Current Experience

Guard iq

System Administrator

Feb 2026Present · 3 mos · London Area, United Kingdom · Remote

  • Responsible for managing and securing core IT infrastructure for client environments, focusing on endpoint protection, Microsoft 365 administration, and remote monitoring/management operations.
  • Key responsibilities include administration of Atera RMM, Microsoft 365, Exchange Online, Huntress EDR, and Odoo, ensuring reliable operations, endpoint security, and efficient support delivery.
  • Responsibilities and Achievements
  • Administer and maintain Microsoft 365 tenant services, including Exchange Online, identity management, mailbox administration, and security configurations.
  • Manage endpoint monitoring and remote management through Atera RMM, including device monitoring, patch management, and remote troubleshooting.
  • Support incident investigation and endpoint remediation based on Huntress alerts and security telemetry.
  • Maintain and administer Odoo ERP system, supporting internal operational workflows and user access management.
  • Implement security best practices across endpoints and user accounts including MFA, access control, and system hardening.
  • Provide remote technical support and infrastructure troubleshooting for client systems and cloud services.
  • Assist with system monitoring, alert triage, and security investigations across managed environments.
  • Collaborate with team members to improve operational visibility, endpoint security posture, and service reliability.
Microsoft 365Endpoint ProtectionRemote MonitoringIncident InvestigationSecurity Best PracticesIT Infrastructure Management+1

University of west london

Cyber Security Lecturer

Jan 2023Present · 3 yrs 4 mos · Ealing · On-site

  • Delivered hands-on SIEM, incident response, and Active Directory attack labs aligned to real SOC workflows.
  • Taught Windows Server, Active Directory, VLANs, routing, subnetting, VPNs, and cloud identity security.
  • Guided students through malware behavior labs, PowerShell investigations, identity attack simulations, and SOC alert analysis.
  • Provided practical training on Windows Event Logs, authentication flows, network monitoring, and foundational incident response processes.
  • Developed course materials covering threat hunting, MITRE ATT&CK, and security monitoring workflows.
SIEMIncident ResponseActive DirectoryThreat HuntingCybersecurity Education

Amorino ealing

General Manager

Apr 2022Present · 4 yrs 1 mo

Self-directed / independent

Cyber Security Detection Engineering — Independent Projects

Jan 2021Present · 5 yrs 4 mos · London Area, United Kingdom · On-site

  • Hands-on detection engineering and SOC-focused security projects designed to mirror real-world enterprise security operations and incident response workflows.
  • Key work and contributions:
  • Designed and implemented a cyber-physical SOC prototype, integrating real-world sensor telemetry (motion, vibration/tamper, temperature & humidity) into Splunk SIEM.
  • Built an end-to-end telemetry pipeline using Raspberry Pi, Python, JSON normalization, and Splunk Universal Forwarders.
  • Developed SOC dashboards, SPL-based detections, and time-window correlation logic to identify multi-signal physical intrusion scenarios.
  • Implemented automated incident creation, severity assignment, and lifecycle-style incident tracking to simulate real SOC workflows.
  • Deployed and analysed an SSH honeypot (Cowrie), ingesting attacker interaction logs into Splunk to study real adversary behaviour and authentication patterns.
  • Focused on detection tuning, false-positive reduction, and operational relevance rather than lab-style demonstrations.
  • Documenting the work as a formal technical report, positioning it as a foundation for advanced research in cyber-physical security systems.
  • Technologies:
  • Splunk (SPL), Python, Linux, SIEM, Detection Engineering, Incident Response, Raspberry Pi, Honeypots, IoT Security
SplunkPythonDetection EngineeringIncident ResponseHoneypots

Nagarro

Information Technology Analyst

Jun 2018Mar 2020 · 1 yr 9 mos · India · Hybrid

  • Supported enterprise Windows, Linux, Active Directory, and network environments with a strong focus on security controls and incident handling.
  • Managed Active Directory users, permissions, and Group Policies, improving identity and access security.
  • Configured DNS, DHCP, VPN, and firewall rules supporting secure network operations.
  • Performed security patching, antivirus management, encryption policy enforcement, and compliance checks.
  • Used Wireshark and system monitoring tools to diagnose network anomalies and security events.
  • Supported internal audits and implemented control improvements aligned with corporate security requirements.
Active DirectoryNetwork SecuritySecurity ControlsIncident HandlingIT Infrastructure ManagementIncident Response

Education

University of West London

Master's degree — Cyber Security

Feb 2021Jul 2022

Jetking

Master's degree — Computer Systems Networking and Telecommunications

Jun 2017Jan 2018

Guru Nanak Dev University

Bachelor's degree — Information Technology

Jan 2014Feb 2017

Stackforce found 100+ more professionals with It Infrastructure Management & Incident Response

Explore similar profiles based on matching skills and experience

Jonathan Lin

Jonathan Lin

Security Engineering Tech Lead - SecOps

at Alchemy

Los Angeles, United States11 yrs 6 mos exp
CybersecuritySecurity
Prajna Nayak

Prajna Nayak

Lead - Cyber Defense (AVP)

at IDFC FIRST Bank

Mumbai, India11 yrs 4 mos exp
Cloud SecuritySecurity Operations
RK S.

RK S.

Lead Security Engineer

at Salesforce

Hyderabad, India9 yrs 8 mos exp
Cyber Security Incident Investigation
Shiva Gupta

Shiva Gupta

Desktop Support Engineer

at QX Global Group

Meerut, India2 yrs 3 mos exp
IT Service ManagementIncident ManagementNetwork EngineeringWindows Desktop Administration
Ayush Bhat

Ayush Bhat

Associate Cyber Security Engineer

at KPMG

Gurugram, India2 yrs 9 mos exp
CybersecurityIncident ManagementIT GRC
Sundeep Singh

Sundeep Singh

Information Security India Lead

at WiseTech Global

Bengaluru, India13 yrs 4 mos exp
Incident ResponseThreat HuntingService DeliveryVulnerability ManagementCyber Operations
Jonathan Johnson

Jonathan Johnson

Founder

at Johnson Security Research LLC

United States10 yrs 8 mos exp
ConsultingWindows Internals
Nitesh Surana

Nitesh Surana

Sr. Engineer - Threat Research

at Trend Micro

Bengaluru, India6 yrs 8 mos exp
Cloud SecurityCybersecurityThreat Research