SUMMARY

• Computer Science Engineer with previous professional experience. Detail - oriented individual with patience and flexibility dat thrives in a position dat requires quick learning and great accuracy.
• Proficient Splunk Engineer with 3+ year of IT experience in client/server applications.

PROFESSIONAL EXPERIENCE

Confidential, Plano, TX

Network Security Sr. Analyst

Responsibilities:

• Working noledge on security technologies like Anti-virus, Encryption, Data Loss Prevention (DLP), IPS/IDS, Firewalls etc.
• Working on Shift basis in SOC, giving client 24/7 service, monitoring.
• Challenges dealing with customized threat bypasses security gateways,
• Loaded skills like understanding security policies, Data & traffic analysis, identifying security events, incident response.
• Security investigation skills like, prevent, detect, analyze, collect, mitigate.
• Also in incident response team responsible for handling security dat occur with in organization and correcting and documenting the security issue in a timely manner.
• Ingesting and working with various data types like CSV, JSON, XML, Raw Logs, Syslogs and parsing them with custom sourcetypes.
• Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing andsplunkclustering.
• Worked on setting upSplunkto capture and analyze data from various layers, Load Balancers, Webservers and application servers.
• Good Understanding and Knowledge about Vormetric.
• Installing and configuring Vormetric.
• Great noledge on computer forensics dealing with capture and analysis of evidence from computers, servers.
• Foundation skills like, Device config, traffic capture, performance monitoring, device monitoring.
• Strong analytical and problem solving skills as needed to perform the job of a SOC analyst.
• Tools used Nmap, Wireshark, Splunk
• Monitor systems and report the status to client staff.
• Splunk server configurations (web, indexing retention, autantication, etc.), data onboarding operations, data parsing operations
• Creates correlation search rule for the admin activity, indexes for field extractions.
• Create and manage host values and source types.
• Manage and ensure proper data fields for file and directory inputs.
• Manage network, Windows and any other inputs dat may arise (universal forwarders).
• Composed reports detailing theforensicanalyses performed and the results of the investigations.
• Conducted digitalforensicacquisitions and examinations of laptops, desktops, and other digital storage media in civil litigations, criminal matters, and internal investigations.
• Identify threats and work to create steps to defend against them
• Monitor network traffic for suspicious behavior
• Configure security systems such as firewalls, antivirus, and IDS/IPS software
• Actively protects the availability, confidentiality, and integrity of customer, employee, and business identity.
• Contribute to the Risk Assessment Program including identifying and scoring risk.
• Collaborate with the team and architecture on new platforms, IAM roadmap, assess security risks, and identity long-term strategy recommendations.
• Addressed basic client configuration issues and service alerts.
• Position requires mentoring and training of SOC Technicians and SOC employees.
• Monitored and correlated events with thorough noledge of principles, methods, and techniques of network and data security.

Confidential, Chicago, IL

Splunk Engineer

Responsibilities:

• Design, support and maintain theSplunkinfrastructure on Windows, Linux and UNIX environments.
• Installation ofSplunkEnterprise,Splunkforwarder,SplunkIndexer, Apps in multiple servers (Windows and Linux) with automation.
• Splunk Heavy Forwarder Configuration.Install and maintain theSplunkadd-on including the DB Connect, Active Directory, LDAP for work with directory.
• ManageSplunkconfiguration files like input, props, transforms etc.
• Upgrading theSplunkEnterprise and security patching.
• Well versed in both remote and on-site userSplunkSupport.
• On boarded multiple data sources withinSplunk, creating custom TAs for data parsing.
• Advised clients on the best practices for aSplunkdeployment
• Developed detailed documentation for the installation and configuration ofSplunkandSplunkApps

Confidential, Milwaukee, WI

Splunk Admin

Responsibilities:

• Monitor systems and report the status to client staff.
• Good working noledge on AWS Environment, Cloudtrail, Cloudwatch, Vpc flow logs, EC2 instance, configuring AWS.
• Splunk server configurations (web, indexing retention, autantication, etc.).
• Splunk data onboarding operations (inputs, SQL, index-time configurations).
• Splunk data parsing operations (search-time field extractions, eventtypes, tags).
• Manage existing application and create new applications (visual and non-visual).
• Worked on AWS cloudtrails and F5 data.
• Deploy, configure and maintainSplunkforwarder in different platforms.
• Creating Reports, Pivots, alerts, advanceSplunksearch and Visualization inSplunkenterprise.
• Provide power, admin access for the users and restrict their permission on files
• Installed and upgradedSplunksoftware in distributed and clustered

Environment: Windows Server 2012/2008/2003 R2, Linux and Unix Servers,SPLUNK 6.5, ServiceNow, F5 data, Vometric, wireshark, AWS cloudtrail, cloudwatch, Jira, TCP/IP, Nagios, CompTIA Security+.

Confidential

Security Analyst

Responsibilities:

• Analyze security and rewall logs for compromised/infected hosts on tanetwork
• Responsible for Disaster Recovery Site Management
• Design and develop theSecurityZone diagram for theSecurityMonitoring Team
• Member of theSecurityOperations Center (SOC) dat provides 24/7 monitoring, analysis, and remediation ofsecurityevents
• In charge of Cyber Attack Response Team including data recovery
• Analyze security incidents and escalate as necessary
• Create daily, monthly, and adhoc reports for various devices
• Identify, monitor, and prepare daily reports ofNetworkthreats, and Vulnerabilities
• Prepare reports using the Nagios server monitoring tool
• Create new process documents to halp theAnalystsin analyzing events
• Responsible for vulnerability reporting and vulnerability scan scheduling
• Follow up with asset owners for remediation of vulnerabilities either at OS or application level
• Maintain Spam Filter and Web Filter
• Work with vendors to support system maintenance
• Keep servers updated with latestsecurityupdates
• Create and migrate virtual servers