Splunk Admin/Developer Resume Florida - Hire IT People (2024)

SUMMARY

• Splunk Certified User with 5+ years of experience in Information Technology field Splunk Developer/Admin, Enterprise Security ES.
• Strong experience with Splunk 5.x and 6.x product, distributed Splunk environment.
• Expertise in Installation, Configuration, Migration, Trouble - Shooting and Maintenance of Splunk infrastructure.
• Expert in using several search commands like streamstats, eventstats, maxsearch, stats, chart, time chart, transaction, strptime, strftime, eval, where, xyseries, table etc.,
• Design, Deploy, and Support enterpriseSplunklogging application. Assist other enterprise instances asSplunkSubject Matter Expert SME.
• Creating accurate reports, Dashboards, Visualizations, Elastic search and Pivot tables for the business users.
• Experience in using Splunk platform in Linux and windows.
• Good knowledge of creating and implementing of shell scripts to take care of Splunk file backup, monitoring alert log and log rotation.
• Creating and Managing SplunkDB connect Identities, Database Connections, Database Inputs and Outputs, access controls.
• Worked on Security solutions (SIEM) that enable organizations to detect, respond and prevent these threats by providing valuable context and visual insights to help you make faster and smarter security decisions.
• Experience in Operational Intelligence usingSplunk platform.
• Experience of JVM and multi-threaded processing using JMX servers.
• Experience withSplunkUI/GUI development activities by managing the Splunk knowledge objectslike Field extraction, Tags and Lookups management.
• Familiar in System Administration with Windows Servers, Red Hat Linux Enterprise Servers, Solaris, Hadoop and IBM AIX servers.
• Experience in developing END to END planning & Implementation of Various Network Devices and Business Application with the SIEM Device-QRADAR/SPLUNK.
• Expert level understanding of Qradar Implementation & its Integration with other N/W devices and Applications and the troubleshooting work.
• Experience in creating custom views, reporting and automated alerting for both operational and security use using Qradar.
• Ability to Debug Splunk related and integration issues.
• Configured Clusters for load balancing and fail over solutions.
• Implemented workflow actions to drive troubleshooting across multiple event types in Splunk.
• Extensive knowledge in writing Packages, Stored Procedures, Functions and Database.
• Triggers using PL / SQL and UNIX Shell scripts.
• Strong qualitative analysis skills to lend insight into highly ambiguous and sensitive business problems. In-depth understanding of processes and technology integration challenges.
• Hands on experience in Python, Shell Scripting, Oracle SQL, Perl, Bash, Java Script, CSS, HTML, Auto Hot Key.

TECHNICAL SKILLS

SIEM Tool: IBM Qradar, Splunk, IBM Guardium.

Splunk: Splunk 5.x and 6.x, Splunk Enterprise, Splunk on Splunk, Splunk DB Connect, Splunk IT Service Intelligence, Splunk Web Framework, Splunk Machine Learning Tool kit, Splunk Hunk.

Operating Systems: Windows 2000, XP, Windows NT, Unix/Linux (Red Hat), VM Ware.

Data Analysis: Requirement Analysis, Business Analysis, detail design, data flow diagrams, data definition table, Business Rules, data modelling, Data Warehousing, system integration

RDBMS: Oracle 11g/10g/9i/8i, MS-SQL Server 2000/2005/2008 , Sybase, DB2 MS Access, Hadoop.

Web Technologies: HTML, DHTML, JavaScript, XML.

Web/App Servers: Apache Tomcat 6.0, web logic8.1/9.2, web sphere 6.0, JMX servers

Concepts: SDLC, Object Oriented Analysis and Design.

Programming Language: C, C++, Java, Python, UNIX shell scripts, Perl and Bash.

PROFESSIONAL EXPERIENCE

Splunk Admin/Developer

Confidential, Florida

Responsibilities:

• Created Splunk Search Processing Language (SPL) queries, Reports, Alerts, and Dashboards.
• Troubleshooting and resolve the Splunk performance, search poling, log monitoring issues, role mapping, dashboard creation etc.
• Established indexes and retention policy of buckets; developed user roles to complement operational and security utilization. Set-up common source types using pre-trained datasets and constructed source types of unique data.
• Creating Regular Expressions for Field Extractions and Field Transformations in Splunk.
• Experience in WebLogic Application Server, Administration including installing, configuring, migrating, load balancing, deploying applications, performance tuning, upgrading, and maintenance of WebLogic Server.
• Experience in integratingSplunkwith Tableau and Hadoop.
• Integrate the RSA and AD with the SSL VPN.
• Administer, Maintain, and Deploy Imperva web application firewall, Checkpoint IPS & VPN systems, and McAfee network based Data Loss Prevention (DLP) devices.
• Troubleshoot issues pertaining to ePO, McAfee Agent, Policy Auditor, Rogue System Detection, Asset Baseline Monitor and Host Intrusion Prevention.
• Involved in Performing all upgrades and hot patches for McAfee SIEM (Nitro).
• Assisted internal users of Splunk in designing & maintaining production-quality dashboard, assisted offshore team to understand the use case of business and provided technical services to projects, user requests & data queries.
• Installed and configured different Splunk apps and add-ons on Splunk platform.
• Scripted SQL Queries in accordance with the Splunk.
• Splunk technical implementation, planning, customization, integration with big data.
• Knowledge about Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model.
• Setup SSL for communication with & between various Splunk components.
• Worked on log parsing, complex Splunk searches, including external table lookups.
• Troubleshoot issues pertaining to ePO, McAfee Agent, Policy Auditor, Rogue System Detection, Asset Baseline Monitor and Host Intrusion Prevention. Responsible for administering, maintaining, and configuring a 24 x 7 highly available, Splunk apps for production portal environment.
• Worked on configuration files inputs. conf, indexes. conf, props. conf, serverclass. conf, transforms. conf and limit.conf.
• Upgrading and Migrating the Splunk Components and setting up the Retention Policy for the indexes.
• Configuring LDAP and Single Sign-On for User Authentication in the organization.
• Configured Splunk for all the mission critical applications and using Splunk effectively for Application troubleshooting and monitoring post go lives.
• Worked Directly with Splunk Inc sales team in determining Log size and licensing cost for the client's Infrastructure.
• Working in 24 X 7 SOC operations in different shifts.
• Parsed, Indexed, Searched concepts Hot, Warm, Cold, Frozen bucketing.
• Supported HTTP methods following the REST API subsets including the CURD operations like the GET, POST and DELETE to return a HTTP status code to indicate the success of the operation or cause of a failure to fulfil the request.
• Used cURL and REST client browser plugins to exercise the API by using the curl command.

Environment: Splunk 6.3, Splunk 6.2, Unix, Linux, SQL server, XML, Web Services, Splunk DB connect 2.2, Unix, Oracle 11g, Service Now, MS SQL Server 2012, SQL server, Python Scripting.

Splunk Engineer

Confidential, New Jersey

Responsibilities:

• Implemented Splunk installation and administration of Linux servers using Red Hat Enterprise Linux and Oracle Enterprise Linux.
• Created Splunk knowledge bundles, Forms/Views/Dashboards.
• Buildup of Forwarders and perform Software installation upgrades and upgrading Splunk as and when required using automation tools.
• Performed Splunk Indexer/Search Heads upgradation, installation and configuration of Splunk Apps.
• Created Shell Scripts to install Splunk Forwarders on all servers and configure with common configuration files such as Bootstrap scripts, Outputs.conf and Inputs.conf Files.
• Configuring and base lining Hardware for Splunk on Linux Hosts. Conducting operational testing with Splunk Users.
• Created Bash Scripts for Automation of Splunk day to day tasks.
• Optimized search queries using summary indexing and used regular expressions for creating tags, event types, field lookups and field extractions.
• Monitored license usage, indexing metrics, Index Performance, Forwarder performance, death testing.
• Good Understanding of Splunk architecture, Knowledge about various components (indexer, forwarder, search head, deployment server).
• Creation and implementation of shell scripts to take care of Splunk file backup, monitoring alert log and log rotation.
• Installation and configuration of own Apps to monitor system performance including Splunk internal logs.
• Handled configuration of advanced dashboard creation and optimization.
• User/Group Administration - Splunk authentication with LDAP for user accounts/groups creation and bindings of LDAP groups to Splunk.
• Dealt with Splunk Utilities (bucket rolling, User index creation and management, Source-type, forwarder log monitoring input and output configuration).
• Testing new versions within DEV environments and conducting stress tests.
• Created an Active-Passive SPLUNK framework for fulfilling BCP requirements.

Environment: Splunk Enterprise Server 5.1.2, Splunk Forwarder 5.1, 5.4, XML, VMware.

SIEM Engineer

Confidential

Responsibilities:

• Provided regular support guidance to Splunk project teams on complex solution and issue resolution.
• Extensively involved in all phases of SDLC (Software Development Life Cycle) using agile methodology.
• Installation of security and monitoring equipment, provide expert analysis for placement of security equipment for business and home protection services, including software and hardware installation or upgrades to existing systems.
• Deployed and configured multiple companywide enterprise security solutions including Splunk.
• Strong understanding of Splunk Enterprise configurations specifically when using in a security related environment.
• Administered and configured DHCP, NFS, FTP, HTTP servers.
• Responsible for user/group management, setting user quota, access management etc.
• Implemented crons and scripts for automation and executing scheduled tasks.
• Perform vulnerability and risk assessment testing against web applications, customer portals, endpoint users, network devices as well as oversee the patching and remediation of the critical issues.
• Monitored network traffic and bandwidth for anomalies via Splunk.
• Monitor company’s internal logs and traffic via Splunk and QRadar to proactively investigate suspicious traffic and determine if the anomalies were malicious.
• Validate test findings using Splunk Enterprise by creating extensive search queries and custom reports to only show the relevant results from the test.
• Conducted a forensic analysis if a security breach occurred and find out the root cause of the incident as well as oversee the remediation process.
• Responsible for monitoring multiple managed and customer environments simultaneously.

Environment: Qradar, Redhat Linux, XML, Oracle DB, GIT, SPLUNK.

System analyst

Confidential

Responsibilities:

• Involved in the analysis, design, implementation, and testing of the project.
• Implemented the presentation layer with HTML, XHTML and JavaScript.
• Developed web components using JSP, Servlets and JDBC. Implemented database using SQL Server.
• Worked on designing the content and delivering the solutions based on understanding the requirements.
• Efficiently dealt with exceptions and flow control.
• Worked on Object Oriented Programming concepts.
• Worked with designers, architects, developers for translating data requirements into the physical schema definitions for SQL sub-programs and modified the existing SQL program units.
• Involved in the designing of the Application, and various design patterns.
• Designed tables and indexes. Wrote complex SQL and Stored procedures.
• Involved in fixing bugs and unit testing with test cases using JUnit.
• Developed user and technical documentation.
• Used Eclipse for writing code and CVS for version control.

Environment: Java, JSP, Servlets, JDBC, JavaScript, MySQL, JUnit, Eclipse IDE.