SALAMATU BANGURA
Upper Marlboro, MD, *****
Email: ************@*****.***
Professional Overview
Highly efficient and well-organized professional with more than 9+ years of IT infrastructure experience,
with intimate knowledge in Linux, and over 5+ years of experience in Splunk Management.
Experienced in Splunk administration, operations, and specialized experience in deploying large enterprise.
wide Splunk clusters. Responsible for developing, managing, maintaining performance dashboards, security.
analytics, statistical analysis, indexes, alerts, reports within SPLUNK system to provide data visualizations.
Tools
Red Hat, Centos, AWS, Veritas Volume Manager, Apache, Tomcat, Jboss, Netbackup, Splunk, Splunk
Enterprise Security, Puppet, Jenkins, Vagrant, F5, Nagios, GIT, VMware, Linux, Unix, and Remote Desktop,
Skills
Application Software
Big Data Analysis & Administration
Alerts Creation Searching & Reporting Commands
Workflow Actions & Data Models
HTTP Event collector
ES Event Processing & Normalization Data Imports, Configuration & Monitoring
Data Machine Learning License Management Threat Intelligence
Microsoft Suite HTML Python Linux Amazon Web Services (AWS) /AZURE
CERTIFICATIONS
· Splunk Core Certified User
· Splunk Core Certified Power User
· Splunk Enterprise Certified Admin
PROFESSIONAL EXPERIENCE
Cognosant (Veteran Affairs)
SPLUNK SECURITY ENGINEER 10/2022 - Present
•Manage Splunk configuration files like inputs, props, transforms, and lookups.
•Upgrading the Splunk Enterprise and security patching. Deploy, configure, and maintain Splunk forwarder on different platforms.
•Ensuring that the application website is up-to-date and available to the users.
•Continuous monitoring of the alerts received through mail to check if all the application servers and web servers are up.
•Created Splunk Search Processing Language (SPL) queries, Reports, Alerts, and Dashboards, worked on various defects analyses, and fixed them.
•Responsible for collecting and onboarding data from various systems/servers, Forwarder Management.
•Creating and managing Splunk apps.
•Builds Splunk queries by Splunk Search Processing Language (SPL) and Regular expressions.
• Creating and managing Splunk apps.
• Use of Jira Kanban to self-manage workload to meet services SLAs.
• Light programming (scripting) using python.
• Responsible for monitoring service delivery, Splunk administration log monitoring, and onboarding new.
•monitoring and alerting (via Moog, ITRS, and Thousand Eyes), customer support, and process
•improvement.
•Worked with Splunk professional service to resolve vendor-based issues.
•Install Splunk Enterprise and configure Splunk instances mounting Disk configured port.
•Onboard data to Splunk using Splunk forwarders, with DB Connect API Syslog-NG HEC Token Azure
•Migrate users and their reports, alerts, dashboards, lookups, and event types from On-prem to Splunk Cloud
•Respond to after-hours critical alerts, including troubleshooting cluster-master outages.
•Installation, configuration, and deployment of Splunk enterprise and associated apps in clustered and distributed environments
•Provides support for Splunk installation, integration, deployment, configuration, and
•maintenance.
•Troubleshooting and solving server outages from Splunk using different configurations and
•command line to analyze different logs e.g splunkd.log
• Managing multiple servers for AWS and Azure environments, including security, security policy
•compliance, and developed Splunk infrastructure and related solutions.
• Monitoring system health via Monitoring Console.
Find federally mandated data sources for cybersecurity requirements
Develop and Test Splunk TAs and Add-ons for data ingestion with Heavy forwarders
Configure and manage Splunk cloud deployment for federal agencies
Test M-21-31 solutions in IHS Dev Environments
Develop ingest documentation for new data sources
Identify gaps in agency cybersecurity logging
Work with federal IT teams to set basic cybersecurity infrastructure logging
Improve ingestion and searching performance by utilizing index time settings (props)
•
Gridiron IT Solutions/Department of Health and Human Services,
Ft Lauderdale, FL 12/2021 - 10/2022
SPLUNK SECURITY ENGINEER
RESPONSIBILITIES
•Deploy, manage, and onboard data for the HHS multisite cluster.
•Monitoring of HHS opdiv Splunk environments to ensure data availability.
•Developed HHS peered search to federated search transition plan.
•Supported HHS Splunk maintenance activities after hours.
•Troubleshoot Splunk server outages and loss of data
•Tested and developed technical add-ons for custom data onboarding.
•Contributed and participated in high-level Splunk migration and upgrade discussions.
•Worked with Splunk professional service to resolve vendor-based issues.
•Creating and managing Dashboard Report and Alert
•Install Splunk Enterprise and configure Splunk instances.
•Troubleshoot, administer and expand large national Splunk multi-site clustered environment ingesting 6TB of data a day.
•Onboard data to Splunk using Splunk forwarders, with DB Connect
•Modify and create new technical add-ons to onboard data to Splunk, including creating field extraction.
•Troubleshoot, modify, and create Splunk reports, alerts, and dashboards,
•Migrate users and their reports, alerts, dashboards, lookups, and event types from standalone Splunk search heads into search head clusters.
•Upgrade Splunk forwarders and Splunk servers
•Create roles in Splunk and map SAML groups to roles on the Splunk search head cluster.
•Respond to and troubleshoot DMC Alerts (search peer down, critical physical memory usage alerts, and others)
•Optimize users’ Splunk queries in alerts and dashboards.
•Respond to after-hours critical alerts, including troubleshooting cluster-master outages.
ENNOBLE FIRST/DEPARTMENT OF TREASURY
SPLUNK SECURITY ENGINEER
RESPONSIBILITIES JAN 2021/NOV 2021
•Performed orphan troubleshooting for user’s KO’s.
•Troubleshooting of base searches for performance issues by adding lookups
•Helped application groups create dashboards/alerts/reports based on their needs.
•Created Regular Expressions for Field Extractions in Splunk.
•Facilitate knowledge sharing by creating and maintaining detailed and comprehensive documentation and diagrams, while also collaborating with other team members on standard processes and technology roadmaps
•Troubleshoot non-firing alerts, reports, or dashboards.
•Integrate Service Now add-on to push/pull data to generate incidents/requests/tasks into service now.
•Respond to and resolve support requests in a timely fashion, while balancing project timelines and other responsibilities.
•Troubleshoot non-firing alerts, reports, or dashboards.
•Configuring Splunk forwarded management.
•Deployed Splunk architecture at the disaster recovery site
•Working with the SOC team to create or modify functional security use cases for our SIEM.
•Install Splunk Enterprise and configure Splunk instances.
•Troubleshoot, administer and expand large national Splunk multi-site clustered environment ingesting 6TB of data a day.
•Onboard data to Splunk using Splunk forwarders, Syslog, and API integration with DB Connect
•Modify and create new technical add-ons to onboard data to Splunk, including creating field Extractions.
APPLIED INSIGHT/US Courts
SPLUNK SECURITY ENGINEER Aug 2020 – Dec 2020
RESPONSIBILITIES
•Installation, configuration, and deployment of Splunk enterprise and associated apps in clustered and distributed environments
•Migrated on perm environment to AWS environment.
•Creating and Managing Apps, Create user, roles, and Permissions to Knowledge objects.
•Integration with other teams and onboard data. Ensure the data is in proper format and handle the traffic of the data flow.
•Day-to-day maintenance and operations of Splunk and the development of user access (e.g. roles and configuration).
•Provided industry standard expertise in the deployment, configuration, and operations of Splunk.
•Performed orphan troubleshooting for user’s KO’s.
•Troubleshooting of base searches for performance issues by adding lookups
•Helped application groups to create dashboards/alerts/reports based on their needs.
•Created Regular Expressions for Field Extractions in Splunk.
•Facilitate knowledge sharing by creating and maintaining detailed and comprehensive documentation and diagrams, while also collaborating with other team members on standard processes and technology roadmaps
•Troubleshoot non-firing alerts, reports, or dashboards.
•Integrate Service Now add-on to push/pull data to generate incident/request/tasks into service now.
•Regularly monitoring SPLUNK component using DYNATRACE and DMC to identify any possible errors.
•Respond to and resolve support requests in timely fashion, while balancing project timelines and other responsibilities
PARTIGARD
SPLUNK SECURITY ENGINEER Jan 2016 –Aug 2020
RESPONSIBILITIES
•Provides Splunk technical and infrastructure consulting services to include multiple authentication factors.
•Doing data quality task that include creating custom TA’s, extracting fields, event types and creating lookup tables.
•Experience working with the CIM for data Normalization.
•Installation, configuration, and deployment of Splunk and associated apps in clustered and distributed environments.
•Create data retention policies and perform index administration, maintenance, and optimization.
•Create stakeholder on-boarding documentation to steam inline the process of onboarding in a multi-tenant environment.
•Integration of data onboarding and ensuring that date is properly formatted and handling traffic flow.
•Install and configured universal and heavy forwarders, deployment server, and search deployer.
•Configuring Splunk forwarded management.
•Deployed Splunk architecture at disaster recovery site
•Troubleshooting Splunk issues and data ingestion
•Help application team in on boarding their data, and creating and managing Dashboard, Report and Alert
•Apply best practices for AWS data ingestion, data retention, role-based access, and disaster recovery.
•Optimize Splunk Server I/O throughput to support real-time searches of all Splunk users and timely log ingestion.
•Working with SOC team to create or modify functional security use-cases for our SIEM.
•Archival Data Recovery, cost, and performance optimization
CENTER FOR MEDICAID AND MEDICARE Baltimore, MD
SYSTEM ADMINISTRATOR August 2011 - November 2015
RESPONSIBILITIES
•Developed key performance indicators (KPIs) and other performance metrics as a component of the performance review process for IT managed service providers.
•Defined service level agreement (SLA) terms with contractors engaged in providing services to the company, ensuring compliance with agreement terms by all parties and facilitating corrective action measures.
•Regularly monitoring our environment using DYNATRACE to identify any possible errors.
•Created standard operating procedures and metrics for a quality assurance program to monitor, track, and improve data center service provider’s performance across all critical functional areas.
•Collaborated in the development of business continuity plans, addressing key procedural areas such as disaster recovery, server and software technologies, and network design. Create Logical volumes and design the environment to the job's directions.
•Install Virtual machines, as well as physical machines.
•Assist in any data migration activities whenever necessary with the team.
•Assist the team with transferring software applications and reports between testing and production environments.
•Design, implement and maintain 24 Splunk servers on Linux and Window OS across 6 environments for log collection and analysis for various internal teams which included alerts dashboard and reporting.
•Development and customization of Splunk using advanced configuration techniques, PowerShell, Python scripting, and deploying Splunk apps.
•Gathering various sources of syslog data from devices, applications, and web pages, using Splunk Language for analysis.
•Collaborate with the customer’s business and IT subject matter experts during the discovery process to identify business processes, develop business and technical requirements as well as understand functional/technical constraints.
•Consulting with customers on the rationalization, consolidation, relocation, migration, or virtualization of projects into VMware Data Center environment
•Responsible for performing infrastructure discovery and analysis and providing technology solutions based on analysis of data.