Uploaded File
Sangamesh
sangamesh.splunk1@gmail.com
813-534-9934
Vernon Hills, IL 60061
Splunk Admin/Developer
7 years experience W2
0
Recommendations
Average rating
62
Profile views
Summary

Profile Summary

  • Over all 5 + years of experience and certified in Architecting and deploying various components within Splunk (indexer, forwarder, search head, deployment server) and security delivering innovative solutions to fix around and automation.
  • Experience in configuring, implementing, analyzing and supporting Splunk server infrastructure across Windows, UNIX and Linux. Experience with a variety of Operating Systems, Protocols and Tools depending on the type of platform or application to be administered.
  • Upgrade and Optimize Splunk setup with new discharges.
  • Extensive experience in deploying, configuring and administering Splunk clusters.
  • Expertise in Actuate reporting, development, deployment, management and performance tuning of Actuate reports
  • Created Splunk app for Enterprise Security to identify and address emerging security threats through the use of continuous monitoring, alerting and analytics.
  • Helping application teams in on-boarding Splunk and creating dashboards, alerts, reports etc.
  • Experience working on Splunk 5.x,6.x, Splunk Enterprise Security 4.1, Splunk DBConnect1.x,2.x on distributed Splunk Environments and Clustered Splunk Environments on Linux and Windows operating systems.
  • Setup Splunk Forwarders for new application levels brought into environment.
  • Develop custom app configurations (deployment-apps) within SPLUNK in order to parse, index multiple types of log format across all application environments.
  • System Administration familiar with Windows Servers, Red Hat Linux Enterprise Servers.
  • Good Understanding of configuration files, precedence and daily work exposure to Props.conf, transforms.conf, inputs.conf, outputs.conf and Setting up a forwarder information based on requirement.
  • Build and configured a virtual data center in AWS cloud to support enterprise data warehouse hosting including VPC, public and private subnets, security groups, route tables
  • Experience in Optimized search queries using summary indexing.
  • Experience in Designing and implementing Trend Micro
  • Analyzed AWS configuration logs, AWS Cloud watch flow logs.
  • Enabling the Radius Authentication to administer the SSL VPN Box
  • Well experienced in migrating data to AWS cloud.
  • Excellent skills on troubleshooting and problem determination of HTTP/System/ Network related problems including monitoring, capacity planning and maintenance by providing 24X7 support on call for all mission critical applications. Strong background in a disciplined software development life cycle (SDLC).
  • Excellent analytical and interpersonal skills and ability to learn new concepts and supported 24/7 on call in production and development environment.
  • Understanding of Network Firewalls, Load-balancers, LDAP and complex network design.
  • Experienced with security-related technologies including Active Directory, host-based firewalls, host-based intrusion detection systems, application white listing, server configuration controls, logging, SIEM, monitoring tools, and antivirus systems.
  • Worked with members of the Security Operations Center to provide guidance and assist with remediation plans for incidents and discovered vulnerabilities.
  • Have experience working in different environments and with the process flows in AGILE as well as Waterfall methodologies.
  • Used Machine learning to solve major logs, events and metric issues in ITSI application in Splunk environment.
  • Excellent Communication Skills and Presentation Skills, Comprehensive problem solving abilities.
  • Interpreted and developed SIEM products to meet the internal and external and customer requirements. Experience in working on Enterprise Security log management and SIEM solutions.
  • Created dynamic thresholds and where able to identify root cause of the issue using ITSI application.
  • Worked on Security solutions SIEM that enable organizations to detect, respond and prevent these threats by providing valuable context and visual insights to help you make faster and smarter security decisions.
  • Expertise with SIEM (security information and event management). Manage Splunk user accounts (create, delete, modify, etc.) Scripted SQL Queries in accordance with the Splunk.
  • Maintain current functional and technical knowledge of the Splunk platform and future products.

SKILLS

  • Log Analysis Tool Splunk Enterprise Server 5.x/6.x/7.x, Splunk Universal Forwarder 5.x/6.x, Splunk DB Connect
  • Web/App Servers Web Sphere Application Server 5.0/6.x/7.x/8.x, Web Sphere MQ Sever 6.x/7.x, WebSphere XD 6.0/6.1, IBM Http Server 6.x/7.x/8.x, Apache Web Server 2.x, Tomcat 5.5, IIS 6/7.x
  • Operating Systems IBM AIX (5.1/6.1), RHL Linux, Windows Server 2003/2008 R2, VMWare
  • Programming Java, J2EE, C++, C, SQL/PL SQL, HTML, DHTML, XML.
  • Scripting JACL, Python, WSCP, WSADMIN, Korn Shell Script, Perl, JavaScript, CSS, Batch
  • Networking TCP/IP Protocols, Socket Programming, DNS.
  • Frame work MVC, J2EE Design Patterns, Struts.
  • IDE Eclipse, RAD 7, Net Beans, Edit plus, TOAD
  • Others Site Minder r6/r12/r12.5,Ping Federate 6.X,7.X

Experience
Splunk Admin/Developer
Information Technology
May 2019 - present
Vernon Hills, IL
  • I am part of a team, which provides cyber defenses that help companies protect data and monitor, detect, investigate, and respond to attacks
  • will leverage Splunk's Phantom security platform to more quickly and consistently detect and respond to threats. The Phantom security platform automates repetitive tasks, cuts down on dwell times with automated investigations, and integrates existing security infrastructure to link up a cohesive defense strategy.

Responsibilities:

  • Involved in setting up alerts for a different type of errors, Data Enrichment using the lookups and Data Interpretation using the Fields and Fields Extraction and performing the Data Normalization using the Tags. *Good Understanding of configuration files, precedence and daily work exposure to Props.conf, transforms.conf, inputs.conf, outputs.conf and Setting up a forwarder information based on requirement.
  • Maintained Splunk Environment with multiple indexers managed and configured settings.
  • Improved search performance by configuring to search heads for all Indexes in production.
  • Analyzed security based events, risks and reporting instances. Developed Splunk queries and dashboards targeted at understanding application performance and capacity analysis.
  • Worked for getting data in managing Splunk apps. Assisted internal users of Splunk in designing and maintaining production-quality dashboards.
  • Splunk DB Connect 2.0 in search head cluster environments of Oracle. Installation and implementation of several kinds of visualizations to Splunk dashboards.
  • Continuous monitored of the alerts received through emails to check if all the application servers and web servers are up.
  • Knowledge on Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing.
  • Ability to build custom applications and technical add-ons for efficiently on-barding data and meeting Splunk CIM compliance for Enterprise Security accelerated data models
  • Conducted surveillance on various phishing emails and created alerts from future spam. Worked as part of Cyber Security Incident Response team to check on malware virus and threat emails.
  • Developed Splunk Search Processing Language (SPL) queries, created Reports, Alerts and Dashboards and customized them.
  • Environment: Splunk.7.x, Splunk 6.x, Splunk DB Connect and other modules, Oracle WebLogic 9.x/10.x, Tomcat 5.x/6.x, Oracle 9i/10g, Solaris 10, LINUX, Sun ONE Directory Server 6, Sun One Web Server 6.0, Apache 2.x, Python
Apache Apache Tomcat BEA WebLogic Compliance Cyber Security DB2 Connect Enterprise Security Linux Oracle Project Management Python Social Engineering Solaris Splunk Splunk DB Connect Information Security
Remove Skill
Splunk Admin/Developer
Information Technology
Apr 2018 - Apr 2019
Tampa, FL
  • I was part of Internet of Things (IoT) team, which is responsible for operational technology security using splunk.Our team was closely working with monitoring and diagnostics as well as predictive maintenance

Responsibilities:

  • Installation and configuration of Splunk product at different environments. Configured Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards, Clustering and Forwarder Management.
  • Monitoring or analyzing the real-time events for the security devices like Firewall, IDS, Anti-Virus etc., using SIEM tools.
  • Proficient in designing and deploying large scale applications by using almost all of the AWS stack (Including EC2, Route53, S3, RDS, Dynamo DB, SNS, SQS, IAM) focusing on high availability, fault tolerance, and Auto Scaling in AWS Cloud Formation
  • Upgraded Splunk Enterprise from v 6.2 to v 6.5.1 in clustered environments and non-clustered environments.
  • Analyzed security based events, risks and reporting instances. Correlating events from a Network, OS, Anti-Virus, IDS/ IPS, Firewalls or Proxies and analyzing them for possible threats.
  • Understand and interpret customer requirements for Splunk implementation for an enterprise solution.
  • Experience with creating Physical and logical data models
  • Developed Splunk Infrastructure on Cloud (Amazon AWS) in coordination with infrastructure Support Teams.
  • Worked on Splunk ITSI scales to collect and index terabytes of real-time and historical events and metrics, that are both human and machine
  • generated, across multi-datacenter and cloud-based infrastructures.
  • Provide deployment strategies with the understanding of affordable risk based on customer acceptance.
  • Experience in building / deploying complex infrastructure & proven hands-on cloud migration solution design / delivery experience, advised software development teams on architecting and designing web interfaces and infrastructures that safely and efficiently power the cloud environment
  • Created and configured management reports and dashboards. Planned, implemented, and managed Splunk for log management and analytics
  • Monitor security violations, flag potential violations and logging security incidents in Service Now.
  • Validate the existing rules and provide recommendation on fine tuning the rules. Creating and sending Risk Advisories to our clients.
  • Suppress false positive alerts. Weekly/Monthly incident analysis report. Analyzing the events and providing solutions for the incidents.
  • Involved in setting up alerts for a different type of errors, Data Enrichment using the lookups and Data Interpretation using the Fields and Fields Extraction and performing the Data Normalization using the Tags.
  • Maintained Splunk Environment with multiple indexers managed and configured settings.
  • Improved search performance by configuring to search heads for all Indexes in production.
  • Analyzed security based events, risks and reporting instances. Developed Splunk queries and dashboards targeted at understanding application performance and capacity analysis.
  • Work with SIEM tool QRadar by tuning security events, creating building block, search for reports and search security events.
  • Worked for getting data in managing Splunk apps. Assisted internal users of Splunk in designing and maintaining production-quality dashboards.
  • Used Machine learning to solve major logs, events and metric issues in ITSI application in Splunk environment.
  • Splunk DB Connect 2.0 in search head cluster environments of Oracle. Installation and implementation of several kinds of visualizations to Splunk dashboards.
  • Continuous monitored of the alerts received through emails to check if all the application servers and web servers are up.
  • Worked in SIEM environment Implemented security systems to computer networks in compliance with company's security policies. Prepared documents to support customers and service engineers.
  • Knowledge on Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing.
  • Conducted surveillance on various phishing emails and created alerts from future spam. Worked as part of Cyber Security Incident Response team to check on malware virus and threat emails.
  • Developed Splunk Search Processing Language (SPL) queries, created Reports, Alerts and Dashboards and customized them.
  • Used Machine learning to solve major logs, events and metric issues in ITSI application in Splunk environment.

Environment: Splunk 6.x, Splunk DB Connect and other modules, Oracle WebLogic 9.x/10.x, Tomcat 5.x/6.x, Oracle 9i/10g, Solaris 10, LINUX, Sun ONE Directory Server 6, Sun One Web Server 6.0, Apache 2.x, Python

Apache Apache Tomcat BEA WebLogic Cyber Security DB2 Connect Linux Oracle Project Management Python Social Engineering Solaris Splunk Splunk DB Connect Information Security
Remove Skill
Splunk Admin/Developer
Information Technology
Jan 2017 - Mar 2018
Tampa, FL

I was part of a five member team, which was responsible for Mitigate the risk of cyberthreats and fraud by monitoring and correlating multiple systems and applying advanced analytics to detect potential security breach attempts and protect financial privacy.

Responsibilities:

  • Created Dashboards, Visualizations, Statistical reports, scheduled searches, Alerts and also worked on creating different other knowledge objects.
  • Knowledge about Splunk architecture and various components (indexer, forwarder, search head, deployment server)
  • Worked on installing Universal and Heavy forwarder to bring any kind of data fields in to Splunk.
  • Provide Regular support guidance to Splunk project teams on complex solution and issue resolution.
  • Helping application teams in on-boarding Splunk and creating dashboards/alerts/reports etc.
  • Maintained and managed assigned systems, Splunk related issues and administrators.
  • Involved in admin activities and worked on inputs.conf, index.conf, props.conf and transform.conf to set up time zone and time stamp extractions, complex event transformations and whether any event breaking.
  • Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
  • Designing and maintaining production-quality Splunk dashboards.
  • Create Dashboard, Reports and Alerts for events and configure alert mail.
  • Worked on DB Connect configuration for Oracle and MySQL
  • Developing Scheduling Alerts, Experience with Deployment Server & Advanced XML.
  • Created Dashboards for various types of business users in organization and worked on creating different Splunk Knowledge objects like Macros, IFX, Calculated fields, Tags, Event Types and Look ups.
  • Field Extraction, Using IFX, Rex Command and Reg Ex in configuration files.
  • Scripting and development skills (Perl, Python) with strong knowledge of regular expressions.
  • Use techniques to optimize searches for better performance, Search time field extractions. And understanding of configuration files, precedence and working.
  • Various types of charts Alert Settings Knowledge of app creation, user and role access permissions. Creating and managing app, Create user, role, Permissions to knowledge objects.

Environment: Splunk 6.x, Splunk ES, Splunk DBConnect2.0, Splunk ITSI, Splunk ITOA, D3.js, Tomcat 7.x, JBoss 7.x, BIGIP Load Balancers, SAML, Wily Introscope 6.0, Configured plug-ins for Apache HTTP server 2.4, RedHat Linux 6.x, JDBC, JDK1.7, J2EE, JSP, Servlets, XML, Oracle 11g, GI.

Apache Apache Tomcat Cyber Security D3.js DB2 Connect Introscope J2EE Java Servlet JBOSS BRMS JDBC JSP Linux MySQL Oracle Python RedHat Splunk Splunk Forwarders Splunk ITOA Splunk ITSI UNIX XML SAML Scripting Windows
Remove Skill
Developer
Information Technology
Mar 2014 - Jun 2016
  • Maintain knowledge of emerging threats, vulnerabilities, and intelligence within the cyber security field to ensure subscribers are remediating against known threats
  • Assist in implementation of splunk
  • Created SOP for splunk security operation
  • Troubleshoot configuration and splunk indexing issues
  • Monitoring and analysis of alerts triggered on sensors to determine malicious activities and unwanted traffic and initiating and monitoring requests to address relevant vulnerabilities
  • Deploy, troubleshoot, and maintain network-based vulnerability scanners at subscriber sites to ensure appropriate coverage of scanning services
  • Generate capture as necessary of the network (s) security posture and provide to CND management for situational awareness.
  • Maintained Splunk Environment with multiple indexers managed and configured settings.
  • Improved search performance by configuring to search heads for all Indexes in production.
  • Analyzed security based events, risks and reporting instances. Developed Splunk queries.
Splunk
Remove Skill
Edit Skills
Non-cloudteam Skill
Education
Master's in Management Information Systems
South University Tampa
Certifications
Splunk Certified User- Cert # 251308
Splunk Certified Power User - Cert # 254527
Splunk Certified Admin - Cert # 256633
Skills
Splunk
2021
5
Apache
2021
3
Apache Tomcat
2021
3
Cyber Security
2021
3
DB2 Connect
2021
3
Linux
2021
3
Oracle
2021
3
Python
2021
3
BEA WebLogic
2021
2
Information Security
2021
2
Project Management
2021
2
Social Engineering
2021
2
Solaris
2021
2
Splunk DB Connect
2021
2
Compliance
2021
1
D3.js
2018
1
Enterprise Security
2021
1
Introscope
2018
1
J2EE
2018
1
Java Servlet
2018
1
JBOSS BRMS
2018
1
JDBC
2018
1
JSP
2018
1
MySQL
2018
1
RedHat
2018
1
SAML
2018
1
Scripting
2018
1
Splunk Forwarders
2018
1
Splunk ITOA
2018
1
Splunk ITSI
2018
1
UNIX
2018
1
Windows
2018
1
XML
2018
1
Agile Methodology
0
1
AIX
0
1
AWS
0
1
CSS
0
1
Data Center
0
1
Data Warehousing
0
1
Design Patterns
0
1
Eclipse
0
1
Firewall
0
1
HTML
0
1
IBM Siteminder
0
1
IBM WebSphere
0
1
IBM Websphere MQ
0
1
IIS
0
1
Java
0
1
JavaScript
0
1
Korn Shell
0
1
LDAP
0
1
MS Active Directory
0
1
MVC
0
1
Netbeans
0
1
Network Design
0
1
OpenShift
0
1
Performance Tuning
0
1
Perl
0
1
Shell Scripts
0
1
SIEM
0
1
Splunk Clusters
0
1
Splunk Enterprise Security
0
1
Splunk Indexer
0
1
SQL
0
1
Struts
0
1
System Administration
0
1
TCP/IP
0
1
TOAD
0
1
VMWare
0
1
VPN
0
1
Windows Server
0
1