SIEM
Highlights
I bring a wealth of SIEM proficiency with a focused expertise in Splunk, Exabeam, and IBM Qradar. Excelling as a Splunk Engineer and Cyber Security Improvements Engineer, my roles encompassed optimizing software and performance, contributing to global security solutions, and showcasing a versatile skill set within SIEM frameworks.
Splunk
In pivotal roles as a Splunk Consultant and Automation Expert, I have successfully contributed to various initiatives, seamlessly integrating platforms, optimizing workflows, and implementing tailored solutions. Highlights of my achievements include:
- Monitored and Maintained Splunk ITSI & Telemetry, ensuring effective oversight and management of IT Service Intelligence and Telemetry functionalities.
- Implemented Splunk - ServiceNow SIR module, playing a key role in seamless integration.
- Troubleshot Log Sources in Error (LSE) and forwarders in Splunk, developing automated solutions for efficient detection and resolution.
- Customized scoring, SLAs, and processes for Vulnerability Management in Splunk and ServiceNow.
- Developed a customized File Integrity Monitoring (FIM) solution using Carbon Black enriched events and a specialized Splunk App.
- On-boarded new data sources to Splunk, configuring forwarders and parsing/extracting fields for IR team use.
- Developed alerts, dashboards, and reporting using Splunk, ensuring effective monitoring and maintenance of Splunk ITSI & Telemetry.
- Documented alerts with playbooks for on-call responders and managed the onboarding of services to Splunk.
- Conducted threat hunting and investigation of anomalous data.
- Installed, configured, and maintained the Splunk framework and associated product suites.
- Analyzed, architected, tested, and documented the deployment strategy of Splunk infrastructure.
- Delivered Splunk reports/data to external tools like ServiceNow.
- Implemented dashboards in test and production environments, reporting on the overall system health and performing Incident & Event Management.
- Provided knowledge transfer to team personnel on Splunk solutions and elaborated on Splunk DevOps.
- Managed Splunk Data Modeling, fixing related issues, and monitored log source outages collaboratively with the onboarding team.
- Occasionally worked on weekends for patching and platform maintenance.
- Developed Splunk system enhancements, configurations, and onboarding new data feeds.
- Utilized Splunk search language to support fraud mitigation efforts and managed Splunk Enterprise with Universal Indexing, Search & Investigation, Monitor & Alert, Report & Analyze, Custom Dashboard & Views, Platform for Apps, and Developers.
Exabeam & Qradar
In a dynamic role as a Cyber Security Improvements Engineer, I played a vital part in enhancing security platforms, with a focus on Exabeam Radar. Key accomplishments include:
- Troubleshot Log Sources in Error and Event Collectors on various platforms, such as Linux, Windows, F5, and Firewall devices, ensuring seamless integration with Qradar, Exabeam, and AlertLogic. Employed Python and ElasticSearch API scripting to generate inventory and Log Source in Error reports from Exabeam, enhancing operational efficiency.
- Managed and maintained critical security platforms globally, overseeing SIEM (Qradar & Exabeam), threat intelligence (Anomali), and incident response toolsets like Exabeam Data Lake, Incident Responder, and Advanced Analytics (Searches, Visualisations, Dashboards, Use cases – Mitre Att&ck).
- Administered and maintained Qradar console, events & flow collectors/processors, and data nodes, ensuring optimal performance and resolving issues promptly.
- Supported the migration from Qradar to Exabeam, efficiently handling the off-boarding/on-boarding of logs.
- Utilized QRadar for comprehensive aims, including observing full visibility into the global network, application, and user activity, real-time correlation, analyzing login activity for potential malicious login identification, and investigating endpoint activity to detect malware infections before causing damage to business operations.
Why don't Splunk queries ever go to parties? Because they're always too busy searching for the best "group BY" clause!