We provide IT Staff Augmentation Services!

Senior Splunk System Engineer/architect - Enterprise Security Admin Resume

2.00/5 (Submit Your Rating)

New York, NY

PROFESSIONAL SUMMARY:

IT professional with 10+ years’ experience in the Information Technology space with 6+ years of experience as a Splunk developer, administrator, architect, and analytics expert while supporting various aspects of system management and data analysis. Excellent communication, analytical, interpersonal skills, and strong knack for service at all levels. Mastery with search head clustering, architecture, cloud migration, smart storage, and capacity planning. Strong experience in developing tools for organizations to monitor TTPs and IOCs to better leverage their response mechanisms. Many years of experience consulting with blue, red and purple security teams.

SKILL:

Red Hat Linux, AWS, Bash, Python, Ansible, Nagios, Apache, Jboss, Cisco WSA, Cisco ESA, Firewalls, IDS, sumologic, Access, Windows, MySql, Oracle, SNMP, SQL, TCP/UDP, UNIX, Qmulos, Java, XML, Regex, PHP, VMware, Apache SubVersion, TCP/IP, Docker, DNS, Git

WORK HISTORY:

Senior Splunk System Engineer/Architect - Enterprise Security Admin

Confidential, New York, NY

Responsibilities:

  • Strong experience in working with Splunk architecture and various splunk components (indexersforwarder, search head, deployer, deployment server), Universal and Heavy forwarder.
  • Involved in standardizing Splunk architecture deployment, configuration and maintenance across UNIX and Windows platforms.
  • Monitor Splunk Infrastructure for capacity planning and optimization.
  • Optimize search queries to enhance performance of Searchhead
  • Integrate, onboard and analyze various log sources and tools into Splunk including but not limited to Networking(F5 Load balancers, firewalls, IPS/IDS), Operating Systems(Linux, Windows, Mac) NSX, Vsphere, Security tools, Infoblox, PAN, Salesforce,o365, Proofpoint, Carbon Black, CrowdStrike, Infrastructure, AWS, Azure.
  • Write complex regular expressions (regex) to perform searchtime field extractions and index time field extractions when necessary.
  • Utilize rex when wanting to perform field extractions at search-time
  • Manage index and knowledge object permissions and access for users
  • Troubleshooting Splunk and optimizing performance.
  • Create various types of charts and configure alerts +
  • Develop custom applications.
  • User and role access permissions.
  • Supporting several large scale Splunk deployments.
  • Installed, configured, and administer Splunk Enterprise Security.
  • Upgraded Splunk Enterprise Security to 5.3 version.
  • Installed and configured Splunk UBA
  • Tuning of data, CIM compliance and data model mappings.
  • Consulting with data owners, users, SOC analysts, server admins, and security engineers on capacity planning, architecture and use case development.
  • Tested Mission Control as part of a proof of concept initiative.
  • Configure risk index in Enterprise Security.
  • Slight exposure to phantom playbooks and vaults.
  • Used Splunk Securities Essentials for validating data against the MITRE ATT&CK framework.
  • Create Dashboards, visualizations, statistical reports, scheduled searches, alerts, and drilldowns for end users.
  • Create look-ups populated by the KV store for ongoing updates to current scheduled searches
  • Experience on security information event management and good knowledge on information security products (Firewalls, IDS/IPS).
  • Provide regular support guidance to Splunk project teams on complex solution and issue resolution.
  • Create scripts to deploy Universal forwarders to remote hosts.
  • Designing and maintaining production-quality Splunk dashboards.
  • Refine and configure complex data transforming
  • Configure data retention.
  • Experience developing Splunk queries and dashboards targeted at understanding application performance, capacity analysis and security monitoring.
  • Using Cisco Networks App includes dashboards, data models and logic for analyzing data from Cisco IOS, IOS XE, and NX-OS devices.
  • Integrate ServiceNow with Splunk to consume the alerts from Splunk and create ServiceNow tickets.
  • Configured DB Connect to connect to Oracle and MySql databases.
  • Creating dashboards for different security use cases as needed.
  • Migrated New Relic APM activities to Splunk by using the New Relic TA and app.
  • Developed content to monitor the techniques, tactics, and patterns of golden ticket actors.
  • Troubleshooting and analyzing hosts not reporting to Splunk.
  • Developed alerts to manage hosts, servers and forwarders.
  • Log Management and troubleshooting missing logs.
  • Performed Storage integration: EMC, NetApp,VMAX, Unity

Linux/Splunk System Administrator

Confidential, New York, NY

Responsibilities:

  • Provided support in the implementation and installation of hardware and software components.
  • Implemented Splunk and deployed infrastructure
  • Lead organization in the best practices of Splunk and capacity planning and optimization
  • Worked with users to train on spl and optimizing searches
  • Onboarded various types of data into Splunk
  • Scaled Splunk infrastructure to keep up with increasing license quota
  • Built and primed Linux servers to accommodate Splunk installs
  • Performed Splunk and Linux upgrades of existing servers
  • Rectified many issues by instituting best practices in system log analysis, backups, network operating center security, user account/permissions management and systems/software auditing.
  • Assisted in maintaining systems in lab environments at various sites.
  • Installed and configured all the Linux servers in the network per specifications of clients.
  • Monitored the servers and Linux scripts regularly and performed troubleshooting steps - Tested and installed the latest software on server for end-users.
  • Attended calls related to customer queries and complaints, offered solutions.
  • Performed routine checks on the Linux servers of the firm.
  • Provided support on weekends and odd hours to ensure little to no disruption of local and operational systems during scheduled maintenance and outages.
  • Managed daily activities to include user support and system administration tasks.
  • Provided Tier 1 (Help Desk) problem identification and Tier 3 (Watch Desk) support during normal to semi-critical situations.

We'd love your feedback!