Mahendra - Splunk Developer/Admin |
[email protected] |
Location: New York, New York, USA |
Relocation: |
Visa: |
Mahendra T
Splunk Developer and Admin Professional Summary: 8+ years of experience in Information Technology field with strong experience as Splunk Admin, developer, Software Analysis, Design and Development for various software applications in providing Business Intelligence Solutions in Data Warehousing for decision Support Systems, and Database Application Development. Experience in Banking & Financial Services, HR and Telecom domains. Experience in Operational Intelligence using Splunk Hands on experience in Grafana Expertise in Installation and Configuration on Splunk components like Forwarders, Indexers, Search heads, and deployment server in Linux, Windows and AWS platforms. Managed Docker orchestration and Docker containerization using Kubernetes. Good Knowledge about Splunk architecture and various components (indexer, forwarder, search heads, deployment server), Heavy and Universal forwarder, License model. Having hands-on experience in the areas of Core java, Hibernate, Struts, EJB and Web Services. Strong understanding of Splunk architecture, components (indexer, forwarder, search head) Experience in setting alerts, notifications, scheduled searches. Experience in creating users and roles access permissions in Splunk Experience in dashboards performance optimization. Working knowledge of scripting languages (e.g., Python, bash, etc.) Currently working on Dashboard Designing for Cloud migration project using the following tools, like Splunk, DataDog, Cloud Watcher and Kubernetes Experience in creating Splunk and Data Dog dashboard and Alerts creation. Involved in standardizing Splunk Phantom SOAR POV deployment, configuration and maintenance across UNIX and Windows platforms. Experience in developing and automating application using Unix Shell Scripting in the field of Big Data using Map-Reduce Programming for batch processing of jobs on a HDFS cluster Experience in Dynatrace server-side monitoring, real time call inspection, analysis Experience in installing and configuring Dynatrace DC-RUM components. Experience in installing and configuration of Dynatrace applications monitoring components. Developed Splunk Objects and reports on Security baseline violations, Non-authenticated connections, Brute force attacks and many use cases. Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app, Triage events, Incident Analysis. Create and maintain reports and alerts in APM tools. Wide experience in monitoring and troubleshooting the applications using tools like ITCAM, Splunk, AppDynamics, Grafana, SolarWinds. Used Splunk SIEM threat analyst in a managed service security operation center (SOC), triaging cyber threats utilizing Splunk and various Cloud security tools. Solid knowledge and experience in Monitoring the Splunk infrastructure for capacity planning and optimization, Automating in Splunk using Perl with Service-Now for event triggering. Having good understanding of Splunk configuring files like props.conf, index conf, inputs.conf, outputs. conf. Knowledge in using Amazon S3 as object storage built to store and receive any amount of data at a massive scale integrating as part of Splunk Frozen Bucket Archival & Restoration Process. Used Splunk and ELK (Elastic Stack) For Log Error or Any Kind of Log Analytics. Responsible for troubleshooting Splunk Forwarders Having knowledge of creating Reports and Dashboards Extensively worked in various design patterns and frameworks. Having hands on experience in the migrating CVS TO SVN Having hands on experience of the creating the automated ant build tools Having hands on experience in the areas of jQuery and AJAX Having hands-on experience in the areas of PL/SQL. Hands on knowledge in AWS and Azure services Having Good knowledge, the spring-based application using Spring Boot, Spring Data, Spring Restful service, Spring security, Spring Cloud and Spring Integration Expertise in database programming (SQL, PL/SQL) with Oracle and MySQL. Extensively used Eclipse and IntelliJ IDEA as IDE for application development and support Having Good knowledge on Cognos reporting tool Having Hands on experience in UNIX Having knowledge on SSIS Package Creation Technical Skills: Splunk Modules: Splunk v8, v7, Splunk 5.x/6x, Splunk DB Connect, Splunk Enterprise, Splunk on Splunk, Splunk App for VMware, Grafana, Splunk Web Framework. Splunk Add on for Microsoft Cloud services, Splunk Utilization Monitor. ELK Architecture and Operations Administration Tool: Splunk 7, Splunk 9 Spring Framework: Spring Boot, DATA, Restful Service, Security, Spring Integration Web Services: SOAP, SOAR, Restful service Web Technologies: Java Script, XML, HTML, CSS, Ajax. Servers: websphere8, Web Logic 12.1.3.0, Apache Tomcat 7, JBoss. Database: Oracle 10g, MySQL Building Tool: Ant, Maven. Reporting tool: Cognos. IDE: My Eclipse 7, Eclipse 4.2, NetBeans 8.2. PROFESSIONAL EXPERIENCE Client: Toyota,Plano Tx Role: Splunk Developer and Admin Duration: Jan 2021 Till Date Responsibilities: Develop dashboards for various use cases of customers using SPL, XML and enrich the dashboards using lookups, event tags etc. Optimize the dashboards using Splunk best practices such as Base/Post processing searches. Modify dashboard XML code for specific custom requirements. Splunk error troubleshooting, Access control management (creating custom roles, providing access to Splunk) Build of Hadoop cluster for Splunk and ELK data archiving Perform the log pattern analysis and apply field-based extractions (regex) to ease the development work. Export the VM OS data by extracting Splunk reports and transferring to Azure blob with a custom script. Worked on Splunk Phantom SOAR Proof of Value (POV) project and created regex-based parser to parse logs and configuring different connectors Develop dashboards in Datadog, Splunk, Kibana and Grafana that trigger alerts based on predefined thresholds. Evaluated OTS integration solutions for logging, tracing and observability like Splunk, SignalFx, Power connect, Jaeger, New Relic etc. Solved many problems on call with my knowledge on the applications using event logs on the system / server and telemetry logs on the server, later started using Splunk for health monitoring, analysis and reporting. Operate and maintain support equipment including Tracking Antennas, Telemetry receivers, Recording devices, Post Detection Telemetry Subsystem and related equipment. Worked on creating lookups like csv lookups, kvstore lookups, Splunk regex for field extractions and also monitored amazon ECS logs in Splunk by enabling SSL for security. Created correlation searches for security incidents through Splunk enterprise security Developed various dashboards, reports for IT Infrastructure, IT Security, Leadership and other relevant stakeholders. Dealt with Splunk Utilities Work with Github repos to distribute Splunk custom app configurations such as JMX etc. to multiple clusters associated with different datacenters. Engineer support for Linux, Splunk, Elk, Hadoop, and SolarWinds LEM Monitors agencies sensors and SOC (Security Operation Center) systems for incidents and malicious activity. Deployed new staging and sandbox clustered environments and managing Cluster master, Deployer and Deployment server. Good experience in Splunk, WLST, Shell scripting to automate and monitor the environment routine tasks Strong knowledge of Monitoring and log analytics tools like Nagios, Dynatrace, New Relic, Splunk, Elasticsearch, Logstash, and Kibana (ELK), Grafana, Datadog, Sumo Logic, AppDynamics Knowledge and demonstrable experience of Security Information Event Management systems (Sentinel, Intel, QRadar, RSA, Splunk) Assisted is the initial SIEM deployment and oversee SIEM operations, fine-tuning SIEM and associated use cases, data queries, and dashboards. Provide Tier 3 support on daily incidents with Azure AD, Azure Sentinel, and MCAS. Provide SME level technical and strategic direction to the SIEM team Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the SIEM/Log Management platforms Creation of technically detailed reports on the status of the SIEM to include metrics on items such as number of logging sources; log collection rate, and server performance Knowledge and understanding of one or more of the following concepts and technologies is a plus: SIEM, Proxies, Firewall, Content Filtering, Vulnerability Scanning, Email, IAM and Web Security Worked as Technical Lead responsible for the Global Security Operation Center (SOC) team of five analysts. Sources are configurations that enable Cribl Stream to receive data from remote senders (Splunk, TCP, Syslog, etc.), or to collect data from remote file stores or the local machine. Experience with AWS and Azure, Cloud technologies, Techniques and Methodologies. Planning and implementation of data and storage management solutions in Azure (SQL Azure, Azure files, Queue storage, Blob storage). Strong command on source controller concepts such as Branches, Merges and Tags. Architect/design/implement services or solutions that handle significant scale/volume/complexity on Azure. Create clusters in Azure and manage the clusters using Kubernetes Implemented automation code for integrating load runner with Grafana monitoring tool and database using python scripts. QuickConnect is a graphical interface for setting up data flow through your Cribl Stream deployment. Designed, developed or recommended measures to ensure successful up-time of our security infrastructure Designed, developed or recommended distributed computing environment architectures Exhibited knowledge and ability to collaborate on SIEM functional requirements: logging, event collection, normalization, correlation Storage, system access, reporting, and customization Exhibited knowledge and ability to collaborate on SIEM nonfunctional requirements: monitoring, retention, reporting, regulatory and contractual considerations, high availability, disaster recovery, and success criteria. Worked with key Customer personnel on macro design elements for SIEM system such as data/event source collection protocols and methods, asset risk weighting criteria, asset classification profiles Used case frameworks, customization requirements, dashboards Developed end-to-end framework using Gitscm, Jenkins and Ansible scripts for deploying and call back CRUD operations using splunk SDK and API Implemented monitoring tools like Splunk, Grafana and Dynatrace to ensure the health and performance of applications and created dashboards and alerts. Worked on setup and configuring non-cluster indexers to Clustered indexers for improved performance. Worked on Cloud migration, Cloud OP s and Cost optimization. Build python scripts to publish splunk usage and consumption metrics to Kafka topics using SSL certs. Developed ansible scripts to automate the splunk upgrade and index creation process with setting up LDAP groups. Worked on Splunk, Shell scripting to automate and monitor the environment routine tasks. Build and deployed No Cli workflow which includes building Data models, extracting fields using regex, wringing complex searches (data correlation), deploying and executing python scripts and creating KO's in splunk Wrote utilities in C# to interact with the Amazon S3 to manage Splunk archived data. Deployed multiple splunk apps and addons on SH cluster such as Kafka, Salesforce app and DUO. Created and configured management reports, analytical dashboards and alerts in Splunk for application log monitoring. Worked on Splunk Cloud and Splunk on-premise infrastructure with clustering Supporting migration from Splunk on-premise data center to Amazon AWS Successfully ported on-premises applications to AWS, Landing Zone, and achieved significant increase in availability and cost savings. Involved in standardizing Splunk Phantom SOAR POV deployment, configuration and maintenance across UNIX and Windows platforms. Managed Kubernetes charts using Helm. Created reproducible builds of Kubernetes applications, managed Kubernetes manifest files and Managed releases of Helm packages Implemented testing environment for Kubernetes and administered the Kubernetes clusters. Excellent experience in configuring monitoring tools like Logstash, Fluentd, Instana, Kibana, Elasticsearch, Splunk for log management. Experience in Dynatrace server-side monitoring, real time call inspection, analysis Experience in installing and configuring Dynatrace DC-RUM components. Experience in installing and configuration of Dynatrace applications monitoring components. Create and maintain reports and alerts in APM tools. Comprehensive understanding of APM practices, performance engineering as well as security Analysis. Monitoring applications with Splunk, APM and NRQL with Newrelic. Experience in monitoring tools Grafana and New Relic APMwith sending application metrics, creating dashboards views and writing NRQL queries. Experience in managing AWS services for cloud monitoring, VPC and other network layers, including experience with monitoring and log aggregating frameworks like CloudWatch, Splunk, AWS X-Ray. Experience with regular monitoring activities in Unix/Linux servers like log verification to ensure the application availability and performance by using CloudWatch and AWS X-Ray. Implemented AWS X-Ray service. It allows development teams to visually detect node and edge latency distribution directly from the service map tools. Wide experience in monitoring and troubleshooting the applications using tools like ITCAM, Splunk, AppDynamics, Grafana, SolarWinds. Solid knowledge and experience in Monitoring the Splunk infrastructure for capacity planning and optimization, Automating in Splunk using Perl with Service-Now for event triggering. Experience in Installing AppDynamics Event Services, App-Server Agent, machine agents, database agents, JavaScript agent. Environment: Python, Ansible, Splunk SDK, telemetry, SignalFX, New Relic,App Dynamics, Datadog, ELK, Grafana, Dynatrace Monitoring, Phantom, CRIBL, AZURE, Amazon S3, Splunk Security, API, WS, Kafka, Git, Bitbucket, SOC, Jenkins, Ansible, NGINX, Linux. Client: Blackrock, New York, NY Role: Splunk Developer Duration: July 2019 to Dec 2020 Responsibilities: Managed Splunk configuration files like inputs, props, transforms, and lookups. Designed, supported, and maintained the Splunk infrastructure on Windows, Linux, and UNIX environments. Installed Splunk Enterprise, Splunk forwarder, Splunk Indexer, and apps in multiple servers. Configured the add-on app SSO Integration for user authentication and single assign-on in Splunk Web. Configured and installed Splunk Enterprise, Agent, and Apache Server for the user and role authentication and SSO. Using with the following tools and technologies such as: Cyber Security Technology, Threat Modeling & Intel, Cyber Security Ethical Issues, Wireless and Mobile Security, Splunk (ES & ITSI), Evident.io, AirWatch, AlienVault, CrowdStrike falcon, Rubrik, Okta, SignalFx, SCCM, Office 365, SCOM and OMS 2016 Used Amazon S3 extensively to store the files transferred from other systems. Worked on Splunk Phantom SOAR Proof of Value (POV) project and created regex-based parser to parse logs and configuring different connectors Strong experience with enterprise monitoring tools configuration and management (Dynatrace/New Relic) Using Splunk and ELK for Business Logic Errors and Exceptions and Good Experience on ELK for Log Search Tool, Log stash and Data Visualization Tool. Experience with Microsoft security technologies such as Microsoft Defender for Endpoint, Microsoft Cloud App Security and Azure Sentinel. Experienced with Azure E5 security tools products (Defender ATP, Azure Sentinel, Azure ATP, Office 365 security, security center, Defender for Identity, Defender for endpoint. Developed security use-cases and provide tuning of Azure Sentinel to ensure proper alerting of security threats. Provided SIEM expertise for solutions such as Azure Sentinel, and other similar tools. Solved many problems on call with my knowledge on the applications using event logs on the system / server and telemetry logs on the server, later started using Splunk for health monitoring, analysis and reporting. Upgraded Splunk Enterprise to 6.2.3 and security patching. Deployed, configured, and maintained Splunk forwarder on different platforms. Created reports, pivots, alerts, advanced Splunk searches, and vvisualization in Splunk enterprise. Provided power and admin access for the users and restricted their permission on files. Created and configured management reports, analytical dashboards and alerts in Splunk for application log monitoring. Work with Jenkins for Automation, Orchestration, and Incident Response with the Security operation centers cloud monitoring team Worked on Security solutions (SIEM) that enable organizations to detect, respond and prevent these threats by providing valuable context and visual insights to help you make faster and smarter security decisions. Good experience in working with SNMP traps and Syslog NG in on boarding the security devices on Splunk monitoring. Developed standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the SIEM/Log Management platforms Integrated QRadar with customer operations including network management and ticketing systems, and assisting customers in building operational processes around the QRadar ecosystem Researched, analyzed log sources utilized for security monitoring, security and networking devices (such as firewalls, routers, anti-virus products, proxies, and operating systems) Worked with application and business owners to integrate monitoring of SaaS applications into the QRadar platform by ingestion of various log sources. Built custom DSM and uDSM parsers for log integration from Cloud platform Conducted security investigations into customer incidents using QRadar Security Intelligence Develop dashboards in Datadog, Splunk, Kibana, and Grafana that trigger alerts based on pre-defined thresholds. Worked with key TR personnel on micro design elements for SOC and SIEM system; such as: data/event source phased integration plans, use cases, alert classification criteria, vulnerability management integration Configured and validated secure systems and tested security products and systems to prevent security weakness. Lead efforts on mission-critical security infrastructure projects Provided a full-service capability in management and operations of technology platform which includes deployment, configuration, and administration. Managed the engineering of technologies: Qradar, Splunk, ServiceNow Perform SIEM product support and implementation Act as a point of escalation for other Engineers (Associate SIEM Engineer & SIEM Engineer) and provide guidance and mentoring Manage SIEM user accounts (create, delete, modify, etc.) Manage appliance or virtual appliance OS and SIEM software Using Jenkins to deploy code to Azure, create new namespaces, creating docker images and pushing them to the container registry of Azure. Configured and involved in integrating IIM RabbitMq and OAuth with APIGEE gateway Developing Services, framework policy templates using APIGEE Management Developed node JS utilities to deploy, pull, re-deploy APIGEE Proxy bundles. Roles, product management, apps management, deploying/undeploying developed API, artifacts importing/exporting etc. in test as well as in-live production servers. Supported applications both in Production and Development environments. Collecting logs such as System logs, Router logs, Message processor logs, UI Logs and transaction logs and presenting for vendor troubleshooting. Support for all the API present in test and production environments of all the projects. Analyze the various API analytics summary to calculate and improve for better performance Installed Splunk in production servers for logging purpose. Built Splunk dashboards for application monitoring and configured alerts for operational purpose. Collaborate in the automation of Azure infrastructure via terraform, Ansible, and Jenkins- software and services configuration via Chef. Cribl Stream ships in a single, no-dependencies package. It provides a refreshing and modern interface for working with and transforming your data. Environment: Windows Server 2012/2008/2003R2, Linux, SignalFX, Cribl, Sentinel, telemetry, Amazon S3, Grafana, Splunk Security, ELK, SOC, UNIX, Phantom, Azure, RabbitMq, Splunk 6.x, RedHat Linux 6.x SQL Server 2012, SAN, Datadog, WLAN, ServiceNow, and Tivoli Client: Biogen - Boston, MA Role: Splunk Developer Duration: Jan 2017 to June 2018. Responsibilities: Created Dashboards, Visualizations, Statistical reports, scheduled searches, alerts and also worked on creating different other knowledge objects. Provide Regular support guidance to Splunk project teams on complex solution and issue resolution. Worked on installing Universal Forwarders and Heavy Forwarders to bring any kind of data fields in to Splunk. Splunk SPL Development log aggregation using ELK and Splunk Splunk & ELK Installations, (Migrations), SPL & harr; DSL Log aggregation using ELK and Splunk Support around 25000+ client s machines on various platforms like AIX, Linux, windows and AWS Designing and maintaining production-quality Splunk dashboards. Used MongoDB and Cassandra for collection and storage of data. Write complex Splunk queries used to present data in Splunk IT Service Intelligence (ITSI) Knowledge on Splunk ITSI glass tables, deep dives, KPI, ITSI modules. Involved in admin activities and worked on inputs.conf, index.conf, props.conf and transform.conf to set up time zone and time stamp extractions, complex event transformations and whether any event breaking. Configure SIEM systems based on security best practices and client requirements Monitor and maintain overall system health of supported SIEM systems Perform user administration tasks and checks in the SIEM systems Evaluate, modify and tune the SIEM rules to adjust the specifications of alerts and incidents Evaluate existing SIEM content and use cases and adapt them to meet our customer s goals Develop and test new SIEM content Design, set up and produce required reporting out of the SIEM Experience with Splunk Searching and Reporting modules - (Splunk ITSI and Enterprise Security App) Knowledge Objects, Administration, Experience with other Splunk premium applications - ITSI, UBA, ES, Hunk Used Cassandra for the end user behavior for the mobile applications. Used Splunk ES for malware analysis. Worked with AWS, OpenShift, F5 big load balancers and Cyber Security teams Experience with AWS and Azure, Cloud technologies, Techniques and Methodologies. Planning and implementation of data and storage management solutions in Azure (SQL Azure, Azure files, Queue storage, Blob storage). Implementing scripts with PowerShell for Run books. Strong command on source controller concepts such as Branches, Merges and Tags. Expertise in querying RDBMS such as Oracle, MySQL and SQL Server by using SQL for data integrity. Used Splunk for IT operation analytics. Used Splunk ITSI for the KPI of the businesses. Integrate Service Now with Splunk to consume the alerts from Splunk and create service now tickets. Splunk DB Connect 2.0 in search head cluster environments of Oracle, MySQL. Environment: SPLUNK 5.x, SPLUNK 6.0, Splunk ES, Splunk ITSI, ELK, Splunk ITOA, MongoDB, Cassandra, Linux, Windows Server 2012, 2008,Azure, SQL, Splunk Enterprise Security, AWS Redshift. ESX, Applications Development, operations analysis. Client: CIBC Role: Splunk Consultant Location: Chennai, India Duration: Dec 2014 to Nov 2016 Responsibilities: Creating and maintaining various databases for Production, Development and Testing using SQL Server 2000. Installed, Configured, Maintained, Tuned and Supported Splunk Enterprise Server 6.0 and Splunk Universal Forwarder 6.0. Administered a complex cluster-based environment involving search heads in a cluster while the indexers are in standalone mode. Configured Splunk forwarder to send unnecessary log events to "Null Queue" using props and transforms configurations. Created and configured management reports and dashboards in Splunk for application log monitoring. Active monitoring of Jobs through alert tools and responding with certain action to logs analyzes the logs and escalates to high level teams on critical issues. Responsible for developing Splunk queries and dashboards targeted at understanding application performance and capacity analysis. Extensive experience on setting up the Splunk to monitor the customer volume and track the customer activity. Have been involved as a Splunk Admin in capturing, analyzing and monitoring front end and middleware applications. Created Splunk app for Enterprise Security to identify and address emerging security threats using continuous monitoring, alerting and analytics. Created and configured management reports and dashboards in Splunk for application log monitoring. Responsible for administering, maintaining, and configuring a 24 x 7 highly available, Splunk apps for production portal environment. Work closely with Application Teams to create new Splunk dashboards for Operation teams using advanced XML andCSS. Created Shell Scripts to install Splunk Forwarders on all servers and configure with common configuration files such as Bootstrap scripts, Outputs.conf and Inputs.conf files. Extensively used Splunk Search Processing Language (SPL) queries, Reports, Alerts and Dashboards. Installation and implementation of the Splunk App for Enterprise Security and documented best practices for the installation and performed knowledge transfer on the process. Using DB connect for real-time data integration between Splunk Enterprise and databases. Analyzing in forwarder level to mask the customer sensitive data able to manage distributed search across a set of indexers. Strong experience in automating Vulnerability Management patching and CI/CD using Chef and other tools like GitLab, Jenkins, and AWS/OpenStack. In depth Knowledge of AWS cloud service like Compute, Network, Storage and Identity & access management. Hands-on Experience in configuration of Network architecture on AWS with VPC, Subnets, Internet gateway, NAT, Route table. Perform troubleshooting and monitoring of the Linux server on AWS using Zabbix , Nagios and Splunk . Management and Administration of AWS Services CLI , EC2 , VPC , S3 , ELB Glacier, Route 53 , Cloudtrail , IAM , and Trusted Advisor services. Created automated pipelines in AWS CodePipeline to deploy Docker containers in AWS ECS using services like CloudFormation , CodeBuild , CodeDeploy , S3 and puppet . Worked on JIRA for defect/issues logging & tracking and documented all my work using CONFLUENCE. Integrated services like GitHub , AWS CodePipeline , Jenkins and AWS Elastic Beanstalk to create a deployment pipeline. Good Experience in architecting and configuring secure cloud VPC using private and public networks through subnets in AWS. Responsible for filtering the unwanted data in heavy forwarder level thereby reducing the license cost. Worked with administrators to ensure Splunk is actively, accurately running, and monitoring the current infrastructure implementation. Worked on properly creating/maintaining/updating necessary documentation for Splunk Apps, dashboards, upgrades and tracked issues. Provided On-call support for various production applications. Administered various shell and Python scripts for monitoring and automation. Extensive experience on setting up the Splunk to monitor the customer volume and track the customer activity. Administering the MS SQL Server by Creating User Logins with appropriate roles, dropping and locking the logins, monitoring the user accounts, creation of groups, granting the privileges to users and groups. Keywords: csharp continuous integration continuous deployment user interface javascript sthree database active directory information technology ffive microsoft procedural language Massachusetts New York Texas |