SUMMARY

• Design solutions and concepts for data aggregation and visualization. Splunk deployment, configuration, and maintenance across a variety of UNIX and Windows platforms. Able to troubleshoot Splunk server problems and issues.
• Machine learning experience and Experience deploying and managing infrastructure on public clouds such as AWS.
• Experience in operating and monitoring AWS instances. Experience with Splunk Enterprise Security (Splunk ES).
• Strong knowledge of Windows, Linux, and UNIX operating systems.
• Expertise in writing Splunk searches, Splunk Infrastructure and Development expert well - versed with Splunk architecture and design.
• Expertise in customizing Splunk for Monitoring, Application Management, and Security as per customer requirements and industry best practice.
• Developed Splunk Objects and reports on Security baseline violations, Non-authenticated connections, Brute force attacks and many use cases.
• Developed a feature to integrate all the data by creating REST APIs and consuming it in the dashboard for log analytics.
• Developed application service components and configured beans using Spring IoC.
• Experience in working with AWS: Amazon S3, Amazon EC2, and Relational Database Services.
• Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app, Triage events, Incident Analysis.
• Integration of Splunk with a wide variety of legacy ad security data sources that use various protocols.
• Supports, Monitors, and manages the SIEM environment. Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app, Triage events, Incident Analysis.
• Experience in dashboards and reports performance optimization. Working knowledge of scripting languages (e.g. Python bash, etc.). Excellent knowledge of TCP/IP networking, and inter-networking technologies (routing/switching, proxy, firewall, load balancing etc.)
• Developed specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflow
• Splunk SPL (Search Processing Language) and Dashboarding/Visualization. Setup dashboards for network device logs.
• Installation and configuration of Splunk apps to onboard security data sources into Splunk
• Good experience in working with SNMP traps and Syslog NG in on boarding the security devices on Splunk monitoring.
• Experience with regular expressions and using regular expressions for data retrieval.
• Work with application owners to create or update monitoring for applications.
• Administering Splunk and Splunk; Integrating Splunk with a wide variety of legacy data sources and industry leading commercial security and other tools.
• Assisting users to customize and configure Splunk to meet their requirements.
• Perform implementation of security and compliance-based use cases. Performing maintenance and optimization of existing Splunk deployments.
• Analyzed existing distributed deployment Splunk Environment, Designed and implemented clustered Splunk deployment for Searching and Reporting Modules Knowledge Objects, Administration, Add-On, Dashboards, Clustering search head, indexer across data centers and Forwarder Management.
• Communicating with customer stake holders to include leadership, support teams, and system administrators.
• Technical writing/creation of formal documentation such as reports, training material and architecture diagrams.

TECHNICAL SKILLS

Log Analysis Tool: Splunk Enterprise Server 5.x/6.x, Splunk Universal Forwarder 5.x/6.x, Splunk DB Connect

Web/App Servers: Web Sphere Application Server 5.0/6.x/7.x/8.x, Web Sphere MQ Sever 6.x/7.x, Web Sphere XD 6.0/6.1, IBM Http Server 6.x/7.x/8.x, Apache Web Server 2.x, Tomcat 5.5, IIS 6/7.x

Operating Systems: IBM AIX (5.1/6.1), Windows 2000, XP, Windows NT, Unix/Linux (Red Hat), VMware

Programming: C++, C, SQL/PL SQL, HTML, DHTML, XML

Scripting: JACL, Python, WSCP, WSADMIN, Korn Shell Script, Perl, JavaScript, CSS, Batch

Databases: Oracle (8i/9i), UDB/DB2, Sybase, MS SQL Server, IBM DB2

Monitoring tools: Wily Introscope 8.x/9.x, Tivoli, BSM Topaz, Tivoli Performance Viewer, IBM Thread and Heap Analyzers

Networking: TCP/IP Protocols, Socket Programming, DNS.

Frame work: MVC, J2EE Design Patterns, Struts.

IDE: Eclipse, RAD 7, Net Beans, Edit plus, TOAD

Methodology: Agile, waterfall

PROFESSIONAL EXPERIENCE

Splunk Content Developer/ Enterprise Security

Confidential

Responsibilities:

• Provides strategic support of Splunk integration and deployment, configuration and maintenance
• Interpret and develop content for SIEM products to meet internal and external customer requirements
• Coordinate with other organizations (SOC/CSIRT, Operations, Management) and assist with advanced issue resolution across the enterprise
• Develop filters to assist in the identification of significant events
• Provide recommendations and implement changes to optimize Splunk products in the customer environment
• Create Apps and normalize the existing apps to CIM compliance.
• Working with Splunk team to get more use cases.
• Working closely with SOC team and helping to create apps for investigation the events precisely.
• Configured Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards, Clustering and Forwarder Management.
• Designing and maintaining production-quality Splunk dashboards. Splunk Enterprise Deployments and enabled continuous integration on as part of configuration management.
• Involved in Installation, Administration and Configuration of Splunk Enterprise and integration with local legacy systems.
• Used Splunk DB Connect Addon to integrate Splunk with Database like SQL
• Configuring various Dashboards/Reports and schedule PDF delivery to respective teams using Splunk.
• Word around updating Splunk 6.x to 7.x version.
• Created around 10-15 Dashboards mostly based on security related. - Developed endpoint Dashboard to track all the threats coming in and to track what servers and computers are infected.
• Designing and implementing Splunk-based best practice solutions.
• Developed Splunk infrastructure and related solutions as per automation toolsets.
• Installation and configuration of Splunk product in different environments.
• Expertise in creating and customizing Splunk applications, searches and dashboards as desired by IT teams and business.
• Drive complex deployments of Splunk dashboards and reports while working side by side with technical teams to solve their integration issues.
• Developed Director/Manager level dashboards to track how many incidents analysts are working and how many malware related alerts triggering on daily basis.
• Created correlation searches for security incidents through Splunk enterprise security
• Work around different log sources like Firewall, VPN, DNS, AV, Proxy Logs.

Splunk Devops Engineer/Java-Big Data

Confidential - Bellevue, Washington

Responsibilities:

• Setup Splunk services in multiple environments (AWS and private data centers).
• Fix all performance and functionality issues in Splunk installation. Select the appropriate instance types in AWS
• Add monitoring support for all features used in Splunk by the team
• Setup identity access control in Splunk
• Onboard/migrate all existing queries in Splunk to new instances of Splunk
• Work on high availability solution for Splunk. Perform failure testing for Splunk
• Created tags, Event types, field lookups, using regular expressions, aliases etc. for search-time outputs and visualizations.
• Created the reports and saved searches for the development environment.
• Developed various dashboards, reports for IT Infrastructure, IT Security, Leadership and other relevant stakeholders. Dealt with Splunk Utilities.

Splunk Consultant

Confidential - Tampa, FL

Responsibilities:

• Installation and configuration of Splunk product at different environments. Configured Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards, Clustering and Forwarder Management.
• Designing and maintaining production-quality Splunk dashboards. Developed Splunk Dashboards, searches and reporting to support various internal clients in Security, IT Operations and Application Development.
• Worked on Security solutions (SIEM) that enable organizations to detect, respond and prevent these threats by providing valuable context and visual insights to help you make faster and smarter security decisions.
• Created tags, Event types, field lookups, using regular expressions, aliases etc. for search-time outputs and visualizations.
• Created the reports and saved searches for the development environment.
• Developed various dashboards, reports for IT Infrastructure, IT Security, Leadership and other relevant stakeholders.Dealt with Splunk Utilities (bucket rolling, User index creation and management, Sourcetype, forwarder log monitoring input and output configuration).Upgraded the development environment to 6.x version
• Installed and configured Splunk Universal Forwarders on both UNIX (Linux, Solaris, and AIX) and Windows Servers.
• Done POC for Splunk Apps for LDAP, NMON, and Splunk app for Windows Infrastructure.
• Hands on experience in customizing Splunk dashboards, visualizations, configurations using customized Splunk queries.
• Involved in troubleshooting of Clustering and optimizing performance.
• Upgraded the Splunk DB connect to 3.x version.
• Monitored license usage, indexing metrics, Index Performance, Forwarder performance, death testing.
• Involved in generating AWR reports from database using TOAD and scheduled report in Splunk.
• Created custom app configurations (deployment-apps) within SPLUNK to parse, index multiple types of log format.
• Built dashboards, views, alerts, reports, saved searches using XML, Advanced XML and Search Processing language (SPL) as and when required.
• Created Splunk Apps using XML and Web Components. Knowledge of app creation, user and role access permissions.
• User/Group Administration - Splunk authentication with LDAP for user accounts/groups creation and bindings of LDAP groups to Splunk.
• Production experience in large environments using configuration management tools like Chef, Ansible and Puppet supporting Chef Environment with 500+ servers and involved in developing manifests
• Performed troubleshooting and configuration changes to resolve Splunk configuration issues.
• Experience installing and managing different automation and monitoring tools on Redhat Linux like Nagios, Splunk, Chef and Puppet.