HARPINDER SINGH

• Administered, tuned, and configured the Splunk App for Enterprise Security (ES), customizing correlation searches, Incident Review, Mission Control, and notable events—reducing false positives by 55% and improving alert triage efficiency.
• Integrated application, server, network, and cloud logs into Splunk with CIM compliance, enabling consistent correlation across data types and supporting faster root-cause analysis by Tier 1 and 2 SOC analysts.
• Deployed CI/CD pipelines using Jenkins to automate provisioning of AWS Lambda functions and SQS queues for ingesting CloudTrail and S3 logs into Splunk—cutting manual setup time by 75% and improving consistency in cloud data ingestion.
• Used Terraform to deploy Azure Event Hubs, successfully onboarding critical Azure logs into Splunk and increasing cloud visibility across the SOC team by 50%.
• Maintained and upgraded log collection and forwarding servers, which improved data reliability and helped reduce log loss incidents by over 90%.
• Played a key role in onboarding over numerous data sources, ensuring comprehensive security monitoring and meeting regulatory and audit compliance requirements.
• Collaborated with the SOC team to develop and refine detection rules for critical cloud security events, leading to a 25% faster detection rate and enabling real-time alerting on high-impact incidents.
• Automated the creation and enrichment of lookups and watchlist using Python, enabling correlation of activity with high-value assets and risky entities, resulting in proactive threat detection and prioritization of security incidents.
• Wrote advanced SPL queries, reports, and dashboards for threat hunting and compliance reporting—accelerating investigations and cutting average response time by 30%.

Worked with Government Clients and External SOC Teams

• Monitored and investigated security events to identify true positives and potential intrusions, including DDoS attacks, malware outbreaks, unauthorized access attempts, and alerts from tools like FireEye and Sourcefire.
• Investigated and triaged security incidents in coordination with the Incident Response Team—reduced false positives by 30% and helped accelerate time-to-containment of verified threats.
• Provided detailed security log analysis and supported evidence collection for incident investigations, collaborating with cross-functional teams and external SOCs to ensure accurate threat assessments.
• Delivered daily and weekly security reports to multiple clients, highlighting incident trends, ongoing threats, and remediation efforts—enhanced client visibility into their threat landscape and improved overall communication and trust.
• Led regular client meetings to present findings, discuss critical security events, and recommend improvements to defensive posture—strengthened client relationships and improved responsiveness to threats.
• Worked closely with external client SOC teams to maintain real-time situational awareness of emerging threats and defense actions, contributing to a 25% reduction in incident response time.

• Responsible for weekly reports in analyzing Nexpose vulnerabilities scans on workstation and server to reduce overall risk score. Build relationship and collaborated with responsible individuals. Tracked and followed up to make sure vulnerabilities were patched.
• Tested Carlyle's AWS Incident Response Plan and provided feedback to make the playbook easier to follow for Security Operations Team.
• Worked with Security Engineers to identity 'Unknown' nodes for analysis and configuration for Cisco ISE NAC. This gave me the opportunity to learn more about NAC solutions and I was able to help the security team complete their project.
• Identified services using default username and password, reaching out to key individuals to change those default credentials for services.