SUMMARY:

• Computer Science Engineer with professional experience. Detail - oriented individual with Confidential ce and flexibility that thrives in a position that requires quick learning and great accuracy. Proficient Splunk Engineer with 4 year of IT experience in client/server applications.

TECHNICAL SKILLS:

Tools: Splunk 7.x, Splunk Enterprise, ITSI, Splunk data model, KV store, Splunk Enterprise Security, DBConnect, Dynatrace, Wireshark, Postman, Devopsworkstation, Cassandra, AppDynamics, McAfee ePO, BomgarAgile Mythologies, Nagios. GIThub, Regex, AWS cloudtrial, Windows Server 2012/2008/2003 R2, Linux Red hat and Unix Servers, ServiceNow, F5 data ASM, TCP/IP, IDS/IPS, Share point, cisco routers, MS Office. HTML, XML, CSS, JavaScript, JAVA, C, C++, jQuery, Python, Perl, Linux, shell, MS SQL, bash scripting.

PROFESSIONAL EXPERIENCE:

Confidential, Woonsocket, RI

Splunk Developer

Responsibilities:

• Developing advanced dashboards, alerts for the business need.
• Creating cron jobs, analyzing log files, managing user accounts and groups, configuring iptables, and setting up mail services.
• Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing andsplunkclustering.
• Worked on setting upSplunkto capture and analyze data from various layers, Load Balancers, Webservers and application servers.
• Research and recommend innovative, and where possible, automated approaches for system administration tasks. Identify approaches that leverage resources.
• Expertise in setting up Custom match rules, dashboards, health policies and alerts inAppDynamicsbased on application team's requirement
• Getting data ingested into Splunk Enterprise app is the essential first step toward understanding your data.
• The app infrastructure provides a number of mechanisms for data ingesting —from reading simple, well-known log file formats like Apache logs, to invoking programs to handle custom data formats.
• Provide Tier III/other support per request from various constituencies. Investigate and troubleshoot issues.
• Repair and recover from hardware or software failures. Coordinate and communicate with impacted constituencies.
• Foundation skills like, Device config, traffic capture, KV store, performance monitoring, device monitoring, data modeling.
• Strong analytical and problem-solving skills as needed to perform the job of a SOC analyst.
• Monitor systems and report the status to client staff on SIEM tool splunk.
• Splunk server configurations (web, indexing retention, authentication, etc.), data onboarding operations, data parsing operations
• Perform debugging and investigation on real-time data on production calls
• Expertise in onboarding data on splunk through syslogs.
• Installed splunk apps and add on on splunk via sudo privileges on Linux.
• Good knowledge Data Loss Prevention (DLP), IPS/IDS, Firewalls

Confidential, San Francisco, CA

Splunk Sr. Analyst

Responsibilities:

• Independent multi tasker, self-learner.
• Ingesting and working with various data types like CSV, JSON, XML, Raw Logs, Syslogs and parsing them with custom source types on SIEM splunk.
• Good knowledge on security terms security risks injection, broken access control, monitoring, cross site scripting, security misconfiguration.
• Loaded skills like understanding security policies, Data & traffic analysis, identifying security events, incident response, SIEM implementation and its integration.
• Worked on Common interesting field in test and dev environment to normalized the data and creating aliases.
• Configure splunk universal forwarder to send data to indexed, configure indexes to receive data.
• Configure Bomgar data to route into splunk.
• Security investigation skills like, prevent, detect, analyze, collect, mitigate.
• Administration of RHEL and AS 4, 5, 6 which includes installation, testing, tuning, upgrading and loading patches, troubleshooting both physical and virtual server issues.
• Supporting client on after hours available 24/7 for change activity. Like upgrading servers etc.
• Also in incident response team responsible for handling security that occur within organization and correcting and documenting the security issue in a timely manner.
• Worked on Appdynamics controller to see performance in app server agent, machine agent and EUEM.
• Good knowledge on security features like Role-base authentication, Granular permission, several authentications, complies with European data standard.

Confidential, Plano, TX

Splunk Network Security Analyst

Responsibilities:

• Working on Shift basis in SOC, giving client 24/7 service, monitoring in splunk incident review and F5 ASM logs.
• Challenges dealing with customized threat bypasses security gateways,
• Tools used Nmap, Wireshark, Splunk
• Installing new splunk servers, forwarders, universal forwarder on linux redhat platform.
• Migrating splunk servers 6.4 to 6.5 including forwarders. Building index cluster and search head cluster environment on linux platform.
• Installed and Maintaining whole splunk environment on linux.
• Created Advance dashboard for apps like servicenow, mobile iron, eventlogs.
• Creates correlation search rule for the admin activity, indexes for field extractions.
• Create and manage host values and source types.
• Creating cron jobs, analyzing log files, managing user accounts and groups, configuring iptables, and setting up mail services.
• Manage and ensure proper data fields for file and directory inputs.
• Manage network, Windows and any other inputs that may arise (universal forwarders).
• Composed reports detailing theforensicanalyses performed and the results of the investigations.
• Identify threats and work to create steps to defend against them
• Monitor network traffic for suspicious behavior on malware center investigating activities like malware, Trojan, ransomware like wannacry, petya.
• Handling and investigating the incident if needed escalating to higher authorities like infra security team.
• Performance monitoring like health check regularly on all universal forwarders, indexer cluster in distributed environment.
• Working knowledge on security technologies like Encryption, Data Loss Prevention (DLP), IPS/IDS, Firewalls etc.
• Actively protects the availability, confidentiality, and integrity of customer, employee, and business identity.
• Contribute to the Risk Assessment Program including identifying and scoring risk.
• Collaborate with the team and architecture on new platforms, IAM roadmap, assess security risks, and identity long-term strategy recommendations.
• Addressed basic client configuration issues and service alerts.
• Position requires mentoring and of SOC Technicians and SOC employees.
• Monitored and correlated events with thorough knowledge of principles, methods, and techniques of network and data security.

Confidential, Chicago, IL

Splunk Admin

Responsibilities:

• Design, support and maintain theSplunkinfrastructure on Windows, Linux and UNIX environments.
• Installation ofSplunkEnterprise,Splunkforwarder,SplunkIndexer, Apps in multiple servers (Windows and Linux) with automation.
• Supporting client distributed splunk environment in different location. Travelling to client location to give support on linux environment.
• Created Advance dashboard for apps like servicenow, AWS cloudtrial, cloudwatch logs.
• Onboarded application data to splunk like service now, mobile iron, event logs, aws logs, fireeye etc via Linux OS.
• Splunk Heavy Forwarder Configuration.Install and maintain theSplunkadd-on including the DB Connect, Active Directory, LDAP for work with directory.
• ManageSplunkconfiguration files like input, props, transforms etc.
• Upgrading theSplunkEnterprise and security patching.
• Well versed in both remote and on-site userSplunkSupport.
• On boarded multiple data sources withinSplunk, creating custom TAs for data parsing.
• Advised clients on the best practices for aSplunkdeployment
• Developed detailed documentation for the installation and configuration ofSplunkandSplunkApps

Confidential, Milwaukee, WI

Splunk Security Analyst

Responsibilities:

• Analyze security and Firewall logs for compromised/infected host on the network.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Design and develop the Security Zone diagram for the Security Monitoring Team.
• Member of the Security Operations Center (SOC) that provides 24/7 monitoring, analysis and remediation of security events.
• In charge of Cyber Attack Response Team including data recovery. Analyze security incidents and escalate as necessary.
• Create daily, monthly and adhoc reports for various devices.
• Extensive understanding of networking concepts, (IE. Configuration of networks, router configuration and wirelesssecurity, TCP/IP, VPN, Content Filtering, VLANs, and routing in LAN/WAN, Ethernet Port, Patch Panel and wireless networks.)
• Identify, monitor and prepare daily reports of Network threats and Vulnerabilities.
• Familiar with ISO, PCI othersecurityframeworks. Familiarity withsecurityanalysis techniques.
• Prepare reports using the Nagios server monitoring tool.
• Create new process document to help the Analysts in analysing events.
• Responsible for vulnerability reporting and vulnerability scan scheduling.
• Manage and configuresecurityapplications, firewalls, anti-virus software.
• Follow up with asset owners for remediation of vulnerabilities either at OS or application level. Maintain Spam Filter and Web Filter.
• Work with vendors to support system maintenance, Keep servers updated with latest security updates, Create and migrate virtual servers.
• Monitor systems and report the status to client staff.
• Good working knowledge on AWS Environment, Cloudtrail, Cloudwatch, Vpc flow logs, EC2 instance, configuring AWS.
• Splunk server configurations (web, indexing retention, authentication, etc.).
• Splunk data onboarding operations (inputs, SQL, index-time configurations).
• Splunk data parsing operations (search-time field extractions, event types, tags).
• Manage existing application and create new applications (visual and non-visual).
• Worked on AWS cloudtrails and F5 data.
• Deploy, configure and maintainSplunkforwarder in different platforms.
• Creating Reports, Pivots, alerts, advanceSplunksearch and Visualization inSplunkenterprise.
• Provide power, admin access for the users and restrict their permission on files
• Installed and upgradedSplunksoftware in distributed and clustered

Environment: Windows Server 2012/2008/2003 R2, Linux and Unix Servers,SPLUNK 6.5, ServiceNow, F5 data, Vometric, wireshark, AWS cloudtrail, cloudwatch, Jira, TCP/IP, Nagios, CompTIA Security+.