SUMMARY:

• 6+ Years of Experience in configuring, implementing, analyzing and supporting Splunk server infrastructure across Windows, UNIX and Linux. Experience at Splunk, developing dashboards, SPL searches, reports and views, administration, upgrading, alert scheduling, KPIs, Visualization Add - On and Splunk infrastructure. Install, configure, and troubleshoot Slunk. Use Splunk to collect and index log data.
• Design solutions and concepts for data aggregation and visualization. Splunk deployment, configuration, and maintenance across a variety of UNIX and Windows platforms. Able to troubleshoot Splunk server problems and issues.
• Machine learning experience and Experience deploying and managing infrastructure on public clouds such as AWS.
• Experience in operating and monitoring AWS instances. Experience with Splunk Enterprise Security (Splunk ES).
• Strong knowledge of Windows, Linux, and UNIX operating systems.
• Expertise in writing Splunk searches, Splunk Infrastructure and Development expert well-versed with Splunk architecture and design.
• Expertise in customizing Splunk for Monitoring, Application Management, and Security as per customer requirements and industry best practice.
• Developed Splunk Objects and reports on Security baseline violations, Non-authenticated connections, Brute force attacks and many use cases.
• Developed a feature to integrate all the data by creating REST APIs and consuming it in the dashboard for log analytics.
• Developed application service components and configured beans using Spring IoC.
• Experience in working with AWS: Amazon S3, Amazon EC2, and Relational Database Services.
• Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app, Triage events, Incident Analysis.
• Integration of Splunk with a wide variety of legacy ad security data sources that use various protocols.
• Supports, Monitors, and manages the SIEM environment. Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app, Triage events, Incident Analysis.
• Experience in dashboards and reports performance optimization. Working knowledge of scripting languages (e.g. Python bash, etc.). Excellent knowledge of TCP/IP networking, and inter-networking technologies (routing/switching, proxy, firewall, load balancing etc.)
• Developed specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflow
• Splunk SPL (Search Processing Language) and Dashboarding/Visualization. Setup dashboards for network device logs.
• Installation and configuration of Splunk apps to onboard security data sources into Splunk
• Good experience in working with SNMP traps and Syslog NG in on boarding the security devices on Splunk monitoring.
• Experience with regular expressions and using regular expressions for data retrieval.
• Work with application owners to create or update monitoring for applications.
• Administering Splunk and Splunk; Integrating Splunk with a wide variety of legacy data sources and industry leading commercial security and other tools.
• Assisting users to customize and configure Splunk to meet their requirements.
• Perform implementation of security and compliance-based use cases. Performing maintenance and optimization of existing Splunk deployments.
• Analyzed existing distributed deployment Splunk Environment, Designed and implemented clustered Splunk deployment for Searching and Reporting Modules Knowledge Objects, Administration, Add-On, Dashboards, Clustering search head, indexer across data centers and Forwarder Management.
• Communicating with customer stake holders to include leadership, support teams, and system administrators.
• Technical writing/creation of formal documentation such as reports, training material and architecture diagrams.

TECHNICAL SKILLS:

Log Analysis Tool: Splunk Enterprise Server 5.x/6.x, Splunk Universal Forwarder 5.x/6.x, Splunk DB Connect

Web/App Servers: Web Sphere Application Server 5.0/6.x/7.x/8.x, Web Sphere MQ Sever 6.x/7.x, Web Sphere XD 6.0/6.1, IBM Http Server 6.x/7.x/8.x, Apache Web Server 2.x, Tomcat 5.5, IIS 6/7.x

Operating Systems: IBM AIX (5.1/6.1), Windows 2000, XP, Windows NT, Unix/Linux (Red Hat), VMware

Programming: C++, C, SQL/PL SQL, HTML, DHTML, XML

Scripting: JACL, Python, WSCP, WSADMIN, Korn Shell Script, Perl, JavaScript, CSS, Batch

Databases: Oracle (8i/9i), UDB/DB2, Sybase, MS SQL Server, IBM DB2

Monitoring tools: Wily Introscope 8.x/9.x, Tivoli, BSM Topaz, Tivoli Performance Viewer, IBM Thread and Heap Analyzers

Networking: TCP/IP Protocols, Socket Programming, DNS.

Frame work: MVC, J2EE Design Patterns, Struts.

IDE: Eclipse, RAD 7, Net Beans, Edit plus, TOAD

Methodology: Agile, waterfall

PROFESSIONAL EXPERIENCE:

Splunk Admin/Developer

Confidential - Chicago, IL

Responsibilities:

• Configured Splunk Searching and Reporting modules, Knowledge Objects, Administered Data Ingestion, Add-On's, Dashboards, Index Cluster and Forwarder Management.
• Designing and implementing Splunk-based best practice solutions. Requirement gathering and analysis. Interacted with team members and Business users during the design and development of the application.
• Data collection from various systems/servers, Forwarder Management, creating and managing Splunk apps.
• Building Splunk queries by Splunk Search Processing Language (SPL) and Regular expressions.
• Designed and maintained complex Splunk dashboards on Enterprise and Enterprise Security.
• Configured Splunk forwarders and indexers to ingest infrastructure logs.
• Created and configured KPI's in Splunk IT Service Intelligence (ITSI).
• Configured Splunk for dynamic analytics and machine data indexing
• Worked on Splunk search processing language, Splunk dashboards and Splunk DB connect app.
• Involved in the requirement gathering and analysis. Interacted with team members and Business users during the design and development of the application.
• Worked on developing internal web application, Employee Ideal Portal using JAVA, JSP and Spring Framework
• Used monitor text files and convert their contents into syslog messages.
• Created Access controls, to the user by creating AD (Active Directory) groups power and user groups.
• Assisted stakeholders of Splunk in designing and maintaining production-quality data, dashboards and various applications.
• Involved in Proof-of-Concepts (POC) on Splunk implementation mentored and guided other team members on Understanding the use case of Splunk.
• Involved in on-boarding data of Stakeholder into Splunk and explaining the Line of business concepts.
• Used log in UNIX computer systems for forwarding log messages in an IP network, rite it to a file or database or forward it to a remote host.
• Provided monitoring and response to security events in Security Operations Centre (SOC) team.
• Troubleshoot technical issues to establish the root cause of problems and form a solution or workaround across a range of environments.
• Reproduce issues and if necessary file bug reports, escalate cases to Vendor, and provide necessary documentation.
• Setup SSL for communication with & between various Splunk components.
• Grew and improve the Enterprise Splunk environment from early stages to a mature implementation.
• Handled security events that affect VMware systems, applications, infrastructure, information, and users.
• Used endpoint security products, including Titanium and McAfee ePO
• Support large-scale deployments across multiple AWS regions, with data, feeds from multiple on-premise data centers.
• Mentor members of the technical staff to support and assist in Splunk-related activities.
• Create and maintain documentation related to Architecture and Operational processes for Splunk.
• Involved in Installation, Administration, and Configuration of Splunk Enterprise and integration with local legacy systems.
• Worked on Splunk DB Connect 2.0 in search head cluster environments of Oracle.
• Worked on Splunk UI/GUI development and operations roles.
• Creating and customizing Splunk applications, searches, and dashboards as desired by IT teams and business.
• Developed Splunk Search Processing Language (SPL) queries, created Reports, Alerts and Dashboards and customized them.

Splunk Engineer

Confidential - Orlando, FL

Responsibilities:

• Requirement gathering and analysis. Interacted with team members and users during the design and development of the applications and Splunk Objects.
• Splunk SPL (Search Processing Language) and Dashboarding/Visualization. Setup dashboards for network device logs.
• Receiving promptly, handling, gathering requirements through remedy tickets and resolving at on time.
• Data collection from various systems/servers, Forwarder Management, creating and managing Splunk apps.
• Building Splunk queries by Splunk Search Processing Language (SPL) and Regular expressions.
• Creating, maintain, support, repair, customizing System & Splunk applications, search queries and dashboards.
• Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app.
• Developed Splunk Objects and reports on Security baseline violations, Non-authenticated connections, Brute force attacks and many use cases.
• Good experience in working with SNMP traps and Syslog NG in onboarding the security devices on Splunk.
• Design, support and maintain large Splunk environment in a highly available, redundant, geographically dispersed environment.
• Installed Splunk Common Information Model add-on is packaged with Splunk Enterprise Security, Splunk IT Service Intelligence, and the Splunk App for PCI Compliance.
• Install, configure, and troubleshoot Splunk. Experience with regular expressions and using regular expressions for data retrieval. Work with application owners to create or update monitoring for applications.
• Experience creating and maintaining Splunk reports, dashboards, forms, visualizations, alerts.
• Good experience in building Splunk Security Analytics. Lead logging enrollments from multi-tier applications into the enterprise logging platforms.
• Developed specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflow.
• Strong knowledge of Windows, Linux, and UNIX operating systems.
• Experience in responding to requests and incident tickets within defined Service Level Agreements.
• Supports, Monitors and manages the SIEM environment
• Integration of Splunk with a wide variety of legacy and security data sources that use various protocols.
• Installation and configuration of Splunk apps to onboard data sources into Splunk

Splunk Admin/Developer

Confidential

Responsibilities:

• Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
• Monitored Splunk Infrastructure for capacity planning and optimization.
• Use Splunk Enterprise Security to configure correlation search, key indicators and risk scoring framework.
• Worked on installing the Splunk Enterprise 6.3.3 on both Linux (Red Hat Distro) and Windows Servers as a separate Splunk User.
• Installation and configuration of various components like indexer, forwarder, search head, deployment server.
• Involved in in installing the Splunk Universal Forwarder and Splunk Heavy Forwarder on both Linux and Windows Environment.
• Installation of Splunk Applications and Technology Add-ons with respect to the technology.
• Updated the Splunk Enterprise 6.3.3 to 6.4.
• Designing and maintaining production-quality Splunk dashboards.
• Splunk Enterprise Deployments and enabled continuous integration on as part of configuration management.
• Helping application teams in on-boarding Splunk and creating dashboards/alerts/reports.
• Worked on Design, Implementation, Configuration and Management of Splunk Enterprise.
• Created Splunk Search Processing Language (SPL) queries, Reports, Alerts and Dashboards.
• Good understanding of security threats and vulnerabilities and how to detect and mitigate them, experience in building security monitoring and incident management solutions using Splunk.
• Created various types of charts Alert settings Knowledge of app creation, user and role access permissions.
• Experienced in working with Splunk authentication and permissions and having significant experience in supporting large scale Splunk deployments.
• Involved in admin activities and worked on inputs.conf, index.conf, props.conf and transform.conf to set up time zone and time stamp extractions, complex event transformations and whether any event breaking.
• Created Dashboards, Visualizations, Statistical reports, scheduled searches, alerts and also worked on creating different other knowledge objects.
• Designing and maintaining production-quality Splunk dashboards.
• Extensively used App Dynamics to monitor CPU, memory usage, JVM heap memory health, session and thread counts, and application log error.