Mostafa Khalil
***********@*****.***
Visa: OPT EAD
***** *** ****** ***, ****** chapel, FL 33544
Professional Summary:
Strong experience with Splunk 6.x, 7.x and 8.x product, distributed Splunk architecture and components including search heads, indexes, and forwarders.
Experience in Operational Intelligence using Splunk.
Headed Proof-of-Concepts (POC) on Splunk ES implementation, mentored and guided other team members on Understanding the use case of Splunk.
Expertise in customizing Splunk for Monitoring, Application Management and Security as per customer requirements and industry best practice.
Expertise in Installation, Configuration, Migration, Troubleshooting and Maintenance of Splunk, Passionate about Machine data and operational Intelligence.
Implemented workflow actions to drive troubleshooting across multiple event types in Splunk.
Expert in installing and configuring Splunk forwarders on Linux, Unix and Windows.
Expert in installing and using Splunk apps for UNIX and Linux (Splunk nix)
Used Splunk Hunk for splunk analytics with Hadoop.
Exposed the metadata to the end users using the Splunk Analytics for Hadoop.
Knowledge on configuration files in Splunk (Pros.conf, Transforms.conf, output.conf).
Worked with SIEM team monitoring notable events through Splunk ES.
Supports, Monitors, and manages the SIEM environment.
Expertise in Splunk SPL as well as python and several other languages.
Scripting and development skills using Perl and Python with strong knowledge of regular expressions.
Worked on Amazon AWS, configuring, launching Linux and windows server instances for Splunk deployment.
Instrumental in developing and delivering training modules on Cloud Platform
Expert in installing and using Splunk apps for UNIX and Linux (Splunk nix).
Knowledge on Configuration files in Splunk (props.conf, Transforms.conf, Output.confg)
Worked on large datasets to generate insights by using Splunk.
Production error monitoring and root cause analysis using Splunk.
Install, configure, and administer Splunk Cloud Environment 7.5.0 and Splunk Forwarder 8.x.x on Windows Servers.
Supported Splunk Cloud with 3 Indexers, 120 forwarders and Generated 300 Gb of data per day.
Involved in standardizing SPLUNK forwarder deployment, configuration, and maintenance across Windows Servers
Configured inputs.conf and outputs.conf to pull the XML based events to SPLUNK Cloud Indexer.
Debug Splunk related and integration issues.
Technical Skills:
Operating Systems
Windows 2000, XP, Win 10, Windows Server, Unix/Linux (Red Hat), Free BSD
Security / Vulnerability Tools
Snort, Wireshark, Websense, Bluecoat, Palo Alto, Checkpoint, Symantec, Qualys Vulnerability Manager, FireEye HX, Sophos, Sourcefire
RDBMS
Oracle 11g/10g/9i/8i, MS-SQL Server 2000/2005/2008, Sybase, DB2 MS Access, Mysql
Networking Protocols and Tools
TCP/IP, HTTP/HTTPS, SSH, SSL, DNS, SNMP Routers, Switches, Load Balancers, Cisco VPN, MS- Direct Access
Programming Language
C, C++, Java with Big Data, Python, UNIX shell scripts
Monitoring Tool
Netcool, Dynatrace, tealeaf
Professional Experience:
Verizon -Tampa, FL April 2018 – Present
Splunk Developer / Admin
Experience in creating Splunk dashboards and visualizations to drive security, business, and operational enablement.
Upgraded Splunk Enterprise from v 7.x to v 8.x in clustered environments and non-clustered environments.
Analyzed security-based events, risks and reporting instances. Correlating events from a Network, OS, Anti-Virus, IDS/ IPS, Firewalls or Proxies and analyzing them for possible threats.
Understand and interpret customer requirements for Splunk implementation for an enterprise solution.
Experience with creating Physical and logical data models
Developed Splunk Infrastructure on Cloud (Amazon AWS) in coordination with infrastructure Support Teams.
Worked on Splunk ITSI scales to collect and index terabytes of real-time and historical events and metrics that are both human and machine- generated, across multi-datacenter and cloud-based infrastructures.
Designs and develops RPA solutions using UiPath.
Designs, configures, deploys, and integrates new, modified and/or enhanced UiPath automation solution.
Identify processes and workflows that can be enhanced by a Robotics Process Automation (RPA).
Critically evaluate workflows with a view to improve efficiency and enhance the usage of RPA and workflow automation.
Extensive experience designing, deploying, and managing clustered Splunk Enterprise systems - Clustered Indexers, Search Heads, HTTP Event Collectors, and Forwarders
Experience in developing END to END planning & Implementation of Various Network Devices and Business Application with the SIEM Device-QRADAR/ SPLUNK
Experience managing data retention policies and performing index administration, maintenance and optimization, and configuration backups.
Onboard new log sources with log analysis and parsing to enable SIEM correlation.
Developed python scripts as needed in support of data collection, reporting and presentation requirements
Created Splunk Apps using XML and Web Components. Knowledge of app creation, user and role access permissions.
Experience in Java scripting and Python scripting for advanced UI integration.
Worked on properly creating/maintaining/updating necessary documentation for Splunk Apps, dashboards, upgrades and tracked issues.
Monitoring various event sources for possible intrusion and determine the severity of threat.
Experience in building Splunk Technology Add-ons and configuring field extractions for various data sources
Extensive experience Implement SPLUNK service and app monitoring for new applications, devices, and platform components.
ExxonMobil - Houston, TX April 2017 –Mar 2018
Splunk Admin/ Developer
Prepared technical documentation for reports and training material. Mentored and guided new team members by giving KT on schedule based.
Created custom dashboards, alerts, searches and reports to meet requirements of various groups.
Provided regular support, guidance to splunk project teams on complex solution and issue resolution with the objective of ensuring best fit and high quality.
Supported Security Operations Center's splunk usage to improve agency wide security visibility.
Participated in an on-call rotation for support of systems outside of normal business hours.
Managed data retention policies and perform index administration along with maintenance and optimization and configuration back-ups and provided granular, role-based security, manage access control to sensitive logs/data.
Designed Splunk Enterprise 7.x infrastructure to provide high availability by configuring clusters across two different data centers.
On boarding the data from different application servers kept across the globe to the Splunk Server.
Configured DBConnect application in Capital Group and Indexed different database logs for the application teams.
Created basic search heads for the application teams and creating users, roles and granting permissions.
Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
As a member of Implementation Partner Attended meetings with Client's Stake holders and be a part of all discussions to choose a right SIEM solution suitable for the Clients Infrastructure.
Monitored SYF's splunk infrastructure and involved in capacity planning and optimization, involved in trouble shooting log-feeds, field extracts and search time etc.
Managed network design and applied security-based configurations on splunk environment according to SYF's standard security guidelines.
Conducted a data source assessment of all available data/logs in SYF- environment that can be ingested into splunk.
Performed an assessment of SYF's existing splunk enterprise implementation in the context of heath,supportability, and scalability, which includes Reviewing indexer core configurations (server.conf, web.conf, inputs.conf), Search head core configurations(outputs.conf, authorize.conf), server class.conf audit.
BP Energy Company - Houston, TX Jan 2015 – Mar 2017
Splunk Admin
Installed and configured Splunk DB Connect in Single and distributed server environments.
Configure the add-on app SSO Integration for user authentication and Single Sign-on in Splunk Web.
Automating in Splunk using Perl with Service-Now for event triggering.
Deployed Splunk updates and license distribution over multiple servers using a deployment server.
Create Dashboard Views, Reports and Alerts for events and configure alert mail.
Monitor the Splunk infrastructure for capacity planning and optimization
Server monitoring using tools likes Splunk, SolarWinds Orion, HP BSM and HP Open View.
Integrated ServiceNow with Splunk to generate the Incidents from Splunk.
Active monitoring of Jobs through alert tools and responding with certain action logs, analyses the logs and escalate to high level teams on critical issues.
Configured and administered Tomcat JDBC, JMS and JNDI services.
Configured Node manager to remotely administer Managed servers
Experience in handling network resources and protocols such as TCP/IP, Ethernet, DNS
Splunk configuration that involves different web application and batch, create Saved search and summary search, summary indexes.
Splunk search construction with ability to create well-structured search queries that minimize performance impact.
Scaling up ELK (Elastic search/Log stash/Kibana) to index 90 G a day of raw data (Tested alternative open source for splunk).
Education:
Computer Engineering Technology B.S.
University: Texas Southern University
Graduated: December 2019
Location: Houston, TX 77004, United States