SIEM Engineering Leader & Splunk Automation Architect

EVERARDO RAMIREZ

SIEM Engineering Leader Automation Architect Splunk ITSI & Enterprise Security

Specialist

Tampa, FL 813-***-**** *******@******.*** linkedin.com/in/everagu CERTIFICATIONS & QUALIFICATIONS

• Splunk Enterprise Certified Architect (Expected Q3 2026)

• Splunk Enterprise Security (ES) Certified Admin

• Splunk Certified Administrator Splunk Core Certified Power User

• ITIL Foundation v3 Microsoft Certified Professional (MCP) VMware Certified Professional

• NetApp Certified Storage Architect Darktrace Threat Visualizer

• Currently pursuing: CISSP GIAC Security Essentials (GSEC) EXECUTIVE SUMMARY

SIEM Engineering Leader with 15+ years of enterprise IT and cybersecurity expertise, with proven track record leading technical teams and managing strategic automation initiatives at scale. Demonstrated leadership experience directing Splunk engineering teams (Grupo Aubay) and leading consulting services delivery programs (Anthasoft), including co-responsibility for team member selection and organizational growth. Deep expertise designing, deploying, and optimizing enterprise SIEM platforms (Splunk Enterprise, Splunk Cloud, Splunk ITSI) across complex multi-entity environments. Proven technical depth in Splunk Enterprise Security (ES), Splunk ITSI, detection engineering, correlation rule development, and end-to-end data ingestion pipeline architecture. Skilled at managing vision and strategy for automation programs, driving adoption of monitoring and automation standards across diverse technology stacks, and fostering cultures of technical excellence and continuous innovation. Strong communicator with ability to collaborate with and influence senior technology leaders, mentor engineering teams, and translate complex technical requirements into scalable solutions.

Technical expertise in automation engineering (Python, PowerShell, SOAR, API integration), data pipeline design (Cribl Stream, Kafka, log normalization), compliance automation, and integration of critical tools with core monitoring platforms. Experienced leading cross-functional teams in hybrid work environments, establishing best practices, and driving operational excellence across enterprise security operations. CORE SKILLS

Team Leadership & Technical Management: Technical Team Leadership Engineering Team Development & Mentoring Consulting Services Leadership Team Scaling & Growth Strategy Personnel Selection & Hiring Coaching & Performance Feedback Culture Development Cross-functional Collaboration Influence with Senior Technology Leaders Automation & Automation Strategy: Automation Initiative Management Automation Program Strategy & Vision Automation Expansion & Capability Development Preventive Monitoring Performance Monitoring Process Automation Workflow Orchestration SOAR & Response Automation Multi-Technology Stack Integration SIEM & Splunk Platforms: Splunk ITSI (IT Service Intelligence) Splunk Enterprise Security

(ES) Splunk Enterprise Splunk Cloud Correlation & Detection Rule Development MITRE ATT&CK Alignment Splunk 9.x/10.x CIM Compliance Data Models Data Pipeline & Integration: End-to-End Data Ingestion Pipeline Engineering Log Onboarding & Source Management Log Parsing & Normalization CIM Normalization & Mapping Cribl Stream Kafka HEC Tool Integration & Orchestration Critical Monitoring Platforms Multi-Source Architecture Design

Scripting & Automation Languages: Python PowerShell Bash/Shell SPL (Splunk Query Language) Automation Scripting API Development & Integration Infrastructure as Code Infrastructure & Cloud: AWS (EC2, S3, CloudTrail) Azure Linux (RHEL/Ubuntu) Windows Server VMware vSphere Docker Active Directory Syslog Network Security Multi- Technology Management

Compliance & Regulatory: NIST Framework ISO 27001 SOX Compliance ITIL Compliance Automation Audit Logging & Reporting Data Retention & Privacy PROFESSIONAL EXPERIENCE

Santander Bank (U.S.) Senior SIEM Architect & Technical Lead September 2022 – March 2026 (3+ years)

• Architected Enterprise SIEM Automation Initiatives: Designed and executed automation initiatives in support of critical security operations activities across 3 large enterprise entities. Managed vision and strategy for automation program expansion, including performance monitoring, preventive threat monitoring, and advanced alerting capabilities. Collaborated with technology leaders across infrastructure, network, and application teams to ensure adoption of monitoring and automation standards.

• Splunk ITSI & Enterprise Security Architecture: Led implementation and expansion of Splunk ITSI (IT Service Intelligence) capabilities integrated with Splunk Enterprise Security (ES) to provide critical application support information, service health monitoring, and advanced incident correlation. Designed integration of ITSI with core Splunk Cloud monitoring platform, enabling real-time service dependency mapping and intelligent alert correlation.

• End-to-End Data Ingestion Pipeline Engineering: Engineered complete data ingestion architecture for 2,800+ logging sources across 3 large enterprise entities, managing onboarding, log parsing, CIM normalization, and correlation rule development. Designed Cribl Stream pipelines for multi-source log routing, real-time filtering, and enrichment prior to SIEM ingestion, ensuring data integrity and reducing collection-layer noise.

• Correlation Rule Development & Detection Engineering: Developed and maintained 40+ correlation rules and detection searches within Splunk ES aligned to MITRE ATT&CK tactics and techniques. Systematically optimized alert thresholds and rule logic to reduce false positive rate from 35% to 12%, improving SOC analyst efficiency and alert credibility. Achieved 96% critical system log coverage.

• Automation Platform & Multi-Technology Integration: Led integration of critical tools with core Splunk monitoring platform, including ServiceNow ITSM automation for incident management, EDR/XDR platform correlation, and threat intelligence feed integration. Engineered automation workflows using Python and PowerShell to streamline security operations processes and reduce manual operational overhead.

• Best Practices & Standards Development: Established and communicated best practices for detection rule development, data model design, log source onboarding, and automation workflows across multiple technology stacks. Collaborated with senior technology leaders to ensure adoption of consistent monitoring standards and automation methodologies across the enterprise.

• Splunk Cloud Operations & Reliability: Managed overall health and operations of Splunk Cloud instance supporting 99.9% availability SLA. Coordinated mandatory Splunk Cloud updates and patches with vendor support. Implemented proactive monitoring and health checks to maintain platform reliability supporting 24/7 security operations.

• Technical Documentation & Knowledge Transfer: Produced and maintained comprehensive technical design documentation for SIEM architecture, data onboarding procedures, correlation rule libraries, and automation workflows. Developed reusable automation scripts and implementation templates to standardize processes and reduce deployment time.

Verizon SIEM Infrastructure Engineering Lead

December 2019 – September 2022 (2+ years)

• Architect & Managed Enterprise SIEM Infrastructure: Designed and operated 35- node indexer cluster and 5-node search head cluster supporting 1,000+ log sources at 5TB/day throughput in 24/7 SOC environment. Achieved 97% pipeline reliability supporting 100+ SOC analysts and enterprise SLA requirements.

• Detection Rule Development & Optimization: Developed 30+ correlation rules and detection logic within Splunk ES. Optimized real-time alerting and data acceleration techniques, reducing mean time to detection (MTTD) from 15 minutes to 3 minutes and improving threat detection velocity.

• Team Guidance & Operational Maturity: Provided technical guidance and leadership to SOC teams. Delivered SOC tooling and SIEM process training, improving team operational maturity and reducing alert escalations by 30%. Established best practices for log analysis and incident investigation.

• Capacity Planning & Performance Management: Performed infrastructure capacity planning, growth projections, and performance tuning. Proactively managed cluster health through monitoring, maintenance, and optimization of indexing efficiency and search performance.

Grupo Aubay Splunk Engineering Team Lead & Solutions Architect September 2018 – November 2019

• Led Splunk Engineering Team: Directed team of Splunk engineers executing 15+ enterprise SIEM deployment and integration engagements across financial services and telecom sectors. Managed team scaling, mentored engineers on detection engineering best practices, and ensured consistent solution quality across all client engagements. Achieved 65% POC-to-production conversion rate through technical excellence and team leadership.

• Designed Enterprise SIEM Architectures: Led architectural design for end-to-end SIEM deployments covering log collection, data pipeline engineering, parsing, CIM normalization, correlation rule development, compliance automation, and identity monitoring tailored to each client's business and regulatory requirements.

• Correlation Rules & Detection Engineering: Developed correlation rule libraries and detection logic for each SIEM deployment. Established Splunk engineering best practices for rule development, data model design, and alerting capabilities. Mentored engineering team on MITRE ATT&CK alignment and detection engineering methodologies.

• Tool Integration & ServiceNow Automation: Led integration of ServiceNow ITSM with SIEM event management workflows, automating incident ticketing and escalation processes. Designed automation solutions reducing SOC response overhead by 60%. Engineered API integrations and workflow orchestration across multiple client platforms.

Anthasoft Consulting Services Director & SIEM Architect June 2014 – August 2018 (4+ years)

• Directed Consulting Services Team: Led consulting services delivery program directing team selection, project staffing, and resource allocation. Partnered with company ownership in strategic personnel decisions, team scaling, and organizational development. Managed consulting team performance, client relationships, and delivery of enterprise SIEM solutions across multiple verticals.

• Executed Enterprise SIEM Programs: Delivered 20+ enterprise Splunk SIEM implementations across financial services, manufacturing, and retail sectors, achieving 99.7% uptime SLA. Designed end-to-end SIEM architectures covering data ingestion, log parsing, normalization, compliance automation, and detection rule development tailored to client requirements.

• Detection Engineering & Rule Development: Developed client-specific correlation rule libraries covering endpoint security, network monitoring, cloud security events, and compliance-driven detections. Established detection rule standards and best practices across all SIEM implementations.

• Automation & Standardization: Reduced deployment time by 70% through standardized technical design documentation, automated onboarding scripts

(Python/Shell), and reusable architecture templates. Established best practices for SIEM implementation and automation across consulting engagements, improving team efficiency and client satisfaction.

KEY METRICS & ACHIEVEMENTS

• Team Leadership: Directed Splunk engineering team (Grupo Aubay) Directed consulting services team with hiring responsibility (Anthasoft) Provided technical guidance and training to SOC and infrastructure teams

• SIEM Operations: 99.9% uptime SLA maintained (Santander) 2,800+ log sources managed 400-500 GB/day ingest volume Splunk ITSI integration deployed 97% pipeline reliability (Verizon)

• Automation & Efficiency: 90-minute MTTR (from 4 hours) 35% 12% false positive reduction 40+ correlation rules developed 96% critical system log coverage 60% SOC response overhead reduction

• Detection & Response: 3-minute MTTD optimized (from 15 minutes) 40+ correlation rules aligned to MITRE ATT&CK Real-time threat monitoring and anomaly detection

30% reduction in SOC escalations

• Program Delivery: 18-month enterprise migration on-time/under-budget 15+ consulting engagements with 65% POC-conversion 20+ enterprise deployments with 99.7% SLA 70% deployment time reduction through automation

• Data Quality & Architecture: 92% CIM compliance End-to-end data pipeline engineering across 2,800+ sources Cribl Stream deployment standardized Log parsing and normalization frameworks established

TECHNICAL STACK

• SIEM Platforms: Splunk Enterprise, Splunk Cloud, Splunk ES (Enterprise Security), Splunk ITSI, IBM QRadar

• Data Pipeline & Integration: Cribl Stream, Kafka, HEC, Syslog, Universal Forwarder, Heavy Forwarder, DB Connect

• Automation & Scripting: Python, PowerShell, Bash/Shell, SPL (Splunk Query Language), SOAR, API Integration, Workflow Orchestration

• Cloud & Infrastructure: AWS (EC2, S3, CloudTrail), Azure, Linux (RHEL/Ubuntu), Windows Server, VMware vSphere, Docker, Active Directory

• Security Frameworks: MITRE ATT&CK, CIM, ITIL, SOC Operations, Threat Intelligence Integration

• Integrations & Tooling: ServiceNow ITSM, EDR/XDR Platforms, Google Chronicle, Darktrace, Identity Management

EDUCATION

B.S. in Computer Systems & Business Administration Universidad del Valle de Mexico 2011

LANGUAGES & ADDITIONAL INFORMATION

• English: Advanced (C1) - Professional fluency in technical and business communications

• Spanish: Native - Bilingual capability for diverse teams and international environments

• Remote Work: 100% remote experience, comfortable with US/global timezones and distributed teams

• Availability: Ready to start immediately TN Visa (USMCA) valid through August 2027

Contact this candidate