Kevin Yip

Aldie, VA ***** 240-***-**** adjpm8@r.postjobfree.com

SKILLS & STRENGTHS

* Splunk 8.x,7,x,6.x,5.x, ArcSight 6.9 ESM, HP TippingPoint, SourceFire 5.3, Netwitness, Niksun, Npulse NetScout, CentOS 7, RedHat Linux 6, 7, Dragon IDS, Snort IDS, Bro IDS, Lancope StealthWatch Management Console, Fidelis, FireEye, BackTrack 5, eEye Retina Scanner, DISA Gold Disk, Nessus Scanner, WireShark, ElasticSearch, LogStash, Kibana

(ELK)

* Over six (7+) years focusing on Splunk Architecting and deployments across single site and multi-site, and recent transitions to AWS Cloud Splunk environments.

* Over twelve (14+) years of computer networking, security, and system administration experience

* Over six (7+) years of cyber security experience, with in-depth knowledge and proficiency in TCP/IP protocols, packet- level networking knowledge, network forensics, intrusion detection systems, and vulnerability assessments CERTIFICATIONS: - Certified AWS Cloud Practitioner, Certified Splunk Consultant, Certified Splunk Architect 7.x, Certified Splunk Administrator 7.x, Certified Splunk Power User, CASP, SFCP v5.3, ECSA, CEH, MCITP, MCTS, MCDST, MCSA, MCP, Security+, Network+, A+

EXPERIENCE:

Leidos, Springfield, VA 10/2018 to Present

Splunk Engineer

• Performing and maintaining Splunk clustered infrastructure consisting of 80 indexers, 6 search heads, and 40 Heavy forwarders on-prem.

• Architecting and maintaining AWS Splunk Infrastructure consisting of multiple 6 search head clusters and 1 indexer cluster with 40+ indexers.

• Developing Ansible playbooks and documenting processes for Gitlab, SSL certificate creation, Splunk deployment server scaling (in support of 80,000+ nodes) for AWS Splunk Infrastructure.

• Program and fine tune secured inputs through Splunk Add-On Builder to pull in multiple source from Cloud SaaS Applications such as Snowflake, DataBricks, AWS Cloudwatch, S3, and Talend logs

• Working with different groups to strategize on AWS cloud migration from current AWS organization to a new AWS organization to support a new splunk environment.

• Developing and testing code to pull in Confluent Metrics data into Splunk by leveraging Splunk Add-On Builder

• Onboarding data into Splunk through custom props & transforms configurations and Splunk technical add-ons.

• Updating Server Configurations to meet Splunk server performance & upgrades

• Creating and updating Splunk Dashboards to meet auditing requirements

• Successfully built a test lab consisting of 3 indexers clustered, 3 search head cluster for Core Splunk, and 3 search head cluster for Splunk Enterprise Security.

• Successfully implemented 5 Splunk deployment servers for mass node configuration deployment.

• Training Juniors and mid Engineers on duty

• Troubleshooting both on prem and AWS environments

• Implementing new systems on AWS Environment and prepping environment for on-prem migration.

• Supporting the Security Operations Center (SOC) with correlation search tuning and migration to AWS

• Updating Correlation Searches in support of recent Solarwinds Attack and detection for Security Operations Center

(SOC).

• Developing new SOC Splunk Use Cases with Splunk Security Essentials

• Establishing a new GitLab environment for Splunk Configuration Change Management leveraging Ansible Playbooks Automation

GuidePoint Security, Fort Belvoir, VA 10/2017 to 04/2019 Splunk Engineer

• Performed and maintained a multi-site, multi-network Splunk clustered infrastructure consisting of 48 indexers, 18 search heads, and over 40 Heavy Forwarders.

• Consistently worked with clients to troubleshoot Splunk Heavy Forwarder, Indexer, and Search Head issues

• Onboarded data into Splunk through custom parsing configurations and Splunk technical add-ons and tagging of data by region, unit, and site

• Updated Server Configurations to meet Splunk server performance & upgrades

• Created custom shell scripts to assist with automating specific Linux OS tasks Agensys, Fort Belvoir, VA 05/2016 to 10/2017

Splunk Engineer

• Architected a new instance of Splunk consisting of 1 Search Head, Indexer, and Heavy Forwarder.

• Onboarded data into Splunk through custom parsing configurations and Splunk technical add-ons

• Troubleshot network issues and data parsing issues coming into Splunk

• Updated Server Configurations to meet Splunk server performance & upgrades KnightPoint Systems, Alexandria, VA 05/2016 to 06/2017 Splunk Engineer

• Performed and maintained Splunk clustered infrastructure consisting of 40 indexers, 6 search heads, and 40 Heavy forwarders.

• Onboarded data into Splunk through custom parsing configurations and Splunk technical add-ons

• Updated Server Configurations to meet Splunk server performance & upgrades

• Creating Ansible playbooks to remotely manage all servers Mil Corporation, Washington, DC 01/2016 to 05/2016 Splunk Architect

• Architecting Splunk across small clustered enterprise environment current consisting of multiple search heads and indexers

• Developing hybrid solutions (ElasticSearch, Logstash, Kibana (ELK)) to processing and analyzing data for different entities within the enterprise

• Engineering and deploying Splunk Enterprise Security Telecommunication Systems, Hanover, MD 06/2015 to 01/2016 Cyber Data Discovery Analyst/Engineer - Contractor

• Develop and engineer a log analysis platform consisting of Splunk and ElasticSearch, Logstash, Kibana (ELK) stack to process large amount of data.

• Create Python script to automatically parse data from logs and PCAP to be feed into ELK

• Conduct network packet analysis on large amount of data to verify and track a pattern analysis.

• Maintain & configure ElasticSearch components (Marvel, PacketBeats, FileBeats, & Shield) Castalia Systems, SpringField, VA 05/2014 to 09/2015 Intrusion Detection Analyst & SharePoint Designer - Contractor

• Monitored Intrusion events through ArcSight SIEM, while leveraging SourceFire Defense Center and NetScout for full Packet Analysis

• Developed and enhanced internal SharePoint website portal to increase collaboration amongst team

• Researched threat intelligence from multiple internal network sources and external sources CGI Federal, Alexandria, VA 08/2012 to 05/2014

Intrusion Detection Analyst - Contractor

• Observed Intrusion Detection and Prevention Systems on daily basis through ArcSight SEIM to ensure that the network is safe from malicious threats

• Assisted and provided feedback on improving current Standard Operations Procedures (SOPs) to better support the Cyber Security Mission

• Utilized and evaluated multiple open source and proprietary tools to conduct both static and dynamic malware analysis ManTech, Washington, DC 01/2014 to 05/2014

Sr. Intrusion Detection Analyst - Contractor

- Trained and mentored new IDS Analysts on shift of current processes and tasks

- Investigated intrusion events through ArcSight SIEM to defend against Cyber Attacks

- Conducted dynamic malware analysis using open source Linux OS and Windows Tools

- Escalated and informed management of possible DDOS attacks NetCentrics, Alexandria & Arlington, VA 08/2011 to 08/2012 Security Analyst / Sr. Systems Security Engineer - Contractor

• Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation

• Researched and evaluated potential, successful, and unsuccessful intrusion attempts across the network

• Prepared and documented incident reports of analysis methodologies

• Conducted and investigated an in-depth malware analysis and suspicious IPs across USCG’s overall network

• Researched and analyzed vulnerabilities that are a potential impact to the HQDA Network

• Communicated with clients to eansure identified vulnerabilities within their OS environment are addressed and adequately protected

• Provided technical analysis to Team leads on emerging vulnerabilities and possible mitigation solutions

• Validated Plan of Action and Milestones (POA&Ms) from Information Assurance team as a process for client systems accreditation

• Executed vulnerability scans throughout the network using Retina and Gold Disk scanners to assist in developing a trend analysis of overall pending vulnerabilities

United States Air Force, Arlington, VA 06/2011 - 08/2011 Technical Support Analyst – Department of Defense Internship

• Developed a comprehensive Microsoft SharePoint website portal improving collaboration, document sharing, and efficiency of data management

• Developed Information System requirements for a strategic-level initiative to review personnel management programs affecting 700,000 personnel’s

• Assessed feasibility of IS requirements intended to modernize congressionally mandated adjudication of personnel records by the Air Force Review Boards Agency

• Designed and developed a legislative affairs webpage to centralize information used to prepare senior executives and general officers for interaction with Congress

• Provided direct IT support to the Assistant Secretary of the Air Force for Manpower and Reserve Affairs Postler & Jaeckle, Rochester, NY 02/2011 - 04/2011 Network Administrator Assistant

• Monitored daily backups through Symantec Backup Exec and provided daily inspection of email servers and redundancy

• Managed server operations and verified consistency of DFS implementation of the network

• Evaluated spam emails as a security procedure to prevent network intrusion

• Appraised the file/folder structure through Active Directory to make more efficient of permissions

• Created Symantec Endpoint Protection packages for deployment to all users New York State Department of Health, Albany, NY 12/2007 - 01/2011 IT Specialist – Consultant

• Reported directly to the Network & Systems Administrator and in a unit supporting over 100 Attorneys

• Assisted Network Administrator in managing the daily operations of a network consisting of 150 computers and 4 servers

• Monitored Windows Server 2003 hardware through HP System Management, Group Policies, Active Directory & Microsoft Windows Management Console

• Managed organizations file systems, storage devices and backups, network devices, workstations, Windows Server Updates Services and third party software updates

• Assisted end users with providing a full range of helpdesk support

• Used VBScript and Group Policy Management to facilitate automated deployment of a variety of users programs Nfrastructure, Clifton Park, NY 06/2006 - 09/2007

Lead Technician

• Lead team of six to successfully rolling out computers throughout New York and Delaware State for Department of Transportation and Department of Social Welfare

• Repaired workstations, laptops, and upgraded various computer peripherals

• Successfully installed Blade Servers for Department of Labor in Albany, NY

• Built, tested and standardized desktop images using Symantec Ghost Solutions EDUCATION:

Rochester Institute of Technology Rochester, NY

Master of Science in Networking, Security & Systems Admin January 2017 Capella University Minneapolis, MN

Master of Science in Network Architecture (Transferred) March 2009 – March 2010 University at Albany Albany, NY

Bachelor of Arts in Information Science, Minor in Chinese August 2007

Contact this candidate