Cyber Security Operations
Resume:
Paul Awunor
Washington, DC
******@*****.***
https://www.linkedin.com/in/paulawunor/
Secret Clearence from US CBP, Public Trust from FAA
Summary:
Paul is a result-oriented Splunk Engineer who has good hands-on experience involved in network security, system security, and supporting security information and event management (SIEM), SOC (security operations center) environment where use cases where predominantly discovered and documented, IDS (Intrusion Detection System) in the XSOAR dashboard and streamline threat detection.
SKILLS:
Over 10 years of IT operations experience including Cyber Security and Linux Administration. Years of Splunk Architect, Enterprise Security implementation and administration experience including planning deploying, monitoring, troubleshooting, and upgrading a distributed and clustered environment; Manipulating raw data prior to Splunk ingestion; and creating and managing user accounts and roles
Proven ability to quickly acquire new technology and application knowledge and troubleshooting and resolve IT related issues Exemplary client/customer/stakeholder/peer-service skills with a positive, always helpful, and professional attitude. Passionate about IT and big data and enjoy both creatively and systematically discovering ways to improve business processes and gain deeper insights.
Experience in Threat Detection and Monitoring by XSOAR
Experience using tools to monitor security alerts and logs
Experience using monitoring tools to identify signs of malicious activity
Experience using tools to administer and monitor network vulnerabilities
Experience using SEP/PCF for Authorization and Authentication Secure logging system.
Experience with MS O365 security Alerting
Experience monitoring and troubleshooting Risk Based Alerting software.
I am currently working on my Splunk Architect Certification.
Experience using Linux audit logging.
Experience using Splunk Core to deploy large Data to different environment.
Expert in using UNIX OS. Ability to use UNIX commands effectively.
Ability to write shell scripts for scheduled Cronk jobs.
Expert in searching different Syslogs from OPT, ETC files and directory in the Splunk installation.
Ability to Onboard Data into Splunk. Export and Import. 1TB data per day use.
Ability to troubleshoot issues, errors and Alerts.
Experience using workflows to identify Actionable Alerts using SIEM tools.
Experience working in a SOC environment Collaborating with the Incident Response team to analyze security incidents
Experience in identifying root causes and working on mitigation strategies when there is an incident.
As the Owner of the enterprise ES (Profile User and Admin), I am able to work in the environment
Expert in business process engineering and software development life cycle, including analysis, design, development, testing and implementation of software applications.
Experience using cloud-housed Splunk Servers, indexers.
negotiate with consultants / subcontractor in order to remain within budget and achieve the SOW outlined on the deliverables
Proficient in the use of Splunk, Deltek, Microsoft Project, Microsoft Visio, and working in a Share-point environment. Also, proficient in working with large Databases in Oracle and writing SQL Queries
Built and operationalized the Datadog SIEM tool from the ground up.
Expert in Data analysis and creating different visualizations using Splunk, turning indexed data to meaningful information for decision making.
Worked in various SOC (security operations centers) where USE CASES are predominantly discovered and documented.
Organized and managed the creation of tracking systems and Dashboards to reflect performance and deliverables of tasks. Proficient with Jira, Confluence and Remedy as ticket tracking software.
Participates in the development of the department’s strategic plans, training materials and tools.
Effectively trained and mentored staff on departmental tools and systems.
Experienced in working in an Agile / Scrum environment.
Implemented Project Management best practices to track and monitor tasks and SLA to ensure deliverables are produced on time.
Created dashboards for different use cases.
Ingested data from databases, application servers, and syslog servers.
Tuned reports at the database level to increase efficiency.
TECHNICAL SKILLS:
Applicable Software: Splunk 7, Splunk ES, Splunk Essentials, MS Access, Red Hat Enterprise Virtualization Hypervisor (RHEV-H), CShell Scripts, Bash, HTML/XML/XSL, MS Office, MS Project, MS Visio. Remedy, Toolset, Active Directory, Cent OS, Ubuntu, Linux, Jmeter, Putty, Eclipse Highly proficient in productivity tools (MS Word, Excel, PowerPoint, Google Docs), collaboration tools (Confluence, Wiki, Jira, etc.), elastic search and data analysis tools (Excel, SQL Server BackEnd, etc.). VMWare, Active Directory, MS project, Single -sign-on. MobaXterm, SOAR, Sentinel one, Bitbucket
Operating Software: Sun Solaris 8, 9 10, RedHat Enterprise Linux 4/5, Microsoft Windows NT 3.x, 4 / 2000/2003/2008, networks, routers, Oracle SQL databases, Virtualization, Access Management solutions for single sign on. AWS(Amazon), EC2, ELB, Lambda or Beanstalk, Automation Testing.
Protocols: TCP/IP, SSL, NTP, VPN, SSH, DNS, DHCP, LDAP, NFS, VMWare, Putty, NIST
Hardware: Sun Fire Enterprise Servers, Sun T-Series Servers, Sun Ultra SPARC
Servers/Workstations, Dell Servers/Workstations, Routers, Switches, Firewalls and Backup systems
EDUCATION
UNIVERSITY OF MARYLAND ADELPHI (08/2010)
MBA
CERTIFICATIONS:
1.Splunk Core Certified Power User
2.Splunk Power User
3.Spunk Enterprise Admin
4.CompTIA Security Plus
5.Certified Scrum Master
6.Oracle Certified Associate (OCA-) (2016)
7.Oracle/SQL Fundamental 11g Server – (2016)
8.Certificate in Data Communications Management (2003)
TRAINING:
1.ITIL 4 Foundation
2.Understanding PMP for employees
3.AWS Google Cloud Practitioner
4.AWS Architect Associates
5.Splunk Architect Certification Ongoing
6.AWS
7.Troubleshooting Splunk Enterprise
8.Splunk Enterprise clustering Palo Alto network
9.Cyber Threat Intelligence
10.Cortex XDR
11.XSOAR Engineer
12.Cortex XSOAR Analysis
13.Cortex XSOAR IT Administration
14.Cortex XSOAR SOC
15.SentinelOne (S1)
16.Effective statement of work
17.D3 Introduction
EXPERIENCE:
06/2023 to CHARLES SCHWAB
Present Splunk Engineer
I do monitor data that comes from Splunk environment.
Worked on performing systems testing, including auto scaling configurations.
Ability to maintain a High Performance/Low Impact Splunk Searches by recognizing when additional search heads are needed to provide additional CPU cores.
Worked on Indexers put in Splunk integration.
Worked on Data Center, Data Masking, and Data ingesting.
Worked on Updating already created Dashboard in large enterprise environment.
Proficient in network security, system security, and supporting security information and event management (SIEM)
Worked on a daily basis in UNIX OS. Using the Linux CLI(Putty) I can run GIT commands, configure all the default config files and sometimes run Shell scripting. (B-SHELL)
Developed playbooks in XSOAR to automate common endpoint security processes, such as patch management, log analysis, and incident remediation.
Study use cases and Industrial Defender are used in conjunction with Splunk to improve threat detection and response.
Worked on infrastructure management and support and system administration in
Windows and UNIX environments
Worked on security tools, including Firewall, IDS, and Active Directory
Enhance Splunk skills by focusing on dashboard development for real-time monitoring of Industrial IoT (IIoT) devices and OT environments.
Managed and deployed endpoint protection solutions, including antivirus, anti-malware, and EDR (Endpoint Detection and Response) tools, across diverse IT and OT environments to enhance security posture, Security orchestration automation and response
Used Common Information Model (CIM) in identifying logs and data related to an Index or App.so there can be an improved Field Normalization in an environment.
09/2021 to TIKTOK/DELOITTE
05/2023 Splunk Engineer
Cloud Managed Services
Designed, built, maintained, large Splunk infrastructures in AWS.
SOP and Documenting security threats, incidents, and response actions in a timely and concise manner
Advisory role in providing design and implementation of secure architecture for internal and external services.
Perform the optimization applications to reduce impact on resources.
Updated and provided regular reporting on security detection activities, including metrics on threats detected
Administer, configuration, tuning large environments in Splunk environment.
Assist the client in setting up tools and documentation conduct forensic investigations to understand the scope and impact of security incidents
Administer data onboarding, Splunk Tas
Use Kafka connect for secure source types, new index creation.
I manage complex data, managing role-based access control, configuring roles and designing data onboarding to support current and future roles.
Implemented Splunk SmartStore to enhance data storage efficiency and reduce storage costs by offloading older, less frequently accessed data to Amazon S3 buckets.
Using SPL, I can view and monitor the correct Splunk tags, eventtypes, and event actions, Ability to convert the log format to Raw, List or Table. Ability to understand the Macros of the event breakdown. What time frame are we looking at? E.g EST or CST as configured by Splunk in the environment.
Designed and maintained Cribl pipelines for filtering, enriching, and transforming log data to optimize ingestion and enhance insights for security and operational use cases.
Troubleshoot logs, Data, App promotion, Data source, Data, Data, Data, Data, Data, Data, Data, config files. I can measure/track Data Quality (Unix) and resolve any related issues in the back and from end of the environment.
Experience using Regular Expressions (RegEx). I do use it for Line breaks, Line _merge, time format,
Regex and custom scripting.
Maintain a stable environment because I can work my way around Splunk CLI configuration and management.
Expertise in Splunk SPL and some python.
Configured advanced endpoint protection policies to ensure compliance with security standards and best practices, reducing the risk of malware and ransomware attacks.
Worked with some Splunk Premium Apps - Enterprise Security (ES) 4.7 minimally.
The operational Splunk environment continues to go through revisions to meet requirements demands.
Optimized Smart Store cache configurations for higher performance and faster search results, ensuring scalability for large datasets.
Design, development, and implementation of the Splunk infrastructure as well as support operations activities.
Assist in changing platforms from on prem to a cloud-based environment.
Designing and executing changes to implement the future state of Splunk for the client.
Worked closely with the data acquisition team, the business teams, and the executive management on the commercial side to provide comprehensive architecture solutions meeting the client's requirements and future needs.
Acted as the Splunk SME for all things Splunk.
Splunk Architecture (enterprise clustered environments). I do understand how a clustered environment works and how cluster SH, INDEXERS AND INDEXES performs its task.
Analyzed relevant event details and summary information from SIEM logs and Checkpoint FW logs.
Supported and lead evolving business development efforts by applying technical and functional expertise to develop business solutions.
Wrote a proposal validate Splunk involvement/necessity to a client.
Monitored and tuned Smart Store deployments, identifying bottlenecks and improving data access patterns to support high-performance use cases in Splunk environments.
Collaborated in correlating Use Cases Tracker and Use Cases List.
Verifying Windows and all the OS Datasource (Windows, Linux, Palo Alto, Cloud, firewall respectively
Verification of logs parameter to determine 100% validations
Monitored and analyzed endpoint security logs to detect, investigate, and respond to suspicious activities using tools such as Splunk.
Reviewing the log retention by verifying the defaulting events logs based on each OS data source.
Checking the Splunk var Log for retention and have it documented.
Utilized Cribl’s data reduction techniques to minimize storage costs while preserving critical log information for analysis and reporting.
Access the Log Source Retention from Splunk, edit the index in the dynamic data storage field.
Assisted in Creating architecture design deliverable to provide a standard for future clients.
Collaborated with team in cloud architecture design for Splunk, AWS and GCP
Built and operationalized the Datadog SIEM tool from the ground up.
Supported team reviewing GCP logs in Splunk to ensure all were being logged properly and fixed issues with logs that were not working properly.
Collaborate with colleagues or industry experts who specialize in IIoT to gain practical insights into the types of dashboards and alerts that are most effective.
Used XSOAR to autodetect and remediate errors, abuses, threads, and Compliance issues.
Used the war room as a tool to share the present and imminent with the analyst, administration, and he present and imminent with the analyst, administration, and security engineer.
Performed security awareness less that involves use cases, SOP and playbook simulation.
Supervise and rewrote playbooks on Sentinelone (S1)
Developed Splunk dashboards and alerts for real-time monitoring of endpoint security status, providing proactive threat detection and incident response.
Supervised the Cyber knowledge assessments in a SOC environment.
04/2019 to DC GOVERNMENT
08/2021 SIEM “USE CASES” Gap Analysis and Remediation
Managed and created ongoing and final deliverable on status of use cases for team and client.
Worked on “USE CASES” documentation in client system and ensured they were in compliant.
Assisted team in reviewing use cases and identifying gaps using Splunk.
Interfaced with clients and team to ascertain priority of use cases.
The Client on a weekly basis on ongoing work.
Clients’ goals and went beyond.
Handed over complete and detailed deliverables to the client.
Collaborated in correlating Use Cases Tracker and Use Cases List.
Verifying Windows and all the OS Datasource (Windows, Linux, Trendmicro, Cloud, firewall respectively
Verification of logs parameter to determine 100% validations
Focused on the installation, configuration, and optimization of SIEM solutions.
Reviewing the log retention by verifying the defaulting events logs based on each OS data source.
checking the Splunk var Log for retention and have it documented.
Access the Log Source Retention from Splunk, edit the index in the dynamic data storage field.
Assisted in Creating architecture design deliverable to provide a standard for future clients.
Collaborated with team in cloud architecture design for Splunk, AWS and GCP
Supported team reviewing GCP logs in Splunk to ensure all were being logged properly and fixed issues with logs that were not working properly.
12/2017 to JMA SOLUTIONS-FAA (Federal Aviation Administration) – (Washington DC/Virginia)
03/2019 Sr Splunk Engineer
Creating and development and troubleshooting of Splunk Alerts issues
Ability to troubleshoot and report using XML for Dashboards after deployment. Supporting the SOC team daily with all their Splunk needs. Modifying and creating dashboards as needed to match their use cases.
The data is verifying that the current dashboards and reports in Splunk and in the 2 main Apps Splunk Essentials and Splunk Enterprise Security are pulling the correct data from source.
Monitoring the health check of the Splunk environment, making necessary upgrades and fixing performance issues.
Onboarding Data from elibrary application and other servers to Splunk. Adding users, granting permission and access to users.
Documentation of installation change management and configuration.
Patching all Splunk Servers periodically as needed.
01/2013 to ACUITY TECHNOLOGY - Maryland
11/2017 U.S. Customs and Border Protection
Splunk Administrator
Meeting with Data owners, stack holders and the technical team to understand their processes, gather both business requirement and functional requirements that will be used to create dashboards, dynamic reports and other monitoring tools.
Collaborate with product owner/IT team to address needed log files and data gaps. Drawing the wireframe for each Dashboard that was proposed.
Carried out Data validation and Data quality manipulation in the configuration files.
Working with the Admins with onboarding log files into Splunk database and making any necessary configuration change
Writing SPL search strings for different panels on the dashboard.
Collaborated with stakeholders to customize dashboards and reports in the SIEM platform, providing actionable insights into security posture.
Modifying xml source codes during Development of dashboards.
Initial testing of deliverable, user acceptance testing.
collaborated with cross-functional teams to develop custom threat detection use cases, aligning SIEM capabilities with specific industry compliance standards and regulatory.
In this project I started by defining and documenting the scope of the work required. The key component of this was talking with stakeholders, teammates, and coworkers and getting everyone to sign off. Things that had to be agreed on were the work to be done, and most of all, what were the metrics for defining success.
Resources also had to be developed for the project to be successful. Taking into consideration this project intersected with multiple groups, each group had to be considered when developing the resources. Groups included both the team developing the program and the help desk that has to support it. The considerations and actions taken included:
I interviewed other data/server teams to ensure that Splunk implementation was done correctly by determining scalability of the Splunk enterprise.
Planned for the frequency of logs that would be produced, the volume that would have to be indexed, and the layout needed.
Calculated and estimated how many Licenses were needed for the Splunk environment.
Participated in the Configuring of the indexer/search Head cluster with Splunk professional services.
On boarded data from different data sources, and modified configuration files to ensure data/logs were indexed correctly.
Developed key macros, and a unification of data was generated to make future development more efficient.
Prepared, arranged, and tested Splunk search strings.
Created and configured management reports/dashboards in Splunk.
Analyzed and monitored incident management and incident resolution problems.
01/2010 to BAE SYSTEMS - McLean Virginia
11/2012 Database Administrator
Troubleshoot and resolve various Oracle connectivity problems.
Provide network troubleshooting and administrative support for the development staff.
Installation and management of Oracle database using database control.
Create and manage documentation on the configuration and support of the Oracle databases.
Perform bulk load into the database using SQL Loader
Provide database administration on production, testing and development database servers.
Managing Schema Objects.
Regular Monitoring Alert Log Files and trace files on Day to Day Basis.
REFERENCE: Available upon request.
Contact this candidate