PROFESSIONAL SUMMARY:

• 10 years of work experience in IT Industry in Analysis, Architecture, Design, Development and Maintenance of various software applications in system design, implementation, unit, integration and system maintenance.
• 4+ years of experience at Splunk, in Splunk developing dashboards, forms, SPL searches, reports and views, administration, upgrading, alert scheduling, KPIs, Visualization Add - Ons and Splunk infrastructure.
• Sr Splunk Technical Lead responsible for the design, performance, implementation and capacity of the Splunk Platform.
• Worked as Sr, Splunk Arcitecture senior support for System Admins, Content Manager and developers to ensure the delivery of Splunk best practices and standards related to each job function
• Worked on platform Architecture and Capacity planning also on several platform Upgrade and Optimization
• Experience with Windows, Linux, vulnerability assessment tools, firewalls, IDS/IPS, Nessus, NMAP, SIEM, Splunk, ArcSight, Rapid7, Routers, Switches, LAN/WAN, TCP/IP protocols, VMware, Endpoint Security, Cloud Security.
• Analyzed Log Files, Thread Dumps, JVM Dumps, Exception Stack Traces and make recommendations to improve the efficiency of the application running on the host
• Experience in developing ArcSight analytics, dashboards, reports and alerts to support the network security of the organization.
• Advanced skills in Java environments, Java Application Server administration and JVM tuning.
• Good to have knowledge in Hadoop Admin and also experienced in working in tools JVM and multi-threaded processing.
• Expert in HBase, REST Web Services, R Python along with Splunk, Spark MLLIB, Spark Streaming
• Has work experience with scripting languages such as Bash, Python, Perl, or Ruby for more than four years
• Good command in writing Splunk searches; Splunk Infrastructure and Development expert well-versed with Splunk architecture and design.410
• Experience with C++, Linux and BASH scripting
• Headed Proof-of-Concepts (POC) on Splunk ES implementation, mentored and guided other team members on Understanding the use case of Splunk.
• Expertise in BigData, Hadoop, Splunk, JVM, Python technologies
• Generates reports on REST KPI analysis as needed with SPLUNK.
• Familiar with Service Oriented architecture and web services integration (SOAP, WSDL, REST KPI)
• Expertise in customizing Splunk for Monitoring, Application Management and Security as per customer requirements and industry best practice.
• Experience in responding to requests and incident tickets within defined Service Level Agreements.
• Risk and Threat Analysis. IT security monitoring and analysis, vulnerability analysis by using Guardium, QRadar, Idenfense, wildfire, Sourcefire, fireeye.
• Developed specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflow
• Supports, Monitors and manages the SIEM environment. Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app, Triage events, Incident Analysis.
• Developed Splunk Objects and reports on Security baseline violations, Non-authenticated connections, Brute force attcaks and many usecases.
• Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app, Triage events, Incident Analysis.
• Integration of Splunk with a wide variety of legacy ad security data sources that use various protocols.
• Installation and configuration of Splunk apps to onboard security data sources into Splunk
• Good experience in working with SNMP traps and Syslog NG in onboarding the security devices on Splunk monitoring.
• Experience with creating disaster recovery plans and testing. Work as part of a team to provide excellent customer experience. Provide emergency or scheduled support out of hourlogs as required.
• Install, configure, and troubleshoot Slunk. Use Splunk to collect and index log data.
• Experience with regular expressions and using regular expressions for data retrieval.
• Work with application owners to create or update monitoring for applications.
• Experience creating and maintaining Splunk reports, dashboards, forms, visualizations, alerts.
• Strong knowledge of Windows, Linux, and UNIX operating systems.
• Manage and support change in the environment. Experience of working on a very large enterprise environment
• Splunk SPL (Search Processing Language) and Dashboarding/Visualization. Setup dashboards for network device logs.
• Machine learning experience and Experience deploying and managing infrastructure on public clouds such as AWS.
• Excellent knowledge of SNMP and syslog. Developed several Splunk POCs, KPIs.
• Design solutions and concepts for data aggregation and visualization. Splunk deployment, configuration and maintenance across a variety of UNIX and Windows platforms. Able to troubleshoot Splunk server problems and issues.
• Experience in operating and monitoring AWS instances. Experience with Splunk Enterprise Security (Splunk ES).
• Administering Splunk and Splunk; Integrating Splunk with a wide variety of legacy data sources and industry leading commercial security and other tools.
• Assisting users to customize and configure Splunk in order to meet their requirements.
• Perform implementation of security and compliance-based use cases. Performing maintenance and optimization of existing Splunk deployments.
• Communicating with customer stake holders to include leadership, support teams, and system administrators.
• Technical writing/creation of formal documentation such as reports, training material and architecture diagrams.
• Ability to write/create custom dashboards, alerts, searches, and reports to meet requirements of various user groups .
• Experience in dashboards and reports performance optimization. Working knowledge of scripting languages (e.g. Python, bash, etc.). Excellent knowledge of TCP/IP networking, and inter-networking technologies (routing/switching, proxy, firewall, load balancing etc.)
• Handling tickets through Remedy and Service now and addressing them promptly. Following ITIL best practices.
• Train and mentor for team towards solution development and POC, KPI, Metrics Monitoring execution in SPLUNK

TECHNICAL SKILLS:

Splunk: 5.x and 6.x, Splunk Enterprise, Splunk on Splunk, Splunk DB 2 Connect, Splunk Cloud, Hunk, Splunk IT Service Intelligence, Splunk Web Framework

Operating Systems: Windows 2000, XP, Win 10, Windows Server, Unix/Linux (Red Hat), Free BSD

Data Analysis: Requirement Analysis, Business Analysis, detail design, data flow diagrams, data definition table, Business Rules, data modeling, Data Warehousing, system integration

RDBMS: Oracle 11g/10g/9i/8i, MS-SQL Server 2000/2005/2008, Sybase, DB2 MS Access, Mysql

Web Technologies: HTML, DHTML, JavaScript, XML, XSL, XSLT, REST, SOAP

Web/App Servers: Apache Tomcat 6.0, web logic8.1/9.2, web sphere 6.0

Concepts: SDLC, Object Oriented Analysis and Design, Unified Modeling Language (UML), Assembly and System Level Testing, exposure in Agile.

Programming Language: C, C++, Java with Big Data, Python, UNIX shell scripts

Monitoring tool: Netcool,Dynatrace

PROFESSIONAL EXPERIENCE:

Confidential, Greenville, SC

Sr. Splunk Architect / Admin / Developer

Responsibilities:

• Developed Splunk infrastructure and related solutions as per business requirements and automation toolsets.
• Designed Splunk Cloud Architecture to Integrate with Windows Infrastructure
• Integrated ITSI and Unix/Linux Apps to monitor health of the servers.
• Monitoring Domain Controller server to push Active Directory logs to splunk.
• Splunk expert level understabing with Splunk Enterprise in CIM, Data models, Event management and Tags
• Expertised knowledge and experience with Normalization and Data Modeling, specifically in a Splunk environment
• Articulated and conveyed advanced technical concepts in presentation on face-to-face related to designing/developing processes that can be understood and followed by splunk developers and administrators
• Expert in producing high quality technical documentation for team of experts for project implementation
• Monitors, analyzes, enriches and parses logs from a variety technologies across multiple platforms such as IDS/IPS(sourcefire,Dell securework)
• Experience in Splunk GUI development creating Splunk apps, searches, Data models, dashboards, and Reports using the Splunk query language.
• Provide regular support guidance to Splunk project teams on complex solution and issue resolution.
• Responsible for documenting the current architectural configurations and detailed data flow and troubleshooting guides for application support.
• Involved as a Splunk Admin in capturing, analyzing and monitoring front end and middle ware applications.
• Worked with Client engagements and data onboarding and writing alerts, dashboards using the Search Processing Language (SPL).
• Analyzed security based events, risks and reporting instances.
• As part of SIEM, monitored notable events through Splunk Enterprise Security (Using V3.0).
• Generated Shell Scripts to install Splunk Forwarders on all servers and configure with common Configuration Files such as Bootstrap scripts, Outputs.conf and Inputs.conf files.
• Onboard new log sources with log analysis and parsing to enable SIEM correlation.
• Configuration of inputs.conf and outputs.conf to pull the XML based events to splunk cloud indexer.
• Various types of charts alert settings Knowledge of app creation, user and role access permissions.
• Creating and managing app, create user, role, permissions to knowledge objects.
• Creating Vulnerability Assessment dashboard using Rapid7, Joval that aggregates data across multiple services to identify critical threats and proactively mitigate risks.
• Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing and splunk clustering.
• Setup and configuration of search head cluster with three search head nodes and managing the search head cluster with deployer.
• Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
• Provide regular support guidance to SPLUNK project teams on complex solution and issue resolution with the objective of ensuring best fit and high quality.
• Interact with the data warehousing team regarding extracting the data and suggest the standard data format such that Splunk will identify most of the fields.
• Analyzed large datasets to identify metrics, drivers, performance gaps and opportunities for improvement
• Splunk DB Connect 2.0 in search head cluster environments of Oracle, MySQL
• Designed and implemented a NoSQL based database and associated RESTful web service that persists high-volume user profile data for vertical teams.
• Scripted SQL Queries in accordance with the Splunk.
• Created many of the proof-of-concept dashboards for IT operations, and service owners which are used to monitor application and server health.
• Created Dashboards, report, scheduled searches and alerts.
• Create dashboard from search, scheduled searches and Inline search vs scheduled search in a dashboard.
• Field Extraction, Using IFX, Rex Command and Regex in configuration files.
• Splunk administering in environments like Window Servers, Red Hat Linux Enterprise Servers.

Confidential, Portland OR

Splunk Architect / Admin / Developer

Responsibilities:

• Designing and implementing Splunk-based best practice solutions.
• Writing automation scripts for API’s, Unit and Funtional test cases using Selenium Web Driver.
• Implemented web services using SOAP architecture and also used Java script and Python for automation of dash boards.
• Requiement gathering and analysis. Interacted with team members and users during the design and development of the applications and Splunk Objects.
• Experience in managing Network infrastructure security using HPE ArcSight ESM/ Splunk for monitoring and classifying and responding to incidents and threats.
• Experience in analyzing user data requirements to work with system owners to integrate new ArcSight feeds.
• Receiving promptly, handling, gathering requirements through remedy tickets and resolving at on time.
• Communicating and collaborating with hundreds of customer, Splunk users.
• Data collection from various systems/servers, Forwarder Management, creating and managing Splunk apps.
• Provide high quality technical service and support of ArcSight technology and infrastructure.
• Provide support with ensuring appropriate audit logs are captured and stored via the DLA Enterprise implementation of the ArcSight logger system.
• Monitor ArcSight for potential misconfigurations of remote equipment which could negatively impact the security posture of the network.
• Responsible for security monitoring, analysis and troubleshooting of events generated by network security devices (IPS, IDS, Firewall), OSs, Application Servers, from different data sources (DB, log file, SNMP, Syslog) on ArcSight ESM.
• Efficient with Regex making parsers for ArcSight flex connectors.
• Building Splunk queries by Splunk Search Processing Language (SPL) and Regular expressions.
• Creating, maintain, support, repair, customizing System & Splunk applications, search queries and dashboards.
• Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app, Triage events, Incident Analysis.
• Developed Splunk Objects and reports on Security baseline violations, Non-authenticated connections, Brute force attcaks and many usecases.
• Good experience in working with SNMP traps and Syslog NG in onboarding the security devices on Splunk.
• Design, support and maintain large Splunk environment in a highly available, redundant, geographically dispersed environment.
• Installed Splunk Common Information Model add-on is packaged with Splunk Enterprise Security, Splunk IT Service Intelligence, and the Splunk App for PCI Compliance.
• Install, configure, and troubleshoot Splunk. Experience with regular expressions and using regular expressions for data retrieval. Work with application owners to create or update monitoring for applications.
• Experience creating and maintaining Splunk reports, dashboards, forms, visualizations, alerts.
• Good experience in building Splunk Security Analytics. Lead logging enrollments from multi-tier applications into the enterprise logging platforms.
• Developed specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflow
• Strong knowledge of Windows, Linux, and UNIX operating systems.
• Experience in responding to requests and incident tickets within defined Service Level Agreements.
• Integration of Splunk with a wide variety of legacy and security data sources that use various protocols.
• Installation and configuration of Splunk apps to onboard data sources into Splunk
• Experience with creating disaster recovery plans and testing.
• Work as part of a team to provide excellent customer experience.
• Provide emergency or scheduled support out of hours as required.
• Manage and support change in the environment. Experience of working on a very large enterprise environment
• Splunk SPL (Search Processing Language) and Dashboarding/Visualization. Setup dashboards for network device logs.
• Developed alerts and timed reports Develop and manage Splunk applications. Have done many POCs.
• Implemented maps integration and dynamic drill downs extensively.
• Created Summary searches and reports; In depth knowledge of Splunk license usage abd safeguarding from violation.
• Very good experience in optimizing searches and implemented post processing on dashboards.
• Configurations with deployment server, indexers, search heads, serverclass.conf, server.conf, apps.conf, props.conf, transform.conf, forwarder management configurations.
• Good experience in clustering, deploying apps through Splunk deployment server, deployer, Splunk version upgradation, creating roles and authentication.

Environment: Splunk, Deployment server, Integration, Splunk 6.x Dashboard Examples, Sideview utils, Data Models, Server management, Dashboards, Search processing language (SPL), Field extraction, Regex, Rex, LINIX, XML, Advanced XML, JS, CSS, HTML

Confidential, Nashville, TN

Splunk Developer/admin

Responsibilities:

• Designing and implementing Splunk-based best practice solutions. Requiement gathering and analysis. Interacted with team members and Business users during the design and development of the application.
• Data collection from various systems/servers, Forwarder Management, creating and managing Splunk apps.
• Building Splunk queries by Splunk Search Processing Language (SPL) and Regular expressions.
• Publishing data into Splunk through configurations such as inputs.conf, severclass.conf, server.conf, apps.conf and Outputs.conf configurations
• Configurations with deployment server, indexers, search heads, serverclass.conf, server.conf, apps.conf, props.conf, transform.conf, forwarder management configurations.
• Created and triggered various dropdowns and drilldowns by using Splunk static Lookups.
• Installed, Configured, Implemented various visualization Add-ons to the developed and developing dashboards
• Built Latency and Time lag analytics in Hadoop and Informatica.
• Built several Key Performance Indicators for the Personal Insurance team through Splunk Metrics
• Built and configured various Splunk Objects on various Filesystems; vmstats, Veritas, NAS, Diskapp, CPU, IO stats.
• Built KPIs and other Splunk Objects on Hardware Utilization of various technologies like Informatica, Goldengate, and SAS Fraud Framework, Teradata, Hadoop, Microstrategy and A&C servers.
• Built Analytics for Workflow logs and Session logs of informatica on Job Failures, errors, stats.
• Built Utilization and Monitoring Analytics for Various Work environments of Personal Insurance sector
• Created and configured Alerts /Notifications on different SLAs and thresholds for Personal Insurance Architecture team on Filesystem, vmstats, Veritas, NAS, Diskapp, CPU, IOstat utilization.
• Created a drilldown of navigations from one splunk app to the other app.
• Review and apply any newly available and applicable SPLUNK software or policy updates routinely.
• Assist with design of core scripts to automate SPLUNK maintenance and alerting tasks.
• Support SPLUNK on UNIX, Linux and Windows-based platforms. Assist with automation of processes and procedures.
• Maintain current functional and technical knowledge of the SPLUNK platform and future products.
• Help to document best practices in developing and using SPLUNK.
• Experience with Splunk UI/GUI development and/or operations roles
• Work with business/IT and create the next steps plan and implement the same.
• Implemented Post processing method for searches in dashboards.
• Extensively worked on building of range maps for various SLA conditions by using all kinds of Splunk 6.x Dashboard Examples.
• Monitor the applications and server infrastructure for optimization, performance and Utilization metrics.
• Configured Alerts and notifications on various thresholds, SLAs for Personal Insurance Architecture team.
• Successfully developed robust dasboards, KPIs, notifications on metrics such as Latency, Lag, canary, Node status, service status, space status, filesystem utilization, trending growth, Missing mounts,User connections, Time standards, response time elements for Informatica, Goldengate, SAS Fraud Framework, Teradata, Hadoop, Microstrategy for all the PROD, DEV, QA, TEST, PERF, RECOVERY environments.
• Doing Team leading, deeper analysis of data using event correlations across indexes and various source types to generate custom reports for senior management.
• Providing Training to Senior management, developers and Splunk Object End users, Documentation and communications on future upgrades

Environment: Splunk, Deployment server, Splunk 6.x Dashboard Examples, Sideview utils, Data Models, Server management, Dashboards, Search processing language (SPL), Field extraction, Regex, Rex, PYTHON, UNIX, AIX, RED HAT LINUX, Hadoop, XML, HTML

Confidential, Atlanta, GA

Splunk Developer/admin

Responsibilities:

• Developed robust, efficient queries that will feed custom Alert, Dashboards and Reports.
• Worked on Splunk search processing language, Splunk dashboards and Splunk dbconnect app.
• Publishing data into Splunk through configurations such as inputs.conf, severclass.conf, server.conf, apps.conf and Outputs.conf configurations
• Design and customize complex search queries, and promote advanced searching, forensics and analytics
• Developed dashboards, data models, reports and optimized their performance.
• Provided engineering expertise and assistance to the Splunk user community
• Developed Splunk dashboards, data models, reports and applications, indexing, tagging and field extraction in Splunk
• Created Splunk knowledge objects (e.g. fields, lookups, macros, etc.)
• Experience in dashboards and reports performance optimization.
• Developed Dashboards for Business Activity Monitoring, Enterprise Architecture
• Built KPIs dashboards on Patient Enrollment transactions and other business activities
• Built Key Performance Indicators to the Enterprise Architecture team through Splunk
• Created Alerts on different SLAs and thresholds through Splunk.
• Manipulating raw data and Field extraction
• Built KPIs, alerts on SLAs of filesystem services project.
• Business Activity Monitoring and troubleshooting
• Good experience on Splunk Search Processing Language (SPL) and Regular expressions.
• Monitor the applications and server infrastructure for optimization, performance and Utilization metrics.
• Experience in developing dashboards and customizing them.
• Implemented various visualization Add-ons to the developed dashboards
• Extensively worked on creation of range maps for various SLA conditions by using all kinds of Splunk 6.x Dashboard Examples.
• Maintain current functional and technical knowledge of the SPLUNK platform and future products.
• Help to document best practices in developing and using SPLUNK.
• Experience with Splunk UI/GUI development and/or operations roles
• Work with business/IT and create the next steps plan and implement the same.
• Doing deeper analysis of data using event correlations across indexes and various source types to generate custom reports for senior management.

Environment: Splunk, BMC, Splunk Universal forwarder,, Splunk 6.x Dashboard Examples, Sideview utils, Data Models, Server management, Dashboards, Search processing language (SPL), Field extraction, Regex, Rex, UNIX, AIX, RED HAT LINUX, BLADELOGIC, XML, HTML.

Confidential

Security Engineer

Responsibilities:

• Participated in the product selection and installation of HP Arcsight Security Information Event Manager SIEM consisting of multiple collectors and a high performance MS SQL database
• Designed and implemented enterprise SIEM systems: centralized logging, NIDS, alerting and monitoring, compliance reporting, based on HP Arcsight 7.0 SIEM.
• Responsible for HP Arcsight SIEM monitoring and configuration aligned to internal PCI and SOX controls
• Manage the day-to-day log collection activities of source devices that send log data to SIEM HP Arcsight
• Managed and monitored McAfee EPO 4.6. Installed Linux/Windows agents and Virus Scan Enterprise
• Recommended Web Sense Internet proxy and Web Security Gateway Anywhere to manage corporate Internet proxy traffic and supporting infrastructure
• Access control for browsing, Authentication for all hits from browsing on proxy servers, maintenance of proxy logs for forensic purpose
• Maintain McAfee antivirus applications and appliance, including ePolicy Orchestrator, VSE 8 and 8.5, and Secure Content Manager SCM 3200 SPAM, Virus, and content filtering of web and email traffic.
• Develop Knowledge base of various challenges faced in implementing SIEM solution and maintaining it.
• Dashboard / Enterprise dashboard customization for various team based on the log source type requirements.

Environment: Tripwire, HP Arcsight,McAfee, UNIX, SQL, TOAD, SPLUNK.