Karanpreet Singh

SOC Analyst • Security Engineer • Malware Analysis • Windows Internals

I analyze malware and Windows drivers using static + dynamic techniques (IDA Pro, x64dbg, WinDbg, Ghidra), extract IOCs/persistence behaviors, and build C++/Python tooling to accelerate triage. I translate low-level findings into practical detection opportunities mapped to MITRE ATT&CK for SOC/endpoint teams.

View Projects Resume (PDF) LinkedIn GitHub Email

About

I’m a cybersecurity analyst focused on turning deep technical investigation into defensive outcomes. I work across malware analysis, reverse engineering, and Windows internals to identify suspicious behavior patterns and convert them into detection ideas, triage playbooks, and incident response notes.

My approach is SOC-driven: validate alerts, enrich with context, extract IOCs, map behaviors to MITRE ATT&CK, and document findings for fast escalation and remediation.

What I’m targeting: SOC Analyst (Tier 1/2), Detection Engineering, Security Engineer (blue team), Incident Response support roles.

Location: Phoenix, AZ (Remote Eligible)

Strengths: Malware triage • Windows internals • IOC extraction

Outputs: Write-ups • Detection notes • Tooling (C++/Python)

Focus: SOC workflows + defensive detection

Availability: Open to SOC/Security roles

Skills

SOC-ready skills and tooling aligned to incident response, detection, and endpoint security.

Core SOC Competencies

  • Alert triage • event correlation • escalation notes
  • IOC enrichment • timeline building • containment support
  • Threat intelligence usage • reporting • documentation
  • MITRE ATT&CK mapping • detection opportunity write-ups

Malware Analysis & Reverse Engineering

  • Static/dynamic analysis workflows (controlled lab)
  • IOC extraction: strings/imports/network indicators
  • Persistence behaviors & API abuse patterns
  • Write-ups that translate findings to detections

Windows Internals & Endpoint Research

  • PE/NT headers, memory protections, suspicious behaviors
  • Driver/IOCTL handler review concepts (lab research)
  • WinDbg debugging and investigation workflows

Tooling & Automation

  • C++ / Python for triage automation and reporting
  • Hashing, metadata extraction, CSV/JSON output
  • PowerShell for workflow automation

Security Tools

  • IDA Pro, Ghidra, x64dbg, WinDbg
  • Wireshark, Nmap, Process Hacker, PE tools
  • SIEM familiarity (e.g., Splunk)

Frameworks

  • MITRE ATT&CK (mapping behaviors to tactics/techniques)
  • Incident response process basics (containment → recovery)
  • Detection engineering mindset (signal → rule → validation)

Certifications: CompTia Security+, Google Cybersecurity Professional, CISSP (in progress...).

Projects

Projects focused on SOC relevance: triage automation, IOC extraction, and translating low-level analysis into detections. Replace links and screenshots with real ones as you publish.

Malware triage tooling project banner

Malware Triage Tooling (C++/Python)

Automated PE metadata parsing, imports/exports, strings, and cryptographic hashes (MD5/SHA-1/SHA-256), producing structured reports (CSV/JSON) for faster SOC triage and documentation.

C++PythonPEIOCsAutomation
Code Write-up
Detection engineering notes banner

Detection Notes (MITRE ATT&CK mapped)

Wrote SOC-ready detection notes based on observed malware behaviors: persistence, injection patterns, suspicious memory protections, and high-signal artifacts. Structured write-ups for escalation and rule creation.

DetectionMITREIRWrite-ups
Write-ups
Log analysis banner

Log Analysis & Alert Triage Practice

Built a structured workflow for alert triage: normalize events, enrich with context, identify suspicious sequences, and write clear incident notes.

SIEMTriageInvestigationReporting
Process

Experience

Security / Malware Analysis Experience
  • Performed static + dynamic analysis of malware and Windows binaries to extract IOCs, persistence behaviors, and suspicious patterns.
  • Built triage automation to standardize outputs (hashes, metadata, strings, imports) and speed investigation workflows.
  • Documented findings for SOC/endpoint teams: IOC sets, behavioral summaries, and detection opportunities mapped to MITRE ATT&CK.
  • Used debugging tools in controlled environments to trace runtime behavior and validate hypotheses.

Contact

The fastest way to reach me is email. I’m open to SOC Analyst and Security Engineer opportunities (remote or Phoenix-area).

Email → karanbedi6178@gmail.com LinkedIn → Karanpreet Singh GitHub → singhhdev

If you’re a recruiter: resume is available above, and I can walk through my triage tooling + analysis workflow live.