Tanmay Kumar

• Monitored and analyzed security alerts to proactively identify and mitigate cyber threats.
• Tuned SIEM detection rules, improving alert fidelity and reducing false positives.
• Enhanced SOC efficiency by optimizing threat intelligence and detection strategies.
• Conducted log analysis and threat hunting to detect potential security incidents.
• Collaborated with security teams to strengthen incident response and mitigation efforts.

• Pioneered the adoption of automation, leading to a notable 50% reduction in manual security tasks.
• Implemented a new SIEM (Security Information and Event Management) system which enhanced incident detection rates by 40%.
• Led incident response investigations, reducing response time by 24 hours.
• Performed log analysis using either Splunk or Anvilogic
• Executed IDS/IPS, SIEM, DLP and endpoint security solutions which led to a significant 79% decrease in malicious attacks.

Projects

• Cyber Security Awareness: Delivered presentations designed to inform and educate new employees about various cyber threats; increased their awareness and understanding of potential risks in the digital environment.
• Alert Creation: Executed Splunk to XOAR transition, crafting queries to flag malicious emails from KnowBe4; sent alerts to XOAR for playbook creation; developed playbooks to enhance response to phishing threats.
• Allow/Block USB via ServiceNow: Designed a comprehensive workflow in ServiceNow, featuring dynamic forms and scheduled scripts to regulate USB blocking and permissions using the CrowdStrike API.
• Look Alike Domain Detector: Created a tool to counter impersonation threats by identification of similar domains through utilization of the WHOIS API to gather domain details and the FuzzyWuzzy library for accurate string matching; achieved a significant reduction in impersonation risks by enabling the detection and alerting of potential threats.

• Implemented an extensive DLP (Data Loss Prevention) strategy which resulted in a 90% decrease in data leakage incidents
• Examined security incidents which led to a reduction in the time required to detect and respond to such incidents by 24 hours within the initial year
• Identified and probed security breaches, providing recommendations for remediation approaches in collaboration with leadership
• Conducted investigations into malicious phishing emails, domains, and IPs utilizing open-source tools & advised on appropriate blocking measures