SUMMARY

• 09+ years of IT experience and 5 years of experience with Splunk - Enterprise Splunk, Splunk DB Connect, Splunk configuring, implementing, and supporting Splunk Server Infrastructure across Windows, UNIX and Linux.
• Extensive knowledge of Splunk architecture and various components. Passionate about Machine data and operational Intelligence. Linux Administrator, DevOps/Agile operations Build/Release Management,
• Expertise in DevOps which includes technologies and platform like UNIX/Linux, Java, Jenkins, Maven, GitHub, Chef, Ansible, Subversion, Ant, VMware, Puppet, SVN, GitHub, Vagrant, CVS, Tomcat, JBoss etc.
• Experience in Linux Administration (Installation, Configuration, Patching, Tuning and Upgrades of Linux (Red Hat and Oracle).
• Having experience in understanding of Splunk 6.x, 7.x 8.0 product, Distributed Splunk architecture and components including search heads, indexers, forwarders.
• Expertise in Splunkenterprise architecture such as Search Heads, Indexers, Deployment server, Deployer, License Master, Heavy/Universal Forwarders.
• Experience analyzing network, event, and security logs on premise and cloud
• Headed Proof-of-Concepts on Splunk implementation, splunk indexing and plugins, mentored and guided other team members on Understanding the use case of Splunk.
• Installation and implementation of the Splunk App for Enterprise Security and documented best practices for the installation and performed knowledge transfer on the process.
• Expert in installing and using Splunk apps for Unix and Linux (Splunk nix).
• Used Time chart attributes such as Span, Bins, Tag, and Event Types. Created and configured management reports and dashboards.
• In the highly regulated financial services industry, one leading global company encountered limitations with its legacy security investigation and event monitoring (SIEM) software. The financial services company needed a new solution that could ingest growing volumes of data, minimize risk, speed security investigations and integrate with its governance, risk and compliance (GRC) solution. Since deploying Splunk Enterprise and Splunk Enterprise Security (ES) as its data analytics security platform, the company has seen benefits including
• Experience in cloud based technologies such as S3, Redshift and with NoSql stores such as MongoDB
• Experience with Splunk Searching and Reporting modules - (Splunk ITSI and Enterprise Security App) Knowledge Objects, Administration,
• Experience with other Splunk premium applications - ITSI, UBA, ES, Hunk
• Developed several releases of the Enterprise Canonical XML Schema (ECXS), enabling timely implementation of Exchange-related projects for the Affordable Care Act
• Experience on Data Analytics, Advanced Data Analytics, Visualization, Advanced Visualization, Dashboard Customization, and Advanced Dashboard Customization in Splunk.
• Experience on Splunk Enterprise Deployments and enable continuous integration as part of configuration using (props.conf, Transforms.conf, Input.conf&Output.conf, Deployment.conf) management.
• Experience in Create and Manage Splunk DB connects Identities, Database Connections, Database Inputs, Outputs, lookups, access controls.
• Employ effective communication techniques to provide project status reports to team members and direct supervisors
• Configured up to 10 standard data sources based on use case scenarios to support the underlying security requirements.
• Cloud computing and Virtualization
• Knowledge on Cloud technologies, Enterprise security
• Experience with Nagios and Cacti administration tools
• Understanding of cloud-computing concepts
• Also notable is the fact that this company, like others in financial services industry, is highly compartmentalized, and while it moves somewhat slowly it still was able to begin using Splunk ES in a short period of time. With Splunk ES, the company has a solution that offers ease of use and at a cost that will enable it to scale. Moving forward, the company will begin conversations around using Splunk ES for additional use cases including fraud.
• Understanding and experience with configuration management tools and concepts such as Puppet, Chef, CloudFormation, and similar
• Develop automation code using Opscode Chef and Python to build Openstack environments autonomously
• FlexLM Licensing, Synopsys, Cadence, VMware, vSphere, vCenter, Hyper-V, CAD/ASIC and IT Infrastructure, SAS Grid Manager, SAS Viya, Active Directory, LDAP, Office 360, Desktop Central (App Management, Policy Management, Patch Management and Software Deployment), Automox, Tcpdump, Wireshark, Splunk (ES, UBA, ITSI & ITOA), AppDynamics, ExtraHop, and SolarWinds
• Test automation code in virtual environments and with testing tools such as Test Kitchen and Chef Spec
• Experience with network security and system security for Security Event Management Tools (SIEMs)
• Experience on log parsing, complex Splunk searches, including external table lookups, Splunk data flow, components, features and product capability.
• Experience on Splunk query language and Monitored Database Connection Health by using Splunk DB connect health dashboards.
• Minimum 5 years of administration experience with Splunk or any similar log management tool
• Understand and maintain the appropriate knowledge of Security Technologies, (AV, FIM, HIPS, NIPS, SIEM, WAF/DAM, DLP), security procedures, and services within the SOC as well as ensuring all tools are functioning properly
• Conduct data model reviews with project team members.
• In depth and extensive Knowledge in setting up alerts and Monitoring recipes from the Machine generated data.
• Exposure to Application Servers like Web Logic, IBM Web Sphere, JBoss and Apache Tomcat Web Server.
• Experience in PL/SQL programming - Stored Procedures, Functions, Packages, SQL tuning, and creation of Oracle Objects - Tables, Views, Materialized Views, Triggers, Sequences, Synonyms, Database Links, and User Defined Data Types. Experience using SQL, PL/SQL Procedures, Functions, Triggers and Packages.
• Used Model Mart of ERwin for effective model management of sharing, dividing and reusing model information and design for productivity improvement.
• Built the physical data model for customer review and approval and constructed the registration database using Oracle 9i on a windows platform.
• Create Chef Cookbooks and Recipes to maintain and automate various parts of infrastructure
• Expertise in performance tuning and query optimization using various types of hints, partitioning, bulking techniques and indexes. experience developing packages, stored procedures, functions, exception handling, dynamic cursor programs, data collections, views and database triggers using SQL and PL/SQL in Oracle.
• Collaborate with data architects for data model management and version control.
• Enforce standards and best practices around data modeling efforts.
• Achieved super-user level of expertise with Adaptive Metadata Manager, mastering the metamodel(s) and developing load templates for business and technical metadata.
• Expertise in SOX/PCI, System Enterprise Reporting, and performance tuning of use case reports.

TECHNICAL SKILLS

Splunk: Splunk 5.x and 6.x 7.x 8.0, Splunk Enterprise, Splunk on Splunk, Splunk DB 2 Connect, Splunk Cloud, Hunk, Splunk IT Service Intelligence, Splunk Web Framework Splunk ITSI,

Operating Systems: Windows 2000, XP, Win 10, Windows Server, Unix/Linux (Red Hat), Free BSD

Data Analysis: Requirement Analysis, Business Analysis, detail design, data flow diagrams, data definition table, Business Rules, data modeling, Data Warehousing, system integration

RDBMS: Oracle 11g/10g/9i/8i, MS-SQL Server 2000/2005/2008 , Sybase, DB2 MS Access, Mysql

Web Technologies: HTML, DHTML, JavaScript, XML, XSL, XSLT, REST, SOAP

Web/App Servers: Apache Tomcat 6.0, web logic8.1/9.2, web sphere 6.0

Concepts: SDLC, Object Oriented Analysis and Design, Unified Modeling Language (UML), Assembly and System Level Testing, exposure in Agile.

Programming Language: C, C++, Java with Big Data, Python, UNIX shell scripts Chef Cookbooks

PROFESSIONAL EXPERIENCE

Confidential

Sr. Splunk ITSI Developer/ Architect

Responsibilities:

• Designed Splunk Enterprise 6.5 and 7.0,8.0 infrastructure to provide high availability by configuring clusters across two different data centers.
• Create documentation on build, deployment, and sustainment processes and procedures for application use in cloud capable datacenter
• Write complex Splunk queries used to present data in Splunk IT Service Intelligence (ITSI)
• Serve as primary administrator for Splunk ITSI
• Optimized Splunk for peak performance by splitting Splunk indexing and search activities across different machines.
• Perform analysis of requirements, design specifications, development, and technical and user documentation of report development.
• Analyze, diagnose, and resolve errors throughout the lifecycle.
• Formulate recommendations to reduce operating time or improve efficiency.
• Knowledge on Splunk ITSI glasstables, deep dives, KPI’s, ITSI modules.
• Working on System and platform integration in a large enterprise Linux-base environment
• Installed and configured Linux, SuSe & Red hat 5.x, 6.x, 7.x on Dell Power Edge (710,720 and 730), using Kickstart with PXE for LAMP (Linux, Apache, MySQL and Perl/PHP) installations.
• Worked with Terraform key features such as Infrastructure as code, Execution plans, Resource Graphs, Change Automation.
• Used Chef for configuration management of hosted Instances within GCP. Configuring and Networking of Virtual Private Cloud (VPC).
• Create Chef coding best practices for existing development team .
• Create documentation for Chef best practices to be used by developers as a guide to Chef Automation.
• Work with Chef automation to create infrastructure and deploy application code changes autonomously
• Installed, Configured, Maintained, Tuned and Supported Splunk Enterprise server7.x/6.x/5.x.
• Architect and Implement Splunk arrangements in exceptionally accessible, repetitive, conveyed figuring situations.
• Performed Field Extractions and Transformations using the RegEx in Splunk.
• Designed the large scale job scheduling mechanism for mortgage underwriting operation teams
• Monitor and support services with a variety of services such as Splunk (ES, UBA, ITSI & ITOA), SCOM & OMS 2016, SCCM, AppDynamics, ExtraHop and other proprietary systems
• Expert knowledge on Security Information and Event Management Platforms (SIEM) - specifically SPLUNK
• Responsible for Installing, configured and administered Splunk Enterprise on Linux and Windows servers.
• Supported the upgradation of Splunk Enterprise server and Splunk Universal Forwarder from 6.5 to 6.6.
• Installation and implementation of the Splunk App for Enterprise Security and documented best practices for the installation and performed knowledge transfer on the process.
• Implemented conversion to Litespeed backup system and am working on an across the board upgrade to SQL Server 2005.
• Splunk architecture and design for both on premise and AWS cloud
• AWS and Azure cloud security
• Responsible for creating/versioning/testing of scripts (Bash, PowerShell), AWS Cloud Formation templates, Chef, Nagios, Maven/Ant, Git, Jenkins, Perl, and Ruby to achieve a high-level of automation
• Minimum 3 years of experience using Splunk in a 24x7 environment
• Analysed the 22 reports to determine the conversion of the reports either using FID tables and views or using Free Form SQL.
• Operate, develop for, and maintain the Splunk log management infrastructure, leverage knowledge on a number of security technologies, information security, and networking
• Worked on installing Universal Forwarders and Heavy Forwarders to bring any kind of data fields into Splunk.
• Writing Splunk Queries, Expertise in searching, monitoring, analyzing and visualizing Splunk logs.
• Experience in alert handling, standard availability and performance report generation. Experience in root cause analysis of post-production performance related issues through Splunk tool.
• Verified if the data model helps in retrieving the required data by creating data access paths in the data model
• Designing, optimizing and executing Splunk-based enterprise solutions.
• Installed and configured Splunk Universal Forwarders on both UNIX (Linux, Solaris, and AIX) and Windows Servers.
• Hands on experience in customizing Splunk dashboards, visualizations, configurations using customized Splunk queries.
• Monitored the Splunk infrastructure for capacity planning, scalability, and optimization.
• Experienced in using Splunk- DB connect for real-time data integration between Splunk Enterprise and rest all other databases.
• Expertise in Actuate Reporting, development, deployment, management and performance tuning of Actuate reports.
• Responsible with Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards, Clustering and Forwarder Management.
• Monitored license usage, indexing metrics, Index Performance, Forwarder performance, death testing.
• Splunk Architecture/Engineering and Administration for SOX monitoring and control compliance.
• Design and implement Splunk Architecture (Indexer, Deployment server, Search heads, and Forwarder management), create/migrate existing Dashboards, Reports, Alerts, on daily/weekly schedule to provide the best productivity and service to the business units and other stakeholders.
• Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
• Using the following tools and technologies such as: Bash, Perl, VMware ESX, ESXi, Hyper-V, NFS/CIFS, SCOM & OMS 2016, Active Directory, LDAP, LSF, FlexLM Licensing, AppDynamics, Splunk (ES & ITSI), ServiceNow, ExtraHop, SolarWinds, VERITAS, Solaris, Exadata, InfiniBand switch, Oracle SPARCE and SAN.
• Lead key log management and analysis platform(s) discipline by driving technology strategy, implementation and adoption of the platform within Ally Enterprise
• Configured Syslog server for the forwarding the logs to Splunk server via network protocols like TCP and UDP.
• Subject matter expert in best practices, security protocols, PKI, and other security-related issues.
• Monitored the database (data tables and error tables), WebLogic error log files and application error log files to track and fix bugs.
• Responsible for troubleshooting various indexing issues by analyzing splunk logs such as splunkd.log, metrics.log ingested as internal index.
• Support and execute arrangements considering a full information lifecycle (Search & Investigate, Add Knowledge, Monitor & Alert, Report & Analyze). Followed agile and scrum process for the whole implementation process.

Confidential - San Francisco, CA

Senior Splunk Engineer

Responsibilities:

• Installed, Configured, Maintained, Tuned and Supported Splunk Enterprise Server 6.0 and Splunk Universal Forwarder 7.0.
• Administered a complex cluster based environment involving search heads in a cluster while the indexers are in standalone mode.
• Configured Splunk forwarder to send unnecessary log events to "Null Queue" using props and transforms configurations.
• Created and configured management reports and dashboards in Splunk for application log monitoring.
• Active monitoring of Jobs through alert tools and responding with certain action to logs analyses the logs and escalate to high level teams on critical issues.
• Responsible for developing Splunk queries and dashboards targeted at understanding application performance and capacity analysis.
• Extensive experience on setting up the Splunk to monitor the customer volume and track the customer activity.
• Have involved as a Splunk Admin in capturing, analyzing and monitoring front end and middle ware applications.
• Created Splunk app for Enterprise Security to identify and address emerging security threats using continuous monitoring, alerting and analytics.
• Created and configured management reports and dashboards in Splunk for application log monitoring.
• Responsible for administering, maintaining, and configuring a 24 x 7 highly available, Splunk apps for production portal environment.
• Work closely with Application Teams to create new Splunk dashboards for Operation teams using advance XML and CSS.
• Created Shell Scripts to install Splunk Forwarders on all servers and configure with common configuration files such as Bootstrap scripts, Outputs.conf and Inputs.conf files.
• Extensively used Splunk Search Processing Language (SPL) queries, Reports, Alerts and Dashboards.
• Installation and implementation of the Splunk App for Enterprise Security and documented best practices for the installation and performed knowledge transfer on the process.
• Using DB connect for real-time data integration between SplunkEnterprise and databases.
• Analyzing in forwarder level to mask the customer sensitive data able to manage distributed search across set of indexers.
• Responsible to filter the unwanted data in heavy forwarder level thereby reducing the license cost.
• Worked with administrators to ensure Splunk is actively, accurately running, and monitoring on the current infrastructure implementation.
• Worked on properly creating/maintaining/updating necessary documentation for Splunk Apps, dashboards, upgrades and tracked issues.
• Provided On-call support for various production applications.
• Administered various shell and Python scripts for monitoring and automation.
• Extensive experience on setting up the Splunk to monitor the customer volume and track the customer activity.
• Administering the MS SQL Server by Creating User Logins with appropriate roles, dropping and locking the logins, monitoring the user accounts, creation of groups, granting the privileges to users and groups.