Zaheer
ac8edz@r.postjobfree.com
Summary
Experience working on Splunk 5.x, 6.x, Splunk Enterprise Security 6.x, Splunk DBConnect 1.x, 2.x
on distributed Splunk Environments and Clustered Splunk Environments on Linux and Windows
operating systems.
Extensive experience in deploying, configuring and administering Splunk clusters.
Expertise in Actuate reporting, development, deployment, management and performance
tuning of Actuate reports
Created Splunk app for Enterprise Security to identify and address emerging security
threats through the use of continuous monitoring, alerting and analytics.
Helping application teams in on-boarding Splunk and creating dashboards, alerts, reports
etc.
Setup Splunk Forwarders for new application levels brought into environment.
Develop custom app configurations (deployment-apps) within SPLUNK in order to parse,
index multiple types of log format across all application environments.
Experience in Shell scripting and extensively used Regular expressions in search string
and data anonymization.
Good Understanding of configuration files, precedence and daily work exposure to
Props.conf, transforms.conf, inputs.conf, outputs.conf and Setting up a forwarder information
based on requirement.
Created Reports, Alerts and Dashboards by Splunk query language. Experienced in
creating and running Cron Jobs for scheduled tasks.
Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing. Knowledge
about Splunk architecture and various components (Indexer, forwarder, search head,
deployment server).
Expertise in system administration on Splunk, ITSI, SIEM, Machine Learning Tool kit,
AppDynamics, Linux.
Good Experience in creating the Splunk app for Enterprise Security to Identify and
Address emerging security Threats using continuous monitoring, alerting and analytics.
Managed Indexer Clusters including security, hot and cold bucket management and
retention policies.
Configure Regex transformations to perform on data inputs.
Responsible for monitoring and, providing analysis in a 24x7x365 Security Operation
Center (SOC) using various SIEM (Splunk), IDS/IPS software tools.
Manage Splunk (SIEM) configuration files like inputs, props, transforms, and lookups.
Upgrading the Splunk Enterprise and security patching.
Initiated projects to create disaster recovery plans for identified gaps.
Established disaster recovery plan testing and auditing cadence.
Create policies, alerts and configure using SIEM tools (Splunk )
TECHNICAL SKILLS:
Splunk: Splunk 6.x and Splunk 7.2, Splunk Enterprise, Splunk on Splunk, Splunk DB
Connect, Splunk IT Service Intelligence, Splunk Web Framework, Splunk Machine Learning
Tool kit, Splunk Hunk.
Operating Systems: Windows, Unix/Linux
Data Analysis: Requirement Analysis, Business Analysis, detail design
Web technologies: HTML, CSS, JavaScript, XML, Advanced XML
Concepts: SIEM, SDLC, SSAE, Object Oriented Analysis and Design
Programming Languages: C, Python, UNIX shell scripts
Database: Oracle, MySQL, SQL queries, SQL Procedures
Tools: Microsoft Word, Microsoft PowerPoint, Microsoft Excel, Microsoft outlook,
Microsoft Project, Wireshark.
Education Qualification:
Degree Major Location
Masters Degree: Master in security systems from university of USA
Cumberlands
Professional Experience
State Farm - Bloomington, IL
Splunk Consultant June 2017 Present
Responsibilities:
Developed requirements and specifications for systems that meet customer requirements
involving complex and complicated issues.
Created advanced dashboards, alerts, reports, advanced Splunk searches and visualization
in Splunk enterprise.
Staged, installed, configured, integrated and tested Splunk Enterprise logging systems in
the labs, then deployed to data centers.
Deployed apps to windows systems and configure to collect windows application,
security, audit, user activities, printers and SQL servers event logs inject into
Splunk Enterprise System.
Defined service dependencies for effective analysis of Service Analyzer and Glass tables
visualizations
Performing the CI between Splunk with Jenkins and AppDynamics.
Configuring the Splunk Add-on for AppDynamics and Splunk App for Jenkins.
Aligned business goals with Splunk ITSI services
Extensive domain knowledge of Configuration items of ITIL framework
Strong experience with Splunk Enterprise 5x, 6x and 7x versions, Enterprise Security and
ITSI 2x, 3x versions.
Scaled Splunk installation instance via planning Splunk Hardware, Deployment options,
data inputs options and customer add-ons.
Configured OS module and Add-ons to auto detect entities using Splunk-add on for
UNIX and Linux and MS windows.
Configured Index and Search Head Clustering
Installed Java (Open JDK ) on search head clusters for effective anomaly detections
Imported data for services and entities from Splunk platform searches
Extensive hand on experience with creating entities, entity aliases, service and alignment
with business goals.
Created entities rules and Multiple KPI for security, application and infrastructures layers
Enabled KPI Summary indexing and accelerated search speeds
Configured asset and identities, know types of threats in Enterprise Security product
which was maintained on Splunk Cloud
Analyzed user behavior for known and insider threats
Ongoing removal of access and data associated with inactive projects
Experience in creating complex reports and dashboards in Splunk Enterprise 6.x
Proficient in Splunk development and administration
Experience in Python/Java/Shell/PowerShell scripting (creating scripts and manipulating
existing scripts)
Extensive experience using Splunk to capture, index and correlate real-time data in a
searchable repository from which it can generate graphs, reports, alerts, dashboards and
visualizations
Built Glass Tables Visualizations for Enterprise Security and ITSI for deep dive, notable
events and anomaly detection
Root cause analysis performed successfully to provide support to internal customers
Multiple KPI alerts created using correlation searches
Hand on experience with troubleshooting Splunk and related products
Execute and monitor data scanning activities, utilizing various technologies
Trending and analysis of output from data scanning activities
Evaluate efficiencies of technology upgrades and apply as needed
Assist internal customers with access role management activities/requests
Continuous monitoring and removal of systems accesses on various development and test
systems
Annual group membership access reviews for development and test environments
Experience using Splunk to capture real-time data from Mainframe Systems and
Distributed Systems
Rooms to Go Tampa FL
Splunk Admin/Developer Nov 2015 - May 2017
Responsibilities:
Installation and configuration of Splunk product at different environments. Configured Splunk
Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards,
Clustering and Forwarder Management.
Monitoring or analyzing the real-time events for the security devices like Firewall, IDS, Anti-
Virus etc., using SIEM tools.
Developed Splunk Dashboards, searches and reporting to support various internal clients in
Security, IT Operations and Application Development.
Analyzed security based events, risks and reporting instances. Correlating events from a Network,
OS, Anti-Virus, IDS/ IPS, Firewalls or Proxies and analyzing them for possible threats.
Integrated AppDynamics with splunk to monitor the application performance issues
Understand and interpret customer requirements for Splunk implementation for an enterprise
solution.
Provide deployment strategies with the understanding of affordable risk based on customer
acceptance.
Created and configured management reports and dashboards. Planned, implemented, and
managed Splunk for log management and analytics
Monitor security violations, flag potential violations and logging security incidents in Service
Now.
Validate the existing rules and provide recommendation on fine tuning the rules. Creating and
sending Risk Advisories to our clients.
Suppress false positive alerts. Weekly/Monthly incident analysis report. Analyzing the events and
providing solutions for the incidents.
Involved in setting up alerts for a different type of errors, Data Enrichment using the lookups and
Data Interpretation using the Fields and Fields Extraction and performing the Data Normalization
using the Tags.
Good Understanding of configuration files, precedence and daily work exposure to Props.conf,
transforms.conf, inputs.conf, outputs.conf and Setting up a forwarder information based on
requirement.
Maintained Splunk Environment with multiple indexers; managed and configured settings.
Improved search performance by configuring to search heads for all Indexes in production.
Analyzed security based events, risks and reporting instances. Developed Splunk queries and
dashboards targeted at understanding application performance and capacity analysis.
Worked for getting data in managing Splunk apps. Assisted internal users of Splunk in designing
and maintaining production-quality dashboards.
Splunk DB Connect 2.0 in search head cluster environments of Oracle. Installation and
implementation of several kinds of visualizations to Splunk dashboards.
Tech Mahindra Hyderabad India
Splunk Engineer June 2012- July 2015
Responsibilities:
Created Dashboards, Visualizations, Statistical reports, scheduled searches, Alerts and also
worked on creating different other knowledge objects.
Knowledge about Splunk architecture and various components (indexer, forwarder,
search head, deployment server)
Worked on installing Universal and Heavy forwarder to bring any kind of data fields in to
Splunk.
Provide Regular support guidance to Splunk project teams on complex solution and issue
resolution.
Helping application teams in on-boarding Splunk and creating dashboards/alerts/reports
etc.
Maintained and managed assigned systems, Splunk related issues and administrators.
Involved in admin activities and worked on inputs.conf, index.conf, props.conf and
transform.conf to set up time zone and time stamp extractions, complex event
transformations and whether any event breaking.
Involved in standardizing Splunk forwarder deployment, configuration and maintenance
across UNIX and Windows platforms.
Designing and maintaining production-quality Splunk dashboards.