Principal Consultant
Aliado Solutions
مجموع سنوات الخبرة :13 years, 9 أشهر
• Developing and implementing security use cases and dashboards in Splunk Enterprise Security to identify potential security incidents, threats, and vulnerabilities.
• Configuring and tuning Splunk Enterprise Security correlation searches and alerts to detect and respond to security incidents in real-time.
• Designing and implementing custom security data models and workflows in Splunk Enterprise Security to streamline and automate security operations.
• Conducting security assessments and audits using Splunk Enterprise Security to evaluate the effectiveness of security controls and identify areas for improvement.
• Integrating Splunk Enterprise Security with other security technologies, such as firewalls, IDS/IPS, and threat intelligence feeds, to enhance security posture and threat detection capabilities.
• Participating in incident response and forensics investigations using Splunk SIEM solutions to analyze security events and identify the root cause of security incidents.
• Developing and maintaining security policies, procedures, and standards in alignment with regulatory and compliance requirements.
• Providing technical guidance and support to clients and team members on Splunk Enterprise Security and Splunk SIEM solutions.
• Implementing and configuring Splunk solutions for clients, including installation, configuration, and custom development as needed.
• Conducting requirements gathering and analysis sessions with clients to understand their business needs and technical requirements for Splunk implementations.
• Developing and documenting technical architecture and design documents for Splunk solutions, including data flows, data models, and integration points.
• Providing technical guidance and expertise to clients on Splunk best practices, use cases, and potential solutions to technical challenges.
• Designing and delivering Splunk training and knowledge transfer sessions to clients and other team members.
• Collaborating with other teams, including sales, engineering, and support, to ensure successful delivery of Splunk solutions
• Several Cribl Pipelines were created, and the functions for masking the data,
extracting regex, decoding, aggregating, fixing time, etc. were applied.
• Helped customers to solve the issues of high memory or disk utilization or data rollout problems in Splunk environment.
• Splunk Consultant delivering Splunk Professional Services to customers across a broad range of sectors in EMEA, APAC & AMER with unique requirements.
• Working on both Splunk Cloud and Splunk Enterprise offerings and on Premium Apps: Enterprise Security (ES)
• Creation of Knowledge Objects (Alerts, Reports, Dashboards, Macros, etc.).
• Onboarding, parsing, obfuscation of all kinds of data using best practices
Part of the Information Security team, responsible for Managing and configuring all the Information Security tools like Splunk, McAfee AV, McAfee DLP, Defender ATP, Tenable, FIM, Digital Guardium, Fireeye, EDR, NDR, VASCO, Symantec, Email Gateway, Firewall, Fortinet, Proxy Server, PAM and automation tools like Chef, Puppet, Ansible & Git.
Key Responsibilities
Splunk Enterprise Security and SIEM Solutions:
• Configured and managed the Splunk infrastructure, including the Enterprise Security module.
• Integrated new log sources with Splunk using Forwarders, API, and DB Connector.
• Developed automated security event monitoring and alerting processes, along with corresponding event response plans.
• Enhanced Splunk performance by optimizing rules, custom event properties, and RegEx, Props, and transforms expressions.
• Integrated critical devices and applications, including unsupported ones, by creating custom parsers.
• Generated reports for unused rules and rules without comments in firewall's using Firemon.
• Set up dashboards for network devices logs using Splunk SPL and dash-boarding visualization.
• Configured and implemented Threat Intelligence in splunk Enterprise Security tool
Information Security:
• Performed various security testing and IT audits as per PCI DSS Standards requirement.
• Reviewed compliance with policies and procedures as per the requirements of industry-standard and ISO standards.
• Managed endpoint protection tools, techniques, and platforms such as Microsoft Defender ATP, Symantec, McAfee, or others.
• Configured and administrated the McAfee EPO server and McAfee products, including Move client, DLP Policy, and Rogue Sensor.
• Managed the VASCO infrastructure for VPN and OWA access.
• Managed and administrated the File Integrity Monitoring (FIM) infrastructure and its policy.
• Configured the FIM Alert based on the application and provided the use case to SOC.
• Performed Vulnerability Scans every month using Tenable Security Center & Tenable io Manager.
• Managed the Minimum-Security baseline (MSB) using Tenable and provided the report to the appropriate system owner to mitigate the risk.
• Asset Scanning and classification using Tenable and creating the Dashboard with Vulnerability scores to share with Management.
• Evaluated and implemented methods to continually improve security and assist business with reducing risks.
• Prioritized remediation activities with operational teams through risk ratings of vulnerabilities and assets.
• Monitored security vulnerability information from vendors and third parties.
• Administered the Fireeye HX, EDR, and NDR setups.
• Configured the Web Proxy- Websense and provided the exceptions based on the requirements.
Other Skills
• Worked with the internal audit team to evaluate and improve the effectiveness of risk management, control, and governance processes.
• Configured Authentication for LDAP, SAML using Okta and Microsoft Azure AD Identity Providers.
• Onboarded logs from different sources like application servers, network devices, firewall devices, databases, etc.
• Developed and maintained documentation for security systems and procedures.
• Actively investigated the latest in security vulnerabilities, advisories, incidents, and attack techniques, collected threat information from external/internal sources, and reported relevant information.
• Demonstrated a good understanding of security best practices and processes such as incident management
• Managed Ansible and Ansible Tower by creating and developing Playbooks in yaml and Ansible Roles.
• Worked on Virtualizing Technology in VMware, Hyper-V, Xen, Nutanix, Citrix
• Performed various security testing & IT Audits as per as per PCI DSS Standards requirement
• Reviewed compliance with policies and procedures as per the requirement of industry-standard and ISO standards. Reporting audit observations and recommending corrective, preventive solutions improving operations and reducing cost
I am a Unix/VMWARE/Windows and DevOps Consultant with 8+ years of experience in IT solution design, implementation, development and integration services. Where Planning, Implementation, Administration and troubleshooting are involved with many platforms of OS like Linux, Solaris, AIX, Microsoft Windows and Microsoft Cloud.
Proficient in IT environment over architect, implement and Support VMware Virtualized computing, EMC Storage products, Unix, Microsoft Windows environments and DevOps Automation. I specialized in designing and Configuring the VMware environments, provisioning, Automation, Linux Administration and other daily IT operations.
The project aims to provide Installation, Configuration, Services and Support for INFRASTRUCTURE like VMWARE and WINDOWS/ Linux OS.
• Provided solution-based support to customers - Troubleshoot end to end solutions from that involves complicated issues across Servers, ESXI and VCenter.
• Managing the Red Hat Satellite Server for automation and Patching the 5000+ Redhat OS 5 and 6.
• Worked on NetApp Storage for NFS Datastore.
• Troubleshoot performance related issues in ESXI and WINDOWS/Linux OS.
• Provided the Global Supports in WINDOS/Linux Virtual Machines.
• Managing the 5000+ VM’s in ESXI4/5 using VCENTER with HA and DRS
• Day to Day troubleshooting issue in VMWARE, WINDOWS & Linux OS
As a member of the Application Team at CISCO, I worked in the R&D department collaborating with various clients to develop digital set-top-boxes and their software. Specifically, I handled applications in a Linux environment, and worked with QVB, multiplexer, and modulation technologies.
As a Linux Engineer in the Server Team at IBM, I managed and administered Linux servers in the Google Motorola Mobile Division and ING Vysa Bank Data Center. My responsibilities included overseeing patch management and ensuring the smooth functioning of the Linux infrastructure.
As a Network Engineer in the Video Conference Team at WIPRO, I managed and administered Video Conference units and Network Bridges for connecting users. I worked on L2 Switches and was responsible for managing the configurations of VoIP and Video Conference devices. My role involved ensuring reliable and high-quality connections for users during virtual meetings.
B.Tech in electronics and communication engineering
لقد تم حذف الرابط بسبب انتهاكه لسياسة الموقع. يرجى التواصل مع قسم الدعم لمزيد من المعلومات.