SUMMARY:

• 6 Year’s experience in Information Technology field as Splunk Architecture & Splunk Administrator and Configuration Management across various OS.
• Expertise in Installing, Configuring, Migrating, Trouble - Shooting and Maintenance of Splunk components and infrastructure.
• Experience in gathering business requirements, definition and design of the data sourcing and data flows, data quality analysis, working in conjunction with the data warehouse architect on the development of Business Intelligence (BI) Models.
• Experience working on Splunk 5.x, 6.x, 7.x, Splunk Enterprise Security 4.1, Splunk DB Connect 1.x, 2.x on distributed Splunk Environments and Clustered Splunk Environments on Linux and Windows operating systems.
• Architecture various components within Splunk (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, Parsing, Indexing, Searching concepts, Hot, Warm, Cold, Frozen bucketing, License model.
• Experience in Installation, Configuration, Migration and Administered Splunk Search Head, Indexers, Cluster Master, Deployment Server, License Master, Heavy Forwarders and Universal Forwarder on Linux and Windows operating systems.
• Responsible for Hardware sizing and capacity planning and Monitoring and maintenance of all components of Splunk platform.
• Experienced in optimizing the Splunk Forwarder management architecture through a centralized server to manage the configurations.
• Responsible to create index with appropriate retention and retirement policies by managing the bucket policies.
• Responsible to implement Splunk Heavy forwarder component to perform intermediate routing, filtering, masking and overriding before the indexing.
• Experienced in designing and implementing the architecture with Indexer clustering to maintain data availability and disaster recovery.
• Expert in Splunk Development, Configuration and Administration and used Kibana to view using Elastic search (ELK).
• Scheduled Splunk based Reports and Alerts to monitor the system health performance and breaches.
• Experience in maintained Splunk based native Role and User creation.
• Configured Clusters, Server groups and Cloning for improved availability and failover capacity.
• Experience on ITSI Modules process data Collected using Splunk Add-ons and Created Multiple KPIs.
• Experience in in SIEM, AND CIM, AND CLI commands.
• Experience in scripting languages like Python, Shell and Perl to automate the log rotations, onboarding data from various application teams and to reload deployment servers.
• Implemented Splunk infrastructure on AWS Cloud platform using its features which includes EC2, VPC, EBS, Cloud Watch, Cloud Trail, Cloud Formation, AWS configuration, auto scaling, Cloud Front, IAM and S3.
• Expertise in Creating Splunk app for Enterprise Security to identify and address emerging security threats using continuous monitoring, alerting and analytics.
• Experience in providing monitoring and response to security events for Security Operations team (SOC)
• Integrate Splunk with LDAP and SAML and create role-based groups and access
• Experience in Shell scripting and extensively used Regular expressions in search string and data anonymization.
• Understanding of Network Firewalls, Load-balancers, LDAP and complex network design.
• Experience with Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On’s, Dashboards, Clustering and Forwarder Management.
• Extensively used various extract keyword, search commands like stats, chart, time chart, transaction, strptime, strftime, eval, where, xyseries, table etc
• Used XML, Advanced XML and Search Processing language (SPL) for creating Dashboards, views, alerts, reports and saved searches.
• Excellent skills on troubleshooting and problem determination of HTTP/System/ Network related problems including monitoring, capacity planning and maintenance by providing 24X7 support on call for all mission critical applications.
• Strong background in a disciplined software development life cycle (SDLC).
• Experience working in different environments and with the process flows in AGILE as well as Waterfall methodologies.
• Monitor the applications and server infrastructure for optimization, performance and Utilization metrics.

TECHNICAL SKILLS:

Splunk: Splunk 5.x, 6.x, 7.x, Splunk Enterprise, Splunk DB Connect, Splunk IT Service Intelligence, Splunk Web Framework, and Splunk Machine Learning Tool kit, Splunk Hunk.

Operating Systems: Windows, Unix/Linux.

Data Analysis: Requirement Analysis, Business Analysis, detail design.

Web technologies: HTML, CSS, JavaScript, XML, Advanced XML.

Concepts: SIEM, SDLC, SSAE, Object Oriented Analysis and Design.

Programming Languages: C, Python, UNIX shell scripts.

Database: Oracle, MySQL, SQL queries, SQL Procedures.

Tools: Microsoft Word, Microsoft PowerPoint, Microsoft Excel, Microsoft outlook, Microsoft Project, Wireshark.

PROFESSIONAL EXPERIENCE:

Confidential, New York City - NY

SPLUNK ADMIN/ DEVELOPER

Responsibilities:

• Gathered and understand the Client requirements and onboard new data sources into Splunk.
• Configured Splunk Searching and Reporting modules, Knowledge Objects, Administered Data Ingestion, Add-On's, Dashboards, Index Cluster and Forwarder Management.
• Architecture various components within Splunk (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, Parsing, Indexing, Searching concepts, Hot, Warm, Cold, Frozen bucketing, License model.
• Experience in Installation, Configuration, Migration and Administered Splunk Search Head, Indexers, Heavy Forwarders, Deployment Server, Cluster Master, Deployment Server, License Master and Universal Forwarder on Linux and Windows operating systems.
• Designed and maintained complex dashboards on Splunk Enterprise and Enterprise Security.
• Created and configured KPI's in Splunk IT Service Intelligence (ITSI).
• Worked on 10Tb licensed environment with clustered indexers and search heads.
• Expertise with light, universal and heavy forwarders across different platforms
• Integrate Splunk with LDAP and SAML and create role-based groups and access
• Created and Managed Splunk DB connect Identities, Database Connections, Database Inputs, Outputs, lookups, access controls.
• Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
• Good Understanding of configuration files, precedence and daily work exposure to Props. Conf, Transforms. Conf, Inputs. Conf, Outputs. Conf and Setting up a forwarder information based on requirement.
• Maintained Splunk Environment with multiple indexers; managed and configured settings
• Improved search performance by configuring to search heads for all Indexes in production
• Worked on Splunk DB Connect 2.0 in search head cluster environments of Oracle.
• Created Access controls, to the user by creating AD (Active Directory) groups power and user groups.
• Worked on configuration files inputs. conf, indexes. conf, props. conf, serverclass. conf, transforms. conf and limit.conf.
• Responsible for setting up alerts and monitoring from the Machine generated live data.
• Created custom Splunk index using external volumes.
• Configured Clusters, Server groups and Cloning for improved availability and failover capacity.
• Managed indexes and cluster indexes, Splunk web framework, data model and pivot tables.
• Developed, evaluated and documented specific metrics for management purpose.
• Provide regular support guidance to Splunk project teams on complex solution and issue resolution.
• Designed configurations to filter the appropriate data using whitelist filters as well as to discard the unwanted historical data using ignore filters.
• Deployed a central architecture to manage the forwarders using Deployment Server.
• Experience with Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On’s, Dashboards, Clustering and Forwarder Management.
• Well versed in both remote and on-site user Splunk Support.
• Efficiently handled Work Load Management for load balancing and failover, improving performance, reliability and scalability.
• Building Searches and visualize them using dashboarding capabilities of Splunk as per business requirements.
• Involved in writing complex Interactive Field Extractor (IFX), rex and Multikv command to extracts the fields from the log files.
• Created reports, Dashboards, scheduled alerts and searches.
• Responsible for administering, maintaining and configuring a 24 x 7 highly available, Splunk apps for production portal environment.
• Experienced in creating and running Cron Jobs for scheduled tasks.
• Involved in handling various Incident and request related to the application.
• Developed shell scripts to handle everyday System Administration tasks such as backup procedure, system cleanup, everyday system tasks, log rotation etc.

Environment: Splunk Enterprise Server 6.x, Splunk Forwarder 6.x, Shell Script, RedHat Linux, Amazon Web Services (AWS), Windows 2008 R2.

Confidential, Tampa - FL

SPLUNK ADMINISTRATOR

Responsibilities:

• Gathered and understand the Client requirements and onboard new data sources into Splunk.
• Extensive experience in Installation, Configuration, and Migration, Trouble-Shooting and Maintenance of Splunk, Apache Web Server on different UNIX flavors like Linux.
• Experience in understanding of 6.x product, distributed Splunk architecture and components including installation of Search Heads, Indexers, Forwarders, Deployment Server, License Model and Heavy/Universal Forwarder.
• Proficient in Parsing, Indexing, Searching Concepts like Hot, Warm, Cold, Frozen bucketing.
• Setup Splunk Forwarders for new application levels brought into environment.
• Extensive experience in deploying, configuring and administering Splunk clusters.
• Helping application teams in on-boarding Splunk and creating dashboards, alerts, reports etc.
• Develop custom app configurations (deployment-apps) within SPLUNK to parse, index multiple types of log format across all application environments.
• System Administration familiar with Windows Servers, Red Hat Linux Enterprise Servers.
• Experience in Shell scripting and extensively used Regular expressions in search string and data anonymization.
• Understanding of Network Firewalls, Load-balancers, LDAP and complex network design.
• Experience in Optimized search queries using summary indexing.
• Excellent skills on troubleshooting and problem determination of HTTP/System/ Network related problems including monitoring, capacity planning and maintenance by providing 24X7 support on call for all mission critical applications.
• Administered Splunk internal environment through log file resizing, queue parameter changes, dispatch directory folders cleaning.
• Created reports, Dashboards, scheduled alerts and searches.
• Created Splunk Simple XML Dashboards with various visualizations like Pie / bar/ Line/Area charts.
• Developed OS monitoring dashboards using Gauges to detect CPU Usage and Memory Usage.
• Strong background in a disciplined software development life cycle (SDLC).
• Excellent analytical and interpersonal skills and ability to learn new concepts and supported 24/7 on call in production and development environment.
• Creating Reports, Pivots, alerts, advance Splunk search and Visualization in Splunk enterprise.
• Skilled at accessing client needs, working in a group, suggesting ideas that enhance efficiency and maximize performance, implementing cutting-edge technology solutions and Training/Supporting end users.
• Have experience working in different environments and with the process flows in AGILE as well as Waterfall methodologies.
• Monitor the applications and server infrastructure for optimization, performance and Utilization metrics.

Environment: Splunk Enterprise Server 6.x, Universal Splunk Forwarder 6.x, RedHat Linux, Amazon Web Services (AWS), XML.

Confidential, Virginia Beach - VA

Splunk Developer/ Admin

Responsibilities:

• Requirement gathering and analysis. Interacted with team members and users during the design and development of the applications and Splunk Objects.
• Communicating and collaborating with hundreds of customers, Splunk users.
• Data collection from various systems/servers, Forwarder Management, creating and managing Splunk apps.
• Assisting users to customize and configure the Splunk in order to meet their requirements.
• Developing new use cases/metrics, dashboards, reports, alerts apps/add-ons that will support security requirements and log management for the enterprise.
• Data Onboarding from more than 600 sources to Splunk.
• Developed Splunk Infrastructure on Cloud (Amazon AWS) in coordination with infrastructure Support Teams. Developed Splunk Objects and reports on Security baseline violations, Non-authenticated connections, Brute force attacks and many use cases.
• Good experience in working with SNMP traps and Syslog NG in onboarding the security devices on Splunk.
• Design, support and maintain large Splunk environment in a highly available, redundant, geographically dispersed environment.
• Experience creating and maintaining Splunk reports, dashboards, forms, visualizations, alerts.
• Experience in dashboards and reports performance optimization.
• Assigning User and role authentication including LDAP authentication and scripted authentication.
• Fetching the data from databases using "DB Connect Application. Deployed Splunk architecture at disaster recovery site.
• Built Key Performance Indicators to the Enterprise Architecture team through Splunk.
• Good experience in building Splunk Security Analytics. Lead logging enrollments from multi-tier applications into the enterprise logging platforms.
• Developed specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflow
• Supports, Monitors and manages the SIEM environment
• Manage and support change in the environment. Experience of working on a very large enterprise environment.
• Developed alerts and timed reports Develop and manage Splunk applications. Have done many POCs.

ENVIRONMENT: Splunk Enterprise, Splunk Apps and Add-ons, SPL, Linux And UNIX, Shell Scripting, ServiceNow, POCS.

Confidential

SECURITY ANALYST

• Performed security penetration test on network systems using ISS software.
• Provided device monitoring, analysis and incident response to information security alerts and events which includes IDS/IPS, Firewalls, SIEM and AV management systems.
• Presentation on security product for customers.
• Performed software and hardware testing for system developments.
• Attended meetings with development team to discuss the previously submitted reports on the findings to ensure that the fixes are made to those applications.
• Performing manual/automated application security testing on the major changes carried out in the application.
• Monitoring and analyzing all security logs and applications data logs from NIDS and Application Firewall using SPLUNK.
• Identified issues on sessions management, Input validations, Logging, Exceptions, Cookie attributes, Encryption, Privilege escalations.
• Organized monthly reconciliation extracts with vendors.
• Network scanning using tools like NMap and Nessus and encryption testing using Wireshark.
• Experience in performing exploitation using different tools like NMAP AND Kali Linux.
• Conducted analysis using Kali Linux environment to effectively neutralize DOS, DDOS, and SQL Injection attacks.
• Worked with Senior Security Analysts to correct issues with current applications.
• Performed troubleshoot to identify software performance issues.
• Remotely manage client devices and correct problems
• Remediate account provisioning and identity issues related to failures in the provisioning systems
• Performed Penetration Testing (Support and fix).
• Deescalated and managed customer related escalations.
• Ensure all Service Management procedures are being followed and SLA’s met.
• Experienced with Active Directory/Networking Administrative Support.
• Created and maintained Active Directory objects.
• Provided inbound tier 2 support for Microsoft suite, Windows XP, Active Directory, PC Hardware, printers, VPN access and custom applications.
• Designed various Excel formulas to perform multiple functions.
• Monitored user activity abnormalities.
• Assisted in training PC end users on security risk management.

ENVIRONMENT: IDS/IPS, Firewalls, SIEM, Splunk Enterprise, Splunk Apps and Add-ons, SPL, Linux and UNIX.