PROFESSIONAL SUMMARY:

• 8+ years of work experience in IT Industry in Analysis, Design, Development and Maintenance of various software applications in system design, implementation, unit, integration and system maintenance.
• 6 years of experience at Splunk, in Splunk developing dashboards, forms, SPL searches, reports and views, administration, upgrading, alert scheduling, Visualization Add - Ons and Splunk infrastructure.
• Good command in writing Splunk searches; Splunk Infrastructure and Development expert well-versed with Splunk architecture.
• Headed Proof-of-Concepts (POC) on Splunk ES implementation, mentored and guided other team members on Understanding the use case of Splunk.
• Experience in responding to requests and incident tickets within defined Service Level Agreements.
• Risk and Threat Analysis, IT security monitoring and analysis, vulnerability analysis by using QRadar
• Developed specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflow.
• Supports, Monitors and manages the SIEM environment. Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app.
• Integration of Splunk with a wide variety of legacy ad security data sources that use various protocols.
• Installation and configuration of Splunk apps to onboard security data sources into Splunk
• Good experience in working with SNMP traps and Syslog NG in onboarding the security devices on Splunk monitoring.
• Experience with creating disaster recovery plans and testing. Work as part of a team to provide excellent customer experience. Provide emergency or scheduled support out of hours as required.
• Install, configure, and troubleshoot Slunk. Use Splunk to collect and index log data.
• Work with application owners to create or update monitoring for applications.
• Experience creating and maintaining Splunk reports, dashboards, forms, visualizations, alerts.
• Strong knowledge of Windows, Linux, and UNIX operating systems.
• Manage and support change in the environment. Experience of working on a very large enterprise environment
• Splunk SPL (Search Processing Language) and Dashboarding/Visualization. Setup dashboards for network device logs.
• Machine learning experience and Experience deploying and managing infrastructure on public clouds such as AWS.
• Design solutions and concepts for data aggregation and visualization. Splunk deployment, configuration and maintenance across a variety of UNIX and Windows platforms. Able to troubleshoot Splunk server problems and issues.
• Assisting users to customize and configure Splunk in order to meet their requirements.
• Excellent in High Level Design of ETL DTS Packages & SSIS Packages for integrating data using OLE DB connection from heterogeneous sources (Excel, CSV, Oracle, flat file, Text Format Data) by using multiple transformations provided by SSIS such as Data Conversion, Conditional Split, Bulk Insert, merge and union all.
• Working knowledge of Data Warehousing techniques and Concepts experience including ETL processes, Dimensional Data Modelling, Star Schema/Snowflake Schema, Fact and Dimension tables and high level design, low level design, best practice to drive standardization and reusability of coding practices. Perform implementation of security and compliance-based use cases. Performing maintenance and optimization of existing Splunk deployments.
• Created Splunk App for Enterprise Security to identify and address emerging security threats using continuous monitoring, alerting and analytics.
• Hands on experience in installing Splunk TASSymantec DLP, Splunk DB connect Splunk App for AWS and more. Worked on various projects involving other security systems to bring in security data to the SIEM. Systems such as Splunk, Tanium, various IPS event data sets, Blue Coat, NetWitness to just name a few.
• Monitor and maintain a global network of 700+ Cisco SourceFire IDS/IPS devices and 100+ HP ArcSight SIEM servers/appliances (connectors/loggers)
• Communicating with customer stake holders to include leadership, support teams, and system administrators.
• Technical writing/creation of formal documentation such as reports, training material and architecture diagrams.
• Ability to write/create custom dashboards, alerts, searches, and reports to meet requirements of various user groups .
• Experience in dashboards and reports performance optimization. Working knowledge of scripting languages (e.g. Python etc.). Excellent knowledge of TCP/IP networking, and inter-networking technologies (routing/switching, proxy, firewall, load balancing etc.)
• Handling tickets through Remedy and Service now and addressing them promptly.

TECHNICAL & FUNCTIONAL SKILLS:

Splunk: Splunk 5.x and 6.x, Splunk Enterprise, Splunk on Splunk, Splunk DB 2 Connect, Splunk Cloud, Hunk, Splunk IT Service Intelligence, Splunk Web Framework

Operating Systems: Windows 2000, XP, Win 10, Windows Server, Unix/Linux (Red Hat), Free BSD

Data Analysis: Requirement Analysis, Business Analysis, detail design, data flow diagrams, data definition table, Business Rules, data modeling, Data Warehousing, system integration

RDBMS: Oracle 11g/10g/9i/8i, MS-SQL Server 2000/2005/2008 , Sybase, DB2 MS Access, Mysql

Web Technologies: HTML, DHTML, JavaScript, XML.

Concepts: SDLC, Object Oriented Analysis and Design, Unified Modeling Language (UML), Assembly and System Level Testing, exposure in Agile.

Programming Language: C, C++, Python, UNIX shell scripts

PROFESSIONAL EXPERIENCE:

Confidential, Plano, TX

Splunk Developer

Responsibilities:

• Designing and implementing Splunk-based best practice solutions.
• Requirement gathering and analysis. Interacted with team members and users during the design and development of the applications and Splunk Objects.
• Receiving promptly, handling, gathering requirements through remedy tickets and resolving at on time.
• Data collection from various systems/servers, Forwarder Management, creating and managing Splunk apps.
• Building Splunk queries by Splunk Search Processing Language (SPL) and Regular expressions.
• Creating, maintain, support, repair, customizing System & Splunk applications, search queries and dashboards.
• Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app.
• Developed Splunk Objects and reports on Security baseline violations, Non-authenticated connections, Brute force attcaks and many usecases.
• Good experience in working with SNMP traps and Syslog NG in onboarding the security devices on Splunk.
• Design, support and maintain large Splunk environment in a highly available, redundant, geographically dispersed environment.
• Installed Splunk Common Information Model add-on is packaged with Splunk Enterprise Security, Splunk IT Service Intelligence, and the Splunk App for PCI Compliance.
• Install, configure, and troubleshoot Splunk. Experience with regular expressions and using regular expressions for data retrieval. Work with application owners to create or update monitoring for applications.
• Experience creating and maintaining Splunk reports, dashboards, forms, visualizations, alerts.
• Good experience in building Splunk Security Analytics. Lead logging enrollments from multi-tier applications into the enterprise logging platforms.
• Developed specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflow.
• Strong knowledge of Windows, Linux, and UNIX operating systems.
• Experience in responding to requests and incident tickets within defined Service Level Agreements.
• Supports, Monitors and manages the SIEM environment
• Integration of Splunk with a wide variety of legacy and security data sources that use various protocols.
• Installation and configuration of Splunk apps to onboard data sources into Splunk
• Experience with creating disaster recovery plans and testing.
• Manage and support change in the environment. Experience of working on a very large enterprise environment
• Splunk SPL (Search Processing Language) and Dashboarding/Visualization. Setup dashboards for network device logs.
• Developed alerts and timed reports Develop and manage Splunk applications. Have done many POCs.

Environment: Splunk, Deployment server, Integration, Splunk 6.x Dashboard Examples, Sideview utils, Data Models, Server management, Dashboards, Search processing language (SPL), Field extraction, Regex, Rex, LINIX, XML, Advanced XML, JS, CSS, HTML

Confidential, Orlando, FL

Splunk Developer/ Admin

Responsibilities:

• Designing and implementing Splunk-based best practice solutions. Requiement gathering and analysis. Interacted with team members and Business users during the design and development of the application.
• Data collection from various systems/servers, Forwarder Management, creating and managing Splunk apps.
• Building Splunk queries by Splunk Search Processing Language (SPL) and Regular expressions.
• Publishing data into Splunk through configurations such as inputs.conf, severclass.conf, server.conf, apps.conf and Outputs.conf configurations
• Configurations with deployment server, indexers, search heads, serverclass.conf, server.conf, apps.conf, props.conf, transform.conf, forwarder management configurations.
• Created and triggered various dropdowns and drilldowns by using Splunk static Lookups.
• Installed, Configured, Implemented various visualization Add-ons to the developed and developing dashboards
• Built several Key Performance Indicators for the Personal Insurance team through Splunk Metrics
• Built Analytics for Workflow logs and Session logs of informatica on Job Failures, errors, stats.
• Built Utilization and Monitoring Analytics for Various Work environments of Personal Insurance sector
• Created a drilldown of navigations from one splunk app to the other app.
• Review and apply any newly available and applicable SPLUNK software or policy updates routinely.
• Assist with design of core scripts to automate SPLUNK maintenance and alerting tasks.
• Support SPLUNK on UNIX, Linux and Windows-based platforms. Assist with automation of processes and procedures.
• Maintain current functional and technical knowledge of the SPLUNK platform and future products.
• Help to document best practices in developing and using SPLUNK.
• Experience with Splunk UI/GUI development and/or operations roles.
• Work with business/IT and create the next steps plan and implement the same.
• Implemented Post processing method for searches in dashboards.
• Configured Alerts and notifications on various thresholds, SLAs for Personal Insurance Architecture team.

Environment: Splunk, Deployment server, Splunk 6.x Dashboard Examples, Sideview utils, Data Models, Server management, Dashboards, Search processing language (SPL), Field extraction, Regex,PYTHON, UNIX, AIX, RED HAT LINUX, XML, HTML

Confidential, Columbus, GA

Splunk Security Engineer

Responsibilities:

• Planning, communicating clear instructions to the team members; training, guiding and directing the team.
• Requirement gathering and analysis. Interacted with team members and Business users during the design and development of the application.
• Ingesting logs to geologically distributed Splunk infrastructure.
• Getting data in and create & managing Splunk apps
• Developed robust, efficient queries that will feed custom Alert, Dashboards and Reports.
• Worked on Splunk search processing language, Splunk dashboards and Splunk dbconnect app.
• Design and customize complex search queries, and promote advanced searching, forensics and analytics
• Developed dashboards, data models, reports and optimized their performance.
• Provided engineering expertise and assistance to the Splunk user community
• Developed Splunk dashboards, data models, reports and applications, indexing, tagging and field extraction in Splunk
• Created Splunk knowledge objects (e.g. fields, lookups, macros, etc.)
• Experience in dashboards and reports performance optimization.
• Developed Dashboards for Business Activity Monitoring, Enterprise Architecture
• Created Alerts on different SLAs and thresholds through Splunk.
• Manipulating raw data and Field extraction
• Built KPIs, alerts on SLAs of filesystem services project.
• Business Activity Monitoring and troubleshooting
• Good experience on Splunk Search Processing Language (SPL) and Regular expressions.
• Monitor the applications and server infrastructure for optimization, performance and Utilization metrics.
• Experience in developing dashboards and customizing them.
• Implemented various visualization Add-ons to the developed dashboards
• Extensively worked on creation of range maps for various SLA conditions by using all kinds of Splunk 6.x Dashboard Examples.
• Maintain current functional and technical knowledge of the SPLUNK platform and future products.
• Help to document best practices in developing and using SPLUNK.
• Experience with Splunk UI/GUI development and/or operations roles
• Work with business/IT and create the next steps plan and implement the same.
• Doing deeper analysis of data using event correlations across indexes and various source types to generate custom reports for senior management.

Environment: Splunk, Splunk Universal forwarder, Splunk 6.x Dashboard Examples, Sideview utils, Data Models, Server management, Dashboards, Search processing language (SPL), Field extraction, Regex, Rex, UNIX, RED HAT LINUX, XML, HTML.

Confidential, Tampa, FL

Security Engineer

Responsibilities:

• Participated in the product selection and installation of HP Arcsight Security Information Event Manager SIEM consisting of multiple collectors and a high performance MS SQL database
• Designed and implemented enterprise SIEM systems: centralized logging, NIDS, alerting and monitoring, compliance reporting, based on HP Arcsight 7.0 SIEM.
• Responsible for HP Arcsight SIEM monitoring and configuration aligned to internal PCI and SOX controls
• Manage the day-to-day log collection activities of source devices that send log data to SIEM HP Arcsight
• Managed and monitored McAfee EPO 4.6. Installed Linux/Windows agents and Virus Scan Enterprise
• Recommended Web Sense Internet proxy and Web Security Gateway Anywhere to manage corporate Internet proxy traffic and supporting infrastructure
• Access control for browsing, Authentication for all hits from browsing on proxy servers, maintenance of proxy logs for forensic purpose
• Maintain McAfee antivirus applications and appliance, including ePolicy Orchestrator, VSE 8 and 8.5, and Secure Content Manager SCM 3200 SPAM, Virus, and content filtering of web and email traffic.
• Develop Knowledge base of various challenges faced in implementing SIEM solution and maintaining it.
• Dashboard / Enterprise dashboard customization for various team based on the log source type requirements.

Environment: Tripwire, HP Arcsight, McAfee, UNIX, SQL, SPLUNK.