Security Engineer
Resume:
Krupa Radhakrishnan
adioj8@r.postjobfree.com
Splunk Engineer
H4EAD
PROFESSIONAL SUMMARY
Over all 5.5 + years of experience in the field of IT comprising of expertise in Splunk Enterprise, and Networks and Security.
Over 6 years of experience in Splunk 6.x and Splunk 7.x as Splunk Developer.
Experience using Splunk ITSI to create glass tables, KPIs and set alerts using adaptive thresholding.
Extensive knowledge of Splunk Enterprise architecture and components.
Experience setting up Indexers, Search Heads, Universal Forwarders, Deployment Server, Cluster master, and License master.
Expertise in Actuate Reporting, development, deployment, management and performance tuning of accurate reports.
Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing.
Field Extraction, Using Ifx, Rex Command, and Regex in configuration files.
Headed Proof-of-Concepts (POC) on Splunk implementation, mentored and guided other team members on Understanding the use case of Splunk.
Knowledge of installing and using Splunk apps for windows, Linux, Weblogic, Tomcat
Worked Configuration files in Splunk (props.conf, Transforms.conf, Output.conf)
Extensive experience and actively involved in Requirements gathering, Analysis, Reviews
Expert in using rex, erex and IFX to extract the fields from the log files
In depth and extensive Knowledge in setting up alerts and Monitoring recipes from the Machine generated data
Various types of charts, Alert Settings, Knowledge of app creation, user and role access permissions
• Creating and managing app, Creating user, role, Permissions to knowledge objects.
• Used techniques to optimize searches for better performance, Search time vs. Index time field extraction and understanding of configuration files, precedence and working.
• Technically proficient in SPL, MySQL and Oracle.
• Have proficient time-management skills, able to deliver assignments with superior quality on schedule and within budget
• Strong technical background in system design with expertise in project coordination, determination of scope and priority and project implementation
• Experience with Splunk Searching and Reporting modules - (Enterprise Security App and Splunk ITSI) Knowledge Objects, Clustering, Forwarder Management and Dashboards.
Experience in creating dashboards for Financial and Business transactions, intersite transaction, Splunk apps and infrastructure monitoring.
Proficient in Splunk Search Processing Language (SPL).
Installing and using Splunk apps for UNIX and Linux (Splunk nix).
Experience in customizing Splunk dashboards, visualizations, configurations using customized Splunk queries.
PROFESSIONAL EXPERIENCE
Splunk Engineer September 2018 to Present
Vanguard - Malvern, PA
Responsibilities:
Installation and configuration of Splunk product at different environments. Configured Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards, Clustering and Forwarder Management.
Suppress false positive alerts. Weekly/Monthly incident analysis report. Analyzing the events and providing solutions for the incidents.
Involved in setting up alerts for a different type of errors, Data Enrichment using the lookups and Data Interpretation using the Fields and Fields Extraction and performing the Data Normalization using the Tags.
Worked with multiple API teams to forward Open Shift Pod's logs into Splunk.
Developed Glass Tables using Splunk ITSI to help visualize flow of transactions, and to identify weak links across the application's architecture.
Managed user roles to complement Security and operational utilization.
Managed alerts and scheduled reports across multiple teams in order to keep the scheduled search utilization under operational limit.
Incorporated deep dives into glass tables for a better view into application performance over time.
Created KPIs using ITSI to monitor performance of various applications on an enterprise level.
Created dashboards related to financial and business transactions, infrastructure monitoring, and various applications.
Worked with summary indexing to help improve search performance.
Analyzed security based events, risks and reporting instances. Correlating events from a Network, OS, Anti-Virus, IDS/ IPS, Firewalls or Proxies and analyzing them for possible threats.
Knowledge on Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing.
Conducted surveillance on various phishing emails and created alerts from future spam. Worked as part of Cyber Security Incident Response team to check on malware virus and threat emails.
Developed Splunk Search Processing Language (SPL) queries, created Reports, Alerts and Dashboards and customized them.
Understand and interpret customer requirements for Splunk implementation for an enterprise solution.
Provide deployment strategies with the understanding of affordable risk based on customer acceptance.
Created and configured management reports and dashboards. Planned, implemented, and managed Splunk for log management and analytics
Monitor security violations, flag potential violations and logging security incidents in Service Now.
Validate the existing rules and provide recommendation on fine tuning the rules. Creating and sending Risk Advisories to our clients.
Trained the application teams on creating dashboards, reports, and alerts.
Environment: Splunk 7.2, OSE, Kibana, HEC, Fluentd, RHEL, Splunk UF.
Splunk Developer/Admin January 2017 to August 2018
US Cellular - Chicago, IL
Responsibilities:
Created Dashboards, Visualizations, Statistical reports, scheduled searches, alerts
Provided Regular support guidance to Splunk project teams on complex solution and issue resolution
Involved in admin activities and worked on inputs.conf, index.conf, props.conf and transform.conf
Independently identified opportunities to improve operational and other performance for Security, IT Operations and other clients
Performed Capacity Planning on the server side and worked on Splunk Enterprise Security app.
Added Regex fields for easier use of Splunk.
Involved in integration of Service Now with Splunk to consume the alerts from Splunk and create service now tickets.
Developed Splunk Dashboards, searches and reporting to support various internal clients in Security, IT Operations and Application Development
Maintained documentation of applications including what work has been done, what is left to do, and site-specific procedures documenting the Splunk environment
Analyzed large datasets to identify metrics, drivers, performance gaps and opportunities for improvement
Assisted with on boarding relevant data sources as needed, including inputs, SQL, index-time configurations, search-time field extractions, event types, and tags
Worked with internal clients to develop requirements, relationships and value metrics
Worked with administrators to ensure Splunk is actively and accurately running and monitoring on the current infrastructure implementation
Experience on Actuate Reporting, development, deployment, management and performance tuning of Actuate reports
Performed troubleshooting and/or configuration changes to resolve Splunk integration issues
Worked closely with business partners in understanding the UI of Splunk and its different features
Analyzed large datasets to identify metrics, drivers, performance gaps and opportunities for improvement
Knowledge about Splunk architecture and working experience on various components (Search Head, indexer, forwarder, deployment server)
Installed and configured Splunk DB Connect in Single and distributed server environments
Designed and maintained production quality Splunk dashboards
Worked on log parsing, complex Splunk searches, including external table lookups
Experience working on Linux and python,
Developed and Managed Splunk DB connect Identities, Database Inputs, Database Connections, lookups, access controls and Outputs.
Environment: Splunk 6.7, AWS, Windows 2008 R2, Windows 2012 R2, Splunk UF, Redhat
Splunk Developer Mar 2015 to December 2016
Rooms to Go - Tampa, FL
Responsibilities
Created Splunk Search Processing Language (SPL) queries, reports, alerts and dashboards.
Troubleshoot and resolve Splunk performance, log monitoring issues, and dashboard creation.
Created dashboards related to infrastructure monitoring, intersite transactions, and application data.
Worked with knowledge objects like tags, Lookups, macros for search query optimization.
Standardized and implemented Splunk Universal Forwarder deployment, configuration and maintenance in Linux and Windows platforms.
Created detailed reports and scheduled reports as required.
Created and setup alerts to monitor server activity/inactivity and to identify trends.
Setup splunk forwarders for new application tiers introduced into the environment and existing applications.
Used inputs.conf and outputs.conf fies for forwarder management.
Developed and created dashboards in coherence with multiple departments and application teams.
Assist users with creation of dashboards.
Performed field extractions and transformations using RegEx in Splunk.
Provide recommendations, guidance and support in the technical development of new or less experienced team members.
Environment: Splunk 6.2, CIM add-on, Apache 2.x, python, RegEx, Splunk Knowledge Objects
TECHNICAL SKILLS:
Log Analysis Tool
Splunk Enterprise Server 5.x/6.x/7.x, Splunk Universal Forwarder 5.x/6.x, Splunk DB Connect
Web/App Servers
Web Sphere Application Server 5.0/6.x/7.x/8.x, Web Sphere MQ Sever 6.x/7.x, WebSphere XD 6.0/6.1, IBM Http Server 6.x/7.x/8.x, Apache Web Server 2.x, Tomcat 5.5, IIS 6/7.x
Operating Systems
IBM AIX (5.1/6.1), RHL Linux, Windows Server 2003/2008 R2, VMWare
Programming
Java, J2EE, C++, C, SQL/PL SQL, HTML, DHTML, XML.
Scripting
JACL, Python, WSCP, WSADMIN, Korn Shell Script, Perl, JavaScript, CSS, Batch
Networking
TCP/IP Protocols, Socket Programming, DNS.
Frame work
MVC, J2EE Design Patterns, Struts.
IDE
Eclipse, RAD 7, Net Beans, Edit plus, TOAD
EDUCATION
Bachelor of Engineering in Electrical & Electronics in May 2009
Contact this candidate