Splunk SIEM Consultant Resume Richardson, Texas - Hire IT People (2024)

SUMMARY

• Overall 7+ years of Information Technology and 5+ years of experience in configuring, implementing and supporting Splunk Server Infrastructure across Windows, UNIX and Linux. Experience with a variety of operating systems protocols and tools, depending on the type of platform or application to be administered
• Engineered Splunk to build, configure and maintain heterogeneous environments and in - depth knowledge of log analysis generated by various systems including security products
• Architecture various components within Splunk (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, Parsing, Indexing, Searching concepts, Hot, Warm, Cold, Frozen bucketing, License model
• Upgrade and Optimize Splunk setup with new discharges.
• Experienced in SIEM (Security Information and Event Management) of Splunk and sound knowledge on other SIEM offering in the market like LogRhythm, Mcafee Nitro, Sumo Logic.
• Involved in Requirements gathering and "Kick-Off meeting" with Stakeholders for Product selection of SIEM.
• Played key role in the Splunk SIEM project and worked with Splunk Sales in determining the log size and suggest Client for estimation of licensing cost.
• Performed and Lead POC on Splunk Cloud and integrated data sources like Mcafee web gateway, Source fire and Google Apps logs for SOC team analysis.
• Implemented Splunk Cloud is SaaS offering from Splunk has all the features of Splunk Enterprise.
• Monitored Network devices like routers, switches, and firewalls with make use of syslog server.
• Configured Heavy forwarder to act as Centralized log location for all the logs data sources.
• Worked with Client’s Stakeholders according to their requirement of going with an agent-less solution for the security Devices logs.
• Worked with various teams on on-boarding logs of respective tracks.
• Configured Syslog server for the forwarding the logs to Splunk server via network protocols like TCP and UDP
• Extensive knowledge in End point security solutions like Host Intrusion Prevention Systems (HIPS) and Mcafee products like Mcafee epo, Mcafee web gateway etc.
• Deployment and Configuration of Mcafee Host Intrusion Prevention Systems (HIPS)
• Setup Splunk Forwarders for new application levels brought into environment.
• Extensive experience in deploying, configuring and administering Splunk clusters.
• Helping application teams in on-boarding Splunk and creating dashboards, alerts, reports etc.
• Develop custom app configurations (deployment-apps) within SPLUNK in order to parse, index multiple types of log format across all application environments.
• System Administration familiar with Windows Servers, Red Hat Linux Enterprise Servers, Solaris and IBM AIX servers.
• Created and configured websites and application pools in IIS and worked extensively on .Net deployments in Windows space
• Experience in Shell scripting and extensively used Regular expressions in search string and data anonymization.
• Worked broadly on firm wide Enterprise Releases and DR events.
• Understanding of Network Firewalls, Load-balancers, LDAP and complex network design.
• Experience in Optimized search queries using summary indexing.
• Excellent skills on troubleshooting and problem determination of HTTP/System/ Network related problems including monitoring, capacity planning and maintenance by providing 24X7 support on call for all mission critical applications.
• Expertise on investigating HTTP issues using tools like Fiddler, HTTP Analyzer etc.
• Excellent communication and interpersonal skills.
• Skilled at accessing client needs, working in a group, suggesting ideas that enhance Efficiency and Maximize Performance, Implementing Cutting-edge Technology Solutions and Training/Supporting end users.

TECHNICAL SKILLS

Log Analysis Tool: Splunk Enterprise Server 4.x.x/5.x.x/6.x.x, Splunk Universal/Heavy Forwarder

Web/App Servers: WebSphere Application Server 5.0/6.x/7.x/8.x, Web Sphere MQ Sever 6.x/7.x, WebSphere XD 6.0/6.1, IBM Http Server 6.x/7.x/8.x,Apache Web Server 2.x, Tomcat 5.5, IIS 6/7.x,Google Apps

Operating Systems: IBM AIX (5.1/6.1), RHL Linux, Windows Server 2003/2008/2012 R2, VMWare

Programming: C#, VB, C++, C, SQL/PL SQL, HTML, DHTML, XML.

Scripting: JavaScript, WSCP, WSADMIN, Korn Shell Script, Perl, CSS, Batch

Databases: Oracle (10g/11i), UDB/DB2, Sybase, MS SQL Server, IBM DB2

Monitoring tools: Wily Introscope 8.x/9.x, Tivoli, BSM Topaz, Tivoli Performance Viewer, NMON (AIX), IBM Thread and Heap Analyzers, Splunk Cloud, Sumo Logic

Networking: TCP, UDP/IP Protocols, Socket Programming, DNS.

Frame work: MVC, J2EE Design Patterns, Struts.

IDE: Eclipse, RAD 7, Net Beans, Edit plus, TOAD

Others: Site Minder r6/r12/r12.5, Ping Federate 6.X,7.X

PROFESSIONAL EXPERIENCE

Confidential, Richardson, Texas

Splunk SIEM Consultant

Responsibilities:

• As a member of Implementation partner Attended meetings with Client’s Stake holders and be a part of all discussions to choose a right SIEM solution suitable for the Clients Infrastructure.
• Based on Clients Global Infrastructure Prepared a SIEM Product Evaluation and Recommendation Document.
• As a part of Managed Security Services Performed and lead POC on Splunk Cloud with various use-cases from SOC (Security Operations Center) team.
• Worked with CISO and Sr. Infrastructure Security Managers according to their requirements and proved as a successful Consultant in delivering the work.
• Involved in the Splunk SIEM product finalization meeting and actively participated in discussions and gave suggestions to Client.
• Prepared High-level Design Document and delivered to Client as a part of Managed Security Services team player.
• Worked Directly with Splunk Inc sales team in determining Log size and licensing cost for the client’s Infrastructure.
• Worked closely with various teams like Google Apps, SOC, Service Now, SecureAuth, HIPS and Database teams.
• Install, configure and administer Splunk Enterprise Server 6.3.0 and Splunk Forwarder 6.x.x on Redhat Linux and Windows severs.
• Configured Heavy Forwarder to act as a Centralized log location for the data sources like Mcafee Web gateway, GoogleApps, Source fire and SecureAuth logs.
• Worked with Splunk Inc Engineers and Splunk support in fixing the issues.
• Maintained great collaboration with other teams in integrating the logs of various tracks.
• Integrated and configured logs from different data sources like Windows, Linux/AIX, Application, Security and Network Devices and servers.
• Created Dashboards for data inputs to look for the trends in data for SOC analysis and Incident Response.
• Generated Reports for Clients Audit and Compliance requirements for the logs of various teams.
• Managed Confidential ’s Splunk Cloud instance and scheduled alerts based on the requirements from SOC team.
• Installed Splunk Apps like Mcafee web gateway, GoogleApps for Splunk and Cisco Fire Sight for deeper analysis and insights into logs using the pre-built dashboards.
• Worked with Agent-less solution as per the Client’s requirement in unwilling to go with Universal Forwarders on each server because of the performance issues.
• Maintained a Centralized log location in the Infrastructure for all the logs from different sources.
• Fixed the issues with occurred with Agent-less solution like improper parsing, line breaking and time stamping.
• Worked on fixing the Pre-built dashboards in Splunk Apps and built various custom Dashboards.
• Experienced in maintaining the Splunk servers both On-Premise and Cloud instances.
• Understanding of various SOC operations and worked with different Security teams.
• Integrated the logs of Network Devices, Switches and Routers using the Network protocols like UDP/TCP.
• Worked with Change Managers in getting the approvals for New Product implementation in the Organization.
• Be a SME (Subject Matter Expert) for the Splunk in the Client’s Infrastructure.
• Worked with Infrastructure Manager and reported the work done on Weekly basis.
• Documented the Entire effort put in Project from POC to Implementation.

Environment: Splunk Enterprise Server 6.x.x,Splunk Cloud(latest release from Splunk)Heavy Splunk Forwarder 6.x.x, RedHat Linux, Mcafee HIPS, GoogleApps API’s, WebServers, Radware, Sourcefire, Cisco ASA firewalls, Citirx servers, IIS 7, Windows 2003, Windows 2008,Windows 2012, R2,, Regular Expressions, End point Security Devices and Network protocols TCP/UDP.

Confidential, Columbus

Sr. Splunk Administrator and Developer

Responsibilities:

• Install, configure and administer Splunk Enterprise Server 6.0.4 and Splunk Forwarder 4.x.x/5.x.x/6.x.x on Redhat Linux and Windows severs.
• Setup Splunk Forwarders for new application tiers introduced into environment and existing applications.
• Work closely with Application Teams to create new Splunk dashboards for Operation teams.
• Troubleshooting and resolve the Splunk - performance, log monitoring issues; role mapping, dashboard creation etc.
• Created Splunk app for Enterprise Security to identify and address emerging security threats through the use of continuous monitoring, alerting and analytics.
• Created Regular Expressions for Field Extractions and Field Transformations in Splunk.
• Anonymize the PII (Personally Identifiable Information) data in Splunk. Masked sensitive information such SSN numbers, Addresses when showing results in Splunk.
• Configure Splunk for all the mission critical applications and using Splunk effectively for Application troubleshooting and monitoring post go lives
• Supported 8+ Splunk search Heads, 50 + Indexers, 3200 + forwarders.
• Created Dashboards and Reports to show Login count of each application, to show which app resources being accessed more, Number of failed logins, statistics on High hitting applications.
• Created Shell Scripts to install Splunk Forwarders on all servers and configure with common configuration files such as Bootstrap scripts, Outputs.conf and Inputs.conf files
• Configured Splunk forwarder to send unnecessary log events to “Null Queue” using props and transforms configurations to reduce license costs.
• Developing a custom application in Splunk
• Fetching the data from databases using "DB Connect Application"
• Extensively involved in troubleshooting the issues and document the problem resolutions for future references. Attended Change management meetings for approval for the applications which are supposed to go live and provided the MOM of CM meetings to the team.
• Experienced in attending the bridge calls for production issues and non-prod issues and involved application teams or database teams or networking teams to resolve the issues and involved in Root cause analysis for the issues encountered. Also provided 24/7 on call support for all the production applications.
• Involved in developing complex scripts to automate batch jobs.
• Developed a POC on usage of Puppet Configuration Management tool.

Environment: Splunk Enterprise Server 4.x.x/5.x.x/6.x.x, Universal Splunk Forwarder 4.x.x/5.x.x/6.x.x, RedHat Linux, IBM HTTP Web Server 6.1/7/8, Oracle, HACMP 5.4, HTML, Java Script, XML, Wily Introscope 9.x, IIS 7, Windows 2003, Windows 2008 R2, Python (Jython), Regular Expressions.

Confidential, Columbus

Splunk Engineer and Developer

Responsibilities:

• As primary for Splunk support, supported Splunk circulated environment comprising of search heads, indexers and forwarders across different OS including Aix, Solaris and Windows.
• Configured Indexer replication to achieve data availability, data fidelity and disaster tolerance.
• Improved search performance by configuring 2 search heads for all Indexes in production.
• Install different Splunk Applications, for example, Cisco for Splunk, Windows for Splunk and VMware for Splunk.
• Created and configured management reports and dashboards in Splunk for application log monitoring.
• Responsible for administering, maintaining and configuring a 24 x 7 highly available, Splunk apps for production portal environment.
• Provided load/stress and architecture validation testing and trouble shooting on issues such as Out of Memory, 100% CPU Usage hung Thread sessions, session replication, JVM Crashes.
• Efficiently handled Work Load Management for load balancing and failover, improving performance, reliability and scalability.
• Gathering different wellsprings of syslog and XML information from different gadgets, applications, and information bases.
• Guarantee high accessibility & execution trough flat scaling and burden adjusted segments.
• Work towards accomplishing a speedier ROI and keeping up partners persuaded of the worth and undiscovered open doors in Splunk.
• Supporter and execute arrangements considering a full information lifecycle (Search & Investigate, Add Knowledge, Monitor & Alert, Report & Analyze).
• Problem determinations such as Broken Pipe/Connection reset issues by enabling traces in WebSphere V6.0/6.1 various Components and even automating various processes using wsadmin script.
• Basic understanding of Network Firewalls, Load-balancers, LDAP and complex network design.

Environment: Splunk Enterprise Server 5.1.2, Splunk Forwarder 5.1, 5.4, XML, VMware.

Confidential, TX

Splunk Engineer and Developer

Responsibilities:

• Optimized Splunk for peak performance by splitting Splunk indexing and search activities across different machines.
• Extracted complex Fields from different types of Log files using Regular Expressions.
• Created Search Commands to retrieve multiline log events in the form Single transaction giving Start Line and End Line as inputs.
• Guarantee high accessibility & execution trough flat scaling and burden adjusted segments.
• Prepared, arranged and tested Splunk search strings and operational strings. Created and configured management reports and dashboards.
• Created EVAL Functions where necessary to create new field during search run time.
• Provide inputs for identifying best fit architectural solutions - deployment for Splunk project.
• Splunk Engineer/Dashboard Developer responsible for the end-to-end event monitoring infrastructure of business-aligned applications.
• Experience in setting up dashboards for senior management and production support- required to use SPLUNK.
• Architecture various components within Splunk (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, Parsing, Indexing, Searching concepts, Hot, Warm, Cold, Frozen bucketing, License model.
• Maintained and managed assigned systems, Splunk related issues and administrators.

Environment: Splunk Enterprise Server 4.1.7, Splunk Forwarder 4.0, 4.3, Shell, Python Scripting.

Confidential

SQL Server Developer/DBA

Responsibilities:

• Managing databases, tables, indexes, views, stored procedures.
• Enforcing business rules with triggers and user defined functions, troubleshooting, and replication.
• Writing the Stored Procedures, checking the code for efficiency.
• Maintenance and Correction of Transact Sequel Server (T-SQL) Statements.
• Daily Monitoring of the Database Performance and network issues.
• Administering the MS SQL Server by Creating User Logins with appropriate roles,
• Dropping and locking the logins, monitoring the user accounts, creation of groups, granting the privileges to users and groups.
• SQL Authentication Rebuilding indexes on various tables.
• Preparing Test Cases and performing Unit Testing.
• Prepared SQL Queries to validate the data in both source and target databases.
• Created Test cases for the mappings developed and then created integration Testing Document.
• Prepared the error handling document to maintain the error handling process.
• Review of Unit and Integration test cases.
• Production Implementation and Post Production Support.

Environment: MS SQL Server 6.5, SQL Server 7, MS SQL Server 2000