Information Technology Enterprise Security
Resume:
Khondokar Rahman
P: 973-***-**** Email: adz5vv@r.postjobfree.com
PROFESSIONAL PROFILE
●CompTIA Certified Cybersecurity Analyst (CySA+), Splunk Certified User with 9+ years of experience in Information Technology field Splunk Developer/Admin, Enterprise Security ES, Power User.
●Experience in Cyber Threat Intelligence, Vulnerability Management, Security Engineering, Incident Response or Offensive Security
●Experience on Monitoring security logs and alerts using SIEM tools to identify potential threats.
●Knowledge of advanced persistent cyber threats, actors, infrastructures and TTP, in OT infrastructures
●Experience on Network Security with proven track record in implementing and managing Intrusion Prevention Systems(IPS) and Intrusion Detection Systems (IDS)
●Ability to build business & operational intelligence dashboards and glass tables using Splunk & Splunk ITSI.
●Experience on Splunk apps/add-ons like Windows defender, Palo Alto, Check Point, Bro, Cisco ASA, IMAP, F5-BigIP, Splunk Enterprise Security suite & etc.
●Experience on Onboard new log sources with log analysis and parsing to enable SIEM correlation.
●Deployed dashboards in Dynatrace for both operations and various lines of business.
●Use Dynatrace to perform root cause analysis and quickly drill down to correct error fault path and hot spots..
●Experience in using Splunk platform in Linux and windows.
●Experienced in SHELL scripting, BASH scripting, PYTHON and Splunk apps like DB connect.
●Security content creation from data sources and from security tools such as IDS/IPS, Anti-Virus, Malware Gateway, Firewalls and Internet Proxy.
●Expert in writing complex Search queries Including Complex Regex Queries.
●Experience with Splunk UI/GUI development activities by managing the Splunk knowledge. objects like Field extraction, Tags and Lookups management.
●Proficiency in Python scripting for data manipulation, extraction and automation.
●Extensive knowledge in writing Packages, Stored Procedures, Functions and Database.
●Experience with Windows, Linux, vulnerability assessment tools, firewalls, IDS/IPS, Nessus, NMAP, DNS, Nat Rules, Splunk, Routers, Switches, LAN/WAN, TCP/IP protocols, HyperV, Endpoint Security.
PROFESSIONAL EXPERIENCE
Cyber Security Specialist/ SIEM Specialist
US Dept Of Veterans Affairs, WV Aug 2020 – Present
(Contractor, VA Cybersecurity Operations Center CSOC)
Monitor/Analyze security alerts, systems logs and reports to identify and respond to potential Security Incidents.
Create, manage, monitor, and update Correlation Searches, data models, data model acceleration, search accelerations in ES environment.
Monitor, manage, and update all aspects of the Incident Review Panel and Integrate endpoint security systems into the Secure-24 ticketing system.
Design, Develop and Implement Apps & Knowledge Objects (KO) like Dashboard, Reports, Data Models, Actionable Alerts and Workflow for Splunk
Maintain, Manage and Monitor Splunk Infrastructure (Identify bad searches, dashboards and manage overall health of Splunk)
Develop written processes and procedures for help-desk personnel to use to remediate management or security agent issues including customer-specific procedures, as needed.
Continuously identify and develop security and productivity-enhancing improvements through automation, better procedures, and other innovations
Develop and execute endpoint migration strategies including “rip and replace” of existing solutions
Working closely with Incident Response teams in helping reduce MTTD and MTTR
Continuously research and learn about additional endpoint security solutions which may not be currently in use at Secure-24, but may be in the future including endpoint encryption (full disk and removable media), desktop firewalls, mobile device management, etc.
Manage problem status, set clear expectations, provide timely follow-up to internal and external clients, and independently handle challenging situations on a daily basis
Serve as a security practitioner, as needed, for escalations, incidents, and other security initiatives.•
Assist all sections of the SOC team as required in performing analytic detection.
Splunk Engineer / Developer,
Bank of The West, NE Aug 2019 – Aug 2020
Design, Develop and Implement Apps & Knowledge Objects (KO) like Dashboard, Reports, Data Models, Actionable Alerts and Workflow for Splunk
Maintain, Manage and Monitor Splunk Infrastructure (Identify bad searches, dashboards and manage overall health of Splunk)
Create, optimize, and continuously evaluate security monitoring content on the SIEM and Data Center Dept.
Improving diagnosing risk, security and compliance incidents with issues involving extensive analysis
Assist to recommending security resolutions to management for better malware detection and endpoint security
Monitor and analyze the results, trends, patterns, and events from Data Security and Privacy Compliance Tools (e.g., SAS, OneTrust, BigID, etc.) in addition to other tools (e.g., Splunk/QRadar) to enforce Data Privacy and Security requirements
Working on DB Connect configuration for Oracle, MySQL and MSSQL.
Ensuring support tickets are fully updated with the most current data. Provide proper escalations and handoffs to management and support staff.
Expertise in creating accurate reports, Dashboards, Visualizations and Pivot tables for the business users.
Created field aliases across application events and time modifier conversion commands.
Installation and configuration of Splunk product at different environments.
Splunk Engineer / Admin,
Ford Motor, MI May 2017 –Jul 2019
Configured Splunk Searching and Reporting modules, Knowledge Objects, Administered Data Ingestion, Add-On's, Dashboards, Index Cluster and Forwarder Management.
Configured Splunk forwarders and indexers to ingest infrastructure logs.
Worked on Splunk search processing language, Splunk dashboards and Splunk DB connect app.
Worked on Amazon AWS, configuring, launching Linux and windows server instances for Splunk deployment.
Worked on developing internal web application, Employee Ideal Portal using JAVA, JSP and Spring Framework.
Developing SIEM configurations, use cases and operational models or specific security solutions to meet the customer's requirement and assess risks imposed by technical solutions.
Create multiple Splunk role-based LDAP authentication.
Expert in writing ad-hoc Queries and Base Queries in ITSI.
Ability to multitask, prioritize and take-charge, Use Splunk ITSI to create ITSI services and ITSI KPIs to increase our monitor in coverage.
Experience implementing solutions using Splunk IT Service Intelligence (ITSI).
Created Splunk Search Processing Language (SPL) queries, Reports, Alerts, and Dashboards.
Installed Splunk DB Connect 2.0 in Single and distributed server environments and Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing.
Set up Splunk to capture and analyze data from various layers Load Balancers, Web servers and application servers.
Experience in working with DB connect 3.1/2.X and Splunk base apps.
Upgraded Splunk Enterprise from v 6.5 to v 6.6.2 in clustered environments and non- clustered environments.
Configure the adds-on app SSO Integration for user authentication and Single Sign-on in Splunk Web.
Field Extraction, Using Ifx, Rex Command and Regex in configuration files.
Worked on Splunk UI/GUI development and operations roles.
Created a dynamic lookup with a python scripting in Splunk.
Workaround Implementation and automation of Shell and Python scripts.
Involved in Performing all upgrades and hot patches for McAfee SIEM (Nitro).
Scripted SQL Queries in accordance with the Splunk.
Worked on configuration files inputs. conf, indexes. conf, props. conf, serverclass. conf, transforms. conf and limit.conf.
Created dashboards and reports performance optimization. Working knowledge of scripting languages (e.g. Python, bash, etc.).
Expertise on most of the Linux command-line commands and shell scripting. And scripting for automation, and monitoring using Shell, Python scripts.
Environment : Splunk, Deployment server, Integration, Splunk 6.x Dashboard Examples, Side view utils, Data Models, Server management, Dashboards, Search processing language (SPL), Field extraction, Regex, Rex, LINIX, XML, Advanced XML, JS, CSS, HTML
Splunk Developer /Admin,
Cigna, CT Apr 2015 - Apr 2017
●Provide regular support guidance to Splunk project teams on complex solution and issue resolution.
●Expertise with Splunk UI/GUI development and operations roles.
●Supported Splunk environment with 96 Indexers, n number of forwarders, 6 search heads and generated 15 TB of data per day.
●Creating DevOps dashboard that aggregates data across multiple services to identify critical threats and proactively mitigate risks.
●Plan and Build Splunk Cluster environment with High Availability resources.
●Data Extraction is done using Sqoop to load from Oracle DB to Data lake (Big data) platform.
●Designing and maintaining production-quality Splunk dashboards using Xml.
●Knowledge about Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model.
●Developed scripts (Python, JavaScript, etc.) as needed in support of data collection, reporting and presentation requirements.
●Scripting and development skills (Python) with strong knowledge of regular expressions
●Supports, Monitors and manages the SIEM environment.
●Installation and configuration of Splunk apps to onboard data sources into Splunk.
●Manage and support change in the environment. Experience of working on a very large enterprise environment.
●Splunk SPL (Search Processing Language) and Dash boarding/Visualization. Setup dashboards for network device logs.
●Developed alerts and timed reports Develop and manage Splunk applications. Have done many POCs.
●Worked on DB Connect configuration for Oracle, MySQL and MSSQL.
●Experience on use and understand of complex RegEx (regular expressions).
Environment: Splunk, Deployment server, Splunk 6.x Dashboard Examples, Sideview utils, Data Models, Server management, Dashboards, Search processing language (SPL), Field extraction, Regex, Rex, PYTHON, UNIX, AIX, RED HAT LINUX, Hadoop, XML, HTML
Splunk/Security Engineer,
AT&T, NJ Sep 2011 - Mar 2014
●Experience in development of dashboards/reports, alerts and Splunk integration
●Expertise in Installation, Configuration, Migration, Trouble-Shooting and Maintenance of Splunk Passionate about Machine data and operational Intelligence.
●Responsible for maintaining Splunk CIM and adhering to the best available Datamodel practices
●Responsible for writing custom regex and scripting
●Responsible for alerting and reporting metric to the Operational teams so they could reduce outage times
●Cyber Security Expertise being able to quickly identify usecase enhancement and optimization
●Responsible for attending and helping facilitate daily standup meetings other Scrum ceremonies
●Designed and implemented enterprise SIEM systems: centralized logging, NIDS, alerting and monitoring, compliance reporting, based on HP Arcsight 7.0 SIEM.
●Responsible for HP Arcsight SIEM monitoring and configuration aligned to internal PCI and SOX controls.
● Manage the day-to-day log collection activities of source devices that send log data to SIEM HP Arcsight.
●Managed and monitored McAfee EPO 4.6. Installed Linux/Windows agents and Virus Scan Enterprise.
● Maintain McAfee antivirus applications and appliance, including ePolicy Orchestrator, VSE 8 and 8.5, and Secure Content Manager SCM 3200 SPAM, Virus, and content filtering of web and email traffic.
●Dashboard / Enterprise dashboard customization for various team based on the log source type requirements.
Environment: Tripwire, HP Arcsight, McAfee, UNIX, SQL, SPLUNK.
Technical Skills
●Splunk: Splunk 5.x and Splunk 6.x/7/8.x, Splunk Enterprise, Splunk on Splunk, Splunk DB Connect, Splunk IT Service Intelligence, Splunk Web Framework
●Operating Systems: Windows, Unix/Linux.
●Web technologies: HTML, CSS, JavaScript, XML, Advanced XML.
●Concepts: SIEM, SDLC, Object Oriented Analysis and Design.
●Programming Languages: C, Python, UNIX shell scripts.
●Database: Oracle, MySQL, SQL queries, SQL Procedures.
●DataSources Used: Authentication, DNS, Proxy, AV logs, Firewall logs, Mobile Endpoint logs.
Certifications/Training/Education
Certifications:
CompTIA Cybersecurity Analyst (CySA+)
AWS Certified Developer
Splunk Certified Developer
Splunk Enterprise Security Certified Admin
Splunk Enterprise Certified Admin
Splunk Certified Power User
Splunk Core Certified User
Education:
Bachelor Degree – National University
Security Clearance :
Public Trust Clearance
Contact this candidate