SUMMARY

• 6+ years of expertise and technical experience in the field of information technology, with extensive experience in SIEM tools like Splunk, arcsight and QRadar.
• Performed activities including requirement analysis, design and implementations of various client server - based applications usingSplunk 5.x,Splunk 6.x.
• Expert in creating Reports, Pivots, Alerts, Dashboards, advanceSplunk search, Visualization, log parsing in Splunk enterprise including external table lookups.
• Created Splunk dashboards for monitoring the server’s performance, CPU Utilization, disk usage and various types of business users in organization etc.
• Expert in developing customized Shell scripts in order to install, manage, configure multiple instances ofSplunk forwarders, indexers, search heads, deployment servers.
• Extensive experience in writing SQL Queries, Dynamic-queries, sub-queries, Complex Stored Procedures, Triggers, User-defined Functions, Views and Cursors.
• Knowledge in optimizing searches for better Performance, Search Time vs. Index Time Field Extraction and understanding of configuration files, precedence and working Props.conf, transforms.conf, inputs.conf, outputs.conf setting up a forwarder monitor stanza in inputs.conf.
• Extensive experience in Installation, Configuration, and Migration, Trouble-Shooting and Maintenance of Splunk, Apache Web Server on different UNIX flavors like Linux.
• Installed Splunk DB Connect 2.0 in Single and distributed server environments and Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing.
• Good understanding of Network Firewalls, Load-balancers, LDAP and complex network design.
• Expertise in customizingSplunk for Monitoring, Application Management and Security as per customer requirements and industry best practice.
• Expertise in implementing event correlation rules, logic, and content in the security information and event management system with specific experience in the ArcSight ESM environment.
• Experienced in the operation of ArcSight Security Information and Event Management systems to include ArcSight ESM, Connector appliances/Smart Connectors, Logger appliances.
• Experience with life-cycle management of the ArcSight platforms too including coordination and planning of upgrades, new deployments, and maintaining current operational data flows.
• Experience using IBMQRadar Security Intelligence to identify threats and assigned category.
• Familiar with Window Servers, Red Hat Linux Enterprise Servers, Solaris and IBM AIX servers.
• Expert in managing many of the proof-of-concept dashboards for IT operations and services owners which are used to monitor application and server health and on investigating HTTP issues using tools like Fiddler, HTTP Analyzer etc.
• Knowledge in various types of charts, Alert setting, app creation, user and role access permissions. Creating and managing app, Create user, role, Permissions to knowledge objects.
• Expertise withSplunk UI/GUI development and operations roles and styling, text customizations for different components of theSplunk platform using HTML, JavaScript and CSS
• Prepared industry specific content and integration of multiple feels like databases, Applications and network and Security devices logs to analyze potential threats and security risks
• Development of Tuning/Designing of Correlation rules to reduce the false positives and to generate the alerts/offenses/notifications for the attacks, Security Violations and any deviation in the traffic/flow.
• Experience with enterprise-class security products such as web proxy, reverse proxy, load balancing, IDS/IPS, DLP, Firewall, IPsec/SSL VPN, WAN/LAN, wireless and remote connectivity.
• Knowledge of software development life-cycle (SDLC) process. Followed Agile, scrum and story maps for dev tracking and experience in Operational Intelligence usingSplunk.
• Worked on Audit Violation Reports, Service Level Agreements (SLAs), SDLC, Agile.
• Excellent team player with self-motivation and experienced in task prioritizing and time management.

TECHNICAL SKILLS

Splunk: Splunk 5.x and 6.x, Splunk Enterprise, Splunk on Splunk, Splunk DB 2 Connect, Splunk Cloud, Hunk, Splunk IT Service Intelligence, Splunk Web Framework

Operating Systems: Windows 2000, XP, Win 10, Windows Server, Unix/Linux (Red Hat), Free BSD

Security / Vulnerability Tools: Snort, Wireshark, Websense, Bluecoat, Palo Alto, Checkpoint Symantec, Qualys Vulnerability Manager, FireEye HX, Sophos, Sourcefire

RDBMS: Oracle 11g/10g/9i/8i, MS-SQL Server 2000/2005/2008 , Sybase, DB2 MS Access, MySQL

Networking Protocols and Tools: TCP/IP, HTTP/HTTPS, SSH, SSL, DNS, SNMP Routers, Switches, Load Balancers, Cisco VPN, MS- Direct Access

Programming Language: C, C++, Java with Big Data, Python, UNIX shell scripts

SIEM: Splunk, ArcSight

PROFESSIONAL EXPERIENCE

Confidential, Plano, TX

Splunk Consultant

Responsibilities:

• Installation ofSplunk Enterprise,Splunk forwarded,Splunk Indexer, Apps in multiple servers (Windows and Linux) with automation.
• Install and maintain theSplunk adds-on including the DB Connect, Active Directory LDAP for work with directory and SQL database.
• Configure the adds-on app SSO Integration for user authentication and Single Sign-on inSplunk Web.
• Configure and InstallSplunk Enterprise, Agent, and Apache Server for user and role authentication and SSO.
• ManageSplunk configuration files like inputs, props, transforms, and lookups.
• Upgrading theSplunk Enterprise to 6.2.3 and security patching.
• Deploy, configure and maintainSplunk forwarder in different platforms.
• Continuous monitoring of the alerts received through mails to check if all the application servers and web servers are up.
• CreateSplunk Search Processing Language (SPL) queries, Reports, Alerts and Dashboards.
• Field Extraction, Using Ifx, Rex Command and Regex in configuration files.
• Creating Reports, Pivots, alerts, advanceSplunk search and Visualization inSplunk enterprise.
• DevelopedSplunk infrastructure and related solutions as per automation tool sets.
• Installed, tested and deployed monitoring solutions withSplunk services.
• Adding Users to access Splunk through Remedy process (AD group), Splunk Authentication & Authorization
• Resolved configuration based issues in coordination with infrastructure support teams.
• PerformedSplunk administration tasks such as installing, configuring, monitoring and tuning.
• Active monitoring of Jobs through alert tools and responding with certain action w.r.t to logs, analyses the logs and escalate to high level teams on critical issues.
• Worked on log parsing, complexSplunk searches, including external table lookups.
• Configured and administered Tomcat JDBC, JMS and JNDI services.
• Designing and maintaining production-qualitySplunk dashboards.
• Splunk configuration that involves different web application and batch, create Saved search and summary search, summary indexes.
• Deployed applications on multiple WebLogic Servers and maintained Load balancing, High availability and Fail over functionality.
• Involved in monitoring the ticketing tool and taking the ownership of the tickets.
• Developed build scripts, UNIX shell scripts and auto deployment processes.
• Provided 24/7 on-call Production Support.

Environment: Splunk 6.x, Splunk DB connect, Web Logic server 8.x/9.x/10.x/11g, Tomcat 7.x, Configured plug-ins for Apache HTTP server 2.4, RedHat Linux 6.x.

Confidential, Denver, CO

Splunk Admin /Developer

Responsibilities:

• Responsible for initiating, planning, executing, configuring, and deploying the latest version ofSplunk on a Windows or Linux environment.
• Install, configure and administerSplunk Enterprise Server 6.0.4 andSplunk Forwarder 4.x.x/5.x.x/6.x.x on Red hat Linux and Windows severs.
• UpgradedSplunk Enterprise from v 6.2 to v 6.5.2 in clustered environments and non-clustered environments
• SetupSplunk Forwarders for new application tiers introduced into environment and existing applications Work closely with Application Teams to create newSplunk dashboards for Operation teams.
• Experience inSplunk GUI development creatingSplunk apps, searches, Data models, dashboards and Reports using theSplunk query language.
• Analyzed security based events, risks and reporting instances and Develop dashboards with visual metrics for stakeholders.
• Troubleshooting and resolve theSplunk - performance, search poling, log monitoring issues; role mapping, dashboard creation etc. Experience with Web Services and load balancing configurations.
• Worked on various administration of Data power XS40, XI50 and XI52 devices.
• MonitoredSplunk infrastructure for capacity planning, system health, availability, and optimization.
• Experience in creating SQL loader scripts to load data from flat files into the database and also creating External Tables to manage data which is store at the OS level.
• CreatedSplunk app for Enterprise Security to identify and address emerging security threats through the use of continuous monitoring, alerting and analytics.
• Created Shell Scripts to installSplunk Forwarders on all servers and configure with common configuration files such as Outputs.conf and Inputs.conf files.
• Application Servers like Web Sphere Application Server, Tomcat, IBM HTTP Server, Apache Web Server, Load Balancing, JBoss,Splunk and Data Power.
• Expertise with SIEM (security information and event management). ManageSplunk user accounts (create, delete, modify, etc.) Scripted SQL Queries in accordance with theSplunk.
• Interpreted and developed SIEM products to meet the internal and external and customer requirements.
• Maintain current functional and technical knowledge of theSplunk platform and future products.

Environment: Splunk 6.x,Splunk Enterprise andSplunk modules, Tomcat 6.x, Apache 2.x, Solaris10, Oracle 11g/10g, Me, web services, HTTP, HTML, XML, SSL, SIEM, Sun ONE Directory Server 6, Python.

Confidential

QRadar Engineer

Responsibilities:

• Trained User onQRadar by IBM specifically onQRadar from system implementation to architecture design by developing a correlated picture of what is occurring right now in an enterprise through integration of information from a variety of devices withQRadar SIEM tool, then normalizing and correlating the information to develop modules that provides real-time (or near real-time) reporting in SOC.
• Develop an intelligence- driven security approach for threat detection, which helps organization use all available security- related information from both internal and external sources to detect hidden threats from within and outside the organization.
• Develop the complex Use Cases, Universal device support Modules on theQRadar SIEM andQRadar Log Manager tool.
• Writing and Enhancing the Processes and procedures to apprehend the Network anomaly behaviour inQRadar Network Anomaly Detection Manager
• Worked on IBMQRadar Security Intelligence Platform products which provide a unified architecture for integrating security information and event management (SIEM), log management, anomaly detection, incident forensics and configuration and vulnerability management.
• Develop the Scenarios for the detection of zero-day threats in theQRadar Network anomaly detection andQRadar SIEM Tool.
• Develop the Queries inQRadar Log Manager Tool to check the integrity of event and flow logs to determine if the logs were modified
• Ensured that company software components are expertly designed, tested, debugged, verified, and ready for integration into IBM's best-of-breed solutions that help organizations improve their business outcomes in the global marketplace.
• Assist customers in the deployment of Security Intelligence solutions by providing planning, implementation, configuration, and optimization services around the world.
• Perform proof of concept solution validation and complex issue reproduction while interfacing with engineering, product management, and quality assurance teams
• Worked with customer account teams to ensure total customer satisfaction by representing customers' needs and requirements to product management and engineering
• Design comprehensive security solutions to address a wide range of complexities, scales, and integration requirements
• Interface with customers on an on-going basis to identify problems and communicate progress and resolution while maintaining a high sense of urgency and timely escalation

Confidential

SIEM Engineer (ArcSight)

Responsibilities:

• Installation of Connectors and Integration and testing of multi-platform devices with ArcSight ESM, Develop and test Flex Connectors for unsupported devices and Business applications
• Integration of IDS/IPS to ArcSight and analyse the logs to filter out False positives and add False negatives in to IDS/IPS rule set.
• Review security events that are populated in a Security Information and Event Management (SIEM) system.
• Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident.
• Independently follow procedures to contain analyze and eradicate malicious activity
• Document all activities during an incident and provide leadership with status updates during the life cycle of the incident
• Backup of firewall, NetWarden security appliance and other security devices.
• Interact with the data warehousing team regarding extracting the data and suggest the standard data format such that Splunk will identify most of the fields. Migration of ArcSight ESM from 6.0 to 6.9 version by exporting the packages and import into the 6.9 version.
• Incident management, response and reporting.
• Provide information regarding intrusion events, security incidents, and other threat indications and warning information to the client.
• Implement tools and centralizing systems to improve work efficiency and reduce risks in operational environment.
• Track trends, statistics, and key figured for each assigned client
• Assist with the development of processes and procedures to improve incident response times, analysis of incident, and overall SOC functions.
• We use to receive the Virus alert for outbound and inbound and use to co-ordinate with Antivirus team.
• Recommended security strategies based on real time threats.

Confidential

PL/SQL Developer

Responsibilities:

• Developed Stored Procedures, Functions, Packages and SQL Scripts using PL/SQl.
• Loaded the data into database tables using SQL*loader from text and excel file.
• Developed data model, SQL Queries, SQL Query tuning process and Schemas.
• Gathering required data, data analysis and documentation of the plan.
• Gathering data elements needed for analysis of the data, decoding flat file data and loading into database tables using SQL*Loader.
• Created materialized views, partitions, tables, views and indexes.
• Involved in tuning and optimization of SQL statements.
• Created/modified the procedures, functions and packages to support data conversion.
• Responsible for data mapping from legacy system to Oracle.
• Created database objects like tables, synonyms, sequences, views.
• Developed various data exception reports and submitted to the client for data clean up.
• Used SQL hints and indexes to improve the performance of queries.
• Modified the existing shell scripts to support conversion process.
• Checked explain plan of the SQL queries to improve the performance.
• Wrote shell scripts for automating the process of data loading and daily process.

Environment: MS SQL Server 2008R2, SQL server Reporting Services (SSRS) 2008R2, MS SQL Server Integration Services, MS SQL Server Analysis Services, MYSQL, MS Visual Studio.