SUMMARY:

• Splunk Certified developer/admin with 5+ years of experience in Information Technology field Splunk Developer/Admin, Enterprise Security ES.
• Experience in new and existing Splunk Platform and cloud deployments
• Setting up of the Index Clustering and Search Head Clustering on various environments of the Splunk instances.
• Infrastructure engineer to build and support of the Splunk environment.
• Hands on experience in Splunk version upgradation from lower versions to higher versions.
• Expert in build custom searches and visualizations in both Splunk Core and Splunk ITSI.
• Managed Splunk user roles by mapping it to newly created AD and existing Ad groups.
• Configuring and push the configuration files like inputs.conf, outputs.conf, props.conf, transform.conf, deploymentclient.conf from Deployment server to agent server depends on the requirement from the user.
• Publishing data into Splunk through configurations files such as severclass.conf, server.conf, apps.conf, inputs.conf and outputs.conf.
• Standardized Splunk forwarder deployment, configuration and maintenance across all the UNIX and Windows platforms.
• Implemented the streamline process for the Splunk requests from the Users.
• Experience with Cloud environment services such as AWS, Microsoft Azure.
• Monitored the health checks of Indexer cluster members, search head cluster members and Volume of index utilized via Monitoring Console and inbuilt tools.
• Configured SCAPM environment alerting mechanism on the Splunk servers.
• Automated the Splunk deployment on the servers using shell scripting and same has been integrated with Resolve (Resolve is an FIS automated tool) Integration of different devices data to Splunk Environment and created dashboards and reports in Splunk.
• Crated the dashboards for the management on the Performance metrics, Application metrics, IBM WebSphere JVM health monitoring, HTTP server health monitoring.

PROFESSIONAL EXPERIENCE:

Splunk Admin

Confidential, Tampa, FL

• Installed Splunk Enterprise, Splunk forwarder, Splunk Indexer, Apps in multiple servers.
• Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.twork Traffics, alert, intrusion attempts and documented report of security breach to the management team
• Experience in installing and using Splunk apps for UNIX and Linux (Splunknix)
• Experience on Splunk Enterprise Deployments and enabled continuous integration on as part of configuration management.
• Experience in Correlating events from a Network, OS, Anti - Virus, IDS/ IPS, Firewalls or Proxies and analyzing them for possible threats.
• Hands on development experience in customizing, visualizations, configurations, reports and search capabilities using customized Splunk queries.
• Ability to multitask, prioritize and take charge, using Splunk ITSI to create ITSI services and ITSI KPI’s to increase our monitor in coverage.
• Experience in ITSI Modules process data collected using Splunk Add-ons and create Multiple KPI’s
• Experience in building custom searches and visualizations in both Splunk Core and Splunk ITSI.
• Knowledge on Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing.
• Good experience in Splunk, WLST, Shell scripting to automate and monitor the environment routine tasks
• Splunk Enterprise Deployments and enabled continuous integration on as part of configuration management.
• Perform vulnerability scanning, triage, detection and wrote reports
• Support review of policy, security alerts, regulations and technical advances in IT security management
• Integrating Jira and Confluence into Splunk enterprise
• Creates and conducts risk assessment programs to identify areas of potential vulnerability for applications within the agency's application suite.
• Installed Splunk Common Information Model add-on is packaged with Splunk Enterprise Security, Splunk IT Service Intelligence, and the Splunk App for PCI Compliance.s.

Environment: Splunk6.5, Splunk7.0, Splunk DB connect 2.4/3.0, Oracle 11g, MS SQL Server, REST API, Python, Jira, Confluence, Bitbucket, UNIX, Windows.

Spluk Engineer

Confidential, TX

• Created Splunk app for Enterprise Security to identify and address emerging security threats using continuous monitoring, alerting and analytics.
• Troubleshoot and tune Splunk deployment for servers, applications and network
• Good Experience on Splunk IT Service Intelligence and worked Splunk ITSI Glass Table.
• Monitored the Splunk system by identifying terrible missions, dashboards and wellbeing of Splunk and collaborate with individual gatherings to upgrade execution
• Configured Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards, Clustering and Forwarder Management.
• Configured Splunk forwarders and indexers to ingest infrastructure logs.
• Used Rsyslog in UNIX computer systems for forwarding log messages in an IP network, rite it to a file or database or forward it to a remote host.
• Create and maintain documentation related to Architecture and Operational processes for Splunk.
• Worked on Splunk DB Connect 2.0 in search head cluster environments of Oracle.
• Worked on Splunk UI/GUI development and operations roles
• Responsible for documenting the current architectural configurations and detailed data flow and Troubleshooting Guides for application support.
• Worked on Splunk configuration that involves different web application and batch, create Saved search and summary search, summary indexes.
• Worked on Splunk, Shell scripting to automate and monitor the environment routine tasks.

Environment: Splunk 6.x, Splunk Enterprise and Splunk modules, Splunk DB connect, Azure, Chef, Web Logic server 8.x/9.x/10.x/11g, Tomcat 6.x, Apache 2.x, Solaris10, Oracle 11g/10g, web services, HTTP, HTML, XML, SSL, SIEM, Python

SIEM Consultant

Confidential, KY

• Participated in the product selection and installation of QRadar Security Information Event Manager SIEM consisting of multiple collectors and a high-performance MS SQL database
• Designed and implemented enterprise SIEM systems: centralized logging, NIDS, alerting and monitoring, compliance reporting, based on QRadar SIEM.
• Responsible for QRadar SIEM monitoring and configuration aligned to internal PCI and SOX controls
• Manage the day-to-day log collection activities of source devices that send log data to SIEM QRadar
• Managed and monitored McAfee EPO 4.6. Installed Linux/Windows agents and Virus Scan Enterprise
• Recommended Web Sense Internet proxy and Web Security Gateway Anywhere to manage corporate Internet proxy traffic and supporting infrastructure
• Access control for browsing, Authentication for all hits from browsing on proxy servers, maintenance of proxy logs for forensic purpose
• Maintain McAfee antivirus applications and appliance, including ePolicy Orchestrator, VSE 8 and 8.5, and Secure Content Manager SCM 3200 SPAM, Virus, and content filtering of web and email traffic.
• Develop Knowledge base of various challenges faced in implementing SIEM solution and maintaining it.
• Dashboard / Enterprise dashboard customization for various team based on the log source type requirements.
• Maintain and enforce Log Retention Policies.
• Developed process to store and forward log data to IBM Big Insights for forensic analysis.
• Identify current product management issues and developed best practices process to efficiently manage the Security Information and Management tool.
• Developed internal Change Configuration Management for SIEM.
• Cleaning up log sources auto-discovered in QRadar by identifying duplicates, correcting mis-identified log sources, and identifying log sources from their logs.
• Expertise in Universal Device Support (UDSM) Development for unsupported log sources.
• Customization of existing Device XML and also Creating New Device.

Environment: Splunk 5x, Linux, AIX, Windows, Python, Hadoop, Bash, shell, Splunk ES, Splunk ITSI, Splunk DB Connect, Regular Expression

TECHNICAL SKILLS:

Splunk: Splunk 5.x and 6.x, Splunk Enterprise, Splunk on Splunk, Splunk DB 2 Connect, Splunk Cloud, Hunk, Splunk IT Service Intelligence, Splunk Web Framework.

Operating Systems: Windos, Unix/Linux

Security / Vulnerability Tools: Snort, Wireshark, Websense, Bluecoat, Palo Alto, Checkpoint Symantec, Qualys Vulnerability Manager, FireEye HX, Sophos, Sourcefire

Concepts: SIEM, SDLC, OBJECT ORIENTED ANALYSIS AND DESIGN.

Programming Language: C, C++, Java with Big Data, Python, UNIX shell scripts

Datasources used: AUTHENTICATION, DNS, PROXY, AV LOGS, FIREWALL LOGS, MOBILE ENDPOINT LOGS.