Information Security Data Science

SYEDA

Professional Summary

*+ years of experience at Splunk, in Splunk developing dashboards, forms, SPL searches, reports and views, administration, upgrading, alert scheduling, KPIs, Visualization Add - Ons and Splunk infrastructure.

Experience in Cybersecurity industry

Onboarding logs/alerts related to information security products

Working knowledge of Data Science, Statistical & Predictive Analysis, Quantitative Research and Analytics

Assisting in the proper operation and performance of Splunk, plug-ins, loggers and connectors

Developing dashboards with visual metrics for stakeholders Defining strategy and design around data collection, aggregations, and summarization processes.

Worked on platform Architecture and Capacity planning also on several platform Upgrade and Optimization

Experience in developing ArcSight analytics, dashboards, reports and alerts to support the network security of the organization.

Advanced skills in Java environments, Java Application Server administration and JVM tuning.

Good to have knowledge in Hadoop Admin and also experienced in working in tools JVM and multi-threaded processing.

Good command in writing Splunk searches using Search processing language.

Expertise in technologies generates reports on REST KPI analysis as needed with SPLUNK.

Expertise in customizing Splunk for Monitoring, Application Management and Security as per customer requirements and industry best practice

Experience in responding to requests and incident tickets within defined Service Level Agreements.

Developed specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflow

Supports, Monitors and manages the SIEM environment. Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app, Triage events, Incident Analysis. Developed Splunk Objects and reports on Security baseline violations, Non-authenticated connections, Brute force attacks and many use cases.

Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app, Triage events, Incident Analysis.

Integration of Splunk with a wide variety of legacy ad security data sources that use various protocols.

Use Splunk to collect and index log data. Experience with regular expressions and using regular expressions for data retrieval.

Experience creating and maintaining Splunk reports, dashboards, forms, visualizations, alerts. Strong knowledge of Windows, Linux, and UNIX operating systems.

Manage and support change in the environment. Experience of working on a very large enterprise environment Splunk SPL (Search Processing Language) and Dashboarding/Visualization.

Setup dashboards for network device logs. Machine learning experience and Experience deploying and managing infrastructure on public clouds such as AWS.

Excellent knowledge of SNMP and syslog. Developed several Splunk POCs, KPIs. Design solutions and concepts for data aggregation and visualization.

Splunk deployment, configuration and maintenance across a variety of UNIX and Windows platforms. Able to troubleshoot Splunk server problems and issues.

Technical Skills

Splunk: 6.x and 7.x, Splunk Enterprise, Splunk on Splunk, Splunk DB 2 Connect, Splunk Cloud, Hunk, Splunk IT Service Intelligence, Splunk Web Framework

Grafana, Kibana

Operating Systems: Windows 2000, XP, Win 10, Windows Server, Unix/Linux (Red Hat), Free BSD

Data Analysis: Requirement Analysis, Business Analysis, detail design, data flow diagrams, data definition table, Business Rules, data modeling, Data Warehousing, system integration

RDBMS: Oracle 11g/10g/9i/8i, MS-SQL Server 2000/2005/2008, Sybase, DB2 MS Access, Mysql

Concepts: SDLC, Object Oriented Analysis and Design, Unified Modeling Language (UML), Assembly and System Level Testing, exposure in Agile.

Programming Language: C, C++, Java with Big Data, Python, UNIX shell scripts

Monitoring tool: Netcool,Dynatrac

Work Experience

Security Engineer/Splunk admin March 2020-December 2024

Comcast-PA

Performance tuning, trouble shooting, troubleshooting, managing high availability for large scale Splunk environment.

Creating Splunk Dashboards, Reports, Lookup Tables and Summary indexes.

With Linux background experience deploying systems and applications ie: getting to the command line and configuring add-ons into Splunk.

Log forwarding with Logstash into splunk and Installation of servers into Eracent agents/ITRC and updating Eracent agents.

Knowledge and experience building Grafana dashboards.

Experience working on universal forwarder and Heavy forwarder for configuring add-on and log ingestion.

Hands on experience with AWS snapshots and volumes encryption.

Working on remediating security vulnerabilities.

Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing and Splunk clustering. Setup and configuration of search head cluster with three search head nodes and managing the search head cluster with deployer.

Worked on Onboarding new log sources with log analysis and parsing to enable SIEM correlation. Configuration of inputs.conf and outputs.conf to pull the XML based events to splunk cloud indexer.

Researches, writes and edits documentation and technical requiremnets, including software designs, evaluation plans and reports.

Cyber Security experience (security analytics, SOC experience) and working on networking tools like NetFlow, IDS/IPS, traceroutes, Ipconfig’s and other security related tools.

Creating, maintain, support, repair, customizing System & Splunk applications, search queries and dashboards.

Installation and configuration of Splunk apps to onboard security data sources into Splunk Good experience in working with SNMP traps and Syslog NG in onboarding the security devices on Splunk monitoring. .

Log ingestion into Splunk enterprise for several customers and creating dashboards and alerts of many use cases.

Service now integration for SIEM alerts.

Developed robust, efficient queries that will feed custom Alert, Dashboards and Reports. Worked on Splunk search processing language, Splunk dashboards and Splunk dbconnect app.

Publishing data into Splunk through configurations such as inputs.conf, severclass.conf, server.conf, apps.conf and Outputs.conf configurations

Design and customize complex search queries, and promote advanced searching, forensics and analytics Developed dashboards, data models, reports and optimized their performance.

Working on troubleshooting issues for network and security.

Engaged on security operations for system security patching, renewal of SSL certificates, Websec portal secrets, engaged in change management processes.

Updating documents for all basic operations, creating new training documents for sunburst program.

Build a monthly metric tracker in Grafana to determine the number of client connections greater than 60 seconds per account using Elasticsearch data source.

Involved in migration of Elasticsearch hosted Kibana instance into Daas (Data as a Service).

Forwarding application logs into Melee platform vis Vector as per business requirements.

Updating and adding new service definitions into Kong API.

Updating new SDKs and Versions for the application with health monitoring of Grafana dashboards and updating backend codes.

Worked on creating new dev environment to help support the application and creating new VMs into comcast hosted cloud platform.

Worked on submitting TRA (Technology Resiliency Analysis) for the product application and involved in PRSA for the application.

Work with application owners to create or update monitoring for applications.

Working on migration of docker hub images into Artifactory to pull all the new container images.

Prompt in responding to requests and incident tickets within defined Service Level Agreements.

Splunk Admin/Engineer Jan 2018-Feb 2020

Capital One-VA

Developed Splunk infrastructure and related solutions as per business requirements and automation toolsets.

Designed Splunk Cloud Architecture to Integrate with Windows Infrastructure Integrated ITSI and Unix/Linux Apps to monitor health of the servers.

Monitoring Domain Controller server to push Active Directory logs to Splunk.

Splunk expert level understating with Splunk Enterprise in CIM, Data models, Event management and Tags

Expertise knowledge and experience with Normalization and Data Modeling, specifically in a Splunk environment

Articulated and conveyed advanced technical concepts in presentation on face-to-face related to designing/developing processes that can be understood and followed by splunk developers and administrators

Expert in producing high quality technical documentation for team of experts for project implementation

Monitors, analyzes, enriches and parses logs from a variety technology across multiple platforms such as IDS/IPS.

Experience in Splunk GUI development creating Splunk apps, searches, Data models, dashboards, and Reports using the Splunk query language.

Involved as a Splunk Admin in capturing, analyzing and monitoring front end and middle ware applications.

Worked with Client engagements and data onboarding and writing alerts, dashboards using the Search Processing Language (SPL).

Analyzed security based events, risks and reporting instances. As part of SIEM, monitored notable events through Splunk Enterprise Security (Using V3.0).

Generated Shell Scripts to install Splunk Forwarders on all servers and configure with common Configuration Files such as Bootstrap scripts, Outputs.conf and Inputs.conf files.

Various types of charts alert settings Knowledge of app creation, user and role access permissions. Creating and managing app, create user, role, permissions to knowledge objects.

Provide regular support guidance to SPLUNK project teams on complex solution and issue resolution with the objective of ensuring best fit and high quality.

Interact with the data warehousing team regarding extracting the data and suggest the standard data format such that Splunk will identify most of the fields.

Analyzed large datasets to identify metrics, drivers, performance gaps and opportunities for improvement Splunk DB Connect 2.0 in search head cluster environments of Oracle, MySQL

Designed and implemented a NoSQL based database and associated RESTful web service that persists high-volume user profile data for vertical teams.

Scripted SQL Queries in accordance with the Splunk. Created many of the proof-of-concept dashboards for IT operations, and service owners which are used to monitor application and server health.

Created Dashboards, report, scheduled searches, and alerts. Create dashboard from search, scheduled searches and Inline search vs scheduled search in a dashboard.

Field Extraction, Using IFX, Rex Command and Regex in configuration files. Splunk administering in environments like Window Servers, Red Hat Linux Enterprise Servers.

Environment: Splunk, Deployment server, Integration, Splunk 6.x Dashboard Examples, Sideview utils, Data Models, Server management, Dashboards, Search processing language (SPL), Field extraction, Regex, Rex, LINIX, XML, Advanced XML, JS, CSS, HTML

Splunk Developer Sep 2015- Dec 2016

Bank of America – TX

Designing and implementing Splunk-based best practice solutions. Writing automation scripts for API’s, Unit and Functional test cases using Selenium Web Driver.

Requirement gathering and analysis. Interacted with team members and users during the design and development of the applications and Splunk Objects.

Experience in managing Network infrastructure security using HPE ArcSight ESM/ Splunk for monitoring and classifying and responding to incidents and threats.

Integration of Splunk with a wide variety of legacy and security data sources that use various protocols.

Installation and configuration of Splunk apps to onboard data sources into Splunk Experience with creating disaster recovery plans and testing.

Experience of working on a very large enterprise environment Splunk SPL (Search Processing Language) and Dashboarding/Visualization. Setup dashboards for network device logs.

Developed alerts and timed reports Develop and manage Splunk applications. Have done many POCs. Implemented maps integration and dynamic drill downs extensively.

Created Summary searches and reports; In depth knowledge of Splunk license usage and safeguarding from violation.

Developed Splunk Objects and reports on Security baseline violations, Non-authenticated connections, Brute force attacks and many use cases.

Good experience in working with SNMP traps and Syslog NG in onboarding the security devices on Splunk. Design, support and maintain large Splunk environment in a highly available, redundant, geographically dispersed environment.

Installed Splunk Common Information Model add-on is packaged with Splunk Enterprise Security, Splunk IT Service Intelligence, and the Splunk App for PCI Compliance.

Install, configure, and troubleshoot Splunk. Experience with regular expressions and using regular expressions for data retrieval.

Monitor ArcSight for potential misconfigurations of remote equipment which could negatively impact the security posture of the network.

Responsible for security monitoring, analysis and troubleshooting of events generated by network security devices (IPS, IDS, Firewall).

Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app, Triage events, Incident Analysis.

Work with application owners to create or update monitoring for applications. Experience creating and maintaining Splunk reports, dashboards, forms, visualizations, alerts.

Good experience in building Splunk Security Analytics. Lead logging enrollments from multi-tier applications into the enterprise logging platforms.

Developed specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflow Strong knowledge of Windows, Linux, and UNIX operating systems.

Education

Masters: Masters in information systems

University Name - Stratford university, Richmond, VA

Masters: Masters in Healthcare Administration

University Name – University of Potomac, FallsChurch VA

Masters: MBA in Healthcare Administration

University Name – University of Potomac, FallsChurch VA

PhD: PhD in Information technology

University Name – University of the Cumberlands, Kentucy

Contact this candidate