SUMMARY:

• Overall 6+ years of experience in Information Technology field with 4 year experience in Splunk Developer/Admin, Enterprise Security ES.
• Experience in Splunk developing dashboards, forms, SPL searches, reports and views, administration, upgrading, alert scheduling, KPIs, Visualization Add - Ons and Splunk infrastructure.
• Machine learning experience and Experience deploying and managing infrastructure on public clouds such as AWS.
• Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app, Triage events, Incident Analysis.
• Experience in Splunk ITSI Module and exposure to Splunk apps integration
• Assisting users to customize and configure Splunk in order to meet their requirements.
• Perform implementation of security and compliance-based use cases. Performing maintenance and optimization of existing Splunk deployments.
• Experience in operating and monitoring AWS instances. Experience with Splunk Enterprise Security (Splunk ES).
• Experience in dashboards and reports performance optimization. Working knowledge of scripting languages (e.g. Python, bash, etc.). Excellent knowledge of TCP/IP networking, and inter-networking technologies (routing/switching, proxy, firewall, load balancing etc.)
• Customized and created rules and signatures for IDS/IPS to meet emerging vulnerabilities and provide enhanced detection capabilities.
• Worked on Splunk search processing language, Splunk dashboards and Splunk dbconnect app.
• Train and mentor for team towards solution development and POC, KPI, Metrics Monitoring execution in SPLUNK
• Install, configure, and troubleshoot Splunk. Use Splunk to collect and index log data.
• Developed Splunk Infrastructure on Cloud (Amazon AWS) in coordination with infrastructure Support Teams
• Experience with regular expressions and using regular expressions for data retrieval.
• Developed specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflow
• Supports, Monitors and manages the SIEM environment. Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app, Triage events, Incident Analysis.
• Developed Splunk Objects and reports on Security baseline violations, Non-authenticated connections, Brute force attcaks and many usecases. Integration of Splunk with a wide variety of legacy ad security data sources that use various protocols.
• Installation and configuration of Splunk apps to onboard security data sources into Splunk
• Experience creating and maintaining Splunk reports, dashboards, forms, visualizations, alerts.
• Strong knowledge of Windows, Linux, and UNIX operating systems.
• Manage and support change in the environment. Experience of working on a very large enterprise environment
• Splunk SPL (Search Processing Language) and Dashboarding/Visualization. Setup dashboards for network device logs.
• Excellent knowledge of SNMP and syslog. Developed several Splunk POCs, KPIs.
• Design solutions and concepts for data aggregation and visualization. Splunk deployment, configuration and maintenance across a variety of UNIX and Windows platforms. Able to troubleshoot Splunk server problems and issues.
• Administering Splunk and Splunk; Integrating Splunk with a wide variety of legacy data sources and industry leading commercial security and other tools.
• Experience with Splunk configuration that involves different web application and batch, and creation of Saved search and summary search, summary indexes.
• Good command in writing Splunk searches; Splunk Infrastructure and Development expert well-versed with Splunk architecture and design.410
• Risk and Threat Analysis. IT security monitoring and analysis, vulnerability analysis by using Guardium, QRadar, Idenfense, wildfire, Sourcefire, fireeye.

TECHNICAL SKILLS:

Splunk 7.x, Splunk 6.x Dashboard Examples, Sideview utils, Data Models, Splunk Pivots, Server management, Dashboards, Search processing language (SPL), Field extraction, REGEX, REX, BMC, UNIX, AIX, RED HAT LINUX, PYTHON, Windows 2010/2003/2000 , MSWORD, Powerpoint, Excel, Access, Outlook, CLI, XML, HTML, Informatica (Power Center), SAS, Hadoop, Linix Shell Script, Visual Basic, TOAD, SQL* Loader, UNIX, Linux, Server Monitoring, BMC, Remedy, dbconnect, ITSI, Enterprise Security, AWS.

PROFESSIONAL EXPERIENCE:

Confidential - Dublin, OH

Splunk Admin / Developer

Responsibilities:

• Configurations with deployment server, indexers, search heads, serverclass.conf, server.conf, apps.conf, props.conf, transform.conf, forwarder management configurations.
• Built Analytics for Workflow logs and Session logs of informatica on Job Failures, errors, stats.
• Created and triggered various dropdowns and drilldowns by using Splunk static Lookups.
• Monitor the applications and server infrastructure for optimization, performance and Utilization metrics.
• Experience in developing dashboards and customizing them.
• Implemented various visualization Add-ons to the developed dashboards
• Supporting migration from Splunk On Premise data center to Amazon AWS
• Launching, Configuring, Supporting large scale instances on AWS
• Normalized Log Data to CIM (Common Information Model) as required by Splunk ES (Enterprise Security) to meet the provided security use cases (Rules/Alerts)
• Built KPIs and other Splunk Objects on Hardware Utilization of various technologies like Informatica, Goldengate, and SAS Fraud Framework, Teradata, Hadoop, Microstrategy and A&C servers.
• Developed and customize complex search queries, and promote advanced searching, forensics and analytics
• Created Splunk dashboards, data models, reports and applications, indexing, tagging and field extraction in Splunk
• Constructed Splunk knowledge objects (e.g. fields, lookups, macros, etc.)
• Data collection from various systems/servers, Forwarder Management, creating and managing Splunk apps.
• Publishing data into Splunk through configurations such as inputs.conf, severclass.conf, server.conf, apps.conf and Outputs.conf configurations
• Used the App Dynamics to trouble shoot issues.
• Managed and monitored McAfee EPO 4.6. Installed Linux/Windows agents and Virus Scan Enterprise
• Created a drilldown of navigations from one splunk app to the other app.
• Experience with Splunk UI/GUI development and/or operations roles
• Work with business/IT and create the next steps plan and implement the same.
• Review and apply any newly available and applicable SPLUNK software or policy updates routinely.
• Assist with design of core scripts to automate SPLUNK maintenance and alerting tasks.
• Help to document best practices in developing and using SPLUNK.
• Experience with Splunk UI/GUI development and/or operations roles
• Implemented Post processing method for searches in dashboards.
• Getting data in and create & managing Splunk apps
• Extensively worked on building of range maps for various SLA conditions by using all kinds of Splunk 7.x Dashboard Examples
• Created Alerts on different SLAs and thresholds through Splunk.
• Good experience on Splunk Search Processing Language (SPL) and Regular expressions.
• Worked on Splunk search processing language, Splunk dashboards and Splunk dbconnect app.
• Publishing data into Splunk through configurations such as inputs.conf, severclass.conf, server.conf, apps.conf and Outputs.conf configurations
• Developed robust, efficient queries that will feed custom Alert, Dashboards and Reports
• Built Latency and Time lag analytics in Hadoop and Informatica.
• Monitor the applications and server infrastructure for optimization, performance and Utilization metrics.
• Configured Alerts and notifications on various thresholds, SLAs for Personal Insurance Architecture team.
• Successfully developed robust dasboards, KPIs, notifications on metrics such as Latency, Lag, canary, Node status, service status, space status, filesystem utilization, trending growth, Missing mounts,User connections, Time standards, response time elements for Informatica, Goldengate, SAS Fraud Framework, Teradata, Hadoop, Microstrategy for all the PROD, DEV, QA, TEST, PERF, RECOVERY environments.
• Doing Team leading, deeper analysis of data using event correlations across indexes and various source types to generate custom reports for senior management.
• Planning, communicating clear instructions to the team members; training, guiding and directing the team.
• Access control for browsing, Authentication for all hits from browsing on proxy servers, maintenance of proxy logs for forensic purpose
• Develop Knowledge base of various challenges faced in implementing SIEM solution and maintaining it.
• Dashboard / Enterprise dashboard customization for various team based on the log source type requirements.

Environment: Splunk, BMC, Splunk Universal forwarder,, AppDynamics, Splunk 7.x, 6.x Dashboard Examples, Sideview utils, Data Models, Server management, Dashboards, Search processing language (SPL), Field extraction, Regex, Rex, UNIX, AIX, RED HAT LINUX, BLADELOGIC, XML, HTML.Splunk, Deployment server.

Confidential - Chicago, IL

Splunk Admin

Responsibilities:

• Installed Splunk Common Information Model add-on is packaged with Splunk Enterprise Security, Splunk IT Service Intelligence, and the Splunk App for PCI Compliance.
• Install, configure, and troubleshoot Splunk. Experience with regular expressions and using regular expressions for data retrieval. Work with application owners to create or update monitoring for applications.
• Experience creating and maintaining Splunk reports, dashboards, forms, visualizations, alerts.
• Good experience in building Splunk Security Analytics. Lead logging enrollments from multi-tier applications into the enterprise logging platforms.
• Developed specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflow
• Strong knowledge of Windows, Linux, and UNIX operating systems.
• Experience in responding to requests and incident tickets within defined Service Level Agreements.
• Supports, Monitors and manages the SIEM environment
• Designing and implementing Splunk-based best practice solutions.
• Requiement gathering and analysis. Interacted with team members and users during the design and development of the applications and Splunk Objects.
• Data collection from various systems/servers, Forwarder Management, creating and managing Splunk apps.
• Building Splunk queries by Splunk Search Processing Language (SPL) and Regular expressions.
• Creating, maintain, support, repair, customizing System & Splunk applications, search queries and dashboards.
• Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app, Triage events, Incident Analysis.
• Developed Splunk Objects and reports on Security baseline violations, Non-authenticated connections, Brute force attcaks and many usecases.
• Worked on AppDynamics as a monitoring tool.
• Good experience in working with SNMP traps and Syslog NG in onboarding the security devices on Splunk.
• Design, support and maintain large Splunk environment in a highly available, redundant, geographically dispersed environment.
• Integration of Splunk with a wide variety of legacy and security data sources that use various protocols.
• Installation and configuration of Splunk apps to onboard data sources into Splunk
• Experience with creating disaster recovery plans and testing.
• Work as part of a team to provide excellent customer experience.
• Provide emergency or scheduled support out of hours as required.
• Manage and support change in the environment. Experience of working on a very large enterprise environment
• Splunk SPL (Search Processing Language) and Dashboarding/Visualization. Setup dashboards for network device logs.
• Developed alerts and timed reports Develop and manage Splunk applications. Have done many POCs.
• Implemented maps integration and dynamic drill downs extensively.
• Created Summary searches and reports; In depth knowledge of Splunk license usage abd safeguarding from violation.
• Very good experience in optimizing searches and implemented post processing on dashboards.
• Configurations with deployment server, indexers, search heads, serverclass.conf, server.conf, apps.conf, props.conf, transform.conf, forwarder management configurations.
• Good experience in clustering, deploying apps through Splunk deployment server, deployer, Splunk version upgradation, creating roles and authentication.

Environment: Splunk, Deployment server, Integration, Splunk 6.x Dashboard Examples, Sideview utils, Data Models, Server management, AppDynamics, Dashboards, Search processing language (SPL), Field extraction, Regex, Rex, LINIX, XML, Advanced XML, JS, CSS, HTML

Confidential - Denver, CO

IT Support

Responsibilities:

• Install and troubleshoot operating systems - Windows 2000, XP, and Win7.
• On boarding of new data into Splunk Troubleshooting Splunk and optimizing performance and Splunk on-boarding with LOG4J/JSON/XML/TCP/UDP.
• Expertise in Installation, Configuration, Migration, Trouble-Shooting and Maintenance of Splunk, WebLogic Server 7.0/8.1/9.x/10.x, Apache Web Server on different UNIX, Linux systems.
• Expert in using IFX, EREX and Regex in configuration files to extract fields.
• Experience on Splunk search construction with ability to create well-structured search queries that minimize performance impact.
• Monitored Database Connection Health by using Splunk DB connect health dashboards.
• Monitoring Splunk dashboards, Splunk Alerts and configure scheduled alerts based on the internal customer requirement.
• Configure the Splunk for Tibco Business Works Engine app to read text logs generated by Tibco Application Instances.
• Used BI suite to communicate to our corporate standard relational databases (RDBMS) through the Structured Query Language (SQL).
• Working on Splunk ITSI glass tables, deep dives, ITSI modules.
• Using Amazon Web Services (AWS) focusing mainly on planning, monitoring, deploying and maintaining cloud infrastructure on multiple EC2 nodes and VM in Linux/Unix (Red Hat, CentOS) environment with respect to project.
• Use Blade Logic to patch and install applications to several different test labs as well as operational windows server systems.
• • Involved in implementing Ansible configuration management and maintaining them in several environments on AWS cloud and VMware.
• Created alarms, monitored & collected log files on AWS resources using Cloud Watch on EC2 instance which generates Simple Notification Service (SNS).
• Creating Input stanzas and prepared server classes to push monitoring stanzas to read the data by Splunk and make them visible in UI.
• Performance testing using apps like Wily, App Dynamics, Dynatrace, Splunk and Net Cool.
• Used Splunk Enterprise REST API that uses HTTP requests to configure and manage Splunk instance, create and run searches.
• Drive complex deployments of Splunk dashboards and reports while working side by side with technical teams to solve their integration issues.

TECHNICAL SKILLS

Splunk: Splunk 7.x and 6.x, Splunk Enterprise, Splunk on Splunk, Splunk DB 2 Connect, Splunk Cloud, Hunk, Splunk IT Service Intelligence, Splunk Web Framework

Operating Systems: Windows 2000, XP, Win 10, Windows Server, Unix/Linux (Red Hat), Free BSD

Data Analysis: Requirement Analysis, Business Analysis, detail design, data flow diagrams, data definition table, Business Rules, data modeling, Data Warehousing, system integration

RDBMS: Oracle 11g/10g/9i/8i, MS-SQL Server 2000/2005/2008 , Sybase, DB2 MS Access, Mysql

Web Technologies: HTML, DHTML, JavaScript, XML, XSL, XSLT, REST, SOAP

Web/App Servers: Apache Tomcat 6.0, web logic8.1/9.2, web sphere 6.0

Concepts: SDLC, Object Oriented Analysis and Design, Unified Modeling Language (UML), Assembly and System Level Testing, exposure in Agile.

Programming Language: C, C++, Java with Big Data, Python, UNIX shell scripts

Monitoring tool: Netcool,Dynatrace