SUMMARY

• Experienced Security Consultant with seven years of IT experience with a focus on designing and developing security solutions.
• Solid understanding of Software Development Life Cycle (SDLC) processes including requirements gathering, analysis and design, development tools and technologies, release and version control, contemporary testing methodologies and deployment managements.
• In depth and extensive knowledge of Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model.
• Worked on Security solutions (SIEM) that enable organizations to detect, respond and prevent these threats by providing valuable context and visual insights to help you make faster and smarter security decisions.
• Headed Proof - of-Concepts (POC) on Splunk implementation, mentored and guided other team members on Understanding the use case of Splunk.
• Experience in deploying Splunk across the UNIX and windows environment. Also familiar with DevOps deployment tools like Chef.
• Experience in creating and Managing Splunk DB connect Identities, Database Connections, Database Inputs, Outputs, lookups, access controls.
• Proficient in using SQL Server Integration Services (SSIS) to build Data Integration and Workflow Solutions, Extract, Transform and Load (ETL) solutions for Data warehousing applications.
• Experience with Splunk technical implementation, Planning, customization, integration with big data and statistical and analytical modelling.
• Worked on various types of charts Alert settings Knowledge of app creation, user and role access permissions. Creating and managing app, Create user, role, Permissions to knowledge objects. Involved in setting up alerts for different type of errors.
• Worked extensively with complex mappings using different transformations like Source Qualifier, Expression, Filter, Joiner, Router, Union, Unconnected / Connected Lookups and Aggregator.
• Time chart attributes such as span, bins, Tag, Event types, Creating dashboards, reports using XML. Create dashboard from search, Scheduled searches o Inline search vs scheduled search in a dashboard.
• Experience in developing END to END planning & Implementation of Various Network Devices and Business Application with the SIEM Device -QRADAR/SPLUNK.
• Expert level understanding of Qradar Implementation & its Integration with other N/W devices and Applications and the troubleshooting work.
• Expertise in Creating Scripting for Configuration Backup, Report backup, Qradar Device Reports and for Metric Generation.
• Experience in creating custom views, reporting and automated alerting for both operational and security use using Qradar.
• Experience in Security Incident handling SIEM using RSA Envision and IBM Qradar products Identifying the critical IT infrastructure that requires 24/7 monitoring.
• Strong Experience in Maintaining of network/application security, applications programming, reverse engineering, malware analysis, cryptographic algorithms, Identify targeted attacks and other suspicious activity using a variety of network based tools.
• Excellent organizational, presentation, communication, project management skills, ability to work in a team and also independently.

TECHNICAL SKILLS:

SIEM Tool: IBM Qradar, Splunk, IBM Guardium, Tripwire.

Puppet master & Puppet: Monitoring, Reporting & Troubleshooting with Puppet Master. Building Hosts & Writing ManifestsPuppet Scalability

Operating Systems: Windows 2000, XP, Windows NT,Unix/Linux (Red Hat), VM Ware

Data Analysis: Requirement Analysis, Business Analysis, detail design, data flow diagrams, data definition table, Business Rules, data modelling, Data Warehousing, system integration

RDBMS: Oracle 11g/10g/9i/8i, MS-SQL Server 2000/2005/2008, Sybase, DB2 MS Access.

Web Technologies: HTML, DHTML, JavaScript, XML, XSL, XSLT

Web/App Servers: Apache Tomcat 6.0, web logic8.1/9.2, web sphere 6.0

Concepts: TCP/IP, LAN/WAN, Routers, Firewalls and Firewall (ACL), IPSEC, PPTP, L2TP, Backtrack 4 R2, SNORT, OSSEC, and Tripwire, Encryption Algorithms, Digital Signature, Deploying PKI.

Programming Language: C, C++, Java, Python, UNIX shell scripts

PROFESSIONAL EXPERIENCE

Confidential, Duluth, GA

Splunk SME

Responsibilities

• Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
• Monitor Splunk Infrastructure for capacity planning and optimization.
• On boarding of new data into Splunk. Troubleshooting Splunk and optimizing performance.
• Use Splunk Enterprise Security to configure correlation search, key indicators and risk scoring framework.
• Good understanding of security threats and vulnerabilities and how to detect and mitigate them, experience in building security monitoring and incident management solutions using Splunk.
• Created Various types of charts Alert settings Knowledge of app creation, user and role access permissions.
• Have Knowledge in various search commands like stats, chart, time chart, transaction, strptime, strftime, eval, where, xyseries table etc. and difference between event stats and stats.
• Experience in working with Splunk authentication and permissions and having significant experience in supporting large scale Splunk deployments.
• Created Dashboards, Visualizations, Statistical reports, scheduled searches, alerts and also worked on creating different other knowledge objects.
• Strong experience in working with Splunk architecture and various splunk components (indexer, forwarder, search head, deployment server), Universal and Heavy forwarder.
• Having Good experience on Security Information Event Management and good knowledge on information security products (Firewalls, IDS/IPS).
• Provide Regular support guidance to Splunk project teams on complex solution and issue resolution.
• Worked on installing Universal Forwarders and Heavy Forwarders to bring any kind of data fields in to Splunk.
• Designing and maintaining production-quality Splunk dashboards.
• Involved in admin activities and worked on inputs.conf, index.conf, props.conf and transform.conf to set up time zone and time stamp extractions, complex event transformations and whether any event breaking.
• Experience developing Splunk queries and dashboards targeted at understanding application performance and capacity analysis.
• Using Cisco Networks App includes dashboards, data models and logic for analyzing data from Cisco IOS, IOS XE, and NX-OS devices.
• Integrate Service Now with Splunk to consume the alerts from Splunk and create service now tickets.
• Splunk DB Connect 2.0 in search head cluster environments of Oracle, MySql.

Confidential, Atlanta, GA

Splunk Admin/Developer

Responsibilities:

• Created Splunk Search Processing Language (SPL) queries, Reports, Alerts, and Dashboards.
• Troubleshooting and resolve the Splunk - performance, search poling, log monitoring issues; role mapping, dashboard creation etc.
• Established indexes and retention policy of buckets; developed user roles to complement operational and security utilization. Set-up common sourcetypes using pre-trained datasets and constructed sourcetypes of unique data.
• Created Regular Expressions for Field Extractions and Field Transformations in Splunk.
• Expertise in WebLogic Application Server, Administration including installing, configuring, migrating, load balancing, deploying applications, performance tuning, upgrading, and maintenance of WebLogic Server.
• Involve in analysing daily application volume trend, Issues, Errors, and end to end reconciliation reports. Taking immediate appropriate action in case of any business or customer impact.
• Involved in Performing all upgrades and hot patches for McAfee SIEM (Nitro).
• Assisted internal users of Splunk in designing & maintaining production-quality dashboard, assisted offshore team to understand the use case of business and provided technical services to projects, user requests & data queries.
• Installed and configured different Splunk apps and add-ons on Splunk platform.
• Scripted SQL Queries in accordance with the Splunk.
• Splunk technical implementation, planning, customization, integration with big data.
• Knowledge about Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model.
• Splunk configuration that involves different web application and batch, create Saved search and summary search, summary indexes.
• Worked on log parsing, complex Splunk searches, including external table lookups.
• Use techniques to optimize searches for better performance, Search time vs Index time field extraction. And understanding of configuration files, precedence and working.
• Responsible for administering, maintaining, and configuring a 24 x 7 highly available, Splunk apps for production portal environment.
• Worked on configuration files inputs.conf, indexes.conf, props.conf, serverclass.conf, transforms.conf and limit.conf.
• Upgrading and Migrating the Splunk Components and setting up the Retention Policy for the indexes.
• Configuring LDAP and Single Sign-On for User Authentication in the organization.
• Configured Splunk for all the mission critical applications and using Splunk effectively for Application troubleshooting and monitoring post go lives.
• Worked Directly with Splunk Inc sales team in determining Log size and licensing cost for the client's Infrastructure.
• Working in 24 X 7 SOC operations in different shifts.
• Parsed, Indexed, Searched concepts Hot, Warm, Cold, Frozen bucketing.
• Supported HTTP methods following the REST API subsets including the CURD operations like the GET, POST and DELETE to return a HTTP status code to indicate the success of the operation or cause of a failure to fulfill the request.
• Used cURL and REST client browser plugins to exercise the API by using the curl command.

Environment: Splunk 6.3, Splunk 6.2, Unix, Linux, SQL server, XML, Web Services, Splunk DB connect 2.2, Unix, Oracle 11g, Service Now, MS SQL Server 2012, SQL server, Python Scripting

Confidential Tampa, Florida

Splunk Developer/Admin

Responsibilities:

• Managing the service request tickets within the phases of troubleshooting, maintenance, upgrades, fixes, patches and providing all-round technical support.
• Installation of Splunk Enterprise, Splunk forwarded, Splunk Indexer, Apps in multiple servers (Windows and Linux) with automation.
• Install and maintain the Splunk adds-on including the DB Connect, Active Directory LDAP for work with directory and SQL database.
• Configure the adds-on app SSO Integration for user authentication and Single Sign-on in Splunk Web.
• Configure and Install Splunk Enterprise, Agent, and Apache Server for user and role authentication and SSO.
• Manage Splunk configuration files like inputs, props, transforms, and lookups.
• Upgrading the Splunk Enterprise to 6.2.3 and security patching. Deploy, configure and maintain Splunk forwarder in different platforms. Ensuring that the application website is up and available to the users.
• Continuous monitoring of the alerts received through mails to check if all the application servers and web servers are up.
• Create Splunk Search Processing Language (SPL) queries, Reports, Alerts and Dashboards, Worked on various defects analysis and fixed them.
• Problem record analysis and solution providing Field Extraction, Using Ifx, Rex Command and Regex in configuration files.
• Creating Reports, Pivots, alerts, advance Splunk search and Visualization in Splunk enterprise. Provide power, admin access for the users and restrict their permission on files.
• Developed Splunk infrastructure and related solutions as per automation tool sets. Installed, tested and deployed monitoring solutions with Splunk services. Provided technical services to projects, user requests and data queries.
• Implemented forwarder configuration, search heads and indexing. Supported data source configurations and change management processes.
• Analyzed and monitored incident management and incident resolution problems. Resolved configuration based issues in coordination with infrastructure support teams. Maintained and managed assigned systems, Splunk related issues and administrators.
• Active monitoring of Jobs through alert tools and responding with certain action w.r.t to logs, analyses the logs and escalate to high level teams on critical issues.
• Worked on log parsing, complex Splunk searches, including external table lookups. Configured and administered Tomcat JDBC, JMS services.
• Designing and maintaining production-quality Splunk dashboards. Splunk configuration that involves different web application and batch, create Saved search and summary search, summary indexes.
• Deployed applications on multiple WebLogic Servers and maintained Load balancing, High availability and Fail over functionality.
• Created Crontab scripts for timely running jobs. Developed build scripts, UNIX shell scripts and auto deployment processes.

Environment: SPLUNK 6.2.3 Splunk 6.x, BIGIP Load Balancers, Configured plug-ins for Apache HTTP server 2.4, RedHat Linux 6.x, JSP, Servlets, XML, Oracle 11g, GIT.

Confidential, New Jeresy

IBM Qradar Engineer

Responsibilities:

• Participated in the product selection and installation of Qradar Security Information Event Manager SIEM consisting of multiple collectors and a high-performance MS SQL database.
• Responsible to propose rules to the client to implement into QRadar to trigger security events. Once the rules were approved, Involved to test them and implement them into QRadar.
• Involved in writing processes for the Level 1 Security Analysts about how to treat each offence, what to do when an issue would happen; or even how to configure each type of device to send their log to QRadar.
• Involved in configuring QRadar to send automatic reports using the report module of QRadar. Each report was sent to the client's different teams (Network, Database, System ).
• Global escalation point for degradation issues, as well as escalation point for addressing security events in accordance with First Data's information security polices, Incident management, Escalation Management, Incident Response Team and global CIRT team.
• Migrating existing Reports and Alerts from RSA envision to IBM Qradar.
• Aggregate, correlate and analyze log data from network devices, security devices and other key assets using Qradar.
• Created Dashboards, report, scheduled searches, and alerts, SIEM searches and alerts Metrics.
• Responsible for maintaining availability, reporting and communication of the SIEM between it, its event sources and the endpoints.
• Configured Reference Sets as White lists and Blacklists for Rules and Reports.
• Created and Run the Qradar Searches for Rules and Reports.
• Developed comprehensive security event reports to address current and potential security concerns and meet Audit Requirements.
• Managed the day-to-day log collection activities of source devices that send log data to SIEM IBM Qradar.
• Dashboard / Enterprise dashboard customization for a various team based on the log source type requirements.
• Identify current product management issues and developed a best practices process to efficiently manage the Security Information and Management tool.
• Created Scripting for Configuration Backup, Report backup, QRadar Device Reports and for Metric Generation.
• Cleaning up log sources auto-discovered in QRadar by identifying duplicates, correcting mis-identified log sources, and identifying log sources from their logs.
• Analysis of various use cases in the Qradar console like Malware, Adrelated issues.

Environment: Qradar, Redhat Linux, XML, Oracle DB, GIT.

Confidential

Security Consultant

Responsibilities:

• Provided regular support guidance to Splunk project teams on complex solution and issue resolution.
• Extensively involved in all phases of SDLC (Software Development Life Cycle) using agile methodology.
• Deployed and configured multiple companywide enterprise security solutions including Splunk.
• Strong understanding of Splunk Enterprise configurations specifically when using in a security related environment.
• Administered and configured DHCP, NFS, FTP, HTTP servers.
• Responsible for user/group management, setting user quota, access management etc.
• Implemented crons and scripts for automation and executing scheduled tasks.
• Perform vulnerability and risk assessment testing against web applications, customer portals, endpoints.
• users, network devices as well as oversee the patching and remediation of the critical issues.
• Monitored network traffic and bandwidth for anomalies via Splunk.
• Monitor Confidential ’s internal logs and traffic via Splunk and QRadar to proactively investigate suspicious traffic and determine if the anomalies were malicious.
• Validate test findings using Splunk Enterprise by creating extensive search queries and custom reports to only show the relevant results from the test.
• Conducted a forensic analysis if a security breach occurred and find out the root cause of the incident as well as oversee the remediation process.
• Responsible for monitoring multiple managed and customer environments simultaneously.