Data Collector
Resume:
(US NAVY VETERAN)
Houston, TX ***** 713-***-**** *************@*****.***
SUMMARY
• Certified professional with over 8 years of experience in the IT industry leveraging on cybersecurity tools, SIEM Management, high proficiency in data analysis, Splunk, cloud solutions (AWS, Azure) and UNIX management.
• Experienced in Splunk architecture design and build.
• Experienced in managing Splunk components including search heads, indexers and forwarders, deployment server, monitoring console, license master.
Experience in implementation of Splunk premium applications, application management, and data security as per customer requirements and industry best practice.
• Over 6 years of experience with Splunk ES, Splunk Architecture and other Applications such as Palo Alto, crowdstrike, data dog.
• Experience with MQSeries for providing and facilitating communication between client and service providers.
• Good knowledge of Security as related to the MITRE Attack Framework.
• Experience with Saas, Iaas and Paas solutions.
• Good Knowledge of AWS, Azure and Google Cloud.
• Experienced in Incident handling, Vulnerability management and threat mitigation.
• Good Knowledge of Palo Alto, SentinelOne, o365.
• In-dept understanding of Project Management principles and best practice of software configuration management (SCM) in Agile, SCRUM and Waterfall methodologies.
EDUCATION AND TRAINING
Associate Degree - Yaba college of technology, 2004
Associate Degree - Chartered Insurance Inst. of Nig.
Certifications
Splunk Core Certified User
Splunk Core Certified Power User
Splunk Core Certified Admin
CompTIA Security+ Certified
AWS Certified Solutions Architect-professional
SKILLS
Splunk: Splunk 7.x and 8.x, 9.x, Splunk Enterprise Security,
Splunk DBConnect, Splunk UBA.
Machine Learning tool kit, Splunk UBA.
Monitoring Tools: IBM QRadar, App Dynamics, Grafana, and New Relic.
Operating Systems: Windows, Windows Server, Linux (RHEL), UNIX. RDBMS: Oracle 11g/10g, MS-SQL Server 2000/2005/2008, DB2 MS Access, MySQL.
Web/App Servers: Apache Tomcat 6.0, web logic8.1/9.2, MapR6.1
Others: Microsoft ATA, CB Protect, CB Response, AWS, Azure, Google cloud.
EXPERIENCE
Splunk Administrator 03/2022 - Current
Safehaven Securities – Houston, Texas.
• Installed, configured, and maintained Splunk Add ons and Apps such as but not limited to: Splunk Add-On for AWS, Splunk Add-On for Windows, and Google Workspace for Splunk.
• Managed user requests through ServiceNow.
• Created agendas and communication materials for team meetings.
• Managed and edited various .conf files such as indexes.conf, props.conf, and servers.conf etc.
• Created and deployed deployment apps from the Deployment Server.
• Managed a clustered environment with multiple indexers and search heads.
• Administered both Splunk Enterprise and Splunk Enterprise Security.
• Worked closely with various Security and Platform Engineering teams to onboard new data from various sources.
• Improved operations by working with team members and customers to find workable solutions.
• Onboarded data using file monitoring, HTTP Event Collector, and API Calls.
• Created and presented high level information on the state of Splunk to the C-Suite and senior management.
• Performed Splunk Version and Maintenance upgrades.
• Designed and implemented detailed system designs for enhanced operations.
• Juggled multiple projects and tasks to ensure high quality and timely delivery.
• Defined and implemented Role Based Access through user roles
• Implemented optimal solutions to meet technical and business requirements
• Planned capacity and architectural design changes to meet current and future business needs.
• Implemented Splunk SmartStore to increase storage capacity.
Splunk Admin/Developer 01/2021 -02/2022
2020 Companies – Houston, Texas.
• Assisted clients and internal staff with troubleshooting to quickly and effectively resolve Splunk performance and data quality issues.
• Tested and validated Splunk data in the UAT environment prior to going into Production to alleviate and troubleshoot issues.
• Leveraged Splunk to design and implement Splunk Knowledge Objects to include: Reports, Dashboards and Alerts for compliance and security monitoring.
• Optimized Splunk Search Processing Language (SPL) code to increase efficiency and performance within the Enterprise Data Lake (EDL) Splunk environments.
• Extracted fields with Regular Expressions.
• Experience using Jira,
• Introduced automation workflows to reduce redundancy and enhance workflow.
• Assisted in reviewing and editing process and procedure documentation for ISCR compliance and audit requirements.
• Experience with MQSeries to provide communication between client and providers
• Worked with CLSS to onboard operational and security data into Splunk.
• Worked with CTFC and SCD to implement and approve security monitoring baselines.
• Conducted meetings to improve security posture with security engineering teams.
• Created technical workflows to support education and training of newly hired employees and increase procedure knowledge.
Splunk Admin 10/2019 - 12/2020
Grayco communications– Houston, Texas.
• Responsible for leading enterprise-wide efforts to reduce organizations exposure to cyber attacks through monitoring, analysis, and assessment of the threat landscape, asset health, and adversary activity data.
• Involved in the verification, tracking, and remediation of technology defects by determining the root cause of anomalies and track them through remediation.
• Worked with Enterprise Security event monitoring computer security incident response, DDoS support.
• Served as the focal point for evolving threats, and assists with development and tuning of tools, to detect these threats.
• Worked with platform and source SMEs, architects, and team on technical approaches leveraging Splunk.
• Performed feed-source typing, event-line breaking, timestamp extractions, field parsing, (custom extractions), Common Information Model (CIM) normalization, and created both event types and tags for Splunk data models.
• Responsible for development and deployment activities to satisfy task and project commitments, including but not limited to Creation of knowledge objects and configuration files, Selection, testing, and integration of add-ons and applications, Writing and verification of queries and code to satisfy requirements.
• Provide visibility into organizations cybersecurity related events of interest using data, security tool signatures, advanced correlation, visualization, and alerting.
• Performed security analysis on source type feeds in order to find valuable search time extractions.
• Performed data quality analysis, security analysis, and CIM compliance to ensure data feed is ingested and configured correctly.
• Created visibility at network perimeter with a focus on acquisition and quality of log data from Publicly Accessible Applications (PAA's).
• Built threat model visualizations utilizing Splunk User Behavior Analytics concepts.
Military Training 01/2019 -09/2019
US NAVY
• Teamwork and collaboration skills creating strength and adaptability in the face of adversity.
• Field combat training on offensive and defensive abilities.
• Leadership and communication skills and trainings with the concept of leading without lording.
• Extreme conditions survival training to overcome obstacles and accomplish task.
• Firefighting and damage control training to mitigate loss.
• Radioactive, chemical and biological warfare, gas mask, safety and survival training
• Underwater survival and safety Training.
• Basic ship navigation and special operation watch, intel reporting and counter attack measures.
• General system maintenance on the base.
• Cpr training and causality rescue and security skills.
• Time management, problem-problem solving, performance under pressure trainings and skills.
• Worked with superiors to achieve team goals often in advance of deadlines.
• Provided oversight of team members and equipment.
• Supported 500 personnel in challenging exercise environment, providing tactical voice and data over SATCOM.
Splunk Admin/Developer 05/2017 - 01/2019
Grayco communications – Houston, Texas
• Worked on On-boarding of Web and database server logs into Splunk using DBConnect.
• configured and managed a Splunk cluster, deploying apps through Splunk deployment server, Splunk version upgrades and created roles and authentication.
• Utilized the Splunk Machine Learning concepts, algorithms to write complex queries using SPL and visualize data into dashboards and reports.
• worked on multiple configuration file (.conf) settings.
• Configured the heavy forwarder to receive and send the logs from syslog server to Splunk indexers and created dashboards and customized report leveraging on cron time.
• onboarded data from multiple appliances into the cluster and analyze data with SPL queries.
• Performed Splunk administration and analytics development on Information Security, Infrastructure, network logs.
• Developed specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflow.
• Deployed Splunk enterprise package and forwarder package in multiple instances.
• Standardized Splunk forwarder deployment, configuration, and maintenance on all Windows and Linux platforms.
• Real-time monitoring of enterprise endpoints for signs of malicious activity by Carbon Black (CB).
• Analyzed threat patterns by Carbon Black (CB) and investigated SIEM alerts with endpoint context.
• Participated in client requirements meetings and presented the visual presentations of possible outcomes.
• Developed the use cases for different business requirements.
• Executed daily vulnerability assessments, threat assessment, and mitigation and reported activities in order to safeguard information assets and ensure protection had been put in place on the systems.
• Designed the Correlation searches for multiple end client requirements.
• Worked with knowledge objects like LOOKUPS and XML.
• worked on with Citrix NetScaler load balancer.
• Resolved various indexer cluster issues.
• Assisted the privileged user access management team to solve the daily encountered problems.
• Customized dashboards, reports and scheduled searches.
• Worked on User access roles and capabilities.
Contact this candidate