SUMMARY

• Over all 8 + years of experience in Architecting and deploying various components within Splunk (indexer, forwarder, search head, deployment server) and security delivering innovative solutions to fix around and automation
• Upgrade and Optimize Splunk setup with new discharges.
• Extensive experience in deploying, configuring and administering Splunk clusters.
• Expertise in Actuate reporting, development, deployment, management and performance tuning of Actuate reports
• Created Splunk app for Enterprise Security to identify and address emerging security threats through the use of continuous monitoring, alerting and analytics.
• Helping application teams in on - boarding Splunk and creating dashboards, alerts, reports etc.
• Experience working on Splunk 5.x,6.x, Splunk Enterprise Security 4.1, Splunk DBConnect 1.x,2.x on distributed Splunk Environments and Clustered Splunk Environments on Linux and Windows operating systems.
• Setup Splunk Forwarders for new application levels brought into environment.
• Develop custom app configurations (deployment-apps) within SPLUNK in order to parse, index multiple types of log format across all application environments.
• System Administration familiar with Windows Servers, Red Hat Linux Enterprise Servers.
• Good Understanding of configuration files, precedence and daily work exposure to Props.conf, transforms.conf, inputs.conf, outputs.conf and Setting up a forwarder information based on requirement.
• Experience in Optimized search queries using summary indexing.
• Experience in Designing and implementing Trend Micro
• Enabling the Radius Authentication to administer the SSL VPN Box
• Excellent skills on troubleshooting and problem determination of HTTP/System/ Network related problems including monitoring, capacity planning and maintenance by providing 24X7 support on call for all mission critical applications. Strong background in a disciplined software development life cycle (SDLC).
• Excellent analytical and interpersonal skills and ability to learn new concepts and supported 24/7 on call in production and development environment.
• Understanding of Network Firewalls, Load-balancers, LDAP and complex network design.
• Experience in optimizing searches for better performance, Search time vs. Index time field extraction and understanding of configuration files, precedence and working.
• Gathered various sources of syslog and XML data from devices, applications, and data bases.
• Involved in writing complex IFX, Rex and Multi kv command to extracts the fields from the log files. X.
• Strong organizational skills to work independently and prioritize a heavy workload under the pressure of competing tasks.
• A very good team player and self-starter with Strong analytic, writing, communication skills and quick learner with ability to work independently and as part of a team.

PROFESSIONAL EXPERIENCE

Splunk Engineer

Confidential, NY

Responsibilities:

• Developed Splunk infrastructure and related solutions as per automation toolsets
• Experience in Splunk GUI development creating Splunk apps, searches, Data models, dashboards, and Reports using the Splunk query language
• Provide regular support guidance to SIEM operational teams on complex solution and issue resolution
• Worked with Client engagements and data onboarding and writing alerts, dashboards using the Search Processing Language (SPL)
• Analyzed security based events, risks and reporting instances
• As part of SIEM, monitored notable events through Splunk Enterprise Security (Using V3.0)
• Generated Shell Scripts to install Splunk Forwarders on all servers and configure with common Configuration Files such as Bootstrap scripts, Outputs.conf and Inputs.conf files
• Onboard new log sources with log analysis and parsing to enable SIEM correlation
• Configuration of inputs.conf and outputs.conf to pull the XML based events to splunk cloud indexer
• Various types of charts alert settings Knowledge of app creation, user and role access permissions
• Created Compliance Security Baseline and Vulnerability Assessment dashboard for IBM Guardium Security for Database Server and Database Instances
• Parsing, Indexing, searching concepts Hot, Warm, Cold, Frozen bucketing and splunk clustering
• Setup and configuration of search head cluster with three search head nodes and managing the search head cluster with deployer
• Interact with the data warehousing team regarding extracting the data and suggest the standard data format such that Splunk will identify most of the fields
• Worked on setting up Splunk to capture and analyze data from various layers Load Balancers, Webservers and application servers
• Write automation scripts for APIs, Unit and functional test cases using Selenium WebDriver
• Write automation scripts for REST API's using TestNG and Java
• Worked on DB Connect configuration for r, MySQL and MSSQL
• Splunk DB Connect 3.0 in search head cluster environments of Oracle, MySQL
• Designed and implemented a NoSQL based database and associated RESTful web service that persists high-volume user profile data for vertical teams
• Created many of the proof-of-concept dashboards for IT operations, and service owners which are used to monitor application and server health
• Created Dashboards, report, scheduled searches and alerts
• Create dashboard from search, scheduled searches and Inline search vs scheduled search in a dashboard
• Field Extraction, Using IFX, Rex Command and Regex in configuration files
• Splunk administering in environments like Window Servers, Red Hat Linux Enterprise Servers

Environment: SPLUNK 7.2*, Linux, UNIX, Oracle 11g, MS SQL Server 2012, SQL Bluecoat, IBM Guardium,,VMF, Tripwire, Resilient, Service Now (ITAM)

Splunk Admin/Developer

Confidential, NJ

Responsibilities:

• Installation and configuration of Splunk product at different environments. Configured Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards, Clustering and Forwarder Management.
• Monitoring or analyzing the real-time events for the security devices like Firewall, IDS, Anti-Virus etc., using SIEM tools.
• Upgraded Splunk Enterprise from v 6.2 to v 6.5.1 in clustered environments and non-clustered environments.
• Developed Splunk Dashboards, searches and reporting to support various internal clients in Security, IT Operations and Application Development.
• Analyzed security based events, risks and reporting instances. Correlating events from a Network, OS, Anti-Virus, IDS/ IPS, Firewalls or Proxies and analyzing them for possible threats.
• Understand and interpret customer requirements for Splunk implementation for an enterprise solution.
• Provide deployment strategies with the understanding of affordable risk based on customer acceptance.
• Created and configured management reports and dashboards. Planned, implemented, and managed Splunk for log management and analytics
• Monitor security violations, flag potential violations and logging security incidents in Service Now.
• Splunk DB Connect 2.0 in search head cluster environments of Oracle, MySQL.
• Involved in writing complex IFX, Rex and Multikv command to extracts the fields from the log files
• Created Dashboards for various types of business users in the organization and worked on creating different Splunk Knowledge objects like Macros, IFX, Calculated fields, Tags, Event Types, and Lookups.
• Field Extraction, Using IFX, RexCommand and RegEx in configuration files
• Use techniques to optimize searches for better performance, Search time field extractions. And understanding of configuration files, precedence, and working.
• Troubleshooting of searches for performance issues by adding lookups, correct joints and using summary indexes.
• Scripting and development skills (Perl, Python) with strong knowledge of regular expressions.
• Various types of charts Alert settings Knowledge of app creation, user, and role access permissions. Creating and managing app, Createauser, role, Permissions to knowledge objects.
• Responsible for maintaining the Splunk UBA.
• Helped the client to setup alerts for different kind of errors.
• Configure and Install Splunk Enterprise, Agent, and Apache Server for user and role authentication and SSO.
• Monitored and resolved the Different kind of Health Issues of Splunk.
• Parsing, Indexing and concepts of Hot, Warm, Cold and Frozen bucketing.
• Install and maintain the Splunk add-on including the DB Connect 1, Active Directory LDAP for work with directory and SQL database.

Splunk Admin/Developer

Confidential, FL

Responsibilities:

• Provide deployment strategies with the understanding of affordable risk based on customer acceptance.
• Created and configured management reports and dashboards. Planned, implemented, and managed Splunk for log management and analytics
• Monitor security violations, flag potential violations and logging security incidents in Service Now.
• Validate the existing rules and provide recommendation on fine tuning the rules. Creating and sending Risk Advisories to our clients.
• Suppress false positive alerts. Weekly/Monthly incident analysis report. Analyzing the events and providing solutions for the incidents.
• Involved in setting up alerts for a different type of errors, Data Enrichment using the lookups and Data Interpretation using the Fields and Fields Extraction and performing the Data Normalization using the Tags.
• Good Understanding of configuration files, precedence and daily work exposure to Props.conf, transforms.conf, inputs.conf, outputs.conf and Setting up a forwarder information based on requirement.
• Maintained Splunk Environment with multiple indexers; managed and configured settings.
• Improved search performance by configuring to search heads for all Indexes in production.
• Analyzed security based events, risks and reporting instances. Developed Splunk queries and dashboards targeted at understanding application performance and capacity analysis.
• Work with SIEM tool QRadar by tuning security events, creating building block, search for reports and search security events.
• Worked for getting data in managing Splunk apps. Assisted internal users of Splunk in designing and maintaining production-quality dashboards.

Environment: Splunk 6.x, Splunk DB Connect and other modules, Oracle WebLogic 9.x/10.x, Tomcat 5.x/6.x, Oracle 9i/10g, Solaris 10, LINUX, Sun ONE Directory Server 6, Sun One Web Server 6.0, Apache 2.x, Python

System Admin

Confidential, GA

Responsibilities:

• Configuration & troubleshooting of switches, routers and Firewall.
• Installation and Implementation of PFSence and Sophos XG Firewall
• Cisco Identity Services Engine (ISE), VPN, working with Firewall with Panorama Servers to create / modify rules and policies.
• Involved in medium level Design and creating sequence diagram for site to site Tunnel configuration,
• Checking firewall logs, Net flow and functionality by using different network monitoring tools.
• Network experience using TCP/IP, DHCP, DNS, Ethernet, Network security tools, packet analyzers
• DMZ Configuration off-shore and on-shore
• Install Applications servers and Configure the Databases like MySQL and MongoDB and responsible for data backup
• Create Nodes and Clusters
• Maintaining Ovirt clusters and create Datacenters and Generate VM’s
• Installation, configuration and maintenance of Linux/Unix servers
• Deploying new Linux servers, Configuring the servers, Install Apache tomcat, Apache Webserver, Java installation on the servers, GIT, ANT, MAVEN
• Created and configured clusters for high availability of the servers
• Deploying the Ansible automated configuration and managing Ansible Playbooks
• Troubleshooting issues in the server and Resolve issues on Disk, CPU and memory performance issues.
• User administration, Enabled and Disabled Administrative security, Application Security, Global Security.
• Configure Big data components in our Clusters as a Hadoop and Kafka - zookeeper servers.
• Configure Lightweight Directory Access Protocol in our cluster .
• Configure Map reduce & spark in Eclipse in order to connect to the Distrusted File System.
• Maintaining Physical servers off shore and on shore.