PROFESSIONAL PROFILE:

• Splunk Certified User with 5+ years of experience in Information Technology field with strong experience as Splunk Developer/Admin, Enterprise Security (ES)
• Strong experience with Splunk 5.x and 6.x/7.x product, distributed Splunk architecture and components including search heads, indexers and forwarders.
• Experience in Operational Intelligence using Splunk.
• Headed Proof - of-Concepts (POC) on Splunk Enterprise Security App implementation, mentored and guided other team members on understanding the use cases in Splunk.
• Expertise in customizing Splunk for Monitoring, Application Management and Security as per customer requirements and industry best practice.
• Analyzed security based events, risks and reporting instances. Implementation of medium scale Splunk ES architectures.
• Implemented workflow actions to drive troubleshooting across multiple event types in Splunk.
• Expert in installing and configuring Splunk forwarders on Linux, UNIX and Windows.
• Expert in installing and using Splunk apps for UNIX and Linux (Splunk nix) .
• Dashboard creation for various use cases required for real time monitoring of various infrastructure & the cyber security of the organization on Splunk.
• Knowledge on all Configuration files in Splunk (props.conf, Transforms.conf, Outputs.conf)
• Worked on large datasets to generate insights by using SPLUNK.
• Production error monitoring and root cause analysis using SPLUNK.
• Automation of day to day Cyber Security Operations task using Python, PowerShell & Shell Scripting
• Debug Splunk related and integration issues.
• Build, customize and deploy Splunk apps as per internal customers
• Splunk UI experience and able to debug expensive search queries.
• Configured Clusters for load balancing and fail over solutions.
• Designed, developed and implemented multi-tiered Splunk log collection solutions.
• Worked on Splunk Cloud as well as On Premise Splunk configuration clustered infrastructure
• Design, Deploy, and Support enterprise Splunk logging application. Assist other enterprise instances as Splunk Subject Matter Expert SME.
• Creating accurate reports, Dashboards, Visualizations, Elastic search and Pivot tables for the business users.
• Experienced in SHELL scripting, BASH scripting, PYTHON and Splunk apps like dbconnect
• Performed Splunk queries by Splunk Search Processing Language (SPL) and Regular expressions
• Performed Field Extractions and Field Transformations using the Regular Expressions in Splunk
• Implemented a Log Viewer Dashboard as a replacement for an existing tool to view logs across multiple applications hosted on a PaaS setup.
• Time chart attributes such as span, bins, & Tags, Event types, Scheduled searches - inline search vs scheduled search in a dashboard.

TECHNICAL SKILLS:

Splunk: Splunk 5.x and Splunk 6.x/7.x, Splunk Enterprise, Splunk on Splunk, Splunk DB Connect, Splunk IT Service Intelligence, Splunk Web Framework, Splunk UBA

Operating Systems: Windows, Unix/Linux.

Web technologies and frameworks: JAVASCRIPT, JQUERY, PHP, HTML, CSS Security tools Port scanning tools, Vulnerability and penetration tools, ArcSight, Snort, kali, NGFW, WebInspect, Burp-suite, ZAP

Computer Networking and Protocols: CISCO IOS, VLAN, Firewalls, IDS/IPS, TCP/IP, Routing protocols, VoIP protocols

Programming Languages: C, Python, UNIX shell scripts.

Database: Oracle, MySQL, SQL queries, SQL Procedures.

Standards: Confidential, ISO 270001,270002, HIPPA

PROFESSIONAL EXPERIENCE:

Splunk SME/Content Developer

Confidential, Edison, NY

Responsibilities:

• Worked on Multiple Production Roles and Created Alerts with Using of Splunk, Also Created Multiple dashboards and Alerts at a time.
• Involved in Installation, Administration and Configuration of Splunk Enterprise and integration with local legacy systems.
• Configured Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards, Clustering and Forwarder Management.
• Created Splunk Search Processing Language (SPL) queries, Reports, Alerts, and Dashboards.
• Created KV stores optimized for Splunk real time performance and responsible for managing & troubleshooting MongoDB to model the data for correlation searches.
• Created a dynamic lookup with a python scripting in Splunk.
• Workaround Implementation and automation of Shell and Python scripts.
• Created alerts and calling a python script when that alert gets triggered.
• Responsible to map the data fields as per the respective technology/domain into compatible field formats & knowledge objects using Common Information Model.
• Responsible for correlation of data from different domains to derive inference & correlation analytics as a part of this job activity.
• Writes the REGEX expressions for extractions etc
• Created EVAL Functions where necessary to create new field during search run time. Used Ifx, Rex and Regex commands for field extraction
• Troubleshooting and resolve the Splunk performance, search poling, log monitoring issues, role mapping, dashboard creation etc.
• Established indexes and retention policy of buckets; developed user roles to complement operational and security utilization. Set-up common source types using pre-trained datasets and constructed source types of unique data.
• Created custom built Splunk App & Add-ons include multiple custom-built client-oriented dashboards, reports, visualizations, data models, summary indexes and Alerts.
• Creating Regular Expressions for Field Extractions and Field Transformations in Splunk.
• Experience in WebLogic Application Server, Administration including installing, configuring, migrating, load balancing, deploying applications, performance tuning, upgrading, and maintenance of WebLogic Server.
• Create policies, alerts and configure using Splunk
• Uses security measures and information collected to identify, analyse and report system events in Splunk that occur within the network.
• IPS/ IDS monitoring and analysis, analyse network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false positives.
• Involved in Performing all upgrades and hot patches for McAfee SIEM (Nitro).
• Upgrading the Splunk Enterprise and security patching. Installed and configured different Splunk apps and add-ons on Splunk platform.
• Scripted SQL Queries in accordance with the Splunk.
• Splunk technical implementation, planning, customization, integration with big data.
• Knowledge about Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model.
• Splunk configuration that involves different web application and batch, create Saved search and summary search, summary indexes.
• Worked on python scripting for Rest API's.
• Worked on log parsing, complex Splunk searches, including external table lookups.
• Use techniques to optimize searches for better performance, Search time vs Index time field extraction. And understanding of configuration files, precedence and working.
• Worked on configuration files inputs. conf, indexes. conf, props. conf, serverclass. conf, transforms. conf and limit.conf.
• Created dashboards and reports performance optimization. Working knowledge of scripting languages
• Expertise on most of the Linux command-line commands and shell scripting. And scripting for automation, and monitoring using Shell, Python scripts.
• Upgrading and Migrating the Splunk Components and setting up the Retention Policy for the indexes.
• Configuring LDAP and Single Sign-On for User Authentication in the organization.
• Configured Splunk for all the mission critical applications and using Splunk effectively for Application troubleshooting and monitoring post go lives.
• Designing and maintaining production-quality Splunk dashboards.
• Parsed, Indexed, Searched concepts Hot, Warm, Cold, Frozen bucketing.
• Created tags, Event types, field lookups, using regular expressions, aliases etc. for search-time outputs and visualizations.
• Created Saved searches and summary search, summary indexes. Managing indexes and cluster indexes, Splunk web framework, data model and pivot tables.
• Performed troubleshooting and/or configuration changes to resolve Splunk integration issues.

Splunk Content Developer/Admin

Confidential, New Jersey

Responsibilities:

• Developed Splunk infrastructure and related solutions as per automation toolsets.
• Implemented forwarder configuration, search heads and indexing.
• Created Dashboards, report, scheduled searches and alerts, SIEM searches and alerts Metrics.
• Use Splunk Enterprise Security to configure correlation search, key indicators and risk scoring framework.
• Created Splunk app for Enterprise Security to identify and address emerging security threats using continuous monitoring, alerting and analytics.
• Created Compliance Security Baseline dashboard for Tripwire and compliance with Storage, Database Server, Workstation and Server.
• Created Compliance dashboard for HP-NA and Compliance with Network Devices.
• Created Compliance Security Baseline and Vulnerability Assessment dashboard for IBM Guardium Security for Database Server and Database Instances.
• Creating Vulnerability Assessment dashboard using Rapid7, Joval that aggregates data across multiple services to identify critical threats and proactively mitigate risks.
• Integrate Service Now with Splunk to generate the Incidents from Splunk and extracts all CMDB Data from ITAM.
• Created Apps for Security Engineering Team for Dashboards of Dashboard.
• Created Service Account for compliance check.
• Prepared, arranged and tested SPLUNK search strings and operational strings.
• Analyzed RSA (Netwitness) security based events, risks and reporting instances.
• Developing custom web application solutions for internal ticket metrics reporting.
• Onboard new log sources with log analysis and parsing to enable SIEM correlation.
• Analyzed large datasets to identify metrics, drivers, performance gaps and opportunities for improvement.
• Worked on large datasets to generate insights and communicate insights to guide strategic roadmap.
• Created many of the proof-of-concept dashboards for IT operations, and service owners which are used to monitor application and server health.
• Performed field extraction using IFX in an event action.
• Involved in setting up alerts for different type of errors.
• Analyzed security based events, risks and reporting instances. Implementation of medium scale Splunk ES architectures.
• Integration of different devices/applications/databases/operating systems with SIEM through smart connectors, Wincollect, forwarders and other agents.
• Use Case development, testing and documentation.
• SIEM and Security operation center audit and assessment.
• Coordinate with Guardium team to analyze DAM activities and configured rules to generate offenses Design, create, schedule & distribute and document in Splunk reports
• Tuning of false positives and less important events in Splunk environment
• Establish and document processes and procedures with the vendor to achieve seamless work relationship and workflow
• Prepared, arranged and tested Splunk search strings and operational strings.
• Indexing and creating devices types for all AWS cloud trail logs in splunk
• Worked on Cloud Splunk as well as On Premise Splunk configuration clustered infrastructure
• Involved in interacting with business owners, developers and business analysts in improving the application.
• Create dashboard from search, Scheduled searches o Inline search vs scheduled search in a dashboard..
• Involved in handling various Incident and request related to the application.
• Involved in monitoring the ticketing tool and taking the ownership of the tickets.
• Worked on various defects analysis and fixed them.
• Problem record analysis and solution providing.
• Worked closely with Platform Owner in addressing their queries.

Splunk Developer/Admin

Confidential, Boston

Responsibilities:

• Splunk implementation, planning, customization, integration with Application servers and statistical and analytical modeling.
• Administer Splunk as well as create, test and deploying operational search strings.
• On boarded new data into a multi-tiered Splunk environment.
• Troubleshoot and tune Splunk deployment for servers, applications and network devices
• Create and optimize Alerting, Reporting and advanced dashboards
• Experience with Splunk forwarders and intermediate forwarders as well as index and search head clusters.
• Create data retention policies and perform index administration, maintenance and optimization
• Splunk dashboard creation and advanced searching and reporting.
• Standardize Splunk forwarder deployment, configuration and maintenance in Linux and windows platforms
• Create role based AD access for Splunk
• Assist internal customers for creating and maintaining quality dashboards, alerts and reports
• Configured Node manager to remotely administer Managed servers
• Experience in handling network resources and protocols such as TCP/IP, Ethernet, DNS
• Ability to troubleshoot Splunk infrastructure components in highly available, multi-site design.
• Created Splunk applications and deploy using Splunk Deployment Server.
• Configuration and administration of Connection pools for JDBC connections
• Experience in handling Java and Sun Hotspot JVM tuning
• Created Splunk Search Processing Language (SPL) queries, Reports, Alerts and Dashboards.
• Configured LDAP and provided support for applications.
• Experience with Splunk DBConnect application and Splunk forwarder deployment.
• Installing and configuring Oracle Access Manager, Policy Manager, and Oracle Virtual Directory for Authentication, and User Authorization.
• Worked on new indexers and search head in Cluster environment on Linux platform
• Queries using calculated and restricted key figures, filters, exceptions, conditions and exit variables.
• Configured and deployed applications in various work environments like Development, System Test, QA and Production.
• Experience with performance testing tools such as web load and load runner.
• Supported on call 24x7 schedule for Production Support.
• Testing and profiling to measure the performance of the applications.
• Experience on use and understand of complex RegEx (regular expressions).

Security Analyst

Confidential

Responsibilities:

• Monitored security controls post authorization to ensure continuous compliance with the security requirements
• Assessed security control to ensure implementation of HIPAA privacy and security rules inline with Confidential
• Assisted in staff training for the proper understanding and implementation of HIPAA rules.
• Ensured that the health records are maintained on each inmate per HIPAA and company guidelines.
• Assisted with the review of policy, security alerts, guidance and regulations and adhere to HIPAA standards.