SUMMARY:

• Over 6+Years of extensive experience in the IT industry with expertise Knowledge about Splunk architecture and various components (Indexer, Forwarder, Search head, Deployment server).
• Experience on Linux/Unix, Middleware Administration, Monitoring, performance tuning Troubleshooting and Maintenance on WebLogic Servers.
• Expertise in Installation, Configuration, Migration, Trouble - Shooting and Maintenance of Splunk,WebLogic Server … Apache Web Server on different UNIX flavors like Linux and Solaris.
• Experience on Splunk Enterprise Deployments and enabled continuous integration on as part of configuration management.
• Experience with Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards, Clustering and Forwarder Management.
• Migrating of application from WebLogic 7.x/8.x/9.x to WebLogic …
• Created and Managed Splunk DB connect Identities, Database Connections, Database Inputs, Outputs, lookups, access controls.
• Monitored Database Connection Health by using Splunk DB connect health dashboards.
• Expertise in Splunk and Splunk query language.
• Experience with Splunk technical implementation, planning, customization, integration with big data and statistical and analytical modeling.
• Worked on log parsing, complex splunk searches, including external table lookups.
• Experience on use and understand of complex RegEx (regular expressions).
• Experience on Splunk data flow, components, features and product capability.
• Installed Splunk DB Connect 2.0 in search head cluster environments.
• Expertise in building Multidimensional Cubes, Scorecards, Dashboards and Report Studio complex reports for higher management.
• Excellent understanding of Software Development Life Cycle and dimensional modeling techniques using Star and Snow-flake Schema Modeling
• Installed and configured Splunk DB Connect in Single and distributed server environments.
• Solid experience in developing and deploying the applications on multiple WebLogic Servers and maintaining Load Balancing, Failover and High Availability.
• Strong Data Warehousing … Power Center Client tools - Mapping Designer, Repository manager, Workflow Manager/Monitor and Server tools -, Repository Server manager.
• Proficient in Oracle … PL/SQL back end applications development Toad, SQL Plus, and SQL.
• Expertise in using Splunkin creating scripts for various activities like Generating Server Status and Health reports, Deployments on large scale configuration of servers.
• Well-versed with different stages of Software Development Life Cycle (SDLC).

TECHNICAL SKILLS:

Security Management: IBM Appscan, Wireshark, Acunetix, nmap, Nessus, Qualys, OWASP Top10

Business Intelligence: Tableau, Power BI, PowerPivot, Power View.

Software Skills: Linux, Penetration Testing, Data Recovery, Virtualization, Hypervisor, ArcGIS

Programming: C, C++, Java, Python, PHP, JavaScript, MySQL, Hive, Spark, Pig

Skill Set: Splunk Modules, Splunk 5.x/6.x, Splunk Enterprise, Splunk DB Connect, Splunk Cloud, Hunk, Splunk on Splunk, SplunkIT Service Intelligence, Splunk App for VMware, Splunk Web Framework

WORK EXPERIENCE:

Experienced Associate

Confidential, Houston

Responsibilities:

• Excellent ability to influence internal and external stakeholders and build consensus - build and drive “virtual” cross-functional teams
• Installing and configuring Splunk Forwarder on both Windows and Linux servers.
• Outline security problem areas for compliance, accuracy and productivity
• Designed, implemented and managed a physical security system for a high threat security compound
• Direct the daily progress of project work assigned to staff members, report status to management, and manage staff performance
• Expertise in creating and customizing Splunk applications, searches, dashboards as desired by IT teams and business.
• Drive complex deployments of Splunk dashboards and reports while working side by side with technical teams to solve their integration issues.
• Designing and maintaining production-quality Splunk dashboards, Data gathering from onsite and coming up with an implementation plan.
• LDAP Configuration in Splunk as well as segregation of Users based on their Roles.
• Installed, tested, and deployed monitoring solutions (Alerts, Dashboards and Reports) with Splunkservices for different Application Teams.
• Build Splunk dashboards using XML and Advanced XML as well as Created Scheduled Alerts for Application Teams for Real Time Monitoring.
• Strong understanding and knowledge of risk assessment, risk procedures, security assessment, vulnerability management, penetration testing
• Implemented Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model.
• Managing indexes and cluster indexes, Splunk web framework, data model and pivot tables.
• Use commercial scanning tools such as BurpSuite Pro, Nessus, and other commercial products to analyze systems for vulnerabilities, and provide risk reduction recommendations
• Perform network penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments and social engineering assessment and Creating comprehensive security assessment reports, Risk Metrics
• Design, support, and maintain Splunk infrastructure for a highly available and disaster recovery configuration
• Administered Splunk SIEM and Splunk Applications for Enterprise Security (ES) log management.
• Standardized Splunk agents deployment, configuration and maintenance across a variety of OS platforms
• Troubleshoot Splunk server, agent problems and issues
• Responsible with Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards, Clustering and Forwarder Management.
• Interfacing with clients to gather information and investigate security controls
• Research new detection techniques and improve existing ones and new ways Identifying gaps in existing security capabilities.
• Performed device upgrades, configuration changes, tuning, analysis, and troubleshoot on the following security platforms: Sourcefire IPS, Cisco IPS, Cisco, McAfee Intrushield, Checkpoint IPS, Proventia (NIPS/HIPS), Imperva WAF, F5 ASM, Carbon Black, Red Cloak, and FireEye.
• Utilized ELK Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Document and revise administration procedures for security, configuration, operation, and administration of devices.
• Designed Splunk Enterprise 6.5 infrastructure to provide high availability by configuring clusters across two different data centers.
• Installation and implementation of the Splunk App for Enterprise Security and documented best practices for the installation and performed knowledge transfer on the process.
• Expertise in Actuate Reporting, development, deployment, management and performance tuning of Actuate reports.
• Experience in alert handling, standard availability and performance report generation. Experience in root cause analysis of post-production performance related issues through Splunk tool.
• Expertise in SOC Implementation - Security Response, Security Incident Process, SLA, Log Integration, Use Case implementation, Dash board creation, Correlation of events.

Splunk Admin

Confidential, Sacramento, CA

Responsibilities:

• QRadar SIEM v7.2 Administration with SIEM EPS tuning, distributed deployment architectures. Part of deployment team where parsing several Log sources are integrated into QRadar through mid-layer such as F5 for PCI and Syslog services.
• Hands-on experience with Splunk and Elastic Search SIEM tools.
• Worked in SOC department to analyse security incidents and log analysis
• Monitored system and network activity to quickly detect any problems related to system security, performance, or system failures in a timely fashion and meet SLA agreements and provide daily technical support.
• Experience in Security Incident handling SIEM using RSA Envision and IBM Qradar products Identifying the critical IT infrastructure that requires 24/7 monitoring.
• Expert level understanding of Qradar Implementation & its Integration with other N/W devices and Applications and the troubleshooting work.
• Hands on experience in installing and using Splunk apps for UNIX and Linux ( Splunk nix).
• Complete deployment of Search Head Clusters in different environments, including migration of existing Search Head pooling (simultaneously cut over from current Search Head's instead of creating from scratch).
• Utilizing Tools such as New Relic, Splunk , Network Node Manager, Site Scope and Network Management tools.
• Performed SOC operations, including IDS event monitoring and analysis, security incident handling, incident reporting, and threat analysis. Performed security incident handling, incident reporting, and threat analysis.
• Perform vulnerability, configuration and compliance scan with Rapid7 to detect deficiencies and validate compliance with information systems configuration with organization's policies and standards.
• Utilized ELK Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Review and updating System Security Plan (SSP) based on findings from Assessing controls using NIST SP rev1, NIST SP a rev4, and NIST SP .
• Worked with Client engagements and data onboarding and writing alerts, dashboards using the Splunk query language.
• Coordinating with application and system owners to onboard applications in Splunk and ensure logging capabilities are functional.
• Assist in auditing through Splunk SME knowledge (PCI, SOC, etc.)
• Provide regular on-call support guidance to Splunk project teams on complex solution and issue resolution.
• Experience with Linux and Windows specialists for Splunk organization with a strong comprehension of the Splunk framework.
• Splunk configuration that involves different web application and batch, create Saved search and summary search, summary indexes.
• Actively monitored and responded to activity impacting various enterprise endpoints facilitating network communication and data handling (McAfee End Point Security, DLP, Splunk)
• Responsible for identifying and validating indicators of threat from multiple intel sources (i.e. Crowdstrike, FS-ISAC, BlueCoat, etc.) against internal assets to determine an accurate threat landscape and remediation targets (i.e. Splunk endpoint analysis, Vulnerability analysis (Qualys, Nessus, Metasploit).

Security Engineer /Application Tester

Confidential

Responsibilities:

• Strong knowledge of information security concepts, trends, and practices and Working knowledge of various network and security systems
• Familiarity with basic statistics/probability and Big Data and Data warehouse analytics techniques
• Used IBM Rational Appscan, Acunetix, Qualys, w3af for reducing risk by testing web applications prior to deployment and for ongoing risk assessment in production environments
• Drive complex deployments of Splunk dashboards and reports while working side by side with technical teams to solve their integration issues.
• Created and Managed Splunk DB connect Identities, Database Connections, Database Inputs, Outputs, lookups, access controls.
• Integrated Service Now with Splunk to generate the Incidents from Splunk .
• Development and formulation of specifications for computer programmers to use in coding, testing, and debugging of computer programs and deploying on variety of operating systems (Windows, Linux or UNIX variants).
• Conducted network and server vulnerability assessment scans plus track and report risk mitigation using Nessus OpenVAS, for systems monitoring and operations environment.
• Network visibility and intelligent network gathering of large organizations that run complex networks using tools like ENDACE and ICINGA.
• Configured complex Splunk dashboards in large amount of data.
• Working with Splunk authentication and permissions and having significant experience in supporting large scale Splunk deployments.
• Designed core scripts to automate Splunk maintenance and alerting tasks.
• Through teamwork, conducted security incident investigations; sniffing network traffic for unauthorized network services; reviewed and authorized request for network services such as. Modem lines, ISDN, remote access, VPN, Internet access (ISS Web filtering), and Verisign PKI.
• Maintained, monitored, and upgraded the IDS system and created custom daily reports to alert on anomalous traffic patterns and behaviors, which proved valuable in curtailing the spread of malware and mitigating Worm outbreaks using BRO IDS, Suricata IDS.
• Used Reverse engineering tools to such as IDA Pro, OllyDbg, and Imagix.
• Provide subject matter expertise with regard to applicable regulations such as PCI DSS, NIST-SP, and ISO Risk assessment for best practice throughout all phases of corporate projects.
• Coordinating and supporting the implementation of the response strategies with other parts of the enterprise or constituency, including IT groups and specialists, physical security groups, information security officers (ISOs), business managers, executive managers, public relations, human resources, and legal counsel using Log Analysis, Log Management.
• Conducted risk assessment evaluating security of Web applications and related infrastructure, defining risk matrix, providing technical and executive reports with detailed findings, recommending mitigation strategies and performing cost-benefit analysis
• Conducted Web security related incident responses while supporting investigations of security violations

Network and Security Engineer

Confidential

Responsibilities:

• Implemented and monitored security measures for the protection of computer systems, networks and information.
• Configured VMware environment, Installed and administered Windows Server 2008, which included installing Active Directory, DNS and DHCP.
• Maintenance of Splunk Environment with multiple Indexers.
• Experience with Splunk UI/GUI development and operations roles and configure index settings.
• Drive complex deployments of Splunk dashboards and reports while working side by side with technical teams to solve their integration issues.
• Performed troubleshooting and/or configuration changes to resolve Splunk integration issues.
• Hands on development experience in customizing Splunk dashboards, visualizations, configurations, reports and search capabilities using customized Splunk queries.
• Designing and maintaining production-quality Splunk dashboards.
• S plunk configuration that involves different web application and batch, create Saved search and summary search, summary indexes.
• Managing indexes and cluster indexes, Splunk web framework, data model and pivot tables.
• Prepared and documented standard operating procedures and protocols, Configured and troubleshot security infrastructure devices.
• Developed technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks.
• Undertook routine preventative measures of monitoring network security and maintaining network management using NETSCOUT NETWORK SNIFFING and Wireshark. I worked with Windows server 2008 and backed up the company’s server using SUSE Linux Enterprise for server back up.
• Studied security concepts/frameworks such as OWASP, CVE, CVSS, and 0-day exploits.
• Developed security requirements for LAN, WAN, VPN, and DMZ architectures and routers, firewalls, and related network device configurations.
• Knowledge of IDA Pro and Debuggers, Security tools and products, including Fortify, AppScan. Dynamic and static malware analysis, or Windows Operating System Internals, including Kernel, Registry, File system, or Windows APIs
• Setup malware analysis environment for specific threats affecting Windows, Mac OSX, Mobile OS platforms in a lab.

Network Engineer

Confidential

Responsibilities:

• Performed troubleshooting analysis and identified system failures; correlated events to determine point of failure of hardware and/or applications; provided recommendations, oversaw network issues, notified parties of problems resolved in a timely manner.
• Learned IT core functions and applied processes while implementing policies and procedures to safeguard network security system.
• Created and Managed Splunk DB connect Identities, Database Connections, Database Inputs, Outputs, lookups, access controls.
• Integrated Service Now with Splunk to generate the Incidents from Splunk
• Worked on DB Connect configuration for Oracle, MySQL and MSSQL.
• Monitored Database Connection Health by using Splunk DB connect health dashboards.
• Coordinated work between technicians, engineers and vendors while documenting work actions on network issues until problem was resolved.
• Draft technical manuals, installation manuals, installation progress updates, and incident response plans in order to enhance system security documentation; create required system compliance reports and information requests.
• Performed cross platform audits of Active Directory (AD) objects and user permissions.
• Managed User Accounts on Windows Servers and UNIX Platform (Creation, Deletion, Permissions, and VPN Access).
• Developed organizational units in Active Directory (AD) and managed user security with group policies.