Solutions Architect Cyber Security
Resume:
Bijaya Kumar Angajala
Phone: 251-***-****
Email: ad2owi@r.postjobfree.com
Location: 3046 Sugar Ln, Vienna, VA 22181
https://www.linkedin.com/in/kumar-bj-7a6aa8225/
Certification Link
AWS Certified Solutions Architect - Associate
https://www.certmetrics.com/amazon/
CompTI Security+
https://www.certmetrics.com/comptia/candidate/cert_summary.aspx verify code 7281ZVF8B73LFQ91
CompTI Cysa+
https://www.certmetrics.com/comptia/public/verification.aspx?code=HLPTZ0EXDR0LFHGM Verify code HLPTZ0EXDR0LFHGM
Splunk Enterprise Security Certified Admin
https://wsr.pearsonvue.com/utilities/scorereport/srx/9e6e5ae7-7977-42df-bfcf-f67bb12acdeb/scoreReport.html
Splunk Enterprise Certified Admin
https://wsr.pearsonvue.com/utilities/scorereport/srx/36d42954-c3d7-48cd-9340-66b938a2eafa/scoreReport.html
Splunk SOAR Certified Automation Developer
https://wsr.pearsonvue.com/utilities/scorereport/srx/b79d9e21-e62a-4602-8aea-fbe10696631d/scoreReport.html
Sr Splunk Engineer
Synopsis:Splunk Engineer with 11 years of experience in Systems Integrator with a strong background in implementing and optimizing Identity and Access Management solutions, leveraging SIEM platforms, cyber security frameworks (MITRE and Cyber Kill Chain), and expertise in handling incidents using EDR and SIEM tools. Seeking a challenging role to contribute my extensive knowledge and skills in threat detection, incident response, and overall security operations to protect and defend organizations against evolving cyber threats.
EXPERIENCE SUMMARY
●Experience as an IAM Systems Integrator, successfully delivering end-to-end IAM solutions for clients across various industries.
●Experience in Splunk administration, configuration, and deployment of Splunk components (indexers, search heads, forwarders) in distributed environments.
●Proficient in creating and managing Splunk knowledge objects, including reports, dashboards, alerts, event types, and tags.
●Strong expertise in performing field extractions in Splunk using regular expressions (Regex) to parse and extract meaningful data from log files.
●Skilled in developing correlations and notables in Splunk to identify patterns, anomalies, and security threats within large datasets.
●Proficient in designing and building interactive and visually appealing Splunk dashboards to visualize data and provide insights to stakeholders.
●Experience in configuring and managing Splunk alerts to proactively monitor events, trigger notifications, and facilitate incident response.
●Demonstrated ability to develop custom content in Splunk, including searches, saved searches, macros, and data models.
●Proficient in diagnosing and resolving Splunk-related issues, optimizing search performance, and ensuring data integrity.
●Extensive experience in correlating security events from multiple sources to identify patterns, anomalies, and potential threats.
●Proficient in analyzing logs from network devices, operating systems, security tools, and applications to detect security incidents and assess their impact.
●Intrusion Detection and Prevention Systems (IDS/IPS): Strong knowledge of IDS/IPS technologies and expertise in leveraging correlated events for effective threat detection and prevention.
●Firewall and Proxy Analysis: Skilled in analyzing firewall and proxy logs to identify unauthorized access attempts, malicious activities, and policy violations.
●Familiarity with malware analysis techniques to identify indicators of compromise (IOCs) and assess the impact of potential malware infections.
●Experience in responding to security incidents, including investigation, containment, eradication, and recovery.
●Knowledge of threat intelligence sources and the ability to incorporate threat intelligence feeds into event correlation for enhanced threat detection.
●Proficient in working with security tools such as SIEM (Security Information and Event Management) systems, log management solutions, and vulnerability scanners.
●Correlated security events from various sources, including network devices, operating systems, anti-virus solutions, IDS/IPS, firewalls, and proxies.
●Analyzed correlated event data to identify potential security threats, anomalous activities, and indicators of compromise.
●Conducted log analysis to investigate security incidents, assess their impact, and determine the appropriate response measures.
●Utilized intrusion detection and prevention systems (IDS/IPS) to proactively detect and prevent network-based attacks by leveraging correlated events.
●Analyzed firewall and proxy logs to identify unauthorized access attempts, malicious activities, and policy violations.
●Collaborated with incident response teams to investigate and respond to security incidents, including containment, eradication, and recovery.
●Incorporated threat intelligence feeds into event correlation processes to enhance threat detection capabilities.
●Splunk Installation and Configuration: Extensive experience in installing, configuring, and managing Splunk instances in enterprise environments.
● In-depth knowledge and practical application of cyber security frameworks, including MITRE ATT&CK and Cyber Kill Chain. Proficient in leveraging these frameworks to analyze and respond to cyber threats effectively.
●In-depth knowledge of the MITRE ATT&CK framework, including the various attack techniques, sub-techniques, and associated mitigations. Skilled in using ATT&CK to analyze cyber threats, map observed activities to specific techniques, and identify potential security gaps
●Analyzed security logs from SIEM systems to identify potential security incidents and threats.
●Worked with other security analysts and incident responders to investigate and respond to security incidents.
●Manage and monitor SIEM platforms, including Splunk and ArcSight, to detect and respond to security incidents.
●Analyzed security logs from SIEM systems to identify potential security incidents and threats.
●Worked with other security analysts and incident responders to investigate and respond to security incidents.
●Assisted with the development of security playbooks and procedures.
●In-depth knowledge and hands-on experience in AWS cloud services, including VPC, EC2, S3, RDS, IAM, Lambda, CloudFormation, and CloudTrail.
●Expertise in designing, implementing, and managing secure and scalable cloud architectures on AWS, ensuring high availability, reliability, and performance.
●Proficient in utilizing AWS security services, such as CloudWatch, Inspector, GuardDuty, and WAF, to detect and mitigate threats, vulnerabilities, and DDoS attacks.
PROJECT EXPERIENCE
Client: Entergy, New Orleans, LA Feb 2021- Till Now
Role: Sr Splunk Engineer
Responsibilities:
●Configured and maintained Splunk instances, including the deployment of indexers, search heads, and forwarders.
●Created and managed Splunk knowledge objects such as reports, dashboards, alerts, event types, and tags to provide actionable insights and facilitate data analysis.
●Developed and optimized field extractions using Regex to parse and extract relevant data from various log sources.
●Designed and built interactive Splunk dashboards, enabling stakeholders to visualize and explore data trends, patterns, and metrics.
●Implemented correlations and notables to detect and investigate security incidents, identifying potential threats and anomalies in real-time.
●Configured Splunk alerts to proactively monitor critical events, trigger notifications, and enable timely incident response.
●Assisted in troubleshooting and resolving Splunk-related issues, optimizing search performance, and ensuring the accuracy and integrity of data.
●Installed and configured various Splunk applications, including Db Connect, Hunk, Microsoft Exchange App, AWS Splunk App, and Cisco Network App, to meet specific business requirements.
●Deployed and managed Splunk ES to enhance security monitoring capabilities, configure security policies, and investigate security incidents.
●Utilized Splunk ITSI to monitor and analyze IT service performance, create service-level dashboards, and detect anomalies.
●Leveraged Splunk SE for monitoring and managing service levels, tracking service availability, and generating reports.
●Set up and utilized Splunk ES/SE/ITSI on sandbox environments for testing, evaluation, and training purposes.
●Developed custom correlation searches on Splunk ES to detect and investigate security threats and vulnerabilities using the MITRE Framework, Red Canary, LOLBAS, and other security frameworks.
●Configured security policies and risk-based alerting (RBA) frameworks to prioritize security alerts based on risk levels and ensure efficient incident response.
●Analyzed logs and conducted forensic investigations to identify IOCs and assess the impact of security incidents.
●Collaborated with incident response teams to investigate and respond to security incidents, including containment, eradication, and recovery.
●Utilized IDS/IPS technologies and correlation searches to detect and prevent network-based attacks.
●Provided technical guidance and training to team members and end-users on Splunk ES, correlation searches, and security best practices.
●Stayed up-to-date with the latest Splunk and SIEM industry trends and best practices.
●Administer Splunk Enterprise Security and provide technical support to clients.
●Implement Splunk SIEM solutions and ensure compliance with CIM standards.
●Provided technical support to clients and addressed any issues related to Splunk.
●Design, implement, and maintain Splunk SIEM solutions for clients across multiple industries.
●Conduct workshops and training sessions for clients to demonstrate Splunk's SIEM capabilities and best practices.
●Format and parse data to ensure compliance with CIM standards.
●Use the MITRE ATT&CK framework to identify, investigate, and respond to security incidents.
Environment: Splunk 6.0,7x, 7.2, 8x, pivotal HD, Splunk Enterprise Security, windows, Splunk knowledge objects, Python, Rest APIS, SDKs, SIEM, AWS, NoSQL
Kemper Insurance, Jacksonville FL Jan 2016 to Jan 2021
Role:Sr. Splunk Engineer
Responsibilities:
●Monitored and analyzed security events and logs using SIEM tools, identifying potential security incidents and taking appropriate actions.
●Conducted incident response activities, including containment, investigation, and eradication of security incidents.
●Collaborated with IT teams to implement security controls and ensure compliance with industry regulations.
●Performed vulnerability assessments, identified and prioritized vulnerabilities, and recommended remediation actions.
●Prepared incident reports, documented investigation findings, and presented recommendations for security enhancements to management.
●Conducted risk assessments and vulnerability scans to identify weaknesses and vulnerabilities in the organization's IT infrastructure, aligning findings with MITRE ATT&CK and Cyber Kill Chain frameworks to prioritize remediation efforts.
●Collaborated with cross-functional teams to implement security controls and best practices based on cyber security framework recommendations.
●Assisted in incident response activities, leveraging the frameworks to identify the attack vectors, techniques, and potential indicators of compromise.
●Prepared detailed reports and presentations outlining the findings, recommendations, and progress made in implementing cyber security framework-based defense strategies.
●Assisted in the development and configuration of Splunk architectures for SIEM solutions.
●Created and maintained Splunk dashboards, reports, and alerts.
●Supported security operations teams in analyzing and investigating security events.
●Participated in troubleshooting and resolving issues related to Splunk infrastructure and data ingestion.
●Conducted research and recommended improvements for log data parsing and normalization processes.
●Assisted in the development of Splunk apps and add-ons.
●Developed Splunk infrastructure and related solutions in our Company environment.
●Knowledge about Splunk architecture and various components (indexer, forwarder, search head, deployment server), Universal and Heavy Forwarder.
●Installed, tested, and deployed monitoring solutions with Splunk services.
●Provided technical services to projects, user requests, and data queries. Implemented forwarder configuration, search heads, and indexing.
●Created a large variety of field extractions, lookups, and evals using props. conf and transforms. conf.
●Used Splunk Enterprise Security App for Security Information and Event Management (SIEM) system utilizing.
●Managed and monitored AWS infrastructure, including VPC, EC2 instances, S3 buckets, and IAM roles, to ensure high availability and security.
●Configured and maintained WAF and IPS solutions to protect web applications and infrastructure against common attacks and vulnerabilities.
●Implemented and managed AV and EDR solutions to safeguard endpoints from malware and detect and respond to security incidents.
●Utilized CloudTrail and CloudWatch to monitor and analyze logs for security events, operational issues, and performance optimization.
●Assisted in the implementation of secure backup and disaster recovery strategies using AWS services, such as S3 and Glacier.
●
Environment: Splunk 6.4/6.3,7, Splunk DB Connect and other modules, Tomcat 7.x, SAML, Wily Introscope 6.0, HTML, CSS, Configured plug-ins for Apache HTTP server 2.4, RedHat Linux 6.x, Security Information and Event Management (SIEM), JavaScript, XML, BASH, SVN, CVS.
Southern Company(Alabama Power) June 2015 – Jan 2016
Role: Splunk Admin /Developer
Responsibilities:
●Worked in installing Splunk Enterprise 6.3.3 on both Linux (Red Hat Distro) and Windows Servers as a separate Splunk User.
●Installation and configuration of various components like indexer, forwarder, search head, and deployment server.
●Worked on installing the Splunk Universal Forwarder and Splunk Heavy Forwarder on both Linux and Windows environments.
●Installation of Splunk Applications and Technology Add-ons concerning the technology.
●Updated the Splunk Enterprise 6.3.3 to 6.4.
●Designing and maintaining production-quality Splunk dashboards.
●Used Apache JMeter to analyze the Load balancing Problems and Checking Stress Performance testing on system web Applications.
●Splunk Enterprise Deployments and enabled continuous integration as part of configuration management.
●Helping application teams in onboarding Splunk and creating dashboards/alerts/reports etc.
●Most of the time worked to install universal forwarders but we have heavy forwarders set up to see data from the sys log,
●server side. Heavy Forwarders to bring any kind of data fields into Splunk.
●Expertise with Design, Implementation, Configuration, and Management of Splunk Enterprise.
●Created Splunk Search Processing Language (SPL) queries, Reports, Alerts, and Dashboards.
●Creating and Managing Apps, Creating user, role, and Permissions to Knowledge objects.
●Create Dashboard Views, Reports, and Alerts for events and configure alert mail OR depending on the requirement.
●Troubleshooting of searches for performance issues by adding lookups, correct joins, and using summary indexes
Captured data from various front-end, middleware application. Dashboards were created to monitor the traffic volume across, response times, Errors, and Warnings across.
●Performed troubleshooting and/or configuration changes to resolve Splunk integration issues.
●Playing a key role in identifying and driving process changes within the team.
Environment: Splunk 6. x, Splunk DB Connect and other modules, Splunk 7. x,SPL, Oracle 9i/10g, Solaris 10, LINUX, Sun One Web Server 6.0, Apache 2.x, Perl, python, SIEM.
Client:Web Adda Technology - India Jan 2012 to Nov 2014
Role: Splunk Developer
Responsibilities:
●Work to implement a development workflow and a deployment workflow for distributed environment.
●Consulting with customers to customize and configure Splunk to meet their requirements.
●Integrating Splunk with a wide variety of legacy data sources
●Design and develop apps, custom dashboards, charts, and graphs using advanced XML
●Standardize Splunk forwarder deployments, configurations, and maintenance across UNIX and Windows platforms.
●Experience in creating regex expressions to extract the fields
●Troubleshoot Splunk infrastructure components, performance issue and license usage in Construction complex Splunk queries, configure new data ingestion into Splunk and Manage Splunk infrastructure
●Coordination with infrastructure support teams. As well Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen
●Assisting with training application and infrastructure teams not familiar with Splunk
●Worked closely with Infrastructure, Application, Development, and Business or project teams
Environment: Splunk 6. x, Splunk DB Connect and other modules, Splunk 7. x,SPL, Oracle 9i/10g, Solaris 10, LINUX, Sun One Web Server 6.0, Apache 2.x, Perl, python, SIEM.
Splunk Certified Power user& Architect
Education:
Masters:2020: Computer science: Troy University, Troy Alabama USA
Undergraduate: 2011: IT, BPUT Orissa, India
Contact this candidate