PROFESSIONAL SUMMARY:

• Over all 4+ years of experience in Architecting and deploying various components within Splunk (indexer, forwarder, search head, deployment server) and security delivering innovative solutions to fix around and automation.
• Experience in configuring, implementing, analyzing and supporting Splunk server infrastructure across Windows, UNIX and Linux. Experience with a variety of Operating Systems, Protocols and Tools depending on the type of platform or application to be administered.
• Upgrade and Optimize Splunk setup with new discharges.
• Extensive experience in deploying, configuring and administering Splunk clusters.
• Expertise in Actuate reporting, development, deployment, management and performance tuning of Actuate reports
• Created Splunk app for Enterprise Security to identify and address emerging security threats using continuous monitoring, alerting and analytics.
• Helping application teams in on - boarding Splunk and creating dashboards, alerts, reports etc.
• Experience working on Splunk 5.x,6.x, Splunk Enterprise Security 4.1, Splunk DBConnect1.x,2.x on distributed Splunk Environments and Clustered Splunk Environments on Linux and Windows operating systems.
• Setup Splunk Forwarders for new application levels brought into environment.
• Develop custom app configurations (deployment-apps) within SPLUNK in order to parse, index multiple types of log format across all application environments.
• System Administration familiar with Windows Servers, Red Hat Linux Enterprise Servers.
• Good Understanding of configuration files, precedence and daily work exposure to Props.conf, transforms.conf, inputs.conf, outputs.conf and Setting up a forwarder information based on requirement.
• Experience in Optimized search queries using summary indexing.
• Experience in Designing and implementing Trend Micro
• Enabling the Radius Authentication to administer the SSL VPN Box
• Excellent skills on troubleshooting and problem determination of HTTP/System/ Network related problems including monitoring, capacity planning and maintenance by providing 24X7 support on call for all mission critical applications. Strong background in a disciplined software development life cycle (SDLC).
• Excellent analytical and interpersonal skills and ability to learn new concepts and supported 24/7 on call in production and development environment.
• Understanding of Network Firewalls, Load-balancers, LDAP and complex network design.
• Experienced with security-related technologies including Active Directory, host-based firewalls, host-based intrusion detection systems, application white listing, server configuration controls, logging, SIEM, monitoring tools, and antivirus systems.
• Worked with members of the Security Operations Center to provide guidance and assist with remediation plans for incidents and discovered vulnerabilities.
• Have experience working in different environments and with the process flows in AGILE as well as Waterfall methodologies.
• Excellent Communication Skills and Presentation Skills, Comprehensive problem solving abilities.
• Interpreted and developed SIEM products to meet the internal and external and customer requirements. Experience in working on Enterprise Security log management and SIEM solutions.
• Worked on Security solutions SIEM that enable organizations to detect, respond and prevent these threats by providing valuable context and visual insights to help you make faster and smarter security decisions.
• Expertise with SIEM (security information and event management). Manage Splunk user accounts (create, delete, modify, etc.) Scripted SQL Queries in accordance with the Splunk.
• Maintain current functional and technical knowledge of the Splunk platform and future products.

TECHNICAL SKILLS:

Log Analysis Tool: Splunk Enterprise Server 5.x/6.x/7.x, Splunk Universal Forwarder 5.x/6.x, Splunk DB Connect

Web/App Servers: Web Sphere Application Server 5.0/6.x/7.x/8.x, Web Sphere MQ Sever 6.x/7.x, WebSphere XD 6.0/6.1, IBM Http Server 6.x/7.x/8.x, Apache Web Server 2.x, Tomcat 5.5, IIS 6/7.x

Operating Systems: IBM AIX (5.1/6.1), RHL Linux, Windows Server 2003/2008 R2, VMWare

Programming: Java, J2EE, C++, C, SQL/PL SQL, HTML, DHTML, XML.

Scripting: JACL, Python, WSCP, WSADMIN, Korn Shell Script, Perl, JavaScript, CSS, Batch

Networking: TCP/IP Protocols, Socket Programming, DNS.

Frame work: MVC, J2EE Design Patterns, Struts.

IDE: Eclipse, RAD 7, Net Beans, Edit plus, TOAD

Others: Site Minder r6/r12/r12.5,Ping Federate 6.X,7.X

PROFESSIONAL EXPERIENCE:

Confidential - Tampa, FL

Splunk Admin/Developer

Responsibility:

• Installation and configuration of Splunk product at different environments. Configured Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards, Clustering and Forwarder Management.
• Monitoring or analyzing the real-time events for the security devices like Firewall, IDS, Anti-Virus etc., using SIEM tools.
• Upgraded Splunk Enterprise from v 6.2 to v 6.5.1 in clustered environments and non-clustered environments.
• Developed Splunk Dashboards, searches and reporting to support various internal clients in Security, IT Operations and Application Development.
• Analyzed security based events, risks and reporting instances. Correlating events from a Network, OS, Anti-Virus, IDS/ IPS, Firewalls or Proxies and analyzing them for possible threats.
• Understand and interpret customer requirements for Splunk implementation for an enterprise solution.
• Provide deployment strategies with the understanding of affordable risk based on customer acceptance.
• Created and configured management reports and dashboards. Planned, implemented, and managed Splunk for log management and analytics
• Monitor security violations, flag potential violations and logging security incidents in Service Now.
• Validate the existing rules and provide recommendation on fine tuning the rules. Creating and sending Risk Advisories to our clients.
• Suppress false positive alerts. Weekly/Monthly incident analysis report. Analyzing the events and providing solutions for the incidents.
• Involved in setting up alerts for a different type of errors, Data Enrichment using the lookups and Data Interpretation using the Fields and Fields Extraction and performing the Data Normalization using the Tags.
• Good Understanding of configuration files, precedence and daily work exposure to Props.conf, transforms.conf, inputs.conf, outputs.conf and Setting up a forwarder information based on requirement.
• Maintained Splunk Environment with multiple indexers; managed and configured settings.
• Improved search performance by configuring to search heads for all Indexes in production.
• Analyzed security based events, risks and reporting instances. Developed Splunk queries and dashboards targeted at understanding application performance and capacity analysis.
• Work with SIEM tool QRadar by tuning security events, creating building block, search for reports and search security events.
• Worked for getting data in managing Splunk apps. Assisted internal users of Splunk in designing and maintaining production-quality dashboards.
• Splunk DB Connect 2.0 in search head cluster environments of Oracle. Installation and implementation of several kinds of visualizations to Splunk dashboards.
• Continuous monitored of the alerts received through emails to check if all the application servers and web servers are up.
• Knowledge on Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing.
• Conducted surveillance on various phishing emails and created alerts from future spam. Worked as part of Cyber Security Incident Response team to check on malware virus and threat emails.
• Developed Splunk Search Processing Language (SPL) queries, created Reports, Alerts and Dashboards and customized them.

Environment: Splunk 6.x, Splunk DB Connect and other modules, Oracle WebLogic 9.x/10.x, Tomcat 5.x/6.x, Oracle 9i/10g, Solaris 10, LINUX, Sun ONE Directory Server 6, Sun One Web Server 6.0, Apache 2.x, Python

Confidential - Orlando, FL

SplunkAdmin/Developer

Responsibilities:

• Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
• Monitored Splunk Infrastructure for capacity planning and optimization.
• Use Splunk Enterprise Security to configure correlation search, key indicators and risk scoring framework.
• Supported 6+ Splunk search Heads, 30 + Indexers, 2500 + forwarders.
• Good understanding of security threats and vulnerabilities and how to detect and mitigate them, experience in building security monitoring and incident management solutions using Splunk.
• Created various types of charts Alert settings Knowledge of app creation, user and role access permissions.
• Experienced in working with Splunk authentication and permissions and having significant experience in supporting large scale Splunk deployments.
• Involved in admin activities and worked on inputs.conf, index.conf, props.conf and transform.conf to set up time zone and time stamp extractions, complex event transformations and whether any event breaking.
• Created Dashboards, Visualizations, Statistical reports, scheduled searches, alerts and also worked on creating different other knowledge objects.
• Experienced on Security Information Event Management and good knowledge on information security products (Firewalls, IDS/IPS)
• Designing and maintaining production-quality Splunk dashboards.
• Extensively used App Dynamics to monitor CPU, memory usage, JVM heap memory health, session and thread counts, and application log error.
• Understanding client business requirement and translating into technical requirement and use cases.
• Documented standards, best practices and Operating procedures.
• Very good understanding of software development life-cycle (SDLC) process, Followed Agile scrum and story maps for dev tracking.
• Integrate Service Now with Splunk to consume the alerts from Splunk and create service now tickets.
• Experience in creating Access controls, to the user by creating AD (Active Directory) groups power and user groups.
• Create dashboard from search, scheduled searches and Inline search vs. scheduled search in a dashboard.
• Created many of the proof-of-concept dashboards for IT operations, and service owners which are used to monitor application and server health.

Environment: SPLUNK 6.3.1, Linux, UNIX, Oracle 11g, MS SQL Server 2012, SQL, Joval, Rapid 7, Bluecoat, IBM QRadar, IBM Guardium,, VMF, Tripwire, Resilient, Service Now (ITAM), Splunk 6.x, Splunk Enterprise and Splunk modules, Splunk DB connect

Confidential

Splunk Admin/Developer

Responsibilities:

• Created Dashboards, Visualizations, Statistical reports, scheduled searches, Alerts and also worked on creating different other knowledge objects.
• Knowledge about Splunk architecture and various components (indexer, forwarder, search head, deployment server)
• Worked on installing Universal and Heavy forwarder to bring any kind of data fields in to Splunk.
• Provide Regular support guidance to Splunk project teams on complex solution and issue resolution.
• Helping application teams in on-boarding Splunk and creating dashboards/alerts/reports etc.
• Maintained and managed assigned systems, Splunk related issues and administrators.
• Involved in admin activities and worked on inputs.conf, index.conf, props.conf and transform.conf to set up time zone and time stamp extractions, complex event transformations and whether any event breaking.
• Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
• Designing and maintaining production-quality Splunk dashboards.
• Create Dashboard, Reports and Alerts for events and configure alert mail.
• Worked on DB Connect configuration for Oracle and MySQL
• Developing Scheduling Alerts, Experience with Deployment Server & Advanced XML.
• Created Dashboards for various types of business users in organization and worked on creating different Splunk Knowledge objects like Macros, IFX, Calculated fields, Tags, Event Types and Look ups.
• Field Extraction, Using IFX, Rex Command and Reg Ex in configuration files.
• Scripting and development skills (Perl, Python) with strong knowledge of regular expressions.
• Use techniques to optimize searches for better performance, Search time field extractions. And understanding of configuration files, precedence and working.
• Various types of charts Alert Settings Knowledge of app creation, user and role access permissions. Creating and managing app, Create user, role, Permissions to knowledge objects.

Environment: Splunk 6.x, Splunk ES, Splunk DBConnect2.0, Splunk ITSI, Splunk ITOA, D3.js, Tomcat 7.x, JBoss 7.x, BIGIP Load Balancers, SAML, Wily Introscope 6.0, Configured plug-ins for Apache HTTP server 2.4, RedHat Linux 6.x, JDBC, JDK1.7, J2EE, JSP, Servlets, XML, Oracle 11g, GI.