Splunk Security Developer
Resume:
Ashish Ph: 859-***-****
E-Mail: ******.*****@*****.***
Experience in configuring, implementing, analyzing and supporting Splunk server infrastructure across Windows, UNIX and Linux. Experience with a variety of Operating Systems, Protocols and Tools depending on the type of platform or application to be administered.
PROFESSIONAL SUMMARY:
Multi-cultural experience of 7 years IT experience and as Splunk administration and Splunk developer on varied projects which involves Design and Development of client/server. In platform consisting of Red Hat Linux, Windows, and Sun Solaris operating systems.
Worked on Security solutions (SIEM) that enable organizations to detect, respond and prevent these threats by providing valuable context and visual insights to help you make faster and smarter security decisions.
Experience in providing monitoring and response to security events in Security Operations Center (SOC) team.
Extensive experience in Installation, Configuration, and Migration, Troubleshooting and Maintenance of Splunk, Apache Web Server on different UNIX flavors like Linux.
Expert in installing and using Splunk apps for UNIX and Linux Splunk Add-on *nix.
Created Reports, Alerts and Dashboards by Splunk query language. Experienced in creating and running Cron Jobs for scheduled tasks.
Experience in creating Access controls, to user by creating AD (Active Directory) groups power and user groups.
Experience with Active Directory and SSO Single sign-On option.
Configure the add-on app SSO Integration for user authentication and Single Sign-on in Splunk Web.
Experience in Python general scripting, Hands on Experience in secure coding.
Expertise in using Splunk with shell script in creating scripts for various activities like Generating Server Status and Health reports, Deployments on large scale configuration of servers.
Experience with Splunk technical implementation, Planning, customization, integration with big data and statistical and analytical modeling.
Splunk configuration that involves Saved search, summary search and summary indexes.
Integrated Splunk with Service now to create automatic incidents based on the alert.
Created Splunk app for Enterprise Security to identify and address emerging security threats using continuous monitoring, alerting and analytics.
Responsible in Scheduling Backups and Restore, Maintenance plans using Native & Third-party tools.
Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
Experience in Splunk development (creating apps, dashboards, data models, etc.
Experience on Splunk Enterprise Deployments and enabled continuous integration on as part of configuration management.
Experience with Splunk Searching and Reporting modules -- (Splunk ITSI and Enterprise Security App) Knowledge Objects
Administration, Dashboards, Clustering and Forwarder Management.
Created and Managed Splunk DB connect Identities, Database Connections, Database Inputs, Outputs, lookups, access controls.
Monitored Database Connection Health by using Splunk DB connects health dashboards.
Expertise in creating accurate reports, Dashboards, Visualizations and Pivot tables for the business users.
Parsing, Indexing, searching concepts Hot, Warm, Cold, Frozen bucketing.
Knowledge about Splunk architecture and various components (Indexer, forwarder, search head, deployment server).
Set indexing property configurations, including time zone offset, custom source type rules.
Configure Regex transformations to perform on data inputs.
Helping application teams in on-boarding Splunk and creating Dashboard, Alert, and Reports etc. Experience on use and understand of complex Reg Ex (regular expressions).
Various types of charts alert settings Knowledge of App creation, user and role access permissions. Creating and Managing Apps, create user, role and Permissions to Knowledge objects.
Field Extraction, Using IFX, Rex Command and Reg Ex in configuration files.
Knowledge of Extract keyword, Sed, Knowledge objects, Knowledge of various search commands like stats, chart, time chart, transaction, strptime, strftime, eval, where, xyseries, table etc.
Time chart attributes such as Span, Bins, Tag, Event types, Creating Dashboards, Reports using XML. Create Dashboard from search, Scheduled searches of Inline search vs. scheduled search in a Dashboard.
Scripting and development skills (Perl, Python) with strong knowledge of regular expressions.
Experience in all facets of SDLC viz. requirement analysis, designs, development, testing, and post implementation revisions.
Configured various summary indexes by created saved searches to collect the aggregated data to run create dashboards on top of summary index.
Experience with search ahead clustering and Index clustering.
Helped in maintaining Splunk Instance and Monitoring health of the Cluster.
Splunk configuration that involves Saved search, summary search and summary indexes.
Integrated Splunk with Service now to create automatic incidents based on the alert.
Helped in maintaining Splunk Instance and Monitoring health of the Cluster.
Have excellent logical, analytical & debugging skills Possesses high working qualities with good interpersonal skills, highly motivated, fast learner, good team player and very proactive in problem solving with providing best solutions. Provided 24/7 on-call support for production, strong team player, good analytical skills
PROFESSIONAL CERTIFICATIONS:
Splunk Certified Power User
Splunk Certified Splunk Administrator
TECHNICAL SKILLS:
Log Analysis Tool
Splunk Enterprise Server 5.x/6.x/7.x Splunk Universal Forwarder 5.x/6.x/7.x, Splunk DB Connect,
Web/App Servers
Web Sphere Application Server 5.0/6.x/7.x/8.x, Web Sphere MQ Sever 6.x/7.x, WebSphere XD 6.0/6.1, IBM Http Server 6.x/7.x/8.x, Apache Web Server 2.x, Tomcat 5.5, IIS 6/7.x
Operating Systems
IBM AIX (5.1/6.1), RHL Linux, Windows Server 2003/2008 R2, VMWare
Programming
Java, J2EE, C++, C, SQL/PL SQL, HTML, DHTML, XML.
Scripting
Python, WSCP, WSADMIN, Korn Shell Script, Perl, JavaScript, CSS, Batch
Databases
Oracle (8i/9i), UDB/DB2, MS SQL Server, IBM DB2
Monitoring tools
Wily Introscope 8.x/9.x, Tivoli, BSM Topaz, Tivoli Performance Viewer, IBM Thread and Heap Analyzers
Networking
TCP/IP Protocols, Socket Programming, DNS.
Framework
MVC, J2EE Design Patterns, Struts.
IDE
Eclipse, RAD 7, Net Beans, Edit plus
PROFESSIONAL EXPERIENCE:
Client: Lincoln Financial Group – Greensboro, NC Dec 2018 to Till Date
Title: Splunk Security Developer
Responsibilities:
Involved in Installation, Administration and Configuration of Splunk Enterprise and integration with local legacy systems.
Created Dashboards, reports, scheduled searches.
Experience in creating Access controls, to user by creating AD (Active Directory) groups power and user groups.
Proficient in working with Splunk, developing dashboards and configuring the backend administration of Splunk indexes and forwarders.
Created HTML dashboards with third party java scripts and CSS to create beautiful visualizations Field Extraction, Using Ifx, Rex Command and regex.
Worked as a team in statistical and analytical modeling of data to represent it in a graphical way to better understand status of an application.
Hands on development experience in customizing Splunk dashboards, visualizations, configurations, reports and search capabilities using customized Splunk queries.
Created Regular Expressions for Field Extractions and Field Transformations in Splunk.
Key role in developing alerts and timed reports for various application alerts like AppDynamics and IBM Sterling Integrator and display various results clearly as required by the user.
Knowledge about Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model.
Developed and managed Splunk applications and worked with multiple data sources and have developed queries to search for data that is retrieved in logs from different applications like Docker, AppDynamics, F5 and NMON performance by Octamis.
Design solutions and concepts for data aggregation and data visualization on custom dashboards.
Experience working with Java-based server applications and logging frameworks.
Advanced SPL, Eval and Status Functions, understanding expressions, worked with Regex expressions and advanced customization of dashboards with CSS and JavaScript.
Strong understanding of Linux and File systems for backend administration of Splunk indexers and forwarders. Clearing out Splunk logs when the disk utilization reaches >90%.
Self-motivated and self-educating, yet willing and able to work collaboratively with both internal
customers and fellow Splunkers.
Developed custom applications based on the business requirements asked key data on search time using regular expressions.
Integrated service now (SNOW) tickets with Splunk to generate the Incidents from Splunk when
critical events occur.
Client: Humana -- Louisville, KY July 2016 to Dec 2018
Title: Splunk Security Developer / Administrator
Responsibilities:
Installation and configuration of Splunk product at different environments.
Configured Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards, Clustering and Forwarder Management.
Designing and maintaining production-quality Splunk dashboards.
Splunk Enterprise Deployments and enabled continuous integration on as part of configuration management.
Configured and developed complex dashboards and reports on Splunk.
Involved in Installation, Administration and Configuration of Splunk Enterprise and integration with local legacy systems.
Splunk DB Connect 2.4.0 in search head cluster environments of Oracle.
Experience with Splunk UI/GUI development and operations roles.
Expertise in creating and customizing Splunk applications, searches and dashboards as desired by IT teams and business.
Experience in creating Access controls, to user by creating AD (Active Directory) groups power and user groups.
Experience with Active Directory and SSO Single sign-On option.
Configure the add-on app SSO Integration for user authentication and Single Sign-on in Splunk Web.
Experience in providing monitoring and response to security events in Security Operations Center (SOC) team Using Splunk Enterprise Security.
Experience in Python general scripting, Hands on Experience in secure coding.
Drive complex deployments of Splunk dashboards and reports while working side by side with technical teams to solve their integration issues.
Responsible for documenting the current architectural configurations and detailed data flow and Troubleshooting Guides for application support.
Splunk configuration that involves different web application and batch, create Saved search and summary search, summary indexes.
Experience in handling security events that affect VMware systems, applications, infrastructure, information and users using Splunk Enterprise Security.
Managing indexes and cluster indexes, Splunk web framework, data model and pivot tables.
Performed troubleshooting and/or configuration changes to resolve Splunk integration issues.
Hands on development experience in customizing Splunk dashboards, visualizations, configurations, reports and search capabilities using customized Splunk queries.
Knowledge about Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model.
Designing and maintaining production-quality Splunk dashboards.
Good experience in Splunk, WLST, Shell scripting to automate and monitor the environment routine tasks.
Maintaining Data Repository Data correlation and trending.
Used Splunk tool in order to analyze the logs in the applications.
Client: Charter Communications – St. Louis, MO May 2014 to June 2016
Title: Splunk Consultant
Responsibilities:
Optimized Splunk for peak performance by splitting Splunk indexing and search activities across different machines.
Extracted complex Fields from different types of Log files using Regular Expressions.
Created Search Commands to retrieve multiline log events in the form Single transaction giving Start Line and End Line as inputs.
Created HTML dashboards with third party java scripts and CSS to create beautiful visualizations Field Extraction, Using Ifx, Rex Command and regex.
Guarantee high accessibility & execution trough flat scaling and burden adjusted segments.
Prepared, arranged and tested Splunk search strings and operational strings. Created and configured management reports and dashboards.
Created EVAL Functions where necessary to create new field during search run time.
Provide inputs for identifying best fit architectural solutions - deployment for Splunk project.
Splunk Engineer/Dashboard Developer responsible for the end-to-end event monitoring infrastructure of business-aligned applications.
Experience in setting up dashboards for senior management and production support- required to use SPLUNK.
Developed scripts (Python Scripting, Java Scripting, Shell scripting, Perl Scripting) as needed in support of data collection, reporting and presentation requirements.
Independently identified opportunities to improve operational and other performance for Security, IT Operations and other clients.
Involved in interacting with business owners, developers and business analysts in improving the application.
Involved in helping the UNIX and Splunk administrators to deploy Splunk across the UNIX and windows environment.
Helped the client to setup alerts for different type of errors.
Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing.
Analyzed large datasets to identify metrics, drivers, performance gaps and opportunities for improvement.
Maintain documentation of applications including what work has been done, what is left to do and site-specific procedures documenting the Splunk environment.
Work with application team and production support team to troubleshoot production performance and reliability issues
Worked on large datasets to generate insights and communicate insights to guide strategic roadmap.
Maintained and managed assigned systems, Splunk related issues and administrators.
Worked on Splunk DB Connect configuration for Oracle, MySQL and MSSQL.
Created many of the proof-of-concept dashboards for IT operations, and service owners which are used to monitor application and server health.
Involved in handling various Incident and request related to the application.
Involved in developing complex scripts to automate batch jobs.
Client: Mobisys Technologies, Hyderabad, India June 2013 to April 2014
Title: Splunk Consultant
Responsibilities:
Developed Splunk infrastructure and related solutions as per automation toolsets.
Installed, tested and deployed monitoring solutions with Splunk services.
Installing, Configuring and Administering Splunk Enterprise Server 6.0/6.3.2 and Splunk Forwarder 6.0 on Red hat Linux and Windows severs.
Developed Splunk infrastructure and related solutions as per automation toolsets.
Installed, tested and deployed monitoring solutions with Splunk services.
Provided technical services to projects, user requests and data queries.
Implemented forwarder configuration, search heads and indexing.
Supported data source configurations and change management processes.
Analyzed and monitored incident management and incident resolution problems.
Resolved configuration-based issues in coordination with infrastructure support teams.
Maintained and managed assigned systems, Splunk related issues and administrators.
Developed Splunk Dashboards, searches and reporting to support various internal clients in Security, IT Operations and Application Development.
Assisted with on boarding relevant data sources as needed, including inputs, SQL, index-time configurations, search-time field extractions, event types, and tags.
Onboarding performance monitoring tools for GCRM applications.
Build performance dashboards through Splunk, Extrahop, writing Java script and customized scripts
Worked with internal clients to develop requirements, relationships and value metrics.
Expertise in Installation, Configuration, Migration, Troubleshooting and Maintenance of Splunk, Passionate about Machine data and operational Intelligence.
Developed best of breed performance and capacity planning metrics.
Managed existing application and created new applications (visual and non-visual).
Manage Splunk configuration files like inputs, props, transforms, and lookups.
EDUCATION QUALIFICATION:
• Bachelor of Engineering in Computer Science from JNTU, Hyderabad, INDIA (May 2011)
Contact this candidate