Splunk Engineer Resume
Chicago, IL
PROFESSIONAL SUMMARY:
- Experience in configuring, implementing, analyzing and supporting Splunk server infrastructure across Windows, UNIX and Linux.
- Experience with a variety of Operating Systems, Protocols and Tools depending on teh type of platform or application to be administered.
- Having 6+ years of experience as Splunk Admin/Developer
- Experience in configuring, implementing, analyzing and supporting Splunk server infrastructure across Windows, UNIX and Linux.
- Experience with a variety of Operating Systems, Protocols and Tools depending on teh type of platform or application to be administered.
- Implement Splunk solutions in highly available, redundant, distributed computing environments
- Gathering requirements and analysis by Interacting with team members and users during teh design and development
- Knowledge on various flavors of Linux and Unix based systems including Red hat RHEL 4.x, 5.x, 6.x, 7.x, Ubuntu, CentOS, AIX and Solaris.
- Designing and implementing Splunk - based best practice solutions.
- Planning, communicating clear instructions to team members;, and direction.
- Capacity planning, optimization and architecture.
- Help manage teh strategy of teh Splunk Business Unit within teh company.
- Expertise with Splunk UI/GUI development and operations roles
- Splunk server configurations (web, indexing retention, autantication, etc.).
- Splunk data onboarding operations (inputs, SQL, index-time configurations).
- Splunk data parsing operations (search-time field extractions, event types, tags).
- Configuration and troubleshooting Splunk across a variety of platforms.
- Deploy new Splunk instances, including clustered deployments and apps
- Integrating Splunk with a wide variety of legacy data sources and industry leading commercial security tools.
- Installing a search head, deployment server and indexers in distributed deployment.
- Analyze data imports into Splunk for accuracy and completeness; compare data from teh various network security tools to identify overlaps and search for gaps
- Create and customize System & Splunk applications, search queries and dashboards.
- Create Splunk reports, dashboards, forms, visualizations, alerts.
- Optimize searches and implement post processing on dashboards.
- Assisting users to customize and configure Splunk to meet their requirements.
- Perform implementation of security and compliance-based use cases.
- Performing maintenance and optimization of Splunk deployments.
- Communicating with customer stake holders to include leadership, support teams, and system administrators.
- Experience in Installation, Configuration, Migration, Trouble-Shooting and Maintenance of Splunk, Passionate about Machine data and operational Intelligence
- Strong noledge of TCP/IP, UDP, DNS network, load balancing, firewalls and enterprise monitoring tools Splunk.
- Scripting and development skills using Perl and Python with strong noledge of regular expressions.
- Experience in Operational Intelligence using Splunk.
- Part of teh core Splunk Team for teh entire organization, handling deployment, maintenance, updates, troubleshooting of over 1000 standalone Splunk instances and roughly 100 clustered Splunk instances
- Knowledge on Configured services, Entities, Correlations searches with corresponding KPI metrics in Splunk ITSI Application.
- Build Key Performance Indicators to teh Enterprise Architecture through Splunk.
- Build dashboards to monitor license, indexers, search heads.
- Maintain Splunk systems documentation, including SOP's and design documents Integration of systems and application tools with Splunk.
- Provide occasional presentations and thought leadership
- Good experience in creating Splunk apps, navigations, interfaces and good experience on Splunk lookups, macros, Pivot, data models, lookup files and their publication into
- Splunk. Network Monitoring, bandwidth and traffic monitoring through Splunk and SolarWinds.
- Experience in shell scripting and extensively used regular expressions in search string and data anonymization
- Knowledge on scripting language like python and java script.
- Experience with software development, system architecture, and/or databases a plus.
TECHNICAL SKILLS:
Log Analysis Tool: Splunk Enterprise Server 5.x/6.x, Splunk Universal Forwarder 5.x/6.x, Splunk DB Connect, Splunk ITSI
Web/App Servers: Web Sphere Application Server 5.0/6.x/7.x/8.x, Web Sphere MQ Sever 6.x/7.x, WebSphere XD 6.0/6.1, IBM Http Server 6.x/7.x/8.x, Apache Web Server 2.x, Tomcat 5.5, IIS 6/7.x
Operating Systems: IBM AIX (5.1/6.1), RHEL Linux, Windows Server 2003/2008 R2, VMWare
Programming: Java, J2EE, C++, C, SQL/PL SQL, HTML, DHTML, XML.
Scripting: JACL, Python, WSCP, WSADMIN, Korn Shell Script, Perl, JavaScript, CSS, Batch
Databases: Oracle (8i/9i), UDB/DB2, Sybase, MS SQL Server, IBM DB2
Monitoring tools: Wily Introscope 8.x/9.x, Tivoli, BSM Topaz, Tivoli Performance Viewer, IBM Thread and Heap Analyzers, Solaris (8,9,10), Solar Windows
Networking: TCP/IP Protocols, Socket Programming, DNS.
Frame work: MVC, J2EE Design Patterns, Struts.
IDE: Eclipse, RAD 7, Net Beans, Edit plus, TOAD
Others: Site Minder r6/r12/r12.5, Ping Federate 6.X,7.X
PROFESSIONAL EXPERIENCE:
Splunk Engineer
Confidential, Chicago, IL
Responsibilities:
- Prepared, arranged and tested Splunk search strings and operational strings.
- Created and configured management reports and dashboards.
- Developed, evaluated and documented specific metrics for management purpose.
- Trained Splunk security team members for complex search strings and ES modules.
- Analyzed security based events, risks and reporting instances.
- Managed and maintained use cases into correlation systems.
- Designed, developed and implemented system engineering plans and technical support services.
- Developed reports, dashboards, alerting, creating roles, user provisioning and clustering using Splunk.
- On-Boarding Applications to Splunk environments.
- Created and configured KPI's in Splunk IT Service Intelligence(ITSI).
- Created Regular Expressions for Field Extractions and Field Transformations in Splunk
- Developed KPI's associated with a service and built glass tables, Deep Dives, Notable events.
- Configured services, Entities, Correlations searches with corresponding KPI metrics in Splunk ITSI Application.
- Manage network, Windows and any other inputs that may arise (universal forwarders).
- Executed systems programming activities and supported data center activities
- Developed Splunk infrastructure and related solutions as per automation toolsets.
- Installed, tested and deployed monitoring solutions with Splunk services.
- Provided technical services to projects, user requests and data queries.
- Implemented forwarder configuration, search heads and indexing.
- Supported data source configurations and change management processes.
- Analyzed and monitored incident management and incident resolution problems.
- Resolved configuration based issues in coordination with infrastructure support teams.
- Maintained and managed assigned systems, Splunk related issues and administrators.
- Develop custom Splunk ES correlation searches & tune notable events.
- Optimize and tune current dashboards.
- Developed several Shell/Bash Scripts to automate and manage systems configuration.
- Create new dashboards based on new feeds and tune over a period.
- Correlate event logs to create more targeted dashboards and alerts.
- Set up advanced searches and reports.
- Create noledge objects specific to SOC operations.
- Create prioritized list of assets within Splunk and related live dashboards and notification.
- Set up live data pull from external intelligence sites and integrate with correlation searches.
- Document Network Flows & create diagrams
- Weekly status reports on all work executed, deliverables developed/submitted, and work planned for next periodUse-case development.
- Very good experience on Splunk search Language and regular expressions
- Involved in writing complex IFX, rex, combine command to extracts teh fields from teh log files.
- Scripting and development skills (Perl, Python, Java) with strong noledge of regular expressions.
- Monitored and correlated events with thorough noledge of principles, methods, and techniques of network and data security.
- Work with Audit and Assessment teams to validate controls and architecture deployment.
- Assisted internal users of Splunk in designing & maintaining production-quality dashboard, assisted offshore team to understand teh use case of business and provided technical services to projects, user requests & data queries.
- Configured services, Entities, Correlations searches with corresponding KPI metrics in Splunk ITSI Application.
- Support teh identification and documentation of data sources.
- Architecting and deploying clustered/distributed Splunk Enterprise 6.x implementations to large, complex customers.
- Administering Splunk and Splunk Apps to include developing new/custom Apps to perform specialized functionality.
- Integrating Splunk with a wide variety of legacy data sources and industry leading commercial security tools that use various protocols.
Environment: Splunk Enterprise Server 5.x/6.x, Universal Splunk Forwarder 5.x/6.x, RedHat Linux, Oracle, HACMP 5.4, HTML, Java Script, XML, Use of Regular expressions.
Splunk Admin
Confidential
RESPONSIBILITIES:
- Involved in setting up alerts for different type of errors.
- Developed, evaluated and documented specific metrics for management purpose.
- Using SPL created Visualizations to get teh value out of data.
- Created Dashboards for various types of business users in organization.
- Played a major role in understanding teh logs, server data and brought an insight of teh data for teh users.
- Worked on DB Connect configuration for Oracle, MySQL and MSSQL.
- Supporting migration from Splunk On Premise data center to Amazon AWS
- Launching, Configuring, Supporting large scale instances on AWS
- Monitored Database Connection Health by using Splunk DB connect health dashboards.
- Worked with creation of python scripts to fetch data from external sources
- Created Crontab scripts for timely running jobs.
- Optimized search queries using summary indexing. Understanding of regular expressions
- Developed build scripts, UNIX shell scripts and auto deployment processes.
- Provided technical services to projects, user requests and data queries.
- Involved in assisting offshore members to understand teh use case of business.
- Assisted internal users of Splunk in designing and maintaining production-quality dashboard.
- Involved in helping teh UNIX and Splunk administrators to deploy Splunk across teh UNIX and windows environment.
- Creating tags, Event types, field lookups, field extractions using regular expressions, aliases for search-time outputs and visualizations
- Helped teh client to setup alerts for different type of errors.
- Worked to ensure Splunk is actively and accurately running and monitoring on teh current infrastructure implementation.
- Involved in installing and using Splunk app for Linux and Unix.
- Consulting with customers to customize and configure Splunk to meet their requirements.
- Performing advanced searching and reporting to help customers with teh implementation specialized/custom dashboards.
- Performing maintenance and optimization of existing clustered Splunk deployments.
- Communicating with customer stake holders to include leadership, support teams, and system administrators.
- Used SCOM for Servers to Individual in Microsoft windows Environments and Using CISO for Security logs.
- Worked SCOM latest Version SCOM 2016 and Good Experience on SCOM 2012 R2
- Designs, implements, configures, and manages solutions within teh supported Linux technologies, products, and services.
- Research and recommend innovative and automated approaches for operational tasks which leverage available resources and simplify operational overhead.
- Develop, implement, and execute standard procedures for teh administration, content management, change management, version/patch management, and lifecycle management of teh SIEM/Log Management platforms
- Technical writing/creation of formal documentation such as reports, material, slide decks, and architecture diagrams.
Environment: Splunk Enterprise Server, Python, Splunk Forwarder, XML, VMware, Solaris (8,9,10), Solar Windows
Security Analyst
Confidential - Sanford, NC
Responsibilities:
- Provide technical inputs, evaluate and recommend new and emerging security products and technologies
- Defines security configurations for threat detection and prevention tools
- Designs automated workflows to streamline security operations
- Monitors and proactively manages supported products and services to assure their performance, availability, security, and capacity.
- Researches, analyzes, and formulates recommendations regarding technologies, products and solutions to fulfill requirements within teh enterprise.
- Security tool administration and support (Network/Endpoint/Threat Hunting/Investigations)
- Tool deployment and implementation experience on a global scale
- Splunk Admin and Architecture related tasks
- Ability to debug configuration issues on different Splunk components
- Understanding of Splunk configurations, dependencies, and forwarder management
- Understands Splunk architecture and components (search head, deployment server, cluster master, indexers, forwarders (HF/UF)
- Analyze security and firewall logs for compromised/infected hosts on teh network.
- Responsible for Disaster Recovery Site Management.
- Design and develop teh Security Zone diagram for teh Security Monitoring Team
- Strong understanding of enterprise logging using syslog-ng, with a focus on security event logging
- Knowledge of system and network architecture and interrelationships (technical and functional).
- Integrate and customize Splunk apps.
- Parsing, Indexing, Searching concepts hot, warm, cold, Frozen bucketing
- Ingest logs into Splunk from databases and applications (includes non-COTS applications); develop custom parsers as needed
- Create Knowledge Objects (dashboards, alerts, reports, field extraction, data models, workflow actions,CSV, and external lookups)
- Tune Splunk to optimize performance
- Troubleshoot issues related to searching, licensing, and errors
- Help setup Splunk User Behavior Analytics (UBA).
- Support upgrades, deployments, and modifications to Splunk and all Splunk architecture
- Technical WritingDocument teh Splunk deployment and configuration (architecture documentation & diagrams).
Environment: Splunk, Universal SplunkForwarder, RedHat Linux, Oracle, HTML, Perl, Java Script, XML
Splunk Developer
Confidential
Responsibilities:
- Installation and configuration of Splunkproduct at different environments.
- Assisted internal users of Splunkin designing and maintaining production-quality dashboard.
- Create Dashboard Views, Reports. lookups and Alerts for events and configure alert mail
- Create Splunk apps for consuming data for applications and implement apps.
- Involved in setting up alerts for different type of errors.
- Assigning User and role autantication including LDAP autantication and scripted autantication.
- Fetching teh data from databases using "DB Connect Application
- Responsible for administering, maintaining and configuring a 24 x 7 highly available, Splunkapps for production portal environment.
- Hands on development experience in customizing, visualizations, configurations, reports and search capabilities using customized Splunkqueries.
- Managed Indexer Clusters including security, hot and cold bucket management and retention policies.
- Worked on Various types of charts, alerts settings, app creations, user and role access permissions.
- Work closely with Application Teams to create new Splunkdashboards for Operation teams.
- Field Extraction, Using Ifx, Rex Command and Regex in configuration files
Environment: Splunk, Universal SplunkForwarder, RedHat Linux, Oracle, HTML, Perl, Java Script, XML, rex, Splunk Knowledge Objects.
SQL Developer
Confidential
Responsibilities:
- Responsible for teh study and analysis of teh systems design and implementation.
- Developed reports using SQL Server Reporting services and utilizing complex SQL queries and stored procedures.
- Involved in tuning teh existing T-SQL code for performance improvement.
- Followed teh best practices in writing T-SQL for universal readability and reusability of code.
- Participated in all teh phases of Software Development Life Cycle (SDLC) like, Requirements Review, Test Documentation, Application testing, detect tracking.
- Created various database objects including tables, stored procedures and functions.
- Analyzed code to find causes of errors and revise programs as needed.
- Well versed with all types of manual testing like functional testing, smoke testing, positive & negative testing, regression testing, integration testing, GUI testing & browser compatibility testing.
- Fixed data issues and bags by changing code or business rules. Troubleshoot import function/daily feed file failure.
- Good understanding of application build cycles and following teh required test strategy to meet teh testing requirement.
- Reviewed and analyzed Business Requirements, Project Plans, Prototype, Flow Diagrams, Use Cases, System Design documents and created Detailed Test Cases.
- Created stored procedures to hold teh business logic.
- Created views as per client requests.
Environment: MS SQL Server 2000, T-SQL, MS-Office, Internet Explorer, UNIX, Windows XP/Vista.