Post Job Free
Sign in

Incident Response Cybersecurity Analyst

Location:
San Antonio, TX, 78205
Posted:
May 23, 2025

Contact this candidate

Resume:

MEAZA ASFAW

Clarksburg, MD ***** 240-***-**** **********@*****.***

Professional Summary

A certified Splunk Engineer and Cybersecurity Analyst with extensive experience in monitoring, analyzing, and securing IT environments. Proven track record in using Splunk to analyze and correlate complex data sets, detect security anomalies, and provide actionable insights for incident response. Skilled in creating advanced Splunk dashboards using HTML, XML, and CSS to enhance custom user interactions and visualizations. Experienced in deploying and managing Splunk clustered environments and optimizing infrastructure for performance and scalability. Expertise in cybersecurity analysis, including vulnerability management, threat detection, and incident response, with a focus on securing organizational assets. A quick learner and effective team player with strong communication skills, including the ability to create detailed documentation and guide teams in best practices for security monitoring. Eager to contribute to an organization by providing valuable insights and ensuring a robust security posture.

Work History

Security Analyst 05/2023 to Current

Bank of America – Virgilina, VA

Analyzed log files for anomalies, identifying potential intrusions or malicious activity before significant damage occurred.

Maintained up-to-date knowledge of emerging threats by attending professional development events and staying informed on industry trends.

Coordinated incident response efforts across multiple departments, fostering teamwork in resolving complex issues effectively.

Assisted in incident response activities by analyzing logs from firewalls, endpoint devices, and network infrastructure to trace the origins of security incidents and mitigate impact.

Worked closely with cross-functional teams to implement best security practices for software development, improving security posture in the software development lifecycle (SDLC).

Conducted continuous network security monitoring using Splunk, identifying, investigating, and mitigating cybersecurity threats in real time.

Performed regular system and network vulnerability assessments and patch management, ensuring timely application of critical updates and security patches.

Analyzed network traffic using tools like Wireshark and NetFlow to detect signs of DDoS attacks, malware infections, and unauthorized access.

Utilized vulnerability scanning tools such as Nessus and Qualys to perform regular security assessments, identify vulnerabilities, and coordinate remediation actions.

Developed and enforced security policies, procedures, and guidelines to meet compliance requirements (e.g., PCI-DSS, HIPAA, GDPR).

Splunk Security Engineer 04/2023 to 07/2024

NIH – Bethesda, MD

Developed and maintained an interactive M-21-31 compliance dashboard with drilldown features to track NIH institutes' progress.

Perform initial analysis and triage of security incidents flagged in Splunk to determine severity and potential impact, escalating to incident response teams when necessary

Performed gap analysis for M-21-31 data onboarding across NIH institutes and centers, identifying areas for improvement and Mapped sourcetypes to align with M-21-31 standards and regularly updated asset lists for accurate reporting.

Managed NIH asset by updating asset data within Splunk to ensure accurate tracking, reporting, and data integrity.

Led weekly technical meetings with NIH IT teams to provide assistance on Splunk configuration and data onboarding.

Created complex SPL queries, reports, lookups, and saved searches to power M-21-31 dashboards.

Generate detailed incident reports for internal stakeholders, including a timeline of events, indicators of compromise (IOCs), and recommendations for remediation by utilizing different NIST framework.

• Troubleshot Splunk issues to ensure smooth data flow and integrity. Use Splunk powerful search and correlation capabilities to perform deep investigations into security events and determine the root cause of incidents

Work with other security and IT teams to remediate security incidents, identifying compromised systems, malicious behavior, and vulnerabilities.

Set up automated alerts and scheduled jobs for data integrity monitoring and compliance tracking.

Used Cribl to Onboard Syslog data and normalize the logs so that Splunk can process everything smoothly, regardless of where the data is coming from.

Splunk System Analyst 04/2021 to 04/2023

CVS

Integrates a multitude of tools with Splunk, including but not limited to: ProtectWise, NGINX, PostgreSQL, MongoDB, Citrix Netscaler, Okta Identity Cloud, Microsoft SCOM, RSA Archer, Tanium (via REST), RSA SecureID, NGINX

Responsible for managing FW security groups via AWS for inbound and outbound traffic of the Splunk infrastructure

Mitigates security vulnerabilities (such as: CVE-2021-44832, CVE-202145105); applied OS patches; reorganizes AD groups (delete, reassign and create new) to provide more cohesive and secure access control to Splunk systems

Develops dashboards, eg.: Service Monitoring (included information about count of servers throughout the domain, tier listing, compliance status, Open CVEs, Risk score and other related data), Safecom Data device etc.), PureStorage FlashArray dashboard (Purity version, volumes of arrays, snapshots, Share Space, Data Reduction etc.)

• Parses a wide range of data formats through props.conf Manipulates data through transforms.conf: anonymizes PII/PHI data, extracts delimiter-based fields, overwritten metadata (host, source, sourcetype), merges multiple source types together, send events to the nullQueue

Installs and configures Universal Forwarders and Splunk Enterprise instances (Search Heads, Deployment Servers, Indexers, Cluster Masters, Deployers, Heavy Forwarders, License Master, Monitoring Console)

Optimizes search heads performance by setting up queries execution restrictions through limits.conf, assigning orphaned knowledge objects, cleaning up searches and other knowledge objects

Develops architectural blueprint and led to fruition a project of setting up a centralized network data ingestion infrastructure which consist of 35 syslog-ng servers established in a centralized topology connected to the Splunk indexers via universal forwarders

Resolves bundle replication issues by switching replication method from the classic to cascading one

Written dozens of pages of comprehensive confluence Splunk documentation on company's SOPs and Splunk-related topics.

Coordinate and implement response actions to contain ongoing security incidents, such as blocking malicious IP addresses, isolating compromised systems, or disabling breached accounts.

Splunk Engineer 02/2020 to 04/2021

Salesforce

• Set up systemd management of the Splunk instances - configured necessary prerequisites (eg

• Systemctl sudoers rules for non-privilaged splunk user, THP/ulimits) Builds, configures and connects multiple multisite indexer clusters in a single distributed environment due to data governance policies related to location of the onboarded data

Lead ITSA (IT Service Acceptance) efforts; perform cyberflows infrastructure scans and mitigate detected issues with newly-built Splunk instances

• Configured Splunk SMTP-based email engine for 'send an email' alert actions Improved management of Universal forwarders by centralizing configurations through a Deployment Server

• Configured and managed S3 and Azure Blob remote storage Built multisite indexer and search head clusterings consisting of more than 120 instances located in two different sites: Oregon and N.Virginia

Managed and monitored licensing in the infrastructure: analyzed onboarding throughput capacity through internal logs and monitoring console; developed alerts and reports in license violation mitigation efforts; recommended license expansion to accommodate for growing ingestion rates

• Utilized monitoring console capacity to oversee and improve overall system health Comprehensively worked with Universal Forwarders, Heavy Forwarders, HEC and API calls in data onboarding efforts

Managed HEC: centrally configured inputs through a Deployment Server, maintaining more than 300 inputs spread out over 4 Heavy Forwarders

• Performed administrative duties through REST calls via adhoc queries and the curl command Replaced SSL certificates throughout the whole infrastructure due to the expiration of the old ones

Designed a multitude of custom dashboards following content creation best practices, and utilizing custom HTML/XML code and out of the box CSS aesthetics

Performed hundreds of SPL queries utilizing a multitude of commands for a wide range of purposes, eg.: stats, predict, chart, timechart, transforms, eval, rest, join, append, rex, regex and many others

Migrated Deployer and an entire multisite search head clustering to a new, cloud-based environment

Administrated Splunk environment through comprehensive work with configuration files such as inputs.conf, outputs.conf, props.conf, authorize.conf, authentication.conf indexes.conf, server.conf and many others.

Splunk Developer 06/2018 to 02/2020

Comfort Systems USA

Administrated Search Heads in a distributed environment: cleaned up knowledge objects, reassigned ownership, managed roles, users and roles' capabilities, optimized search queries, built apps

Provided end-users with a simplified methodology of development work by creating dozens of macros delivering advanced, yet easily accessible SPL ready to be used in search queries

• Created data models for different teams, e.g.: IBM team, Puppet team, Netops. Using different datamodels like Network traffic, performance, Malware, Vulnarability and authentication from CIM app

• Developed a common data format standard by mapping all of the onboarded data to CIM Developed dozens of dashboards for a wide range of teams and purposes, e.g.: a set of multi paneled dashboards for administrative framework providing detailed overview of the overall health status of Splunk infrastructure

• Fixed, optimized and revamped users' search queries Assisted end users in optimal and effective usage of the Search Heads: fixed and rewritten search queries, hosted Splunk 101 sessions introducing clients to dashboarding and reporting functionalities; provided adhoc support to any technical queries

Created alerts to optimize NetOps, SOC and SysAdmins day-to-day processes and issues responsiveness

• Resolved Job Queue utilization by staggering users' reports and alerts Provided support for Splunk Architects and Engineers in a handful of back-end work, eg: troubleshooted configuration and performance issues, enabled multi site clustering, set up and connected new Splunk components

Help Desk Support Specialist 10/2014 to 06/2018

Kroger

Provide first-line technical support to end-users via phone, email, and remote access tools, resolving hardware, software, and network issues in a timely manner.

Troubleshoot and resolve a wide range of technical issues related to operating systems

(Windows, MacOS, Linux), office applications, and enterprise software.

Assist in the setup, configuration, and maintenance of computer systems, network devices, and peripheral equipment (printers, scanners, etc.).

Maintain accurate records of support requests, issues, and resolutions in ticketing systems, ensuring follow-up and timely closure of tickets.

Escalate unresolved issues to appropriate internal teams (e.g., System Administrators, Network Engineers) and follow through to ensure resolution.

Document solutions to common issues and create knowledge base articles for internal reference and end-user self-service.

Assist in the deployment of new software, applications, and system updates across the organization.

• Provide training and guidance to end-users on software, hardware, and IT best practices. Ensure a high level of customer satisfaction by providing clear and courteous communication, addressing concerns, and ensuring timely resolution of issues

Education

Master of Science: Cybersecurity And Technology Expected in 06/2025 University of Maryland Global Campus - Hyattsville, MD Bachelor of Science: Computer Networking And Cybersecurity 05/2023 University of Maryland Global Campus - Hyattsville, MD Skills

Splunk Modules: Expertise in Splunk 6.x, 7.x, 8.x, and 9.x; Splunk Enterprise; Splunk IT Service

Intelligence (ITSI); Splunk Cloud; Splunk Web

Framework.

• Web/Application Servers: Experience with

Web Logic 10/11g, REST, and Apache Tomcat.

Operating Systems: Proficient in Red Hat Linux,

HP-UX, Windows 10, Ubuntu Linux, Kali Linux.

• • Databases: Knowledge of MySQL, SQL Server.

Web Technologies: Experience with HTML, CSS,

XML.

• Application Monitoring Tools: Proficient in

Splunk, Cribl.

• Automation tool: Chef, Ansible Version Control Tools: Skilled in CVS, and GitHub.

Cloud Technologies: AWS, GCP and Microsoft

Azure platform

• Security Tools & Technologies: Wireshark,

Nessus, CrowdStrike Metasploit, Carbon

Black,Qualys, Rapid7

Certifications

• Splunk Core Certified User

• Splunk Enterprise Certified Admin

• Splunk Core Certified Power User

Languages

English



Contact this candidate