Sr. Cybersecurity Engineer - Splunk Resume
0/5 (Submit Your Rating)
SUMMARY
- Over 20 years progressive system engineering/administration and cyber security experience
- Skilled and experienced with Splunk, Linux, detection engineering, intrusion analysis, regex
TECHNICAL SKILLS
- Splunk Enterprise Admin
- CISSP
- CEH
- GCIA
- GCIH
- EnCE
- GCFA
- GPEN
PROFESSIONAL EXPERIENCE
Sr. Cybersecurity Engineer - Splunk
Confidential
Responsibilities:
- Configure and manage Splunk Enterprise deployments including universal forwarders, indexer cluster, search heads, apps/add-ons, and Enterprise Security
- Optimize and secure Splunk by implementing SSL, host name validation, indexer discovery, props.conf, accelerated data models, CIM compliance
- Onboard data using syslog, universal forwarders, apps/add-ons, props.conf
- Integrate authentication with Active Directory and map AD groups to Splunk roles using authentication.conf and authorize.conf
- Develop Enterprise Security content, correlation searches, dashboards, reports, and alerts to enable security event detection, analysis, and response
- Troubleshoot configurations, content, and system error messages using btool and internal logs
- Create and update documentation surrounding the Splunk architecture
- Monitor Splunk system health, search activity, and data ingestion using the Monitoring Console
Security Information Events Manager (SIEM) Subject Matter Expert (SME)
Confidential
Responsibilities:
- Create knowledge objects, such as lookups, summary indexes, data models, saved searches, and field extractions, macros, designed to enrich, optimize, or enable advanced queries
- Create, modify, adapt, and refine content, including custom dashboards, correlation searches, notable events, to support security monitoring using Splunk Enterprise Security
- Work with cyber threat and incident response teams to develop analytics to detect threat activity, based on malware/threat analyses, cyber intel, and community open source reports
- Ensure accurate parsing of data into appropriate fields using field extractions, alias, calculations, regex
- Develop training documentation and conduct over-the-shoulder training for SOC analysts
- Perform Splunk health checks, including review of existing deployment architecture and Splunk search performance, data latency and integrity
Operations Watch Incident Response Analyst
Confidential
Responsibilities:
- Write detailed reports of detection events and associated host and network based activity
- Assist with tuning Splunk event logic SPL, to reduce false positive alerts, by submitting logic and whitelist modification requests
- Determine legitimacy of suspicious files using automated malware analysis tool Cuckoo Sandbox
- Develop Splunk dashboards and content to assist with event analysis, and to monitor for anomalous activity
Senior Cyber Security Analyst (Lead)
Confidential
Responsibilities:
- Prepare penetration test proposals, defining the intent, scope, methodology, schedule, and rules of engagement, in order to obtain customer agreement and authorization
- Identified a gap in network security visibility, engineered a DNS sinkhole using RHEL, Apache, and Filebeat, to detect host information associated with malicious domain connection events
- Established a phishing training program to supplement official penetration test and evaluation missions, using custom developed Python scripts, and open source software
- Assess penetration testing tools, including King Phisher, Core Impact, Cobalt Strike, Nexpose, etc. for potential acquisition and in corporation
Senior Cyber Security Analyst
Confidential
Responsibilities:
- Manage cyber security incidents from initial notification to final resolution - including event analysis, incident report creation, mitigation action recommendation, root cause analysis, containment/recovery guidance to field responders, mitigation action review, and final resolution
- Discovered widespread use of unauthorized proxy software undetected by IDS, by identifying anomalous network activity via web proxy and network session logs
- Reduced event analysis and incident reporting response time from 24 hours to near-real time, through continuous process improvements, and functional architecting of a proprietary SIEM
- Assist in the creation/enhancement of Cyberview, an in-house developed SIEM; set business requirements for the developer to enable incident analysis and management
- Acquire forensic images of hard drives of interest using EnCase and FTK Imager
- Determine severity and root cause of compromises by conducting digital forensic investigations using EnCase Forensic v7 and SIFT workstation
Privacy Policy
Resume Categories
- .NET Developers/Architects Resumes
- Java Developers/Architects Resumes
- Informatica Developers/Architects Resumes
- Business Analyst (BA) Resumes
- Quality Assurance (QA) Resumes
- Network and Systems Administrators Resumes
- Help Desk and Support specialists Resumes
- Oracle Developers Resumes
- SAP Resumes
- Web Developer Resumes
- Datawarehousing, ETL, Informatica Resumes
- Business Intelligence, Business Object Resumes
- MainFrame Resumes
- Network Admin Resumes
- Oracle Resumes
- ORACLE DBA Resumes
- Other Resumes
- Peoplesoft Resumes
- Project Manager Resumes
- Quality Assurance Resumes
- Recruiter Resumes
- SAS Resumes
- Sharepoint Resumes
- SQL Developers Resumes
- Technical Writers Resumes
- WebSphere Resumes
- Hot Resumes
