Harnoor Singh Chani

Toronto,Canada

Summary

Cybersecurity expert with extensive experience in security and network operations across diverse sectors, including healthcare and financial services. Proficient in XDR/EDR, SOAR, SIEM, email security, and ZTNA technologies, with a focus on vulnerability management and risk reduction. Demonstrated ability to implement advanced security solutions, enhancing data protection and infrastructure resilience. Recognized for analytical skills and problem-solving capabilities in threat mitigation and cyber incident response.

Overview

years of professional experience

Work History

Senior Cybersecurity Engineer

Equitable Bank

Toronto, Canada

05.2022 - Current

Delivered detailed cyber-risk posture reports to CISO/Director of Cybersecurity, leading continuous improvement roadmap, while adhering with HIPAA/PII & ISO 27001/27002 and CIS controls
Primary contact for Tier-5/Tier-6 escalations and presented major changes to Change Advisory Board (CAB) with detailed design and implementation plans while documenting records in JIRA & SNOW
Provided leadership on migration projects to transition compliance policies from Group Policies (GPO), Config Manager (SCCM) & JAMF to Intune MDM & MDE, streamlining unified endpoint management
Audited and Optimized Defender for Endpoints (EDR/XDR), by working on recommendations, testing and implementing new security features thus improving secure score from 58.8% to 80.9%
Attained full endpoint coverage by implementing Security Baselines, and deploying Cloud Security Posture Management (CSPM) ensuring unified security across both On-prem and Cloud Assets
Strengthened SOC operations by integrating Defender XDR with Sentinel SIEM, enabling unified incident analysis, KQL threat hunting capabilities, and improved SOAR Logic App rules based on defined use cases
Collaborated with Vulnerability team to transition from Tenable Nessus to Defender Vulnerability Assessment Solution (MDVM), and later transitioning to Qualys BYOL solution
Enhanced health checks solution by deploying Azure Monitoring Agent (AMA), integrating data connectors to ingest logs to Syslog server and configuring downtime alerts using Log Analytics
Maintained enterprise network & web security by deploying firewall rules using Checkpoint, Akamai & FortiGate and micro-segmentation frameworks using Zscaler & Illumio
Oversaw anti-phishing defense using Exchange Admin transport rules, optimizing Darktrace AI behavioral models/recipes and administering tenant Spam allow/block policies in Defender
Analyzed risk assessment and sandbox reports to identify and block malicious IOCs (IPs, domains, certificates, file hashes) and deployed FIM across servers to maintain file and registry integrity
Reviewed and improved technical training material, escalation workflow and change management procedures to enhance operations, cost and drive continuous process improvement

Senior Security Analyst

Connexall

North York, Canada

01.2018 - 04.2022

Managed IaaS and SaaS security services supporting Connexall clinical systems across major hospital networks in the US (65%), Canada (30%), and Portugal (5%)
Performed preventive maintenance and upgraded systems to improve network, data availability and integrity using the Microsoft SCCM application
Unified ZTNA by deploying firewall rules using SonicWall, Palo-Alto, Zscaler and implemented endpoint security baselines controls
Onboarded/offboarded devices to defender for Anti-virus real-time protection, audited & deployed ASR rules, network and web protection
Leveraged SSIS & SSRS and MS Power BI services to reduce the archive load on database server by 60% and run SQL queries to mass DB updates
Scheduled Server/VM backups and database backups, performed disaster recovery during system failure or corruption of DB tables, and analyzed potential failures using MTBF and MTTR techniques
Collaborated with IT, cloud, network, risk and vulnerability teams to align security operations with organizational goals, and engaged with external vendors to optimize tooling and support escalations
Monitored & Analyzed Server/Event Logs using SIEM Splunk, performing threat hunting for suspicious identities and behavior anomalies
Recommended Load Balancer to manage the heavy traffic for hospitals like Trinity Health, ProMedica, UTAH thus attaining 100% uptime and availability
Conducted Security System Audits & Health Checks using NAC to monitor performance, patch vulnerabilities (MITRE Attack) & perform threat hunting to maintain optimal system performance
Achieved 95% success rate on projects, by meeting deadlines and keeping ISO 27001, HIPAA & NIST SP-800-53 regulatory framework in consideration

SOC Analyst L2 (Internship)

Ecobee

Toronto, Canada

09.2017 - 01.2018

IT Administrator (Internship)

Transcom

Barrie, Canada

09.2016 - 05.2017

Education

Associate Degree - Computer Science

Georgian College

Barrie, ON

12.2017

Skills

SIEM & SOAR: Azure Sentinel, Splunk, LogRhythm, Sentinel SOAR (Logic Apps)
Cloud & Infrastructure: Azure, GCP, Azure AD, Defender for Cloud (CSPM)
Email Security: Exchange Admin, Darktrace, Defender
XDR/EDR: Defender for Endpoint, CrowdStrike
Identity & Access Management: Microsoft ENTRA ID, Defender for Identity, Darktrace Identity, Okta, DUO
Encryption/Cryptography: Azure Key Vault, HashiCorp Vault, Google Cloud KMS, File Integrity Monitoring (FIM), Fortanix

Vulnerability Management: Defender Vulnerability Assessment Solution (MDVM), Tenable Nessus, Qualys, CrowdStrike Falcon
NGFW/WAF & Zero Trust Security (ZTNA): ZPA/ZIA/ZDX, Illumio (CDR), Checkpoint, FortiGate, Palo Alto, SonicWall, Akamai
Endpoint Management & Compliance Tools: Microsoft Intune, SCCM/Config Manager, Group Policy (GPO), SCOM, Security Baselines, JAMF, Nerdio
KPI: Microsoft Power BI, Darktrace Metrics, Defender Reports
Scripting: PowerShell, Bash, KQL, SQL
Compliance Frameworks: PCI-DSS, HIPAA, NIST SP 800-53, ISO/IEC 27001, CIS Controls, PII

Qualifications And Certifications

Microsoft Certified: Security Operations Analyst Associate SC-200
Microsoft Certified: Cybersecurity Architect Expert SC-100
Microsoft Certified: Azure Security Engineer Associate AZ-500

Timeline