Uploaded File
add photo
Mustafa
Mustafa.splunkerr@gmail.com
813-279-8116
Louisville, KY 40205
Security Engineer
9 years experience W2
0
Recommendations
Average rating
137
Profile views
Summary

Conduct thorough investigation of security events generated by our detection mechanisms such as SIEM, IDS/IPS, and AV.

  • Experienced in customizing Splunk for Monitoring, Application Management, and Security as per customer requirements and industry best practice.
  • Performed field extractions using Rex and Regex in configuration files and on search heads.
  • Monitor and analyze Intrusion Detection Systems (IDS) to identify security issues for remediation.
  • Configure, maintain, and design network security solutions including firewalls (CheckPoint and Cisco ASA), IDS/IPS (CheckPoint and SourceFire), VPN, ACLs, Web Proxy, etc.
  • Perform periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance.
  • Ensured data security, integrity, and policy control using data masking for PII and data encryption using tools like dgsecure.
  • Identifying emerging threat tactics, techniques, and procedures used by malicious cyber actors and publish actionable threat intelligence for business and technology management.
  • Experience with tools like Veracrypt, Bitlocker, FileVault2, and DiskCryptor to encrypt data at rest for Linux and Windows environment.
  • Excellent knowledge of TCP/IP networking, inter-networking technologies (routing/switching, proxy, firewall, load balancing etc.), and other networking protocols like SSL, SNMP, FTP, SFTP, ICMP, UDP, Http, Https, and ARP.
  • Experience working with security monitoring tools like nmap, zenmap, wireshark, Opmanager, Microsoft message analyzer and other online resources.
  • Good experience implementing IPS/IDS (Snort and AID) in Linux and UNIX environments using VMWare and vsphere.
  • Good Knowledge and experience with reading tcp/memory/file dumps, log files, analyzing packet capture, scanning network using nmap tool and flag options, UNIX file permissions/file architecture, load balancing, and cloud zones' security (AWS and Azure).
  • Integration of Splunk with a wide variety of legacy and security data sources that use various protocols.
  • Conducted password testing and network sniffing using "Cain and Abel" and tcpdumps respectively to find and mitigate weak passwords in the internal network and administering of the TCP/IP packets received by the network. Used other network packet capturing/sniffing and port scanning tools as required.
  • Worked on Unix servers' security log monitoring and security audits to write reports (on a weekly basis) for further investigation and to help modify/implement/improve security policies.
  • Streamlined Splunk to build, configure and maintain heterogeneous environments and in-depth knowledge of log analysis generated by various systems including security products (SIEM functionality).
  • Advanced knowledge on Internet working, OSI model, TCP/IP, network architecture, system security and firewall infrastructure.
  • Developed Splunk Objects and reports for analyzing Security baseline violations, Non-authenticated connections, Brute force attacks, and many other use cases.
  • Experience in implementing of DNS and DHCP protocols
  • Experience with different Network Management Tools and Sniffers like Wireshark, NMap, Solar Winds, CISCO works, Netscout, HP-Open view
  • Developed specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflows.
  • Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app, Triage events, Incident Analysis. Passionate about Machine data and operational Intelligence.
  • Perform implementation of security and compliance-based use cases. Performing maintenance and optimization of existing Splunk deployments.
  • Worked with Security Engineering team to refine and improve dashboards/alerts/reports in all security platforms as IR processes mature.
  • Good Understanding and experience working on Linux and UNIX operating systems to implement security measures using available Toolkits.
  • Expertise in writing Splunk searches, SPL and Dashboarding/Visualization, Splunk Infrastructure and Development expert, setting up dashboard for monitoring logs from network devices.
  • Experience and/or involvement in every facet of the Enterprise Incident Response Cycle: Preparation, Detection & Analysis, Containment and Recovery, Post Incident Analysis.

Experience
Security Engineer
Information Technology
Feb 2018 - present
Louisville, KY
Environment: Splunk (SIEM), FireEye, Windows Server Responsibilities:
  • Monitored security toolsets and administered information security processes and policies. Completed customer and vendor assurance projects. Assisted End Users with issues related to security products.
  • Analyzed and compiled various Standard Operations Process (SOP) document on all the security devices.
  • Analyze, review, research on data from SIEM - Splunk ES tool and send security alerts for suspicious activity to concerned security team members.
  • Participated in the product selection and installation of Splunk and Splunk ES.
  • Responsible for monitoring and taking action on tickets and alerts (automated and direct) generated by network devices.
  • Coordinate with and provide expert technical support to resolve security incidents while working with other team members to correlate threat assessment data as needed.
  • Performed vulnerability scanning of the company's network to analyze results in order to assess risk for the organization and prioritize remediation efforts.
  • Experience in Troubleshooting machine data using Splunk on Windows Server 2012 environment.
  • Used FireEye EX, NX and HX monitoring to determine compromised endpoints, attackers IP Addresses (for Malware, Trojans, and bot net downloads) discovered on customer networks.
  • Utilized Fire Eye for the Advanced Detection of Advanced Persistent Threats (APT).
  • Conducted password testing and network sniffing using "Cain and Abel" and tcpdump tool respectively to find and mitigate weak passwords in the internal network and administering of the TCP/IP packets received by the network. Used other network packet capturing/sniffing and port scanning tools as required.
  • Using Search Processing Language (SPL) created Visualizations to get the value out of data.
  • Monitors SLAs for responsiveness and coverage. Provide regular reports and statistics for service line management.
  • Monitoring indicators and warnings of threats and potential threats to networks and associated systems, detect vulnerabilities and attack traffic patterns, and evaluate security violations.
  • Experience in Python general scripting and hands on experience in secure coding.
  • Worked on Security solutions (SIEM) that enable organizations to detect, respond, and prevent these threats by providing valuable context and visual insights to help you make faster and smarter security decisions.
  • Experience with deploying security measures involving encryption and masking to ensure data integrity based on company's security policies.
  • Monitored for anomalies within the internal network from users to ensure user-accounts' integrity and access controls (to avoid unauthorized activities) using Splunk UBA.
  • Analyzed security-based events, risks and alert instances. Developed Splunk queries and dashboards targeted at understanding application/server performance and capacity analysis.
  • Conducted surveillance on various phishing emails and created alerts from future spam.
  • Worked as part of Security Incident Response team to check on malware, virus, and threat emails. Implemented Dynamic drilldowns that provide greater flexibility for the end user.
Information Security Security Engineer SIEM Social Engineering Splunk Windows Windows Server Malware Scripting
Remove Skill
Security Engineer
Information Technology
Jan 2016 - Jan 2018
Environment: Splunk (SIEM), Tenable, UNIX, Linux Responsibilities:
  • Developed reports, dashboards, and knowledge objects on security violations, user authentication, IP address monitoring to look for spoofing/brute-force/DDoS at any OSI layers, and security auditing.
  • Created correlation searches using events produced from network, operating system, intrusion detection/prevention systems, switches, routers, and firewalls to later analyze for anomalous/attacker behavioral patterns.
  • Configured syslog-ng to forward data from network devices into splunk deployment server.
  • Worked on Unix servers' security log monitoring and security audits to write reports (on a weekly basis) for further investigation and to help modify/implement/improve security policies.
  • Analyzed daily and weekly scan reports while sending the aging and executive summary reports to higher management and operations team for resolution.
  • Provided Tier 2 tech-support using Remote Desktop tools and system administration.
  • Worked closely with System Administration team, as well as various development and production groups investigating, escalating, reporting, and tracking systems, networks, and application-related issues.
  • Ensure the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices.
  • Scanned for rogue (unknown) hosts on the network, which includes unauthorized network peripherals such as printers, laptops, PDAs, and taking them off the network for compliance and proper identification/authentication.
  • Efficiently gather and analyze data to detect potential IT security incidents, identify indicators of compromise, and troubleshoot network events.
  • Planning, implementation, and configuration of Tenable Security Center for assessing authorized and unauthorized scans.
  • Administer user behavior and access controls using Splunk UBA to prevent unauthorized access.
  • Participate appropriately in any incident response activities, especially with respect to providing information from the SIEM that may be relevant to investigation and remediation.
  • Experience with analyzing the legitimacy of files, domains, and emails using Wireshark, Linux Toolkit, Fireeye EX, Cisco CES, and other online resources.
  • Configured and used Cisco ASA (integrated with Splunk CIM) to get firewall/router logs into splunk. Used RSA-SecurID to audit admin activities like creating/deleting/upgrading user roles and access and other actions performed by admin related to splunk server and configuration changes.
  • Monitored network traffic on a daily basis to ensure system integrity by looking for any risks, vulnerabilities, and threats and report it to the security team as necessary to implement preventive measures.
  • Configured and installed Splunk enterprise and Splunk ES with universal forwarders on Linux and UNIX environments.
  • Worked with hot, warm, cold, and frozen buckets for data process/separation as per the time-limit, usage, and value.
  • Worked with DLP policies to investigate for any violations by unknown devices (unauthenticated/unapproved).
  • Recommended best security practices to management based on the reports, threats, and dashboards to improve endpoint security.
  • Involved in the Creation/deployment and configuration (SDLC phases) of indexes, search head clustering, indexer clustering, and Splunk IFX.
Cisco Cisco ASA Compliance Firewall Linux Routers Security Engineer SIEM Splunk Splunk Enterprise Security Switches System Administration UNIX Bucket Lift
Remove Skill
System Analyst
Information Technology
Oct 2013 - Dec 2015
Denver, CO
Environment: SAP BO, AWS, IBM WAS and Connections, AIX, Linux, Windows Responsibilities:
  • Supported data testing and cleansing activities.
  • Created and Managed SAP BO Webi, Xcelsius, Crystal reports, and dashboards.
  • Installed and maintained the IBM WAS deployment and services.
  • Experience with creating webi, Xcelsius, and crystal reports using SAP BO for Teradata and SQL Server databases.
  • Worked on AWS EC2/S3 instances with various cpu, memory, network performance, OS, and storage configurations.
  • Initiated day to day operational support for the corporate database to maximize its use for business activities.
  • Produced, maintained and updated Access database information to create monthly dashboard reports for external clients and managers. Such report highlights revenue and expenses information in easy to view layout. Data is organized in for month, month of previous year, and year-to-date.
  • Assisted in solving database access and permission problems.
  • Participated with engineers in providing backup and recovery for databases and other server products.
  • Developed strategies for cloud migration, implemented best practices and helped to develop backup and recovery strategies for applications and database on virtualization platform.
  • Worked closely with enterprise architects, other functional area architects and security specialists to ensure adequate security solutions and controls are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements
  • Monitor system logs using Tivoli Performance monitoring toolkit to ensure that all nodes, clusters, and servers are performing efficiently.
  • Participated in creating, maintaining, and disseminating technical policies and standards.
  • Regularly communicated with other IT staff.
  • Prepared weekly status report.
  • Successfully implemented design, implementation, and administration of MS SQL Server database solutions.
AIX Crystal Reports Linux SQL SQL Server System Analysis
Remove Skill
Edit Skills
Non-cloudteam Skill
Education
Cloud State University
State University
Skills
Splunk
2021
9
Linux
2018
8
Security Engineer
2021
7
Cisco
2018
6
Compliance
2018
6
Crystal Reports
2015
6
Splunk Enterprise Security
2018
6
System Analysis
2015
6
UNIX
2018
6
Firewall
2018
4
Routers
2018
4
Scripting
2021
4
SIEM
2021
4
SQL
2015
4
Switches
2018
4
Information Security
2021
3
Malware
2021
3
Splunk Indexer
2019
3
Windows
2021
3
Windows Server
2021
3
AIX
2015
2
Bucket Lift
2018
2
Cisco ASA
2018
2
Python
2019
2
Social Engineering
2021
2
SQL Server
2015
2
System Administration
2018
2
TCPDump
2019
2
Splunk DB Connect
2019
1
Splunk Forwarders
2019
1
TCP/IP
2019
1
Problem Solving
2019
3
SDLC
2019
3
Auditing
2018
2
C
2015
2
Clustering
2018
2
GSAP
2015
2
Microsoft SMS Server
2015
2
OSI
2018
2
Wireshark
2018
2
Apache Tomcat
0
1
Apache Webserver
0
1
AWS EC2
0
1
BaSH
0
1
Data Security
0
1
DB2
0
1
Documentation
2019
1
IDS
0
1
iWeb
0
1
J2EE
0
1
JavaScript
0
1
jQuery
0
1
JSON
0
1
Load Balancing
0
1
MySQL
0
1
Network Management
0
1
Oracle
0
1
Scrum
0
1
SCSS
0
1
Security Monitoring
2019
1
SSL
0
1
Sybase
0
1
Teradata
0
1
Tivoli
0
1
Training
2019
1
Ubuntu
0
1
VMWare
0
1
vSphere
0
1
Web Weaver
0
1
Windows 2000
0
1
Windows NT
0
1
Cisco FirePOWER
0
1
Cyber Security
0
1
DHCP
0
1
DNS
0
1
Enterprise Security
0
1
FTP
0
1
IPS
0
1
MS Azure
0
1
Network Security
0
1
OPTIM
0
1
REST
0
1
SolarWinds
0
1
Splunk SPL
0
1
VPN
0
1
Vulnerability Assessments
0
1