Resume

Sign in

Security Engineer

Location:
Posted:
January 10, 2020

Contact this candidate

Resume:

Shahistha Jabeen Hashim

Green Card EAD

Splunk Developer/Admin

Email ID: ada9ji@r.postjobfree.com

PH: 203-***-****

PROFESSIONAL SUMMARY:

The multi-cultural experience of around 6+ years IT experience and as Splunk administration / Splunk developer and Security on varied projects which involves Design and Development of client/server.

In platform consisting of Red Hat Linux and Windows and in-depth knowledge of log analysis generated by various systems including security products

Experience at Splunk, in Splunk developing dashboards, forms, SPL searches, reports and views, administration, upgrading, alert scheduling, KPIs, Visualization Add-Ons and Splunk infrastructure.

Good experience in working with SNMP traps and Syslog NG in on boarding the security devices on Splunk monitoring.

Expertise knowledge on various components within Splunk (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, Parsing, Indexing, Searching concepts, Hot, Warm, Cold, Frozen bucketing, License model.

Good command in writing Splunk searches; Splunk Infrastructure and Development expert well-versed with Splunk architecture and design.

Good experience in building Splunk Security Analytics. Lead logging enrolments from multi-tier applications into the enterprise logging platforms.

Coordinated with vendors, the customer (users), managers to build systems and standards.

Proficiency with scripting languages.

Expert understanding to develop the complex Use Cases, Universal device support modules on the QRadar SIEM

Experience in performance testing, application monitoring and website support for banking, insurance, manufacturing, and retail industries.

Knowledge on Configuration files in Splunk (props.conf, Transforms.conf, Output.confg)

Created SOPs (Standard Operating Procedures) for SharePoint Processes and Shared Drive Processes.

Used XML, Advanced XML and Search Processing language (SPL) for creating Dashboards, views, alerts, reports and saved searches. Upgraded and Optimized Splunk setup with new discharge.

Experience in integration tools like Spring Integration, Mule ESB, Apache CXF, Apache Kafka and Apache Camel to integrate the enterprise application technologies with existing JVM environment.

Played a key role in the Splunk SIEM project and worked with Splunk Sales in determining the log size and suggest Client for estimation of licensing cost.

Experienced in data on boarding to Splunk, ingesting data from various sources such as

Splunk universal forwarders, REST API, HEC and add-ons.

Experience in Test-driven development and knowledge of using Continuous Integration

Continuous Delivery (CI/CD) tools such as TeamCity, Jenkins and Ansible.

Machine learning experience and Experience deploying and managing infrastructure on public clouds such as AWS.

Experience in operating and monitoring AWS instances. Experience with Splunk Enterprise Security ( Splunk ES).

Good experience on AWS infrastructure provisioning using the Infra orchestration tool like

Ansible

Supports, Monitors and manages the SIEM environment. Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app, Triage events, Incident Analysis.

Experience in dashboards and reports performance optimization. Working knowledge of scripting languages (e.g. Python bash, etc.). Excellent knowledge of TCP/IP networking, and inter-networking technologies (routing/switching, proxy, firewall, load balancing etc.)

EDUCATION QUALIFICATION :

Bachelor of Arts From University of Madras (2007)

Advanced Diploma in Business Administration From VIT Varehouse Infotech (2008)

Post-Secondary Diploma in System Technician from George Brown College-Canada (2012)

EXPERIENCE PROFILE :

Client:Well Care Health Plans Inc - Tampa, FL Duration: April 2017 – Present Role: Splunk Developer/ Admin

Responsibilities:

Implemented Splunk installation and administration of Linux servers using Red Hat Enterprise Linux and Oracle Enterprise Linux.

Created Splunk knowledge bundles, Forms/Views/Dashboards.

Buildup of Forwarders and perform Software installation upgrades and upgrading Splunk as and when required using automation tools.

Work with SIEM tool QRadar by tuning security events, creating building block, search for reports and search security events.

Created Bash Scripts for Automation of Splunk day to day tasks.

Optimized search queries using summary indexing and used regular expressions for creating tags, event types, field lookups and field extractions.

Interpreted and developed SIEM products to meet the internal and external and customer requirements. Experience in working on Enterprise Security log management and SIEM solutions.

Worked on Security solutions SIEM that enable organizations to detect, respond and prevent these threats by providing valuable context and visual insights to help you make faster and smarter security decisions.

Performed Splunk Indexer/Search Heads upgradation, installation and configuration of Splunk Apps.

Created Shell Scripts to install Splunk Forwarders on all servers and configure with common configuration files such as Bootstrap scripts, Outputs.conf and Inputs.conf

Created and configured KPI's in Splunk IT Service Intelligence (ITSI) Files.

Configuring and base lining Hardware for Splunk on Linux Hosts. Conducting operational testing with Splunk Users.

Expertise with SIEM (security information and event management). Manage Splunk user accounts (create, delete, modify, etc.) Scripted SQL Queries in accordance with the Splunk.

Designed and maintained complex Splunk dashboards on Enterprise and Enterprise Security.

Monitored license usage, indexing metrics, Index Performance, Forwarder performance, death testing.

User/Group Administration – Splunk authentication with LDAP for user accounts/groups creation and bindings of LDAP groups to Splunk.

Dealt with Splunk Utilities (bucket rolling, User index creation and management, Sourcetype, forwarder log monitoring input and output configuration).

Testing new versions within DEV environments and conducting stress tests.

Created an Active-Passive SPLUNK framework for fulfilling BCP requirements

Interaction with various application workgroups for requirement gathering, so as to design and plan the software and hardware infrastructure.

Splunk ITSI to determine The KPI for the business.

Good Understanding of Splunk architecture, Knowledge about various components (indexer, forwarder, search head, deployment server).

Creation and implementation of shell scripts to take care of Splunk file backup, monitoring alert log and log rotation.

Installation and configuration of own Apps to monitor system performance including Splunk internal logs.

Handled configuration of advanced dashboard creation and optimization.

Coordinated with various app support teams, training new hires, support team members.

Client :Bosch Group - Farmington Hills, MI Duration :May 2016 – Mar 2017Role: Splunk Engineer

Responsibilities:

Review overall system configurations of all Splunk servers and services.

Identify errors and misconfigurations, potential upgrades, changes to increase performance, changes in ingestion rates and retention times to improve indexing, and log filtering to maximize Splunk Licensing.

Create new reports, metrics and dashboards.

Improving diagnosing risk, security and compliance incidents with issues involving extensive analysis

Assist to recommending security resolutions to management for better malware detection and endpoint security

Onboard new data from various sources and Designing and building new log & data mining services including

Planning, supporting of execution of assembling and Perform data mining and analysis, utilizing various queries and reporting methods.

Requirement gathering and analysis. Interacted with team members and users during the design and development of the applications and Splunk Objects.

Creating, maintain, support, repair, customizing System & Splunk applications, search queries and dashboards.

Building Splunk queries by Splunk Search Processing Language (SPL) and Regular expressions.

Data collection from various systems/servers, Forwarder Management, creating and managing Splunk apps.

Install, configure, and troubleshoot Splunk. Experience with regular expressions and using regular

expressions for data retrieval. Work with application owners to create or update monitoring for applications.

Good experience in building Splunk Security Analytics. Lead logging enrollments from multi-tier applications into the enterprise logging platforms.

Assist internal users of Splunk in designing and maintaining production-quality dashboards

Ownership of the log & data mining service based on the Splunk product including

This individual will also be expected to work with other departments, representing the team on all technical matters related to log monitoring and analysis

The Splunk engineer should be familiar with a Linux environment, editing and maintaining Splunk configuration files and apps.

Configurations with deployment server, indexers, search heads, serverclass.conf, server.conf, apps.conf, props.conf, transform.conf, forwarder management configurations.

Good experience in clustering, deploying apps through Splunk deployment server, deployer, Splunk version upgradation, creating roles and authentication.

Created Summary searches and reports; In depth knowledge of Splunk license usage abd safeguarding from violation.

Client :AT&T - Austin, TX Duration : June 2013 – April 2016Role: Splunk Analyst

Responsibilities:

Installed, configured and administered Splunk Enterprise Server and Splunk Forwarder on Red Hat Linux and Windows servers.

Setup Splunk Forwarders for new application tiers introduced into the environment and existing applications.

Developed Cloud Applications: Frontend to Micro Services configured to deploy to IBM Cloud Bluemix.

Integration of Splunk to Service Now for auto-ticket creation.

Experience in IBM QRadar SIEM Integration.

On-boarded PCF (pivotal cloud foundry) data and application events to Splunk deployment over HTTP protocols using HTTP event collector (HEC) inputs.

Integrated Service Now with Splunk to generate the Incidents from Splunk

Install and configure Splunk DB Connect. Configuration and support of syslog-ng

Created Compliance Security Baseline and Vulnerability Assessment dashboard for IBM Guardium Security for Database Server and Database Instances.

Monitored Database Connection Health by using Splunk DB connect health dashboards.

Splunk SPL (Search Processing Language) and Dash boarding/Visualization. Setup dashboards for network device logs.

Developed and used various puppet modules and Ansible roles/playbooks for automation of build environments.

Installing and Configured Web Server as proxy plug-in to WebLogic Server.

Performed searching and reporting modules - ( Splunk ITSI and Enterprise Security App).

Configurations with deployment server, indexers, search heads, serverclass.conf, server. Conf, apps.conf, props.conf, transform. Conf, forwarder management configurations.

Good experience in clustering, deploying apps through Splunk deployment server, deployed, Splunk version upgradation, creating roles and authentication.

Technical Skills :

Splunk

Splunk 5.x and 6.x, Splunk Enterprise, Splunk on Splunk, Splunk DB Connect, Splunk IT Service Intelligence, Splunk Web Framework, Splunk Machine Learning Tool kit, Splunk Hunk.

Operating Systems

Windows, Unix/Linux

Data Analysis

Requirement Analysis, Business Analysis, detail design

Web technologies

HTML, CSS, JavaScript, XML, Advanced XML

Concepts

SDLC, Object Oriented Analysis and Design

Programming Language

C, Python, UNIX shell scripts

Database

Oracle, MySQL,SQLqueries,SQL Procedures



Contact this candidate