• Splunk certified professional with around 6+ years of experience in the IT industry comprising of Splunk Installation and UNIX management, Splunk architecture and components including search heads, indexers and forwarders.
• Experience in implementation of Splunk premium applications, application management, and data security as per customer requirements and industry best practice.
Splunk Core Certified Power User
Splunk: Splunk 6.x and 7.x, 8.x, Splunk Enterprise, Splunk on Splunk(SOS), Splunk DBConnect, Splunk Machine Learning tool kit 3.0.0, Splunk ITSI.
Monitoring Tools: IBM QRadar, App Dynamics, Grafana, And New Relic.
Operating Systems: Windows XP, Win 10, Windows Server, Linux (RHEL), UNIX.
RDBMS: Oracle 11g/10g, MS-SQL Server 2000/2005/2008, DB2 MS Access, MySQL.
Web/App Servers: Apache Tomcat 6.0, web logic8.1/9.2, MapR6.1
Others: Phish Me, Microsoft ATA, CB Protect, CB Response
Environment: Splunk 7.x, 8.x
-Creation of knowledge objects and configuration files
-Selection, testing, and integration of add-ons and applications
-Writing and verification of queries and code to satisfy requirements
-Technical feasibility evaluations
Environment: Splunk 7.x, Linux, Splunk Enterprise Security 7.x, Tortoise SVN, Jira, Confluence.
• Daily Splunk administration maintenance.
• Established On-boarding of Web and database server logs into Splunk by the DBConnect Application.
• Achieved hands-on experience in clustering, deploying apps through Splunk deployment server, Splunk version upgrades and creating roles and authentication.
• Utilized the Splunk Machine Learning concepts, algorithms to write complex queries using SPL and visualize data into dashboards and reports.
• Hands-On experience on multiple configuration file (.conf) settings.
• Configured the heavy forwarder to send the logs from QRadar server to Splunk indexers and customized the reports and dashboards.
• Involved in ingesting the data from multiple appliances into the cluster and analyze data with SPL queries.
• Performed Splunk administration and analytics development on Information Security, Infrastructure, network logs.
• Developed specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflow
• Deployed Splunk enterprise package and forwarder package in multiple instances.
• Involved in standardizing Splunk forwarder deployment, configuration, and maintenance on all Windows and Linux platforms.
• Real-time monitoring of enterprise endpoints for signs of malicious activity by Carbon Black (CB).
• Analyzed threat patterns by Carbon Black (CB) and investigated SIEM alerts with endpoint context.
• Participated in client requirements meetings and presented the visual presentations of possible outcomes.
• Developed the use cases for different business requirements.
• Executed daily vulnerability assessments, threat assessment, and mitigation and reported activities in order to safeguard information assets and ensure protection had been put in place on the systems.
• Designed the Correlation searches for multiple end client requirements.
• Extensive knowledge in creating accurate knowledge objects using XML, Dashboards, visualization, reports, alerts and pivot tables for the business users.
• Hands-on experience with Citrix NetScaler load balancer.
• Hands-on experience with indexer clustering and search head clustering in both test and production environment.
• Assisted the privileged user access management team to solve the daily encountered problems.
• Customized dashboards, reports and scheduled searches.
• Experience with working on Service now ticketing tool.
• Worked on User access roles and capabilities.
Environment: Splunk 6.5.3, Linux, Windows 2008,2012, IBM AIX, Oracle11g, MS SQL Server 2012, SQL, Symantec Endpoint (SEP), Tripwire IP-360, Service Now (ITAM), Carbon Black(CB).
• Experience in creating Splunk apps, searches, data models, dashboards, and reports using the Splunk processing language.
• Configured Splunk DBConnect 2.0 in search head cluster environments of Oracle, MySQL.
• Setup and configured search head cluster with three search head nodes and managed the search head cluster with deployer.
• Performed data onboarding from API's, HTTP Event collectors, Heavy Forwarders, Universal Forwarders, TCP and UDP ports.
• Experienced with logging security-related technologies including Active Directory, host-based firewalls, host-based intrusion detection systems, application white listing, server configuration controls, SIEM, monitoring tools, and antivirus systems.
• Experience in using scripting languages.
• Created Dashboards, report, scheduled searches and alerts.
• Collected data on attacks to help SOC engineers create reports for auditing purposes.
• Built the use cases and performed the tuning of rules. Built the logic to mitigate the risks.
• Analyzed security-based events, risks and reporting instances.
• Onboarded new log sources with log analysis and parsing to enable SIEM correlation.
• Installed and managed apps, created user roles and permissions to knowledge objects.
• Created Vulnerability Assessment dashboard that aggregates data across multiple services to identify critical threats and proactively mitigate risks.
• Parsing, Indexing, searching concepts, Hot, Warm, Cold, Frozen bucketing and Splunk clustering.
• Worked on setting up Splunk to capture and analyze data from various layers such as Load Balancers, Web servers, and application servers.
• Created many of the proof-of-concept dashboards for IT operations and service owners which are used to monitor application and server health.
Environnent: Splunk, WebLogic server 8.x/9.x/10.x/11g, Tomcat 6.0, IBM HTTP Server, Microsoft IIS 7.0, Windows 2008, web services, LDAP, web services, JDK 1.7, HTML, and XML.
Resumes, and other information uploaded or provided by the user, are considered User Content governed by our Terms & Conditions. As such, it is not owned by us, and it is the user who retains ownership over such content.
Job Titles Held: