PROFESSIONAL SUMMARY:

• Having 8+ years of experience in Information Security/Cyber Security.
• Experience in configuring, implementing, analyzing and supporting Splunk server infrastructure across Windows, UNIX and Linux.
• Experience with a variety of Operating Systems, Protocols and Tools depending on the type of platform or application to be administered.
• Implement Splunk solutions in highly available, redundant, distributed computing environments
• Gathering requirements and analysis by Interacting with team members and users during the design and development
• Designing and implementing Splunk - based best practice solutions.
• Planning, communicating clear instructions to team members; training, and direction.
• Capacity planning, optimization and architecture.
• Help manage the strategy of the Splunk Business Unit within the company.
• Expertise with Splunk UI/GUI development and operations roles.
• Configuration and troubleshooting across a variety of platforms.
• Deploy new Splunk instances, including clustered deployments and apps
• Integrating Splunk with a wide variety of legacy data sources and industry leading commercial security tools.
• Create and customize System & Splunk applications, search queries and dashboards.
• Create Splunk reports, dashboards, forms, visualizations, alerts.
• Optimize searches and implement post processing on dashboards.
• Assisting users to customize and configure Splunk to meet their requirements.
• Technical writing/creation of formal documentation such as reports, training material and architecture diagrams.
• Build Key Performance Indicators to the Enterprise Architecture through Splunk.
• Build dashboards to monitor license, indexers, search heads.
• Maintain Splunk systems documentation, including SOP's and design documents Integration of systems and application tools with Splunk.
• Good experience in creating Splunk apps, navigations, interfaces and good experience on Splunk lookups, macros, Pivot, data models, lookup files and their publication into
• Splunk. Network Monitoring, bandwidth and traffic monitoring through Splunk.
• Knowledge on scripting language like python and java script.
• Experience with software development, system architecture, and/or databases a plus.

TECHNICAL SKILLS:

Log Analysis Tool: Splunk Enterprise Server, Splunk Universal Forwarder, Splunk DB Connect

Operating Systems: Linux, Windows Server 2003/2008, VMWare

Programming: Java, C++, C, SQL/PL SQL, HTML, DHTML, XML.

Scripting: JACL, Python, WSCP, WSADMIN, Korn Shell Script, Perl, JavaScript, CSS, Batch

Databases: Oracle, UDB/DB2, MS SQL DB

Networking: TCP/IP Protocols, Socket Programming, DNS.

PROFESSIONAL EXPERIENCE:

Splunk Engineer

Confidential, Boston

RESPONSIBILITIES:

• Prepared, arranged and tested Splunk search strings and operational strings.
• Tuning and configuration of Splunk App for Enterprise Security (ES).
• Identifies, reports, and resolves serious security violations; maintains systems to protect data from unauthorized users and anticipated or unanticipated risks.
• Publishes, monitors, and mandates information and computer security policies and security awareness information and programs.
• Schedules and supervises periodic network security assessments across multiple platforms and/or distributed networks.
• Performs complex security resource and access rule maintenance. Develops and implements security monitoring and violation reports that identify any attempt to access unauthorized materials.
• Provides security support in a distributed environment. Participates in technical evaluations of enterprise security access control products.
• Created and configured management reports and dashboards.
• Developed, evaluated and documented specific metrics for management purpose.
• Trained Splunk security team members for complex search strings and ES modules.
• Analyzed security based events, risks and reporting instances.
• Managed and maintained use cases into correlation systems.
• Designed, developed and implemented system engineering plans and technical support services.
• Executed systems programming activities and supported data center activities
• Developed Splunk infrastructure and related solutions as per automation toolsets.
• Installed, tested and deployed monitoring solutions with Splunk services.
• Provided technical services to projects, user requests and data queries.
• Implemented forwarder configuration, search heads and indexing.
• Supported data source configurations and change management processes.
• Analyzed and monitored incident management and incident resolution problems.
• Resolved configuration based issues in coordination with infrastructure support teams.
• Maintained and managed assigned systems, Splunk related issues and administrators.
• Develop custom Splunk ES correlation searches & tune notable events.
• Optimize and tune current dashboards.
• Create new dashboards based on new feeds and tune over a period.
• Correlate event logs to create more targeted dashboards and alerts.
• Set up advanced searches and reports.
• Create prioritized list of assets within Splunk and related live dashboards and notification.
• Set up live data pull from external intelligence sites and integrate with correlation searches.
• Document Network Flows & create diagrams
• Weekly status reports on all work executed, deliverables developed/submitted, and work planned for next period
• Use-case development.
• Work with Audit and Assessment teams to validate controls and architecture deployment.
• Support the identification and documentation of data sources.
• Architecting and deploying clustered/distributed Splunk Enterprise 6.x implementations to large, complex customers.
• Administering Splunk and Splunk Apps to include developing new/custom Apps to perform specialized functionality.
• Integrating Splunk with a wide variety of legacy data sources and industry leading commercial security tools that use various protocols.

Environment: Splunk Enterprise Server, Universal Splunk Forwarder, RedHat Linux, Oracle, HTML, Java Script, XML.

Splunk Admin

Confidential, Dallas

RESPONSIBILITIES:

• Knowledge of Splunk Architecture and deployment of clustered/distributed Splunk Enterprise 6.4 or above.
• Administering Splunk and Splunk Apps to include developing new/custom Apps to perform specialized functionality.
• Integrating Splunk with a wide variety of legacy data sources and industry leading commercial tools.
• Performing advanced searching and reporting to help customers with the implementation specialized/custom dashboards.
• Performing maintenance and optimization of existing clustered Splunk deployments.
• Involved in setting up alerts for different type of errors.
• Developed, evaluated and documented specific metrics for management purpose.
• Using SPL created Visualizations to get the value out of data.
• Created Dashboards for various types of business users in organization.
• Played a major role in understanding the logs, server data and brought an insight of the data for the users.
• Worked on DB Connect configuration for Oracle, MySQL and MSSQL.
• Supporting migration from Splunk On Premise data center to Amazon AWS
• Launching, Configuring, Supporting large scale instances on AWS
• Monitored Database Connection Health by using Splunk DB connect health dashboards.
• Created Crontab scripts for timely running jobs.
• Developed build scripts, UNIX shell scripts and auto deployment processes.
• Provided technical services to projects, user requests and data queries.
• Involved in assisting offshore members to understand the use case of business.
• Assisted internal users of Splunk in designing and maintaining production-quality dashboard
• Involved in writing complex IFX, rex, combine command to extracts the fields from the log files.
• Involved in helping the UNIX and Splunk administrators to deploy Splunk across the UNIX and windows environment.
• Helped the client to setup alerts for different type of errors.
• Worked to ensure Splunk is actively and accurately running and monitoring on the current infrastructure implementation.
• Involved in installing and using Splunk app for Linux and Unix.
• Consulting with customers to customize and configure Splunk in order to meet their requirements.
• Performing advanced searching and reporting to help customers with the implementation specialized/custom dashboards.
• Performing maintenance and optimization of existing clustered Splunk deployments.
• Communicating with customer stake holders to include leadership, support teams, and system administrators.
• Designs, implements, configures, and manages solutions within the supported Linux technologies, products, and services.
• Research and recommend innovative and automated approaches for operational tasks which leverage available resources and simplify operational overhead.
• Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the SIEM/Log Management platforms
• Technical writing/creation of formal documentation such as reports, training material, slide decks, and architecture diagrams.

Environment: Splunk Enterprise Server, Splunk Forwarder, XML, VMware

Splunk Security Analyst

Confidential, NJ

RESPONSIBILITIES:

• TCP/IP networking skills to perform packet and log analysis.
• Strong understanding of Splunk Use Case creation, Dashboards and Tuning.
• Strong Splunk Enterprise Security (ES) experience to include Index Design, Infrastructure, Data Collection, Deployment Management, Data Enrichment, Querying, Integration and Operations.
• Security Analysis experience to include incident classification, investigation and remediation.
• Provide technical inputs, evaluate and recommend new and emerging security products and technologies
• Defines security configurations for threat detection and prevention tools
• Designs automated workflows to streamline security operations
• Monitors and proactively manages supported products and services to assure their performance, availability, security, and capacity.
• Researches, analyzes, and formulates recommendations regarding technologies, products, and solutions to fulfill requirements within the enterprise.
• Security tool administration and support (Network/Endpoint/Threat Hunting/Investigations)
• Tool deployment and implementation experience on a global scale
• Splunk Admin and Architecture related tasks
• Ability to debug configuration issues on different splunk components
• Understanding of Splunk configurations, dependencies, and forwarder management
• Understands Splunk architecture and components (search head, deployment server, cluster master, indexers, forwarders (HF/UF)
• Strong understanding of enterprise logging using syslog-ng, with a focus on security event logging.
• Knowledge of system and network architecture and interrelationships (technical and functional).
• Integrate and customize Splunk apps
• Ingest logs into Splunk from databases and applications (includes non-COTS applications); develop custom parsers as needed
• Create Knowledge Objects (dashboards, alerts, reports, field extraction, data models, workflow actions, CSV, and external lookups)
• Tune Splunk to optimize performance
• Troubleshoot issues related to searching, licensing, and errors
• Help setup Splunk User Behavior Analytics (UBA).
• Support upgrades, deployments, and modifications to Splunk and all Splunk architecture
• Technical Writing Document the Splunk deployment and configuration (architecture documentation & diagrams).

Environment: Splunk, Universal Splunk Forwarder, RedHat Linux, Oracle, HTML, Perl, Java Script, XML

Splunk Developer

Confidential, Atlanta

RESPONSIBILITIES:

• Installation and configuration of Splunk product at different environments.
• Assisted internal users of Splunk in designing and maintaining production-quality dashboard.
• Create Dashboard Views, Reports. lookups and Alerts for events and configure alert mail
• Create Splunk apps for consuming data for applications and implement apps.
• Involved in setting up alerts for different type of errors.
• Assigning User and role authentication including LDAP authentication and scripted authentication.
• Fetching the data from databases using "DB Connect Application"
• Responsible for administering, maintaining and configuring a 24 x 7 highly available, Splunk apps for production portal environment.
• Hands on development experience in customizing, visualizations, configurations, reports and search capabilities using customized Splunk queries.
• Created Regular Expressions for Field Extractions and Field Transformations in Splunk
• Managed Indexer Clusters including security, hot and cold bucket management and retention policies.
• Worked on Various types of charts, alerts settings, app creations, user and role access permissions.
• Work closely with Application Teams to create new Splunk dashboards for Operation teams.
• Field Extraction, Using Ifx, Rex Command and Regex in configuration files

Environment: Splunk, Universal Splunk Forwarder, RedHat Linux, Oracle, HTML, Perl, Java Script, XML, rex, Splunk Knowledge Objects.

SQL Developer

Confidential, NC

RESPONSIBILITIES:

• Responsible for the study and analysis of the systems design and implementation.
• Developed reports using SQL Server Reporting services and utilizing complex SQL queries and stored procedures.
• Involved in tuning the existing T-SQL code for performance improvement.
• Followed the best practices in writing T-SQL for universal readability and reusability of code.
• Participated in all the phases of Software Development Life Cycle (SDLC) like, Requirements Review, Test Documentation, Application testing, detect tracking.
• Created various database objects including tables, stored procedures and functions.
• Analyzed code to find causes of errors and revise programs as needed.
• Well versed with all types of manual testing like functional testing, smoke testing, positive & negative testing, regression testing, integration testing, GUI testing & browser compatibility testing.
• Fixed data issues and bags by changing code or business rules. Troubleshoot import function/daily feed file failure.
• Reviewed and analyzed Business Requirements, Project Plans, Prototype, Flow Diagrams, Use Cases, System Design documents and created Detailed Test Cases.
• Created stored procedures to hold the business logic.
• Created views as per client requests.

Environment: MS SQL Server 2000, T-SQL, MS-Office, Internet Explorer, UNIX, Windows XP/Vista.