SUMMARY

• Splunk certified professional with around 6+ years of experience in the IT industry comprising of Splunk Installation and UNIX management, Splunk architecture and components including search heads, indexers and forwarders.
• Experience in implementation of Splunk premium applications, application management, and data security as per customer requirements and industry best practice.

TECHNICAL SKILLS

Splunk: Splunk 7.x, 8.x and 9.x, Splunk Enterprise, Splunk DBConnect, Splunk Machine Learning tool kit 3.0.0, Splunk ITSI.

Tools: Splunk Enterprise,Zoom,MS Project,Excel,Tenable tool,Trend Micro,Vagrant,Centos,Vulnerability Scanner, PowerPoint

PROFESSIONAL EXPERIENCE

Confidential

Splunk Security Engineer

Responsibilities:

• Responsible for leading enterprise - wide efforts to reduce organizations exposure to cyber attacks through monitoring, analysis, and assessment of the threat landscape, asset health, and adversary activity data.
• Involved in the verification, tracking, and remediation of technology defects by determining the root cause of anomalies and track them through remediation.
• Experience in app interface development, using REST API’s
• Enterprise Security event monitoring computer security incident response, DDoS support.
• Served as the focal point for evolving threats, and assists with development and tuning of tools, to detect these threats.
• Created Sources, Routes, Pipelines, and Destinations to ingest data from source applications to Splunk using Cribl.
• Providing IT Security solutions by using splunk has a SIEM tool to explore critical initiatives
• Worked with platform and source SMEs, architects, and team on technical approaches
• Performed feed-source typing, event-line breaking, timestamp extractions, field parsing, (custom extractions), Common Information Model (CIM) normalization, and created both event types and tags for Splunk data models.
• Provide engineering support for Splunk components such as Splunk Cloud, Splunk ES, Splunk SOAR, Splunk Deployment Server, Splunk Heavy Forwarders
• Creation of knowledge objects and configuration files
• Develop knowledge objects include saved searches, event types, tags, field extractions, lookups, reports, alerts, data models, workflow actions, and fields.
• Performed Splunk different configuration, validation of boarded data, regex, Event parsing, and data transformation
• Experienced in using Splunk IT Service Intelligencebrings a unique approach to monitoring and troubleshooting
• Standardize and implement Splunk Infrastructure deploying from universal forwarder, deplorer deployment and configuration and maintenance in Linux and windows servers
• Maintain, monitor, and identify bad searches, dashboards and health of Splunk
• Perform index administration, maintenance and optimization and create data retention
• Create Splunk applications, Splunk dashboard and visualizations
• Manage and troubleshooting and solving Splunk problems through the front end and from the backend
• Selection, testing, and integration of add-ons and applications
• Writing and verification of queries and code to satisfy requirements
• Technical feasibility evaluations
• Extensive experience in AWS Amazon cloud service platform and its features
• Extensive experience and managed Security Operations team with a clear understanding of Incident Response, Incident Analysis, Endpoint Protection, Threat Intelligence, Threat Hunting, Vulnerability Management, Cloud Security best practices.
• Provide visibility into organizations cybersecurity related events of interest using data, security tool signatures, advanced correlation, visualization, and alerting.
• Enhanced visibility by augmenting security tools by customization, and helped prioritize vendor signatures related to emergency vulnerabilities.
• Performed security analysis on sourcetype feeds in order to find valuable search time extractions.
• Performed data quality analysis, security analysis, and CIM compliance to ensure data feed is ingested and configured correctly.

Environment: Splunk 8.x, Linux, Splunk Enterprise Security 7.x

Confidential

Splunk Admin/Developer

Responsibilities:

• Daily Splunk administration maintenance.
• Established On-boarding of Web and database server logs into Splunk by the DBConnect Application.
• Achieved hands-on experience in clustering, deploying apps through Splunk deployment server, Splunk version upgrades and creating roles and authentication.
• Utilized the Splunk Machine Learning concepts, algorithms to write complex queries using SPL and visualize data into dashboards and reports.
• Hands-On experience on multiple configuration file (.conf) settings.
• Configured the heavy forwarder to send the logs from QRadar server to Splunk indexers and customized the reports and dashboards.
• Created Sources, Routes, Pipelines, and Destinations to ingest data from source applications to Splunk using Cribl.
• Involved in ingesting the data from multiple appliances into the cluster and analyze data with SPL queries.
• Extensive experience in AWS Amazon cloud service platform and its features: EC2, VPC, SNS, EBS, Cloud watch, Cloud trail, Cloud formation AWS configuration, Load Balancing, Lambda, S3, IAM, Security Groups.
• Performed Splunk administration and analytics development on Information Security, Infrastructure, network logs.
• Provide engineering support for Splunk components such as Splunk Cloud, Splunk ES, Splunk SOAR, Splunk Deployment Server, Splunk Heavy Forwarders
• Developed specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflow
• Deployed Splunk enterprise package and forwarder package in multiple instances.
• Involved in standardizing Splunk forwarder deployment, configuration, and maintenance on all Windows and Linux platforms.
• Real-time monitoring of enterprise endpoints for signs of malicious activity by Carbon Black (CB).
• Analyzed threat patterns by Carbon Black (CB) and investigated SIEM alerts with endpoint context.
• Participated in client requirements meetings and presented the visual presentations of possible outcomes.
• Developed the use cases for different business requirements.
• Executed daily vulnerability assessments, threat assessment, and mitigation and reported activities in order to safeguard information assets and ensure protection had been put in place on the systems.
• Designed the Correlation searches for multiple end client requirements.
• Extensive knowledge in creating accurate knowledge objects using XML, Dashboards, visualization, reports, alerts and pivot tables for the business users.
• Hands-on experience with indexer clustering and search head clustering in both test and production environment.
• Assisted the privileged user access management team to solve the daily encountered problems.
• Customized dashboards, reports and scheduled searches.
• Experience with working on Service now ticketing tool.
• Worked on User access roles and capabilities.

Environment: Splunk 6.5.3, Linux, Windows 2008,2012, IBM AIX, Oraclel1g, MS SQL Server 2012, SQL, Symantec Endpoint (SEP), Tripwire IP-360, Service Now (ITAM), Carbon

Confidential

IT Auditor

Responsibilities:

• Develop audit scope, plan, conduct fieldwork, draft initial report and champion follow up if needed based on testing results.
• Lead audit results discussion with appropriate stakeholders, internal senior management and colleagues, present observations and cascade identified control weaknesses.
• Assess key risks and internal controls, develop target audit programs and risk and control matrices to ensure projects meet management expectations.
• Conduct walkthroughs, detailed testing to determine risks and evaluate controls put in place by management to mitigate all identified risks.
• Prepare documentation of business/IT processes and sub-processes in the form of walkthroughs, flow charts and narratives for the controls in scope of the audit project.
• Perform pre and post SDLC review, ensuring the seven phases are properly followed, and all implemented controls are design adequately and operating effectively.
• Conduct SOC audits - SOC I, II, III and SOC 1 Type I, SSAE 18 & SOC 1 Type II reports review.
• Follow-up on status of management efforts to ensure that adequate controls are timely implemented to fix identified gaps.