We provide IT Staff Augmentation Services!

Splunk Engineer Resume

SUMMARY

  • Experience in configuring, implementing, analyzing and supporting Splunk server infrastructure across Windows, UNIX and Linux. Experience with a variety of Operating Systems, Protocols and Tools depending on the type of platform or application to be administered.
  • Upgrade and Optimize Splunk setup with new discharges.
  • Experience In Creating Service Analyzer, KPI, Services and Glass Tables in ITSI.
  • Predictive Analysis Using Splunk Machine Learning Toolkit.
  • Extensive experience in deploying, configuring and administering Splunk clusters.
  • Expertise in Actuate reporting, development, deployment, management and performance tuning of Actuate reports.
  • LDAP and OKTA SSO integration With Splunk Servers.
  • Created custom Splunk app to identify and address emerging security threats (Threat hunting) through the use of continuous monitoring, alerting and analytics.
  • Expertise in building custom Correlation Search, Validating Existing and Mapping Data related to Correlation Search In Splunk ES.
  • Build and Manage Asset and Identity lookup tables in ES.
  • Datamodel mapping with the various types of Security Data Sources ( Palo Alto, Mcafee EPO,
  • CISCO:IOS, TrendMicro, OKTA ect.)
  • Helping application teams in on - boarding Splunk and creating dashboards, alerts, reports etc.
  • Experience working on Splunk 5.x, 6.x,7.x Splunk DBConnect 1.x,2.x, different kind of Splunk add-on and apps on distributed Splunk Environments and Clustered Splunk Environments on Linux and Windows operating systems.
  • Created Tags and Eventtypes to increase the Query Performance.
  • Integrate different type Threat Intelligence With Splunk ES.
  • Investigate and Mange Notable Events In The Incident Review.
  • Knowledge in various types of Security Domains Like Access, Endpoint, Network.
  • Setup Splunk Forwarders for new application levels brought into environment.
  • Collecting data using features like HTTPEventCollector,network inputs etc.
  • Experience with tstats, datamodels, data normalization etc.
  • Experience in Optimizing search queries.
  • Experience in dealing with scenarios for using summary indexing.
  • Experience in Microsoft Azure and O365 integration and monitoring with Splunk.
  • Comfortable in SPL, Regular Expressions, drilldown,custom visualization.
  • Develop custom app configurations (deployment-apps) within SPLUNK in order to parse, index multiple types of log format across all application environments.
  • Familiar with Windows Servers, Red Hat Linux Enterprise Servers.
  • Good Understating Of SOC workflows.
  • Experience with Service NOW integration with Splunk.
  • Good Understanding of configuration files, precedence and daily work exposure to Props.conf, transforms.conf, inputs.conf, outputs.conf and Setting up a forwarder information based on requirement.
  • Build and configured a virtual data center in AWS cloud to support enterprise data warehouse hosting including VPC, public and private subnets, security groups, route tables.
  • Excellent skills on making data as CIM Compliant.
  • Excellent skills on troubleshooting and problem determination of HTTP/System/ Network related problems including monitoring, capacity planning and maintenance by providing 24X7 support on call for all mission critical applications. Strong background in a disciplined software development life cycle (SDLC).
  • Excellent analytical and interpersonal skills and ability to learn new concepts and supported 24/7 on call in production and development environment.
  • Understanding of Network Firewalls, Load-balancers, LDAP and complex network design.
  • Experienced with security-related technologies including Active Directory, host-based firewalls, host-based intrusion detection systems, application white listing, server configuration controls, logging, SIEM, monitoring tools, and antivirus systems.
  • Worked with members of the Security Operations Center to provide guidance and assist with remediation plans for incidents and discovered vulnerabilities.
  • Have experience working in different environments and with the process flows in AGILE as well as Waterfall methodologies.
  • Interpreted and developed SIEM products to meet the internal and external and customer requirements. Experience in working on management and SIEM solutions.
  • Worked on Security solutions SIEM that enable organizations to detect, respond and prevent these threats by providing valuable context and visual insights to help you make faster and smarter security decisions.
  • Expertise with SIEM (security information and event management). Manage Splunk user accounts (create, delete, modify, etc.) Scripted SQL Queries in accordance with the Splunk.
  • Maintain current functional and technical knowledge of the Splunk platform and future products.

TECHNICAL SKILLS

Log Analysis Tool: Splunk Enterprise Server 5.x/6.x/7.x, Splunk Universal Forwarder 5.x/6.x/7.x, Splunk DB Connect, Splunk ES, ITSI, MLTK etc.

Operating Systems: RHEL Linux, Windows Server 2003/2008 R2, VMWare

Programming: Java, C++, C, SQL, HTML, XML,C#.

Scripting: Python, Korn Shell Script, JavaScript, CSS, Batch

Networking: TCP/IP Protocols, DNS.

PROFESSIONAL EXPERIENCE

Splunk Engineer

Confidential

Responsibilities:

  • Expertise in building custom Correlation Search, Validating Existing and Mapping Data related to Correlation Search In Splunk ES.
  • Build and Manage Asset and Identity lookup tables in ES.
  • Datamodel mapping with the various types of Security Data Sources ( Palo Alto, Mcafee EPOCISCO:IOS, TrendMicro, OKTA ect.)
  • Developed Splunk Dashboards, searches and reporting to support various internal clients in Security, IT Operations and Application Development.
  • Installed, Configured and administrated Splunk Enterprise and Splunk forwarders on Windows Servers and Linux Servers.
  • Created historical and real - time Dashboards, reports, scheduled searches and alerts
  • Deployed and Managed Splunk DB connect Identities, Database Connections, Database Inputs, Outputs, lookups, access controls.
  • Expertise in Installation, Configuration, Migration, Trouble-Shooting and Maintenance of Splunk, Passionate about Machine data and operational Intelligence.
  • Worked on Integrating Splunk with Windows Active Directory and LDAP.
  • Installing and using Splunk apps for UNIX and Linux (Splunk UNIX).
  • Analyzed security based events, risks and reporting instances. Correlating events from a Network, OS, Anti-Virus, IDS/ IPS, Firewalls or Proxies and analyzing them for possible threats.
  • Understand and interpret customer requirements for Splunk implementation for an enterprise solution.
  • Provide deployment strategies with the understanding of affordable risk based on customer acceptance.
  • Apply, as appropriate, activity and data modeling, transaction flow analysis, internal control and risk analysis and modern business methods and performance measurement techniques
  • Created and configured management reports and dashboards. Planned, implemented, and managed Splunk for log management and analytics
  • Experience with creating Physical and logical data models
  • Validate the existing rules and provide recommendation on fine tuning the rules. Creating and sending Risk Advisories to our clients.
  • Suppress false positive alerts. Weekly/Monthly incident analysis report. Analyzing the events and providing solutions for the incidents.
  • Involved in setting up alerts for a different type of errors, Data Enrichment using the lookups and Data Interpretation using the Fields and Fields Extraction and performing the Data Normalization using the Tags.
  • Good Understanding of configuration files, precedence and daily work exposure to Props.conf, transforms.conf, inputs.conf, outputs.conf and Setting up a forwarder information based on requirement.
  • Maintained Splunk Environment with multiple indexers; managed and configured settings.
  • Improved search performance by configuring to search heads for all Indexes in production.
  • Analyzed security based events, risks and reporting instances. Developed Splunk queries and dashboards targeted at understanding application performance and capacity analysis.
  • Worked for getting data in managing Splunk apps. Assisted internal users of Splunk in designing and maintaining production-quality dashboards.
  • Splunk DB Connect 2.0 in search head cluster environments of Oracle. Installation and implementation of several kinds of visualizations to Splunk dashboards.
  • Continuous monitored of the alerts received through emails to check if all the application servers and web servers are up.
  • Knowledge on Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing.
  • Ability to build custom applications and technical add-ons for efficiently on-barding data and meeting Splunk CIM compliance for Enterprise Security accelerated data models
  • Conducted surveillance on various phishing emails and created alerts from future spam. Worked as part of Cyber Security Incident Response team to check on malware virus and threat emails.
  • Developed Splunk Search Processing Language (SPL) queries, created Reports, Alerts and Dashboards and customized them.

Environment: Splunk 7.x, Cisco WebEx application, Splunk DB Connect and other modules,Oracle 9i/10g, Python

Confidential

Splunk Developer/ Admin

Responsibilities:

  • Installation and configuration of Splunk product at different environments. Configured Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add - On's, Dashboards, Clustering and Forwarder Management.
  • Monitoring or analyzing the real-time events for the security devices like Firewall, IPS/IDS, Anti-Virus etc., using SIEM tools.
  • Upgraded Splunk Enterprise from v 7.0.0 to v 7.2.2 in clustered environments and non-clustered environments.
  • Analyzed security based events, risks and reporting instances. Correlating events from a Network, OS, Anti-Virus, IDS/ IPS, Firewalls or Proxies and analyzing them for possible threats.
  • Understand and interpret customer requirements for Splunk implementation for an enterprise solution.
  • Experience with creating Physical and logical data models.
  • Provide deployment strategies with the understanding of affordable risk based on customer acceptance.
  • Created and configured management reports and dashboards. Planned, implemented, and managed Splunk for log management and analytics
  • Monitor security violations, flag potential violations and logging security incidents from tools like Cyberark (PAM Solution), Smoke Screen (Threat Intelligence deception Technology)
  • Validate the existing rules and provide recommendation on fine tuning the rules. Creating and sending Risk Advisories to our clients.
  • Suppress false positive alerts. Weekly/Monthly incident analysis report. Analyzing the events and providing solutions for the incidents.
  • Experience with tstats, datamodels, data normalization etc.
  • Experience in Optimizing search queries.
  • Experience in dealing with scenarios for using summary indexing.
  • Experience with Microsoft Azure and O365 integration and monitoring with Splunk.
  • Involved in setting up alerts for a different type of errors, Data Enrichment using the lookups and Data Interpretation using the Fields and Fields Extraction and performing the Data Normalization using the Tags.
  • Good Understanding of configuration files, precedence and daily work exposure to Props.conf, transforms.conf, inputs.conf, outputs.conf and Setting up a forwarder information based on requirement.
  • Maintained Splunk Environment with multiple indexers; managed and configured settings.
  • Improved search performance by configuring to search heads for all Indexes in production.
  • Analyzed security based events, risks and reporting instances. Developed Splunk queries and dashboards targeted at understanding application performance and capacity analysis.
  • Worked for getting data in managing Splunk apps. Assisted internal users of Splunk in designing and maintaining production-quality dashboards.
  • Splunk DB Connect 2.0 in search head cluster environments of Oracle. Installation and implementation of several kinds of visualizations to Splunk dashboards.
  • Continuous monitored of the alerts received through emails to check if all the application servers and web servers are up.
  • Worked in SIEM environment Implemented security systems to computer networks in compliance with company's security policies. Prepared documents to support customers and service engineers.
  • Knowledge on Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing.
  • Conducted surveillance on various phishing emails and created alerts from future spam. Worked as part of Cyber Security Incident Response team to check on malware virus and threat emails.
  • Developed Splunk Search Processing Language (SPL) queries, created Reports, Alerts and Dashboards and customized them.

Environment: Splunk 6.x, Splunk 7.x, Splunk DB Connect and other modules, Tomcat 5.x/6.x, Oracle 9i/10g, Solaris 10, LINUX, Python, Smokescreen,CyberArk, O365, Azure AD

Confidential

Splunk Admin/Developer

Responsibilities:

  • Installation and configuration of Splunk product at high level Multisite Clustered Environments.
  • Configured Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add - On's, Dashboards, Clustering and Forwarder Management.
  • Setup Splunk Forwarders for new application tiers introduced into the environment and existing applications Work closely with Application Teams to create new Splunk dashboards for Operation teams.
  • Splunk Enterprise Deployments and enabled continuous integration on as part of configuration management.
  • Designed Splunk Enterprise 6.5 infrastructure to provide high availability by configuring clusters across two different data centers.
  • Installed, Configured, Maintained, Tuned and Supported Splunk Enterprise server 6.x/5.x.
  • Architect and Implement Splunk arrangements in exceptionally accessible, repetitive, conveyed figuring situations.
  • Performed Field Extractions and Transformations using the RegEx in Splunk.
  • Responsible for Installing, configured and administered Splunk Enterprise on Linux and Windows servers.
  • Supported the upgradation of Splunk Enterprise server and Splunk Universal Forwarder from 6.5 to 6.6.
  • Hands on experience in customizing Splunk dashboards, visualizations, configurations using customized Splunk queries.
  • Monitored the Splunk infrastructure for capacity planning, scalability, and optimization.
  • Experienced in using Splunk- DB connect for real-time data integration between Splunk Enterprise and rest all other databases.
  • Expertise in Actuate Reporting, development, deployment, management and performance tuning of Actuate reports.
  • Responsible in handling the configurations and Load Balancing between different Indexers on a Multisite Clustered Environment.
  • Install and maintain the Splunk adds-on including the DB Connect, Active Directory LDAP for work with directory and SQL database.
  • Created basic search heads for the application teams and creating users, roles and granting permissions.
  • Configured Add-On's for ServiceNow to pull data to Splunk and integrated to raise tickets in ServiceNow.
  • Responsible in handling the Failover/Failback of Splunk Instances between two regions during the Disaster Recovery plan of any major shutdowns on a particular site.
  • Prepared High-level Design Document and delivered to Client as a part of Managed Security Services team player.
  • Responsible with Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards, Clustering and Forwarder Management.
  • Monitored license usage, indexing metrics, Index Performance, Forwarder performance, death testing.
  • Splunk Architecture/Engineering and Administration for SOX monitoring and control compliance.
  • Design and implement Splunk Architecture (Indexer, Deployment server, Search heads, and Forwarder management), create/migrate existing Dashboards, Reports, Alerts, on daily/weekly schedule to provide the best productivity and service to the business units and other stakeholders.
  • Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.

Environment: Splunk 5.x/6.x, Splunk DBConnect2.0, HAproxy Load Balancers, RedHat Linux 6.x, JDBC, JDK1.7, J2EE, JSP, Servlets, XML, Oracle 11g.

Hire Now