SUMMARY

• Senior Splunk Engineer / Lead / Architect 15+ years of experience in designing, developing, and delivering automation projects using Splunk, ETL & SQL. Experience as Splunk Admin/Developer, performed activities including requirement analysis, design and implementations of various client server - based applications using Splunk 5.x, Splunk 6.x., Splunk 7.x.and recently Splunk 8.x.
• Expertise in customizing Splunk for Monitoring, Application Management and Security as per customer requirements and industry best practice.
• Expert in analyzing data, correlating trends, building reports and reports writing.
• Expertise with the usage of various search commands like stats, chart, timechart, transaction, strptime, strftime, eval, were, xyseries, table etc.
• Experience in using Regular Expressions.
• Managed Indexer Clusters including security, hot and cold bucket management, and retention policies. Used techniques to optimize searches for better performance, Search time vs Index time field extraction and understanding of configuration files, precedence and working props.conf, transforms.conf, inputs.conf, outputs.conf setting up a forwarder Monitor stanza in inputs.conf.
• Involved in helping the UNIX and Splunk administrators to deploy Splunk across the UNIX and windows environment.
• Expert in install, configure and administer Splunk Enterprise Server and Splunk Universal Forwarder Splunk Heavy Forwarder in large, distributed environment comprising Windows, Red hat Solaris, AIX with exposure various Splunk Apps to monitor Splunk deployments.
• Install and configure Splunk DB Connect and support of syslog-ng and rsyslog and Security Operation Centre (SOC). Perform Enterprise Linux tasks as they pertain to supporting the Splunk application.
• Experience in Quality assurance, Test automation, Synthetic Monitoring and Mobile device Management. Experienced in all data processing phases, from the Enterprise Model, Data Model (Logical and Physical Model), and Data Warehousing (ETL).
• Experience in integrating Splunk with Big Data and familiar with components of Hadoop Ecosystem: HDFS, HAWQ, Hive, HBase, Pig.
• Normalization of fields and defining the event types used CIM (Common Information Model). Extensive experience in writing Packages, Stored Procedures, Functions and Database Triggers using PL / SQL and UNIX Shell scripts. Also handled Oracle utilities like SQL Loader, import etc.
• Extensive Data Warehouse experience using Informatica 7/8.x/9 Power Center tools (Source Analyzer, Mapping Designer, Mapplet Designer, Transformation Designer, Repository Manager, and Server Manager) as ETL tool on Oracle /DB2 Database.
• Worked with SIEM team monitoring notable events through Splunk ES. Experienced in Data Extraction, Transforming and Loading (ETL) between Homogenous and Heterogeneous Systems using SQL Server tools like SSIS, DTS, Bulk Insert, BCP and XML, Data loss prevention.
• Extensive experience in writing Packages, Stored Procedures, Functions and Database Triggers using PL/SQL and UNIX Shell scripts. Also handled Oracle utilities like SQL Loader, import etc. Working knowledge of data warehouse techniques and practices, experience including ETL processes, dimensional data modeling (Star Schema, Snowflake Schema, FACT& Dimension. Tables), OLTP and OLAP.
• Good understanding of software development life cycle (SDLC) process and OSI Model. Experience in in SIEM, AND CIM, AND CLI commands.
• Experience integrating Splunk and various BI Tools like TIBCO Jasper soft, Tableau for designing customized interactive and advanced rich visualization dashboards using connectors, extensions, filtrs, parameters, calculations. Worked closely with the architect and team in designing, developing, and implementing the logical and physical model for the Data Mart.
• Experience in different team projects with good project implementation experience, team skills, troubleshooting, presentation abilities and issue resolution capabilities.

TECHNICAL SKILLS

• Windows (8 10 Server )
• Linux
• Mac OS X
• Splunk 6.x
• Splunk ES 4.2
• Splunk DB Connect and other modules
• Oracle WebLogic 9.x/10.x
• J Boss 5.x/6.x
• Tomcat 5.x/6.x
• Oracle 9i/10g
• Solaris 10
• LINUX
• Apache2.x python
• ANT
• AWK
• IIS
• Integrity Site Minder Policy Server 5.5/6.0
• LDAP

PROFESSIONAL EXPERIENCE

Confidential, Tampa, FL

Splunk Administrator

Responsibilities:

• Installed, Configured, Maintained, Tuned and Supported Splunk Enterprise server 6.x/5.x.
• Architect and Implement Splunk arrangements in exceptionally accessible, repetitive, conveyed figuring situations.
• Performed Field Extractions and Transformations using the RegEx in Splunk.
• Responsible for Installing, configured, and administered Splunk Enterprise on Linux and Windows servers.
• Supported the upgradation of Splunk Enterprise server and Splunk Universal Forwarder from 6.5 to 6.6.
• Installation and implementation of the Splunk App for Enterprise Security and documented best practices for the installation and performed knowledge transfer on the process.
• Worked on installing Universal Forwarders and Heavy Forwarders to bring any kind of data fields into Splunk.
• Writing Splunk Queries, Expertise in searching, monitoring, analyzing and visualizing Splunk logs.
• Experience in alert handling, standard availability, and performance report generation. Experience in root cause analysis of post-production performance related issues through Splunk tool.
• Designing, optimizing, and executing Splunk-based enterprise solutions.
• Installed and configured Splunk Universal Forwarders on both UNIX (Linux, Solaris, and AIX) and Windows Servers.
• Hands on experience in customizing Splunk dashboards, visualizations, configurations using customized Splunk queries

Confidential, Tampa, FL

Senior Splunk Engineer/Architect

Responsibilities:

• Provide regular support guidance to Splunk project teams on complex solution and issue resolution. Created Dashboards, report, scheduled searches, and alerts using XML. Knowledge about Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model.
• Integrated Service Now with Splunk to generate the Incidents from Splunk. Worked on DB Connect configuration for Oracle, My SQL and MSSQL. Created many of the proof-of-concept dashboards for IT operations, and service owners which are used to monitor application and server health.
• Created HTML dashboards with java scripts and CSS to create customized visualizations. Installed and configured DB Connect plug in to get the data from Oracle, MySQL and MSSQL. Field Extraction, Using Ifx, Rex Command and Regex in configuration files.
• Various types of charts Alert settings Knowledge of app creation, user, and role access permissions. Creating and managing app, create user, role, Permissions to knowledge objects. Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing.
• Participated in Splunk SOAR operations, ie. Splunk Phantom security automation using Splunk queries.
• Configure Clustering EJB objects, JDBC connections and JMS connection factories. Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
• Worked on setting up Splunk to capture, analyze data in Bank of America online Banking. Set up Splunk to capture and analyze data from various layers Load Balancers, Web servers and application servers.
• Captured data from various front end, middle ware application. Dashboards were created to monitor the traffic volume across, response times, Errors, Warnings across. Maintain, grow, and improve the TVX Splunk environment.
• Use techniques to optimize searches for better performance, Search time vs Index time field extraction. And understanding of configuration files, precedence and working.
• Create dashboard from search, Scheduled searches o Inline search vs scheduled search in a dashboard. Expertise in using Amazon AWS API tools like: Linux Command line, puppet integrated AWS API tools. Expertise with SIEM and log sources and SME.
• Prepared, arranged, and tested Splunk search strings and operational strings. Developed, evaluated, and documented specific metrics for management purpose. Using SPL created Visualizations to get the value out of data.
• Monitor for fraud patterns in claims by correlating with past profiles, internal and external fraud knowledgebase. Involved in assisting offshore members to understand the use case of business. Assisted internal users of Splunk in designing and maintaining production-quality dashboard. Installed, configured, and managed Decameter users on the Hadoop cluster.
• Involved in writing complex IFX, rex and Multikv command to extracts the fields from the log files. Worked on DB Connect configuration for Oracle, My SQL, MSSQL, NoSQL.
• Developing custom web application solutions for internal ticket metrics reporting. Experience in implementation of log management, analysis solutions.

Confidential

Senior Splunk Security Engineer

Responsibilities:

• Provide regular support guidance to Splunk project teams on complex solution and issue resolution. Involved as a Splunk Admin in capturing, analyzing, and monitoring front end and middle ware applications.
• As part of SIEM, monitored notable events through Splunk Enterprise Security (Using V3.0). Expertise with Splunk UI/GUI development and operations roles.
• Integrated real-time data between Splunk Enterprise and databases by using DB connect app. Created many of the proof-of- concept dashboards for IT operations, and service owners which are used to monitor application and server health.
• Helped team on-board data, create various knowledge objects, install, and maintain the Splunk Apps, TAs, and good knowledge on JavaScript for advance UI as well Python for advance backend integrations. Generated Shell Scripts to install Splunk Forwarders on all servers and configure with common Configuration Files such as Bootstrap scripts, Outputs.conf and Inputs.conf files.
• On-board new log sources with log analysis and parsing to enable SIEM correlation. Configuration of Inputs.conf and outputs. Conf to pull the XML based events to Splunk cloud indexer. Parsing, Indexing, searching concepts Hot, Warm, Cold, frozen bucketing and Splunk clustering. Setup and configuration of search head cluster with three search head nodes and managing the search head cluster with deployer.
• Involved in standardizing Splunk forwarder deployment, configuration and maintenance across Linux and Windows platforms. Worked on setting up Splunk to capture and analyze data from various layers, Load Balancers, Webservers, and application servers. very good understanding of software development life cycle (SDLC) process, Followed Agile scrum, and story maps for dev tracking.
• Supporting and monitoring Splunk cluster infra structure in AWS cloud environment. Scripted SQL Queries in accordance with the Splunk. Created many of the proof-of-concept dashboards for IT operations, and service owners which are used to monitor application and server health.
• Various types of charts alert settings Knowledge of app creation, user, and role access permissions. Creating and managing app, create user, role, permissions to knowledge objects. Knowledge about Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model.
• Created Dashboards, Data models, report, scheduled searches, and alerts. Field Extraction, Using IFX, Rex, Sed Command and Regex in configuration files. Automated reports and alerts to monitor the applications, tools, and services proactively. Configuring and set up different hosts boxes on Ops view and site scope with hashtags. Proactively monitoring and trouble shoot the different hosts boxes on Ops view

Confidential

Sr Splunk Security Engineer/Lead

Responsibilities:

• Antivirus software (Symantec Endpoint Security)
• Application Helpdesk (CA Unicenter Service Desk) for monitoring incidents
• Internal email service Microsoft Exchange
• Filing System and internal email classification Symantec E-Vault
• Intermediate storage for daily backups with Data Domain and Symantec NetBackup
• Experience in implementing Splunk in production, Distributed Splunk architecture and components including heads, indexers, and forwarders etc.
• Hands on experience in installing and using Splunk apps for UNIX and Linux (Splunk nix). Worked on several Security related Use cases and have been a part of security team. Created various dashboards for Security operations to monitor LDAP and IAM applications.
• Complete deployment of Search Head Clusters in different environments, including migration of existing Search Head pooling (simultaneously cut over from current Search Head's instead of creating from scratch).
• Experience in configuring the rsyslog& syslog-ng and also with Regular Expressions. Created Splunk app for Enterprise Security to identify and address emerging security threats through the use of continuous monitoring, alerting and analytics And Knowledge about Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model.
• Use techniques to optimize searches for better performance, Search time Vs Index time field extraction. And understanding of configuration files, precedence and working.
• Implemented workflow actions to drive troubleshooting across multiple event types in Splunk. Worked with Client engagements and data onboarding and writing alerts, dashboards using the Splunk query language. Troubleshooting performance issues of Splunk searches.
• Coordinating with application and system owners to onboard applications in Splunk and ensure logging capabilities are functional. Analyzed security-based events, risks, and reporting instances. Assist in auditing through Splunk SME knowledge (PCI, SOC, etc.) rovide regular on-call support guidance to Splunk project teams on complex solution Good understanding of configuration files, precedence, and daily work exposure Props.conf, transforms.conf, inputs.conf, output.conf and server.conf to set up forwarder information based on the requirement.
• Involved in installation, Administration, and configuration of Splunk enterprise and integration with local legacy systems. Experience with Linux and Windows specialists for Splunk organization with a strong comprehension of the Splunk framework.
• Splunk configuration that involves different web application and batch, create Saved search and summary search, summary indexes.
• Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing. Drive complex deployments of Splunk dashboards and reports while working side by side with technical teams to solve their integration issues.
• Created and Managed Splunk DB connect Identities, Database Connections, Database Inputs, Outputs, lookups, access controls.

Environment: Splunk 6.x, Splunk ES 4.2, Splunk DB Connect and other modules, Oracle WebLogic 9.x/10.x, J Boss 5.x/6.x, Tomcat 5.x/6.x, Oracle 9i/10g, Solaris 10, LINUX, Apache2.x, python, ANT, AWK, IIS, Integrity Site Minder Policy Server 5.5/6.0, LDAP