Tanmay Bharambe

• Coordinating and conducting event collection, log management, event management, compliance automation, and identity monitoring activities using SIEM.
• Create innovative solutions to automate and reduce timeframes for operational changes as well as initial installation of the platform.
• Assess security and business risk associated with a security incident and coordinate containment, eradication, recovery, investigation and response measures.

• Coordinating and conducting event collection, log management, event management, compliance automation, and identity monitoring activities using the Arc-Sight ESM Arc-Sight Smart Connector & Arc-Sight logger
• Performs all administration, management, configuration, testing, and integration tasks related to the Arc-Sight ESM and associated platforms to include content creation, maintenance, and administration tasks.
• Create and develops correlation and detection rules within ArcSight to support alerting capabilities within the Threat Management Center.
• Analyze security events to identify attacker patterns and compare them with MITRE TTPs.
• Use MITRE ATT&CK to guide incident triage and step-by-step investigation paths.

• Identify suspicious activities such as brute-force attacks, malware infections, unauthorized access, privilege escalation, and anomalous network behavior.

• Ensure continuous log ingestion and health monitoring of SIEM components.

• Work with SOC tools such as SIEM, EDR, IDS/IPS, Firewalls, DLP, and SOAR.

• Ensure alert handling and incident response activities comply with organizational policies and regulatory requirements.

• Monitor cloud environments (AWS, Azure, GCP) using SIEM, CSPM, CWPP, and native cloud security tools.

• Investigate misconfigurations, compromised credentials, exposed resources, and network anomalies.

• Support L2/L3 teams during cloud-related incidents such as ransomware, account compromise, or lateral movement.

• Identify open ports, misconfigured ACLs, and suspicious inbound/outbound connections.

• Track patching and remediation activities in coordination with DevOps/Infra teams.

• Review and validate vulnerability scan results for servers, endpoints, and applications.

• Conduct initial triage of security incidents and escalate to senior analysts when necessary.

• Perform real-time analysis of security events to identify malicious activity or policy violations.

• Analyze logs from servers, applications, network devices, and cloud resources.

• Provide Level 1/Level 2 support for desktops, laptops, printers, and peripherals.

• Respond to support tickets, calls, and walk-in requests in a timely manner.

• Install, configure, and update operating systems, applications, and security patches.

• Deploy new desktops/laptops, configure user profiles, and migrate data.