Self - motivated, responsible, knowledgeable, detailed oriented IT security monitoring engineer with proven success in IT System Management, RHEL Linux, Solaris, Windows Servers and Databases.
GIT, GitHub, Jenkins, Jira, Heat, Linux (Red hat), Unix, Windows Servers, Databases, Apache, Apache web server, apt, Backup, BIND, CLI, clustering, Network systems, config, Databases, Database, debugging, DHCP, Disaster Recovery, DNS, firewall, FTP, GUI, SMTP, LAN, LDAP, Linux, logging, Access, mail, Windows, Migration, modeling, MySQL, NFS, Servers, scripts.
Confidential, Houston, TX
Splunk SIEM & Content Development Engineer
- Develop use cases, correlation rule sets, and content definitions based on numerous intelligence and detection products.
- Design, develop and review complex SIEM content based on endpoint events, network events, and threat intelligence feeds (IOCs).
- Work with security analysts, intelligence analysts, security operation engineers, and various teams to continuously improve published content.
- Participating in new events development/testing, developing methodology of investigation and documentation before the new event introduced into SOC queue while closely interacting with Incident Response teams.
- Security use cases design, implementation and management: threat modeling, continuous content delivery (detections) and management (JIRA).
- Designing and implementing highly customized correlation rules, reports, regular expression parsers, trends, and dashboards.
- Responsible for Information Security Threat Management Program which includes Threat Intelligence, Threat Modeling, Threat Hunting, and Security Analytics.
- Participate in the SIEM Review Board and SIEM tuning meetings; make recommendations for tuning as applicable
- Analyze threat information from multiple sources, disciplines, and agencies across the regulatory and Intelligence Communities. Synthesizes and places regulatory and intelligence information in context; draws insights about the possible implications.
Confidential, Houston, TX
- Utilized knowledge objects for reporting statistics.
- Utilized the Distributed management console to investigate resource usage.
- Script deployment of universal forwarder Agent to 300 application servers .
- Configured license pooling.
- Maintained high available of index data by clustering the indexer.
- Maintained replicating copies of all knowledge objects by clustering search head.
- Troubleshot Splunk feed issues and data ingestion for remote locations.
- Deployed new Splunk architecture at disaster recovery site.
- Configured hot, warm and cold buckets hold data for extended period of time.
- Created home dashboards to monitor ingestion and feeds for private network performance.
- Writing new firewall rules (Access rules and reverse Access rules).
- Created user role through Splunk GUI.
- Gave presentation to other System admins on how to effectively use Splunk for troubleshooting.
- Designed and implemented syslog network traffic and syslog server.
- Installed and configured deployment server and search head deployer.
Confidential, Fort Carson, CO
- Engineered systems administration-related solutions for various project needs
- Installed and configure systems which support infrastructure and/or activities.
- Developed and maintain installation and configuration procedures.
- Contributed to and maintain system standards.
- Contributed to and maintain security posture of the system
- Researched and recommended innovative, and where possible, automated approaches for system administration tasks. Identified approaches that leverage resources, Operations and Support.
- Installed and maintained security patches on the operational and development system.
- Reported Security Patch compliance.
- Performed daily system monitoring, verifying the integrity and availability of all hardware, server resources, systems and key processes, reviewing system and application logs, and verifying completion of scheduled jobs such as backups.
- Performed daily backup operations, ensuring all required file systems and system data are successfully backed up to the appropriate media, recovery tapes or disks are created, and media is recycled and sent off site as necessary.
Confidential, Houston, TX
- Experienced in System Administration, Installation, Upgrading, Patches, Migration, Configuration, Troubleshooting.
- Troubleshot connectivity to Servers and Network systems.
- Installed and configured Splunk in a staging environment.
- Managed Security, Backup, Disaster Recovery, Performance Monitoring and Fine-tuning on Linux (RHEL) systems.
- Configured Storage, Disk Management, Logical Volume Management (LVM) and logical partitioning.
- Assisted in Splunk implementation.
- Migrated Splunk config file to multiple remote servers.
- Enabled Log debugging in Splunk using btool, Splunk on Splunk and Splunk Storm.
- Experienced in Troubleshooting Splunk search quotas, monitor Inputs, WMI Issues, Splunk crash logs and Alert scripts.
- Migrated RHEL 5 to RHEL 6.
- Configured LVM (Logical Volume Manager) to manage volume group, logical and physical partitions and importing new physical volumes.
- Load balancer configuration and tuning.
- Maintained file systems and created NFS.
- Configured the Kernel parameters and updated the Kernel for MySQL Database.
- Configured remote access to Splunk and sent CLI to remote server.
- Experienced using Red Hat Satellite server to deploy, monitor, update, and manage systems.
- Automated Patching using Errata and customized security patching using Ksplice.
- Involved in complete Administration tasks on Red Hat Linux and documentation for the projects executed.
- Installed, monitored and supported Web and Application Servers on Linux environments.
- Good knowledge on operating systems architectures.
- Created new file systems, mounting file systems and unmounting file systems, hands on experience in Disk Suite (SVM).