SUMMARY

• 6+ years of expertise and technical experience in the field of information technology, with extensive experience in SIEM tools like Splunk and arcsight.
• Performed activities including requirement analysis, design and implementations of various client server - based applications usingSplunk 5.x,Splunk 6.x.
• Expert in creating Reports, Pivots, Alerts, Dashboards, advanceSplunk search, Visualization, log parsing inSplunk enterprise including external table lookups.
• Created Splunk dashboards for monitoring the server’s performance, CPU Utilization, disk usage and various types of business users in organization etc.
• Expert in developing customized Shell scripts in order to install, manage, configure multiple instances ofSplunk forwarders, indexers, search heads, deployment servers.
• Extensive experience in writing SQL Queries, Dynamic-queries, sub-queries, Complex Stored Procedures, Triggers, User-defined Functions, Views and Cursors.
• Knowledge in optimizing searches for better Performance, Search Time vs. Index Time Field Extraction and understanding of configuration files, precedence and working Props.conf, transforms.conf, inputs.conf, outputs.conf setting up a forwarder monitor stanza in inputs.conf.
• Extensive experience in Installation, Configuration, and Migration, Trouble-Shooting and Maintenance of Splunk, Apache Web Server on different UNIX flavors like Linux.
• Installed Splunk DB Connect 2.0 in Single and distributed server environments and Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing.
• Good understanding of Network Firewalls, Load-balancers, LDAP and complex network design.
• Expertise in customizingSplunk for Monitoring, Application Management and Security as per customer requirements and industry best practice.
• Expertise in implementing event correlation rules, logic, and content in the security information and event management system with specific experience in the ArcSight ESM environment.
• Experienced in the operation of ArcSight Security Information and Event Management systems to include ArcSight ESM, Connector appliances/Smart Connectors, Logger appliances.
• Experience with life-cycle management of the ArcSight platforms too including coordination and planning of upgrades, new deployments, and maintaining current operational data flows.
• Experience using IBMQRadar Security Intelligence to identify threats and assigned category.
• Familiar with Window Servers, Red Hat Linux Enterprise Servers, Solaris and IBM AIX servers.
• Expert in managing many of the proof-of-concept dashboards for IT operations and services owners which are used to monitor application and server health and on investigating HTTP issues using tools like Fiddler, HTTP Analyzer etc.
• Knowledge in various types of charts, Alert setting, app creation, user and role access permissions. Creating and managing app, Create user, role, Permissions to knowledge objects.
• Expertise withSplunk UI/GUI development and operations roles and styling, text customizations for different components of theSplunk platform using HTML, JavaScript and CSS
• Prepared industry specific content and integration of multiple feels like databases, Applications and network and Security devices logs to analyze potential threats and security risks
• Development of Tuning/Designing of Correlation rules to reduce the false positives and to generate the alerts/offenses/notifications for the attacks, Security Violations and any deviation in the traffic/flow.
• Experience with enterprise-class security products such as web proxy, reverse proxy, load balancing, IDS/IPS, DLP, Firewall, IPsec/SSL VPN, WAN/LAN, wireless and remote connectivity.
• Knowledge of software development life-cycle (SDLC) process. Followed Agile, scrum and story maps for dev tracking and experience in Operational Intelligence usingSplunk.
• Worked on Audit Violation Reports, Service Level Agreements (SLAs), SDLC, Agile.
• Excellent team player with self-motivation and experienced in task prioritizing and time management.

TECHNICAL SKILLS

Splunk: Splunk 5.x and 6.x, Splunk Enterprise, Splunk on Splunk, Splunk DB 2 Connect, Splunk Cloud, Hunk, Splunk IT Service Intelligence, Splunk Web Framework

Operating Systems: Windows 2000, XP, Win 10, Windows Server, Unix/Linux (Red Hat), Free BSD

Security / Vulnerability Tools: Snort, Wireshark, Websense, Bluecoat, Palo Alto, Checkpoint

Programming Language: C, C++, Java with Big Data, Python, UNIX shell scripts

SIEM: Splunk, ArcSight

PROFESSIONAL EXPERIENCE

Confidential, Plano, TX

Splunk Consultant

Responsibilities:

• Installation ofSplunk Enterprise,Splunk forwarded,Splunk Indexer, Apps in multiple servers (Windows and Linux) with automation.
• Install and maintain theSplunk adds-on including the DB Connect, Active Directory LDAP for work with directory and SQL database.
• Configure the adds-on app SSO Integration for user authentication and Single Sign-on inSplunk Web.
• Configure and InstallSplunk Enterprise, Agent, and Apache Server for user and role authentication and SSO.
• ManageSplunk configuration files like inputs, props, transforms, and lookups.
• Upgrading theSplunk Enterprise to 6.2.3 and security patching.
• Deploy, configure and maintainSplunk forwarder in different platforms.
• Continuous monitoring of the alerts received through mails to check if all the application servers and web servers are up.
• CreateSplunk Search Processing Language (SPL) queries, Reports, Alerts and Dashboards.
• Field Extraction, Using Ifx, Rex Command and Regex in configuration files.
• Creating Reports, Pivots, alerts, advanceSplunk search and Visualization inSplunk enterprise.
• DevelopedSplunk infrastructure and related solutions as per automation tool sets.
• Installed, tested and deployed monitoring solutions withSplunk services.
• Adding Users to access Splunk through Remedy process (AD group), Splunk Authentication & Authorization
• Worked on FireEye HX/NX/CM/Symantec: Intrusion Detection System and participated in Host Intrusion Detection System (HIDS).
• PerformedSplunk administration tasks such as installing, configuring, monitoring and tuning.
• Active monitoring of Jobs through alert tools and responding with certain action w.r.t to logs, analyses the logs and escalate to high level teams on critical issues.
• Worked on log parsing, complexSplunk searches, including external table lookups.
• Configured and administered Tomcat JDBC, JMS and JNDI services.
• Provide consultation services on multiple security solutions including FireEye, SourceFire, FirePOWER, Cyance, & InfoBlox.
• Splunk configuration that involves different web application and batch, create Saved search and summary search, summary indexes.
• Deployed applications on multiple WebLogic Servers and maintained Load balancing, High availability and Fail over functionality.
• Involved in monitoring the ticketing tool and taking the ownership of the tickets.
• Developed build scripts, UNIX shell scripts and auto deployment processes.
• Provided 24/7 on-call Production Support.

Environment: Splunk 6.x, Splunk DB connect, Web Logic server 8.x/9.x/10.x/11g, Tomcat 7.x, Configured plug-ins for Apache HTTP server 2.4, RedHat Linux 6.x.

Confidential

Splunk Admin /Developer

Responsibilities:

• Responsible for initiating, planning, executing, configuring, and deploying the latest version ofSplunk on a Windows or Linux environment.
• Install, configure and administerSplunk Enterprise Server 6.0.4 andSplunk Forwarder 4.x.x/5.x.x/6.x.x on Red hat Linux and Windows severs.
• UpgradedSplunk Enterprise from v 6.2 to v 6.5.2 in clustered environments and non-clustered environments
• SetupSplunk Forwarders for new application tiers introduced into environment and existing applications Work closely with Application Teams to create newSplunk dashboards for Operation teams.
• Experience inSplunk GUI development creatingSplunk apps, searches, Data models, dashboards and Reports using theSplunk query language.
• Analyzed security based events, risks and reporting instances and Develop dashboards with visual metrics for stakeholders.
• Troubleshooting and resolve theSplunk - performance, search poling, log monitoring issues; role mapping, dashboard creation etc. Experience with Web Services and load balancing configurations.
• Worked on various administration of Data power XS40, XI50 and XI52 devices.
• MonitoredSplunk infrastructure for capacity planning, system health, availability, and optimization.
• Experience in creating SQL loader scripts to load data from flat files into the database and also creating External Tables to manage data which is store at the OS level.
• CreatedSplunk app for Enterprise Security to identify and address emerging security threats through the use of continuous monitoring, alerting and analytics.
• Created Shell Scripts to installSplunk Forwarders on all servers and configure with common configuration files such as Outputs.conf and Inputs.conf files.
• Application Servers like Web Sphere Application Server, Tomcat, IBM HTTP Server, Apache Web Server, Load Balancing, JBoss,Splunk and Data Power.
• Expertise with SIEM (security information and event management). ManageSplunk user accounts (create, delete, modify, etc.) Scripted SQL Queries in accordance with theSplunk.
• Interpreted and developed SIEM products to meet the internal and external and customer requirements.
• Maintain current functional and technical knowledge of theSplunk platform and future products.

Environment: Splunk 6.x,Splunk Enterprise andSplunk modules, Tomcat 6.x, Apache 2.x, Solaris10, Oracle 11g/10g, Me, web services, HTTP, HTML, XML, SSL, SIEM, Sun ONE Directory Server 6, Python.

Confidential

SIEM Engineer

Responsibilities:

• Developed Splunk infrastructure and related solutions as per automation toolsets.
• Experience in Splunk GUI development creating Splunk apps, searches, Data models, dashboards, and Reports using the Splunk query language.
• Provide regular support guidance to Splunk project teams on the complex solution and issue resolution.
• Responsible for documenting the current architectural configurations and detailed data flow and troubleshooting guides for application support.
• Involved as a Splunk Admin in capturing, analyzing and monitoring front end and middleware applications.
• Worked with Client engagements and data onboarding and writing alerts, dashboards using the Search Processing Language (SPL).
• As part of SIEM monitored notable events through Splunk Enterprise Security (Using V3.0).
• Generated Shell Scripts to install Splunk Forwarders on all servers and configure with common Configuration Files such as Bootstrap scripts, Outputs.conf and Inputs.conf files.
• Onboard new log sources with log analysis and parsing to enable SIEM correlation.
• Performs real-time investigation, analysis on events logs using SIEM tools (ArcSight and Splunk) of Network Security Components and devices such as Firewalls, IDS, IPS, Firewall, Windows servers and databases to segregate and correlate the logs as per the client requirements.
• The configuration of inputs.conf and outputs.conf to pull the XML based events to Splunk cloud indexer.
• Various types of charts alert settings Knowledge of app creation, user, and role access permissions.
• Creating and managing app, create a user, role, permissions to knowledge objects.
• Created Compliance dashboard for HP-NA and Compliance with Network Devices.
• Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing and Splunk clustering.
• Setup and configuration of search head cluster with three search head nodes and managing the search head cluster with deployer.
• Involved in standardizing Splunk forwarder deployment, configuration, and maintenance across UNIX and Windows platforms.
• Provide regular support guidance to SPLUNK project teams on the complex solution and issue resolution with the objective of ensuring best fit and high quality.
• Interact with the data warehousing team regarding extracting the data and suggest the standard data format such that Splunk will identify most of the fields. Migration of ArcSight ESM from 6.0 to 6.9 version by exporting the packages and import into the 6.9 version.
• Identified the unwanted users that are existing on ESM for report generation and removing those users from ESM reducing the overhead on ESM.
• Migrated all the Legacy old logger and collector appliances to latest appliances of loggers and collector appliances to balance the load, for retention purpose on loggers.
• Created the inventory for all the logger’s appliances with the device name and device vendors for the process of migration.
• Installed the smart connectors and flex connectors so that events are passed and sent to the ESM.
• Onboard new log sources with log analysis and parsing to enable SIEM correlation. Analyzed large datasets to identify metrics, drivers, performance gaps and opportunities for improvement
• Worked on setting up Splunk to capture and analyze data from various layers Load Balancers, Web servers, and application servers.
• Write automation scripts for APIs, Unit and functional test cases using Selenium WebDriver.
• Write automation scripts for REST API's using TestNG and Java.
• Worked on DB Connect configuration for r, MySQL, and MSSQL.
• Splunk administering in environments like Window Servers, Red Hat Linux Enterprise Servers.

Confidential

SIEM Engineer

Responsibilities:

• Installation of Connectors and Integration and testing of multi-platform devices with ArcSight ESM, Develop and test Flex Connectors for unsupported devices and Business applications
• Integration of IDS/IPS to ArcSight and analyse the logs to filter out False positives and add False negatives in to IDS/IPS rule set.
• Review security events that are populated in a Security Information and Event Management (SIEM) system.
• Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident.
• Independently follow procedures to contain analyze and eradicate malicious activity
• Document all activities during an incident and provide leadership with status updates during the life cycle of the incident
• Backup of firewall, NetWarden security appliance and other security devices.
• Interact with the data warehousing team regarding extracting the data and suggest the standard data format such that Splunk will identify most of the fields. Migration of ArcSight ESM from 6.0 to 6.9 version by exporting the packages and import into the 6.9 version.
• Incident management, response and reporting.
• Provide information regarding intrusion events, security incidents, and other threat indications and warning information to the client.
• Implement tools and centralizing systems to improve work efficiency and reduce risks in operational environment.
• Track trends, statistics, and key figured for each assigned client
• Assist with the development of processes and procedures to improve incident response times, analysis of incident, and overall SOC functions.
• We use to receive the Virus alert for outbound and inbound and use to co-ordinate with Antivirus team.
• Recommended security strategies based on real time threats.

Confidential

PL/SQL Developer

Responsibilities:

• Developed Stored Procedures, Functions, Packages and SQL Scripts using PL/SQl.
• Loaded the data into database tables using SQL*loader from text and excel file.
• Developed data model, SQL Queries, SQL Query tuning process and Schemas.
• Gathering required data, data analysis and documentation of the plan.
• Gathering data elements needed for analysis of the data, decoding flat file data and loading into database tables using SQL*Loader.
• Created materialized views, partitions, tables, views and indexes.
• Involved in tuning and optimization of SQL statements.
• Created/modified the procedures, functions and packages to support data conversion.
• Responsible for data mapping from legacy system to Oracle.
• Created database objects like tables, synonyms, sequences, views.
• Developed various data exception reports and submitted to the client for data clean up.
• Used SQL hints and indexes to improve the performance of queries.
• Modified the existing shell scripts to support conversion process.
• Checked explain plan of the SQL queries to improve the performance.
• Wrote shell scripts for automating the process of data loading and daily process.

Environment: MS SQL Server 2008R2, SQL server Reporting Services (SSRS) 2008R2, MS SQL Server Integration Services, MS SQL Server Analysis Services, MYSQL, MS Visual Studio.