Splunk Engineer Resume
BostoN
PROFESSIONAL SUMMARY:
- Having 8+ years of experience in Information Security/Cyber Security.
- Experience in configuring, implementing, analyzing and supporting Splunk server infrastructure across Windows, UNIX and Linux.
- Experience with a variety of Operating Systems, Protocols and Tools depending on the type of platform or application to be administered.
- Implement Splunk solutions in highly available, redundant, distributed computing environments
- Gathering requirements and analysis by Interacting with team members and users during the design and development
- Designing and implementing Splunk - based best practice solutions.
- Planning, communicating clear instructions to team members; training, and direction.
- Capacity planning, optimization and architecture.
- Help manage the strategy of the Splunk Business Unit within the company.
- Expertise with Splunk UI/GUI development and operations roles.
- Configuration and troubleshooting across a variety of platforms.
- Deploy new Splunk instances, including clustered deployments and apps
- Integrating Splunk with a wide variety of legacy data sources and industry leading commercial security tools.
- Create and customize System & Splunk applications, search queries and dashboards.
- Create Splunk reports, dashboards, forms, visualizations, alerts.
- Optimize searches and implement post processing on dashboards.
- Assisting users to customize and configure Splunk to meet their requirements.
- Technical writing/creation of formal documentation such as reports, training material and architecture diagrams.
- Build Key Performance Indicators to the Enterprise Architecture through Splunk.
- Build dashboards to monitor license, indexers, search heads.
- Maintain Splunk systems documentation, including SOP's and design documents Integration of systems and application tools with Splunk.
- Good experience in creating Splunk apps, navigations, interfaces and good experience on Splunk lookups, macros, Pivot, data models, lookup files and their publication into
- Splunk. Network Monitoring, bandwidth and traffic monitoring through Splunk.
- Knowledge on scripting language like python and java script.
- Experience with software development, system architecture, and/or databases a plus.
TECHNICAL SKILLS:
Log Analysis Tool: Splunk Enterprise Server, Splunk Universal Forwarder, Splunk DB Connect
Operating Systems: Linux, Windows Server 2003/2008, VMWare
Programming: Java, C++, C, SQL/PL SQL, HTML, DHTML, XML.
Scripting: JACL, Python, WSCP, WSADMIN, Korn Shell Script, Perl, JavaScript, CSS, Batch
Databases: Oracle, UDB/DB2, MS SQL DB
Networking: TCP/IP Protocols, Socket Programming, DNS.
PROFESSIONAL EXPERIENCE:
Splunk Engineer
Confidential, Boston
RESPONSIBILITIES:
- Prepared, arranged and tested Splunk search strings and operational strings.
- Tuning and configuration of Splunk App for Enterprise Security (ES).
- Identifies, reports, and resolves serious security violations; maintains systems to protect data from unauthorized users and anticipated or unanticipated risks.
- Publishes, monitors, and mandates information and computer security policies and security awareness information and programs.
- Schedules and supervises periodic network security assessments across multiple platforms and/or distributed networks.
- Performs complex security resource and access rule maintenance. Develops and implements security monitoring and violation reports that identify any attempt to access unauthorized materials.
- Provides security support in a distributed environment. Participates in technical evaluations of enterprise security access control products.
- Created and configured management reports and dashboards.
- Developed, evaluated and documented specific metrics for management purpose.
- Trained Splunk security team members for complex search strings and ES modules.
- Analyzed security based events, risks and reporting instances.
- Managed and maintained use cases into correlation systems.
- Designed, developed and implemented system engineering plans and technical support services.
- Executed systems programming activities and supported data center activities
- Developed Splunk infrastructure and related solutions as per automation toolsets.
- Installed, tested and deployed monitoring solutions with Splunk services.
- Provided technical services to projects, user requests and data queries.
- Implemented forwarder configuration, search heads and indexing.
- Supported data source configurations and change management processes.
- Analyzed and monitored incident management and incident resolution problems.
- Resolved configuration based issues in coordination with infrastructure support teams.
- Maintained and managed assigned systems, Splunk related issues and administrators.
- Develop custom Splunk ES correlation searches & tune notable events.
- Optimize and tune current dashboards.
- Create new dashboards based on new feeds and tune over a period.
- Correlate event logs to create more targeted dashboards and alerts.
- Set up advanced searches and reports.
- Create prioritized list of assets within Splunk and related live dashboards and notification.
- Set up live data pull from external intelligence sites and integrate with correlation searches.
- Document Network Flows & create diagrams
- Weekly status reports on all work executed, deliverables developed/submitted, and work planned for next period
- Use-case development.
- Work with Audit and Assessment teams to validate controls and architecture deployment.
- Support the identification and documentation of data sources.
- Architecting and deploying clustered/distributed Splunk Enterprise 6.x implementations to large, complex customers.
- Administering Splunk and Splunk Apps to include developing new/custom Apps to perform specialized functionality.
- Integrating Splunk with a wide variety of legacy data sources and industry leading commercial security tools that use various protocols.
Environment: Splunk Enterprise Server, Universal Splunk Forwarder, RedHat Linux, Oracle, HTML, Java Script, XML.
Splunk Admin
Confidential, Dallas
RESPONSIBILITIES:
- Knowledge of Splunk Architecture and deployment of clustered/distributed Splunk Enterprise 6.4 or above.
- Administering Splunk and Splunk Apps to include developing new/custom Apps to perform specialized functionality.
- Integrating Splunk with a wide variety of legacy data sources and industry leading commercial tools.
- Performing advanced searching and reporting to help customers with the implementation specialized/custom dashboards.
- Performing maintenance and optimization of existing clustered Splunk deployments.
- Involved in setting up alerts for different type of errors.
- Developed, evaluated and documented specific metrics for management purpose.
- Using SPL created Visualizations to get the value out of data.
- Created Dashboards for various types of business users in organization.
- Played a major role in understanding the logs, server data and brought an insight of the data for the users.
- Worked on DB Connect configuration for Oracle, MySQL and MSSQL.
- Supporting migration from Splunk On Premise data center to Amazon AWS
- Launching, Configuring, Supporting large scale instances on AWS
- Monitored Database Connection Health by using Splunk DB connect health dashboards.
- Created Crontab scripts for timely running jobs.
- Developed build scripts, UNIX shell scripts and auto deployment processes.
- Provided technical services to projects, user requests and data queries.
- Involved in assisting offshore members to understand the use case of business.
- Assisted internal users of Splunk in designing and maintaining production-quality dashboard
- Involved in writing complex IFX, rex, combine command to extracts the fields from the log files.
- Involved in helping the UNIX and Splunk administrators to deploy Splunk across the UNIX and windows environment.
- Helped the client to setup alerts for different type of errors.
- Worked to ensure Splunk is actively and accurately running and monitoring on the current infrastructure implementation.
- Involved in installing and using Splunk app for Linux and Unix.
- Consulting with customers to customize and configure Splunk in order to meet their requirements.
- Performing advanced searching and reporting to help customers with the implementation specialized/custom dashboards.
- Performing maintenance and optimization of existing clustered Splunk deployments.
- Communicating with customer stake holders to include leadership, support teams, and system administrators.
- Designs, implements, configures, and manages solutions within the supported Linux technologies, products, and services.
- Research and recommend innovative and automated approaches for operational tasks which leverage available resources and simplify operational overhead.
- Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the SIEM/Log Management platforms
- Technical writing/creation of formal documentation such as reports, training material, slide decks, and architecture diagrams.
Environment: Splunk Enterprise Server, Splunk Forwarder, XML, VMware
Splunk Security Analyst
Confidential, NJ
RESPONSIBILITIES:
- TCP/IP networking skills to perform packet and log analysis.
- Strong understanding of Splunk Use Case creation, Dashboards and Tuning.
- Strong Splunk Enterprise Security (ES) experience to include Index Design, Infrastructure, Data Collection, Deployment Management, Data Enrichment, Querying, Integration and Operations.
- Security Analysis experience to include incident classification, investigation and remediation.
- Provide technical inputs, evaluate and recommend new and emerging security products and technologies
- Defines security configurations for threat detection and prevention tools
- Designs automated workflows to streamline security operations
- Monitors and proactively manages supported products and services to assure their performance, availability, security, and capacity.
- Researches, analyzes, and formulates recommendations regarding technologies, products, and solutions to fulfill requirements within the enterprise.
- Security tool administration and support (Network/Endpoint/Threat Hunting/Investigations)
- Tool deployment and implementation experience on a global scale
- Splunk Admin and Architecture related tasks
- Ability to debug configuration issues on different splunk components
- Understanding of Splunk configurations, dependencies, and forwarder management
- Understands Splunk architecture and components (search head, deployment server, cluster master, indexers, forwarders (HF/UF)
- Strong understanding of enterprise logging using syslog-ng, with a focus on security event logging.
- Knowledge of system and network architecture and interrelationships (technical and functional).
- Integrate and customize Splunk apps
- Ingest logs into Splunk from databases and applications (includes non-COTS applications); develop custom parsers as needed
- Create Knowledge Objects (dashboards, alerts, reports, field extraction, data models, workflow actions, CSV, and external lookups)
- Tune Splunk to optimize performance
- Troubleshoot issues related to searching, licensing, and errors
- Help setup Splunk User Behavior Analytics (UBA).
- Support upgrades, deployments, and modifications to Splunk and all Splunk architecture
- Technical Writing Document the Splunk deployment and configuration (architecture documentation & diagrams).
Environment: Splunk, Universal Splunk Forwarder, RedHat Linux, Oracle, HTML, Perl, Java Script, XML
Splunk Developer
Confidential, Atlanta
RESPONSIBILITIES:
- Installation and configuration of Splunk product at different environments.
- Assisted internal users of Splunk in designing and maintaining production-quality dashboard.
- Create Dashboard Views, Reports. lookups and Alerts for events and configure alert mail
- Create Splunk apps for consuming data for applications and implement apps.
- Involved in setting up alerts for different type of errors.
- Assigning User and role authentication including LDAP authentication and scripted authentication.
- Fetching the data from databases using "DB Connect Application"
- Responsible for administering, maintaining and configuring a 24 x 7 highly available, Splunk apps for production portal environment.
- Hands on development experience in customizing, visualizations, configurations, reports and search capabilities using customized Splunk queries.
- Created Regular Expressions for Field Extractions and Field Transformations in Splunk
- Managed Indexer Clusters including security, hot and cold bucket management and retention policies.
- Worked on Various types of charts, alerts settings, app creations, user and role access permissions.
- Work closely with Application Teams to create new Splunk dashboards for Operation teams.
- Field Extraction, Using Ifx, Rex Command and Regex in configuration files
Environment: Splunk, Universal Splunk Forwarder, RedHat Linux, Oracle, HTML, Perl, Java Script, XML, rex, Splunk Knowledge Objects.
SQL Developer
Confidential, NC
RESPONSIBILITIES:
- Responsible for the study and analysis of the systems design and implementation.
- Developed reports using SQL Server Reporting services and utilizing complex SQL queries and stored procedures.
- Involved in tuning the existing T-SQL code for performance improvement.
- Followed the best practices in writing T-SQL for universal readability and reusability of code.
- Participated in all the phases of Software Development Life Cycle (SDLC) like, Requirements Review, Test Documentation, Application testing, detect tracking.
- Created various database objects including tables, stored procedures and functions.
- Analyzed code to find causes of errors and revise programs as needed.
- Well versed with all types of manual testing like functional testing, smoke testing, positive & negative testing, regression testing, integration testing, GUI testing & browser compatibility testing.
- Fixed data issues and bags by changing code or business rules. Troubleshoot import function/daily feed file failure.
- Reviewed and analyzed Business Requirements, Project Plans, Prototype, Flow Diagrams, Use Cases, System Design documents and created Detailed Test Cases.
- Created stored procedures to hold the business logic.
- Created views as per client requests.
Environment: MS SQL Server 2000, T-SQL, MS-Office, Internet Explorer, UNIX, Windows XP/Vista.