add photo
Mustafa
Mustafa.splunkerr@gmail.com
813-279-8116
Louisville, KY 40205
Security Engineer
10 years experience W2
0
Recommendations
Average rating
191
Profile views
Summary

Conduct thorough investigation of security events generated by our detection mechanisms such as SIEM, IDS/IPS, and AV.

  • Experienced in customizing Splunk for Monitoring, Application Management, and Security as per customer requirements and industry best practice.
  • Performed field extractions using Rex and Regex in configuration files and on search heads.
  • Monitor and analyze Intrusion Detection Systems (IDS) to identify security issues for remediation.
  • Configure, maintain, and design network security solutions including firewalls (CheckPoint and Cisco ASA), IDS/IPS (CheckPoint and SourceFire), VPN, ACLs, Web Proxy, etc.
  • Perform periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance.
  • Ensured data security, integrity, and policy control using data masking for PII and data encryption using tools like dgsecure.
  • Identifying emerging threat tactics, techniques, and procedures used by malicious cyber actors and publish actionable threat intelligence for business and technology management.
  • Experience with tools like Veracrypt, Bitlocker, FileVault2, and DiskCryptor to encrypt data at rest for Linux and Windows environment.
  • Excellent knowledge of TCP/IP networking, inter-networking technologies (routing/switching, proxy, firewall, load balancing etc.), and other networking protocols like SSL, SNMP, FTP, SFTP, ICMP, UDP, Http, Https, and ARP.
  • Experience working with security monitoring tools like nmap, zenmap, wireshark, Opmanager, Microsoft message analyzer and other online resources.
  • Good experience implementing IPS/IDS (Snort and AID) in Linux and UNIX environments using VMWare and vsphere.
  • Good Knowledge and experience with reading tcp/memory/file dumps, log files, analyzing packet capture, scanning network using nmap tool and flag options, UNIX file permissions/file architecture, load balancing, and cloud zones' security (AWS and Azure).
  • Integration of Splunk with a wide variety of legacy and security data sources that use various protocols.
  • Conducted password testing and network sniffing using "Cain and Abel" and tcpdumps respectively to find and mitigate weak passwords in the internal network and administering of the TCP/IP packets received by the network. Used other network packet capturing/sniffing and port scanning tools as required.
  • Worked on Unix servers' security log monitoring and security audits to write reports (on a weekly basis) for further investigation and to help modify/implement/improve security policies.
  • Streamlined Splunk to build, configure and maintain heterogeneous environments and in-depth knowledge of log analysis generated by various systems including security products (SIEM functionality).
  • Advanced knowledge on Internet working, OSI model, TCP/IP, network architecture, system security and firewall infrastructure.
  • Developed Splunk Objects and reports for analyzing Security baseline violations, Non-authenticated connections, Brute force attacks, and many other use cases.
  • Experience in implementing of DNS and DHCP protocols
  • Experience with different Network Management Tools and Sniffers like Wireshark, NMap, Solar Winds, CISCO works, Netscout, HP-Open view
  • Developed specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflows.
  • Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app, Triage events, Incident Analysis. Passionate about Machine data and operational Intelligence.
  • Perform implementation of security and compliance-based use cases. Performing maintenance and optimization of existing Splunk deployments.
  • Worked with Security Engineering team to refine and improve dashboards/alerts/reports in all security platforms as IR processes mature.
  • Good Understanding and experience working on Linux and UNIX operating systems to implement security measures using available Toolkits.
  • Expertise in writing Splunk searches, SPL and Dashboarding/Visualization, Splunk Infrastructure and Development expert, setting up dashboard for monitoring logs from network devices.
  • Experience and/or involvement in every facet of the Enterprise Incident Response Cycle: Preparation, Detection & Analysis, Containment and Recovery, Post Incident Analysis.

Experience
Education
Cloud State University
State University
Skills
Splunk
2021
9
Linux
2018
8
Security Engineer
2021
7
Cisco
2018
6
Compliance
2018
6
Crystal Reports
2015
6
Splunk Enterprise Security
2018
6
System Analysis
2015
6
UNIX
2018
6
Firewall
2018
4
Routers
2018
4
Scripting
2021
4
SIEM
2021
4
SQL
2015
4
Switches
2018
4
Information Security
2021
3
Malware
2021
3
Splunk Indexer
2019
3
Windows
2021
3
Windows Server
2021
3
AIX
2015
2
Bucket Lift
2018
2
Cisco ASA
2018
2
Endpoint Security
2018
2
Python
2019
2
Social Engineering
2021
2
SQL Server
2015
2
System Administration
2018
2
TCPDump
2019
2
Splunk DB Connect
2019
1
Splunk Forwarders
2019
1
TCP/IP
2019
1
Problem Solving
2019
3
SDLC
2019
3
Auditing
2018
2
C
2015
2
Clustering
2018
2
GSAP
2015
2
Microsoft SMS Server
2015
2
OSI
2018
2
Wireshark
2018
2
Apache Tomcat
0
1
Apache Webserver
0
1
AWS EC2
0
1
BaSH
0
1
Data Security
0
1
DB2
0
1
Documentation
2019
1
IDS
0
1
iWeb
0
1
J2EE
0
1
JavaScript
0
1
jQuery
0
1
JSON
0
1
Load Balancing
0
1
MySQL
0
1
Network Management
0
1
Oracle
0
1
Scrum
0
1
SCSS
0
1
Security Monitoring
2019
1
SSL
0
1
Sybase
0
1
Teradata
0
1
Tivoli
0
1
Training
2019
1
Ubuntu
0
1
VMWare
0
1
vSphere
0
1
Web Weaver
0
1
Windows 2000
0
1
Windows NT
0
1
Cisco FirePOWER
0
1
Cyber Security
0
1
DHCP
0
1
DNS
0
1
Enterprise Security
0
1
FTP
0
1
IPS
0
1
MS Azure
0
1
Network Security
0
1
OPTIM
0
1
REST
0
1
SolarWinds
0
1
Splunk SPL
0
1
VPN
0
1
Vulnerability Assessments
0
1