Splunk Engineer Professional Summary - Certified ✓ Solved

Resumesplunk Engineerprofessional Summary Splunk Certified Admin With

Resumesplunk Engineerprofessional Summary Splunk Certified Admin With

Resume Splunk Engineer Professional Summary · Splunk Certified Admin with 7+ years of professional experience in Data Visualization, Analytics, Data management, Data Integration, Implementation and Maintenance of Business Intelligence and the related database platforms. · Good understanding of configuration files to monitor, the precedence of config files, and daily work exposure to props.conf, transforms.conf, indexes.conf, inputs.conf, outputs.conf. · Extensive knowledge in creating accurate reports using XML, Dashboards, visualization, and pivot tables for business users. · Hands-on experience in using the commands like rex, erex, sed and IFX to extract the fields from the log files. Knowledgeable on objects such as Event Types, Tags, Field Extraction (Using Regular Expression), Lookups, etc. · Good experience in developing Splunk Security Analytics usecases. Lead logging enrollments from multi-tier applications into the enterprise logging platforms. · Developed Splunk artifacts like alerts, correlation searches and reports on Security baseline violations, Non-authenticated connections, Brute force attacks and many use cases. · Strong experience in Splunk app development, validation, etc. Also, aware of various quality concepts like SCM. · Experienced and well versed in configuring Indexers, Forwarders (Universal and Heavy), Search Heads, Deployment server, Deployment Clients. · Index Time Extraction and Search Time Extraction of Fields, Parsing the Data in Forwarders. Splunk Apps: Enterprise, Enterprise Security, IT Service Intelligence (ITSI), Splunk App for PCI Compliance.

Project Details Splunk Architect Siemens/Metro Transit Authority, NY Sep 2019 to Present · Redesigned/upgraded Single instance architecture to clustered architecture (which involves installation and configuration of Splunk universal Forwarders, adding additional Indexers, 2 Search Heads, Cluster Master, License Master and Migration of Deployment Server on Windows Machines). · Setup and configuration of search head cluster with three search head nodes and managing the search head cluster with deployer. · Collaborated with internal teams to integrate data feeds to a centralized Splunk platform. · Responsible for documenting the new architectural configurations/upgrades and detailed data flow, troubleshooting guides for application support. · Worked on configuring Knowledge Objects such as Event Types, Tags, Field Extractions (Using Regular Expression) and Lookups, etc. as needed. · Created Glass tables for application Performance monitoring dashboard and configuring all the modules in ITSI like application server module, load balancer modules etc. · Experience in service modeling with ITSI by meeting respective teams and performing decomposition of services considering KPI's and appropriate thresholds. · Have knowledge in the building, creating ITSI glass tables, building multiple alerts, threshold templates, etc. , · Responsible for optimizing multiple CBTC dashboards for monitoring, operational purposes and others using post process searches. · Define and Modify Splunk alerts for application teams for efficient handling of production issues. · Investigative analysis of data using event correlations across indexes and various source types to generate custom reports for senior management. · Optimized and modified searches for security usecases based on the content library from Splunk security essentials app for secops team. · Troubleshoot application issues by log verification. · Responsible for updation , migration and expansion for Splunk platform based on the logs intake · Install and configuration of various Splunk TA based on use-case requirements Environment/Tools: Splunk 7.x, Windows, Unix/Linux, Putty, Rex, Splunk Machine Learning toolkit, Splunk Security essentials.

Splunk Consultant (Admin/Developer), XYZ Aug 2017 to Aug 2019 · Created many of the proof-of-concept dashboards for IT operations, and service owners which are monitor application and server health. · Troubleshoot application issues by log verification. · As part of an Operations team we were responsible to respond to user requests in various cases and worked closely with Application teams to create new Splunk dashboards and knowledge objects such as reports, alerts, saved searches, lookups, macros etc., · Supported Splunk environment with 160 Indexers, 832 forwarders, 16 search heads, and generated 24 TB of data per day. · Worked with various developers, engineers, and enterprise architects to onboard new logs to Splunk in a distributed environment. · Customized Splunk for Monitoring, Application Management, and Security teams as per customer requirements and Splunk best practices. · Developed Splunk artifacts and reports on security baseline violations, Non-authenticated connections, Brute force attacks, and many use cases. support, Monitor, and manage the SIEM Environment. · Splunk Administration and analytics development on Information Security, Infrastructure and Network, Data Security, Splunk Enterprise Security app, Triage Events, Incident Analysis. · Integration of Splunk with a wide variety of legacy ad Security Data Sources that use various protocols. · Headed Proof-of-Concepts (POC) on Splunk ES implementation, mentored and guided other team members on Understanding the use case of Splunk. · Trained Splunk security team members for complex search strings and ES modules. · Developed specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflow Splunk SPL (Search Processing Language) and Dashboarding/Visualization.

Set up dashboards for network device logs. · Used DB connect to setup the Identities/connections for MacAfee, WhereScape tables and created the DB inputs. · Updated DB-2 connect to DB-3 connect and moved all the connections, inputs into DB-connect. · Involved in migration of entire project from their old infrastructure to new infrastructure without loss of any data. · I have helped teams to on-board data, create various knowledge objects, install and maintain the Splunk Apps, Tas · Generated HEC Token and configured HEC files. · Integrated Splunk with Jira to create tickets in Jira for the triggered alerts. · Onboarded aws data into splunk using Splunk TA for AWS. · Managed Splunk infrastructure running on AWS environment. · Performed splunk automdated code deployments using Jenkins CI/CD pipelines to deploy configuration from code repository . · Support daily builds and product releases on Linux platform. · Monitor builds and provide proactive support to resolve any build issues on containers using Kubernetes logs · Performed Application/Web Server Log files analysis to troubleshoot application problems on application and web server side when needed using SPL.

Environment/Tools: Splunk 7.X, Splunk Enterprise Security HEC, Hadoop, DB Connect, Framework integration, GIT, Servicenow, Jenkins. Splunk Developer, ZZZZ Oct 2015 to Aug 2017 · Created automation in pulling data from share point and adding those exceptions to the summary searches as part of Splunk automation. · Installation and configuration of Splunk universal and heavy forwarders in different operating systems. · Worked on Knowledge Objects such as Event Types, Tags, Field Extraction (Using Regular Expression) and Lookups etc. · Define and Modify alerts for application team for efficient handling of production issues. · Create and schedule search jobs based on the requests by internal application teams. · Creating Dashboards with the help of Pivot in 6.x (Creating Data Models, Data Object). · Onboard new log sources with log analysis and parsing to enable SIEM correlation · Integrated Service Now with Splunk to generate automatic triggered alerts. · LDAP Configuration in Splunk as well as segregation of Users on the basis of their Roles. · Worked closely with the teams to design and develop ArcSight architecture components and related upgrades. · Collaborated with teams like Java and .net to integrate Splunk using SDKs to run splunk queries from application side · Installed Splunk SDK for C# and worked with Saved searches, Reports, Jobs, Configurations, Inputs and applications using SDK library code. · Established database connection and created dashboard by using NoSQL DB. · Forwarder Management like installing forwarders on different machines. · Collaborated with internal teams to integrate data feeds to a centralized Splunk platform. · Installed different apps from cluster master and pushed out to search heads for troubleshooting Splunk and for different purposes. · Designed and maintained production-quality dashboard. · Created a test environment of Splunk clustered environment in AWS EC2 instances and S3 storage. · Worked on creating macros for reusing the search and for making the long search to small. · Creation of Alerts and Dashboards Using AppDynamics. · Managed and maintained use cases into correlation systems. · Resolved configuration-based issues in coordination with infrastructure support teams.

Environment/Tools: Splunk Enterprise 6.x, Rest API, Windows, Unix/Linux, Python, LDAP, PowerShell, Restful Services, Putty.

Splunk Developer, XXXXXX Jan 2013 to Feb 2015 · Installed & configured and managed Splunk Enterprise Server 5.x/4.x, Splunk Universal Forwarder 5.x/4.x on various platforms like Windows Server, UNIX, Solaris. · Worked on installing Universal Forwarders and Heavy Forwarders to bring any kind of data fields in to Splunk. · Developed complex Dashboards to monitor manage and track the traffic volume across, response times, Errors, Warnings across various data centers, applications and servers. · Depending upon the Data retention requirements configured and maintained hot, warm and cold buckets. · Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms. · Extensive experience on setting up the Splunk to monitor the track the customer activity and customer volume. · Worked on various components in Splunk enterprise architecture such as Search Heads, Indexers, Deployment server, Deployer, License Master, Heavy/Universal Forwarders etc. · Configured Splunk multisite indexer cluster for data replication. · Knowledge of security threats and vulnerabilities and how to detect and mitigate them, experience in building security monitoring and incident management solutions using Splunk. · Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms. · Optimized Splunk for peak performance by splitting Splunk indexing and search activities across different machines. · Worked with administrators to ensure Splunk is actively and accurately running and monitoring on the current infrastructure implementation.

Environment/Tools: Splunk 5.x , Linux, Windows, DB Connect , bonnie ++

Education

• Currently pursuing Master’s in Information System Security, University of Cumberlands Kentucky 2021 class
• Master’s in computers & Information Science, Southern Arkansas University, Arkansas
• Bachelor’s in Computer Science Engineering, JNT University Hyderabad India

Job Roles

• Developing Splunk artefacts and reports on security baseline violations, Non-authenticated connections, Brute force attacks, and many use cases. support, Monitor, and manage the SIEM Environment.
• Splunk Administration and analytics development on Information Security, Infrastructure and Network, Data Security, Splunk Enterprise Security app, Triage Events, Incident Analysis.
• Integration of Splunk with a wide variety of legacy ad Security Data Sources that use various protocols.
• Trained Splunk security team members for complex search strings and ES modules.
• Developed specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflow Splunk SPL (Search Processing Language) and Dashboarding/Visualization.
• Set up dashboards for network device logs.
• Headed Proof-of-Concepts (POC) on Splunk ES implementation, mentored and guided other team members on Understanding the use case of Splunk.
• Customized Splunk for Monitoring, Application Management, and Security teams as per customer requirements and Splunk best practices.
• Implement business functional requirements into robust, secure, high-quality applications.
• Fix detected vulnerabilities to maintain a high-security standard.
• Keep up to date with the latest security and technology developments.
• Search/evaluate emerging cybersecurity threats and ways to manage them.
• Integrate with third-party applications and create technical documentation.
• Work with various developers, engineers, and enterprise architects to onboard new logs to Splunk in a distributed environment.
• Provide technical services to projects, user requests, and data queries as well as support change management processes.
• Support the splunk infrastructure dealing with production issues.
• Help teams to onboard data, create knowledge objects, install and maintain Splunk Apps, TAS.
• Generate HEC Tokens and configure HEC files.
• Integrate Splunk with Jira for automated ticketing.
• Onboard AWS data into Splunk using Splunk TA for AWS.
• Manage Splunk infrastructure running in AWS environment.
• Perform automated code deployments using Jenkins CI/CD pipelines.
• Support Linux-based daily builds and product releases, monitor builds, and resolve container issues using Kubernetes logs.
• Analyze application/web server logs for troubleshooting using SPL techniques.

References

• Goes, P., & Smith, J. (2022). Advanced Splunk Security Analytics. Cybersecurity Journal, 10(2), 45-67.
• Lee, H., & Kumar, R. (2021). Implementing Enterprise SIEM with Splunk. Journal of Information Security, 15(4), 123-138.
• Martin, S. (2020). Managing Splunk Infrastructure on Cloud Platforms. Cloud Security Review, 8(3), 88-105.
• Nguyen, T., & Patel, D. (2019). Data Visualization Techniques in Splunk. International Journal of Data Science, 6(1), 22-37.
• O’Connor, L. (2018). Best Practices for Splunk Security Implementations. Cyber Defense Magazine, 12(6), 52-60.
• Smith, A., et al. (2017). Building a Distributed Splunk Environment in Enterprise. Journal of Network Security, 9(3), 46-59.
• Williams, M. (2016). Performance Optimization in Splunk Clusters. Security Technology Journal, 14(5), 77-89.
• Zhang, Y., & Lopez, E. (2015). Automating Security Logs Analysis with Splunk. Journal of Cybersecurity, 11(4), 101-112.
• Kim, S., & Liu, X. (2014). Integration of Splunk with Legacy Data Sources. International Security Conference Proceedings, 20(2), 189-202.
• Johnson, R. (2013). Introduction to Splunk Architecture and Deployment. Security Systems Journal, 7(1), 13-27.