PROFESSIONAL SUMMARY:

• Certified and Experienced SIEM Engineer and Splunk Analyst with more than eight years of IT experience with a focus on designing, deploying and analyzingsecurity solutions.
• Experience in Security Incident handling, SIEM using Splunk and IBM Q - radar products
• Involved in Integration of Q-radar SIEM with RSA Envsion, Splunk and HP Arc Sight.
• Project involves security event monitoring, analysis, triage incident alerting and reporting using Q-radar, Splunk,HP Arc Sight and more SIEM tools.
• Knowledge on cleaning up log auto-discovered sources in Q-radar by identifying duplicates, correcting mis-identified log sources, and identifying log sources from their logs.
• Expert Understanding to develop the complex Use Cases, Universal device support Modules on the Q-radar SIEM
• Proven ability in identifying various network security vulnerabilities and explain in detail how to remediate the identified vulnerabilities.
• Strong troubleshooting, reasoning, problem-solving skills, flexible and able to deliver quality results.
• Hands-on experience writing correlation rules based on business use cases independently.
• Experience in developing the complex Use Cases, Universal device support Modules (UDSM) for non-supportable logs on the Q-radar SIEM.
• Good experience in handling security incident response.
• Experience developing strategic plans for agency-wide implementation to address the operations of client services, product support, and quality assurance.
• Expertise in conducting investigations of Security violations and breaches and recommending solutions; preparing reports on intrusions as necessary and providing analysis summary to management.
• Proven ability in identifying various network security vulnerabilities and explain in detail how to remediate the identified vulnerabilities.
• Maintained up-to-date procedures and documentation to support IT security processes.
• Strong troubleshooting, reasoning, problem-solving skills, flexible and able to deliver quality results.
• Monitored and responded to network intrusions and vulnerability alerts raised by automated detection systems, internal and external reports and manual investigation, using tools such as snort IDS.
• Expertise in conducting investigations of Security violations and breaches and recommending solutions; preparing reports on intrusions as necessary and providing analysis summary to management.

TECHNICAL SKILLS:

SIEM Tool: IBM Q-radar, Splunk, IBM Guardium, Tripwire., HP ArcSight, Nessus, WebSense

Windows based Operating Systems: Windows 2000, XP,7,8,10, Windows Server 2008. 2012

Unix/Linux based operating Systems: Red Hat, Ubuntu, Kali Linux, VM Ware

Security / Vulnerability Tools: Snort, Wireshark, Websense, Bluecoat, Palo Alto, Checkpoint, Symantec, Qualys Vulnerability Manager, FireEye HX, Sophos, Sourcefire

PROFESSIONAL EXPERIENCE:

Splunk Admin/ SIEM Consultant / Information Security

Confidential, Fort Lauderdale, FL

Responsibilities:

• Designed and implemented various enterprise level UNIX - based systems
• Designed and implemented Server management tools for monitoring system and network performance, file integrity, and IDS policy management
• Conduct periodic network, system, application, and physical security audits
• Maintain a set of policy documents, security standards, and process and procedure documents for the Technologies Division
• Responsible for monitoring and, providing analysis in a 24x7x365 Security Operation Center (SOC) using various SIEM(Splunk), IDS/IPS software tools.
• Responsible for Data loss prevention (DLP) and service interruptions.
• Exposure to wild fire advance malware detection using IPS feature of Palo Alto.
• Monitor critical infrastructure including firewalls, IDS/IPS devices, virtual networks, vulnerability scanners, VPNs, WANs, and disaster recovery sites
• Managed and maintained various network security systems including firewalls, IDS systems, central authentication systems, application proxies, and general support systems
• Engineering, configuring and deploying Enterprise SIEM/SEM solutions.
• Manage Splunk (SIEM) configuration files like inputs, props, transforms, and lookups. Upgrading the Splunk Enterprise and security patching.
• Initiated projects to create disaster recovery plans for identified gaps.
• Established disaster recovery plan testing and auditing cadence.
• Create policies, alerts and configure using SIEM tools (Splunk )
• Assisted Intelligence Team with indicators associated with different Actor groups to combat cyber-attacks.
• Uses security measures and information collected to identify, analyze and report system events in Splunk(SIEM) that occur within the network.
• IPS/ IDS monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false positives.
• Monitoring network traffic for security events and perform triage analysis to identify security incidents.
• Investigate meta data using RSA Netwitness.
• Leveraged Cisco ThreatGrid sandbox to analyze and collect behavior indicators for suspicious URL and files.
• Manage Splunk(SIEM) configuration files like input, props, transforms etc.
• Upgrading the Splunk(SIEM) Enterprise and security patching.
• Well versed in both remote and on-site user Splunk (SIEM) Support
• Centralizing the storage and interpretation of logs using Splunk(SIEM) System.
• Maintained Standard Operating Procedures (SOPs) and training documentation
• Served as the primary technical support for tier3 analyst(Security patching, TAC cases)
• Tested new security tools/products and make recommendations of tools to be implemented in the SOC environment.
• Monitored Security Management Console for Security Operation Centre (SOC) for ensuring confidentiality, Integrity and Availability of Information systems.
• Work on task assigned by leadership that involves coordination with other departments.
• Create procedures and Knowledge Base documents.

Splunk Developer/Admin

Confidential, Seattle, WA

Responsibilities:

• Install, configure and administer Splunk Enterprise Server 6.x.x and Splunk Forwarder6.x.x on Red hat Linux.
• Setup Splunk Forwarders for new application tiers introduced into environment and existing applications.
• Work closely with Application Teams to create new Splunk dashboards for Operation teams.
• Troubleshooting and resolve the Splunk - performance, search poling, log monitoring issues; role mapping, dashboard creation etc.
• Worked with McAfee products to maintain the environment, determine new deployment opportunities and provide feedback to other operational teams.
• Designing and implementing Splunk-based best practice solutions. Requirement gathering and analysis. Interacted with team members and Business users during the design and development of the application.
• Expertise with Splunk UI/GUI development and operations roles.
• Data collection from various systems/servers, Forwarder Management, creating and managing Splunk apps.
• Worked on data model relationships in underlying raw data and making it more meaningful and useful to quickly generate charts, visuals and dashboards using pivot.
• Building Splunk queries by Splunk Search Processing Language (SPL) and Regular expressions.
• Implemented Agile (Scrum) QA methodologies.
• Responsible for verifying business requirements, ETL Analysis, ETL test and design of the flow and the logic for the Data warehouse using Informatica and Shell Scripting.
• Extensively worked on creation of range maps for various SLA conditions by using all kinds of Splunk 6.x Dashboard Examples.
• Wrote different SQL queries based on ETL mapping to verify ETL process between different Environments as well as different Stages of ETL process.
• Publishing data into Splunk through configurations such as inputs.conf, severclass.conf, server.conf, apps.conf and Outputs.conf configurations
• Configurations with deployment server, indexers, search heads, serverclass.conf, server.conf, apps.conf, props.conf, transform.conf, forwarder management configurations.
• Created and triggered various dropdowns and drilldowns by using Splunk static Lookups.
• Installed, Configured, implemented various visualization Add-ons to the developed and developing dashboards.
• Created a drilldown of navigations from one Splunk app to the other app.
• Review and apply any newly available and applicable SPLUNK software or policy updates routinely.
• Assist with design of core scripts to automate SPLUNK maintenance and alerting tasks.
• Support SPLUNK on UNIX, Linux, and Windows-based platforms. Assist with automation of processes and procedures.
• Maintain current functional and technical knowledge of the SPLUNK platform and future products.
• Help to document best practices in developing and using SPLUNK.
• Implemented Post processing method for searches in dashboards.
• Extensively worked on building of range maps for various SLA conditions by using all kinds of Splunk 6.x Dashboard Examples.
• Monitor the applications and server infrastructure for optimization, performance and Utilization metrics.
• Configured Alerts and notifications on various thresholds, SLAs for Personal Insurance Architecture team.
• Doing Team leading, deeper analysis of data using event correlations across indexes and various source types to generate custom reports for senior management.
• Providing Training to senior management, developers and Splunk Object End-users, Documentation, and communications on future upgrades.

Splunk Engineer

Confidential, Norwalk, CT

Responsibilities:

• Performed Splunk administration tasks such as installing, configuring, monitoring and tuning.
• Install and maintain the Splunk add-on including the DB Connect 1, Active Directory LDAP for work with directory and SQL database.
• Installed and configured Splunk DB Connect in Single and distributed server environments.
• Configure the add-on app SSO Integration for user authentication and Single Sign-on in Splunk Web.
• Automating in Splunk using Perl with Service-Now for event triggering.
• Deployed Splunk updates and license distribution over multiple servers using a deployment server.
• Create Dashboard Views, Reports and Alerts for events and configure alert mail.
• Monitor the Splunk infrastructure for capacity planning and optimization
• Server monitoring using tools likes Splunk, Solarwinds-Orion, HP BSM and HP Open View.
• Integrated Service Now with Splunk to generate the Incidents from Splunk.
• Active monitoring of Jobs through alert tools and responding with certain action logs, analyses the logs and escalate to high level teams on critical issues.
• Configured and administered Tomcat JDBC, JMS and JNDI services.
• Configured Node manager to remotely administer Managed servers
• Experience in handling network resources and protocols such as TCP/IP, Ethernet, DNS
• Splunk configuration that involves different web application and batch, create Saved search and summary search, summary indexes.
• Splunk search construction with ability to create well-structured search queries that minimize performance impact.

Information Security

Confidential

Responsibilities:

• Investigated potential or actual security violations or incidents to identify issues and areas that required new security measures or policy changes.
• Investigated and identified multiple attack vectors, like malware, brute force, SQL injection, ransomware attack.
• Collected, analyzed and preserved the evidence related to ATA.
• Collected the logs of all the network devices and analyzed the logs to find the suspicious activities.
• Investigated the security logs, mitigation strategies and responsible for preparing Generic Security incident report.
• Ensured that the IT Security guidelines were effectively implemented to protect or identify threats and took appropriate counteractions.
• Handled tickets with Resilient and co-relating them to provide good incident response system.
• Worked as a part of Security Operations Centre in Intrusion Analysis Team for managing and monitoring IPS/IDS devices across corporate locations.
• Monitored various event sources for possible intrusion and determine the severity of the threat.
• Monitored intrusion attempts on internal/external network and devices, analyzing and responding to security incidents in a proactive manner.
• Identified vulnerabilities and security threats, using various tools and provided a complete fix.
• Conducted network vulnerability assessments to identify system vulnerabilities.
• Collaborated with other departments in investigations for HIPPA and PCI violations.
• Installed and configured Symantec Enterprise Anti-Virus.
• Logged, monitored response concepts and technologies for cloud networks, corporate networks, and hosts in all environments.
• Worked with SOC team to ensure in corporation of security activities in an ongoing project and to identify security impact of new releases.
• Developed, implemented, and maintained employee database for multiple departments.
• Worked with global security team for the Server Compliance and risk management.
• Maintained and developed key documentation and reports in alignment with company standards.