Aman Singh
Senior Endpoint Security and SOC Analyst
About
Senior Endpoint Security and SOC Analyst with over 2 years of hands-on experience in deploying, configuring, and managing enterprise EDR and SIEM platforms across Windows and Linux environments. Experienced in real-time alert triage, advanced threat detection, telemetry analysis, and root cause investigation aligned with the MITRE ATT&CK framework. Skilled in endpoint forensic analysis, Windows Defender Application Control (WDAC) policy implementation and tuning, detection engineering, proactive threat hunting using KQL, and maintaining high endpoint compliance across large-scale enterprise infrastructures.
Skills & Expertise (27)
Work Experience
Senior Analyst
HCLTech
Dec 2023 - Present
Deployed, configured, and maintained enterprise EDR solutions including Microsoft Defender for Endpoint, Trend Micro, Symantec, SentinelOne, and CrowdStrike across 900+ Windows and Linux endpoints, ensuring real-time threat visibility and telemetry collection. Investigated and triaged 30–40 daily security alerts in Google SecOps SIEM, analyzing authentication and audit telemetry to identify malicious activity, validate indicators of compromise, and support rapid incident containment. Developed and tuned detection use cases in Google SecOps and Microsoft Defender for Endpoint by analyzing attack patterns and telemetry, improving threat detection accuracy across enterprise endpoints. Implemented Windows Defender Application Control (WDAC) policies using digital signatures and file hash rules, enforcing application allow-listing and significantly reducing unauthorized software execution. Conducted in-depth endpoint investigations including IOC validation through threat intelligence enrichment, attack timeline reconstruction, parent-child process chain analysis, suspicious command-line and process behavior review, and MITRE ATT&CK technique mapping. Led resolution of priority security incidents via ServiceNow, 4me, and Service Exchange, ensuring 95%+ SLA adherence by diagnosing and remediating EDR agent failures, high CPU/memory utilization, and endpoint performance risks. Investigated phishing incidents by analyzing email headers, URLs, and attachment indicators, providing mitigation guidance and support coordinated containment efforts. Optimized endpoint detection policies and exclusions, improving alert quality and reducing false positives by approximately 25-35% across enterprise endpoints. Utilized Microsoft Defender Advanced Hunting (KQL) to detect anomalies, investigate suspicious activity, and support proactive threat hunting. Maintained 97-100% AV/EDR compliance through continuous agent health checks, audits, and endpoint onboarding via Microsoft Intune, while resolving performance issues without impacting security posture and delivering Monthly Security Operations Reports (MSOR).
Education
B. Tech – Computer Science & Engineering - GLA University
2019 - 2023 · Afghanistan
