| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
McDonough, GA Street Address PHONE NUMBER AVAILABLE EMAIL AVAILABLEAuthorized to work in the US for any employer.SUMMARY15 years of extensive IT work experience including cyber security, managing information systems, hardware/software support, building health informatics systems, data analytics and linux administration. Broad Splunk administration and content development experience with (Tele Communications companies, Armed Forces, Healthcare, Federal Government and Banking industries). Passionate about teaching, learning and assisting individuals, leaders, and teams meet and/or surpass organizational goals. Authorized to work in the US for any employer.SOFTWARE AND SYSTEMSOperating Systems: Red Hat, UNIX, Linux, Windows ServerManagement: SAN storage, Splunk Enterprise, Splunk Enterprise Security, Cloud, SolarWinds Orion, REST, Ansible, Nessus Tenable, NAGIOS, GIT, Google Cloud Platform, AWS CloudProgramming: Bash, Python, Perl, Regex, XML, HTML, CSS, SPL, JavascriptVirtualization: VirtualBox, VMware ESXi, VCenter, AWS, Remote access, Power BI, Microsoft Hyper-V, VMware vSpere, VMwarevCenterOther: Apache HTTP Server, Splunk Cloud, Apache Tomcat, PRISMA, Cloud Infrastructure, Okta, Apache Hive, SIEM, API, ETL, ELT, serverless. Spark, Hadoop, Jira, XML, ServiceNow, Rally, Azure Dev Ops, GitHub, Cisco ASA, AWS, AGILE, MySQL, Software development, Data Warehouse, ConfluenceWORK EXPERIENCEInformation Security Specialist/ Senior Splunk EngineerNew York Federal Reserve Bank, New York, NYMarch 2024 - CurrentManaged Splunk incident response, monitoring, and content development to ensure a robust security posture.Monitored the performance and health of log sources ingested into Splunk SIEM.Investigate internal threat access security incident anomaliesLeveraged IAM Identity and Access Management to enhance security at a financial institution, utilizing Splunk and SailPoint.Developed and maintained Splunk dashboards, alerts, and reports to enhance threat detection and response capabilities.Coordinated with cross-functional teams to manage and resolve security incidents efficiently.Implemented Identity and Access Management (IAM) policies and procedures to ensure secure and compliant access controls.Utilized Security Information and Event Management (SIEM) tools to analyze security events and automate response processes.Automated repetitive security tasks to improve efficiency and reduce manual intervention.Conducted regular security assessments and audits to identify and mitigate potential vulnerabilities.Collaborated with stakeholders to develop and enforce security best practices and policies.Provided training and support to team members on Splunk, IAM, SIEM, and automation tools and practices.Established partnerships with compliance teams, data owners, and other key stakeholders to monitor security compliance logs in Splunk Enterprise Security.Corporate Information Cybersecurity Analyst/ Splunk DeveloperTruist Bank, HighPoint, NCMay 2020 March 2024Extensive background (9+ years) in content development, monitoring, identity, and investigation incidents, including systems and web application attacks.Hands-on experience customizing Splunk dashboards, visualizations, configurations using customized Splunk queries, and maintaining Splunk framework.Worked directly with vendors and application owners to collect and ingest security log data from Internet-facing, money movement, mission-critical, and regulatory sources into Splunk Enterprise Security.Experienced in data ingestion and normalization through CIM (Common Information Model) compliance.Troubleshoot and resolved Splunk-related issues, collaborating with System Administrators and Splunk support teams as needed.Applied detection and response concepts to both On-Premises and Cloud environments (AWS, Azure, GCP).Worked with security and analysis frameworks (MITRE ATT&CK, Kill Chain, NIST Incident Response, CIS, etc.)Engaged with customers to understand their security requirements and tailor Splunk SIEM solutions accordingly.Conducted correlation search security alert reviews, alert tuning, and content development requests from ServiceNow.Developed custom content, reports, and dashboards within Splunk SIEM to provide insights into security posture and incident trends.Developed correlation rules within Splunk SIEM to support proactive alerting and threat identification.Prepared written documentation on Splunk infrastructure, Standard Operating Procedures (SOP), and best practices.Used Splunk Enterprise Security to respond to incidents and integrated Palo Alto logs into Splunk.Coordinated with risk groups to develop initiatives and corrective actions addressing gaps in risk processes and controls.Senior Information Security, Risk, and Governance Analyst/ Splunk AnalystDeloitte, Charlotte, NCNovember 2018 - May 2020Prepared written documentation on Splunk infrastructure, Standard Operating Procedures (SOPs), and best practices. Performed upgrades and updates to the Splunk application.Collaborated with technical leads to develop comprehensive log ingestion strategies in Splunk SIEM.Provided Splunk support to armed forces, healthcare, federal government, and financial industries.Configured and maintained Windows/Linux Splunk apps for data ingestion and application layer Splunk apps.Developed and implemented comprehensive security frameworks and risk management strategies.Utilized advanced analytics and monitoring tools to fortify the institution's defenses against cyber threats.Wrote and executed scripts to analyze and determine the daily security posture of employees, ensuring ongoing vigilance and security compliance.Developed correlation rules within Splunk SIEM to support proactive alerting and threat identification.Tracked network threats and attacks by running correlation searches on Splunk ES and identifying malicious actors on networks with Splunk Enterprise Security.Designed and integrated Splunk dashboards for reporting, intelligence, big data, and network security, as well as creating Splunk alerts and reports.Established partnerships with other compliance teams, data owners, and key stakeholders.Coordinated with other risk groups to develop initiatives and corrective actions to address gaps in risk processes and controls.Designed and implemented Splunk architecture (indexer, deployment server, search heads, and forwarder management), and created/migrated existing dashboards, reports, and alerts on a daily/weekly schedule to provide the best productivity and service to the business units and stakeholders.Senior Cybersecurity AnalystHoneywell Aerospace, Tempe, AZJuly 2018 - October 2018Designed, supported, and maintained a high-availability Splunk deployment that was distributed, multi-clustered, and multi-tenant.Oversaw the activities of the SOC team.Managed Splunk components (UF, HF, DS, MC IDX, SH) and built Splunk dashboards and queries to analyze data for anomalies and trends.Worked on SIEM content creation, deployment, and monitoring, and created users and roles.Assisted with architecture planning, including setting replication and search factors.Correlated events from various sources (e.g., network, OS, anti-virus, IDS/IPS, firewalls, proxies) and analyzed them for potential threats.Conducted vulnerability scanning and assessments using tools such as Tenable Security Center, Swimlane, Tripwire, Big Data, Trustwave Db Protect, and HP Web Inspect.Participated in the preliminary planning and implementation of Continuous Diagnostics & Mitigation (CDM) tools, including IBM BigFix, Splunk, and Tripwire.Designed, developed, implemented, and enforced system security policies, standards, guidelines, and procedures to ensure NIST and PCI regulatory compliance.Created SIEM compliance alerts for security events on IDS and IPS.Provided technical expertise in security risk management and security architectures and implementations.Performed routine security functions for risk detection, prevention, and response, and monitored security systems and events to detect, investigate, and mitigate threats.Application EngineerHut Solutions LLC, Columbia, SCJanuary 2015 - June 2018Assisted the Splunk Architect in designing the Splunk infrastructure and implementing the design, including configuring clustered Indexers and Search Heads, setting up a Deployment Server, and installing Universal Forwarders on servers and network devices.Managed license renewals and opened cases with vendors as needed.Selected and configured robust Key Exchange algorithms to enhance security.Managed and optimized Message Authentication Codes (MACs) for data integrity.Configured and maintained secure Cipher suites on servers to uphold encryption standards.Continuously refined and tuned correlation rules based on analysis of security events and incidents.Troubleshot and resolved data ingestion-related issues, working with other System Administrators and the Splunk support team as necessary.Created Dynatrace knowledge objects (e.g., reports, dashboards, alerts, event types, tags) and performed field extractions using REGEX.Managed users access, including onboarding new users and setting and revoking Active Directory group privileges.Provided guidance and support to internal teams on best practices for utilizing Splunk SIEM effectively.Conducted integration testing and collaborated with professional services and technical consultants.Prepared written documentation on the Splunk infrastructure, Standard Operating Procedures (SOPs), and best practices.Created training materials to show new Splunk users how to properly use Splunk apps.Consulted on Splunk applications, Splunk add-ons, and tools to continuously improve operational efficiencies in the IT Operations unit.Systems AdministratorVerizon, Atlanta, GAMay 2012 - December 2014Deployed Splunk forwarders on servers and workstations, and installed and configured Splunk technical add-ons.Created custom add-ons to onboard data and set up new indexes, ensuring that retention and archive policies were followed.Set up and updated cron jobs and monitored disk capacity on mount points.Troubleshot and resolved initial Splunk-related issues, working closely with Splunk support and System Administrators.Conducted regular backups and recovery operations to protect data integrity and availability.Administered and maintained enterprise-level telecommunications systems, including PBX and VoIP solutions.Configured and managed firewalls, VPNs, and other network security devices to safeguard company assets.Performed hardware and software installations, upgrades, and patches to ensure systems are up-to-date and secure.Provided technical support and troubleshooting for end-users, addressing hardware, software, and network-related issues.Developed and enforced IT policies and procedures to maintain compliance with industry standards and regulations.Implemented and managed virtualization technologies, including VMware and Hyper-V, to optimize resource utilization.Configured Apache and MySQL, and successfully migrated servers to different locations.Updated Active Directory to add new users, set permissions, and wrote new firewall rules (access rules and reverse access rules).Secured Linux systems, performed patch and package administration, and provided customer support.Created home dashboards to monitor ingestion and feeds for private network performance, integrating Splunk with LDAP.Documented team Standard Operating Procedures (SOPs) and planned and executed server maintenance.Fixed vulnerability findings and implemented the onboarding process of Splunk Enterprise 6x in a multi-tiered distributed environment.EDUCATIONBachelors in SociologyVirginia State University 5/2000Master of Public AdministrationTroy State University 1/2010Master Information SystemsKeller Graduate School of Management 12/2012CERTIFICATIONS AND TRAININGSplunk Enterprise Certified Power UserSplunk Enterprise Certified AdministratorSplunk Enterprise Security (through Splunk University)Splunk IT Service Intelligence Certified Administrator (ITSI)Splunk Advanced Cluster Administration Bootcamp (through Splunk University)Splunk Troubleshooting Bootcamp (through Splunk University)Implementing Splunk IT Service Intelligence (ITSI) Bootcamp (through Splunk University)Splunk SIEM (Security Information and Event Management) Bootcamp (through Splunk University)Splunk Phantom Administration Bootcamp (through Splunk University)Splunk Security Analyst Bootcamp (through Splunk University)Splunk Security Essentials Bootcamp (through Splunk University) |
