Project 1 - Maxis Communications, Malaysia [Nov. 2023 to Present] Role - SOC Manager

·       Developed Incident Report, Standard Operating Procedure (SOP), System Management and Tools Documentation (SMTD), and Root Cause Analysis (RCA) for optimizing operational efficiencies while minimizing risk to SOC environment.

·         Collaborated with key stakeholders across the organization to identify areas for improvement within existing processes.

·         Negotiated contracts with vendors for better pricing terms and services.

·         Designed training programs to ensure operational standardization of protocols.

·         Researched and developed innovative mitigation and detection strategies based on industry trends and client feedback.

·         Evaluated and updated existing detection content, leading to a 10% improvement in system accuracy and threat visibility.

Key Achievements:

·         Developed 50+ use cases aligned with MITRE ATT&CK, resulting in a 20% reduction in the mean time to detect threats.

·         Enhanced logging configurations, leading to a 10% improvement in threat detection rates.

Project 2 - Bank of America [Jul. 2022 to Nov. 2023] Role- Site Reliability Engineer

·         Solved 500+ Jira tickets related to issues in Multi-Cluster Splunk Enterprise.

·         Stabilized Splunk performance by the ulimit value in limits.conf. increased the default queue size value in server.conf

·         Deployed production changes to the Splunk by Continuous Integration/ Continuous Development (CI/CD) pipeline

·         Troubleshoot major Splunk issues in Splunk such as issues in (A) Data Replication / Forwarding (B) Timestamp (C) Event Truncation (D) App Deployment (E) Configuration (F) Retention Policy (G) Access (H) Parsing

Project 3 - Bayer SOC Environment [Feb. 2021 to Jul. 2022] Role- Senior Security Consultant

·         Integrated Splunk with Pega Cloud, Splunk DB Connect, and Splunk App for Infrastructure.

·         Performed log analysis and troubleshooting for suspicious traffic. Developed regex expression to extract the data.

·         Normalized the data using the Common Information Model. Identified the incident's root cause and mitigated it.

·         Onboarded data to Splunk using Syslog, Agent-based, API, DB Connect, HTTP Event Collector

·         Administered Universal Forwarders using Splunk Deployment Server, created server class

Project #4 Project Title: DC HA Active Active Duration: 19th Aug 2020 to 18th Dec. 2020

Role - Area:  Splunk Developer – Developer      

Skill Used: Splunk Enterprise, Splunk Enterprise Security 

Description:  

• Secure Now is a client developed authentication and risk identification service 
• Anybody who wants an authenticated entry for financial or any other secured transaction can use this 
• Client wants to monitor IIS Failure and App Tier Failure for Secure Now using Splunk 
• Dashboard needs to be created to monitor these failures. Alerts should be created to notify any failure 
• On every triggered alert python script should run which can split the traffic to other server

 

Responsibility:     

• Use Splunk Enterprise 8.0.6 and monitor the three server errors 
• Create separate alert and dashboard panel for each error. Analyze IIS Failure Error at the client's Infrastructure.
  

Project #5 Project Title: Teller disk monitor Duration: 10th Jul. 2020 to 16th Oct. 2020

 Role - Area:  Infrastructure Monitoring Expert and Developer  

Skill Used:  Splunk Enterprise, Solarwinds, Dynatrace
 

Description:   
Objective

• Establish monitoring and alerting for disk space utilization; if monitoring exists, determine why existing monitoring failed  

SOW Services and Deliverables  

• Discover and analyze the disk configuration details for Teller application along with configuration and monitoring alerting setup for
  storage infrastructure 
• Identify and document the storage monitoring requirements and modify the current design to address the gaps 
• Build, test and implement modified monitoring alerting 
• Monitoring alerting requirements for disk space utilization. Technical design for modified monitoring and alerting 
• Updated dashboard and alerts, Testing artifacts, Weekly status report

Responsibility:  

• Create a alerting and monitoring system to disk space utilization using Solarwinds SRM and Dynatrace Platform  
• Install all required software and configured the server to established a desired monitoring 
• Create a Dashboards and Alerts using Splunk Enterprise 8.0.6 
• Interact with the client to understand their requirement in detail 
• Design Infrastructure Monitoring set up using Splunk App for Infrastructure 
• Install Universal Forwarder on various servers to monitor their logs using Splunk 
• Configure HTTP Event Collector in Splunk to establish its communication using SAI
  

Project #6 Project Title: Splunk project deployment suggestion Duration: 20th Feb 2019 to 10th Jul. 2020

Role - Area:  Splunk Consultant – Others     

Skill Used:  Splunk 7.x, Splunk Enterprise Security
 

Description:   

• Client wants the suggestion to purchase the Splunk License 
• Suggestion required deploying the Splunk Enterprise at client’s infrastructure 
• Different users need to create for using the Splunk Enterprise 
• Privileges are distributed to each user as per the decision of management 
• Provide inputs for identifying best fit architectural solutions for deployment of Splunk

 

Responsibility:  

• Provide consultation for deploying the Splunk at clients infrastructure 
• Create various users, power user, customize user accounts in Splunk 
• Assist client to meet their Splunk related requirements 
• Provide inputs for identifying best fit architectural solutions for deployment of Splunk 
• Assisting users to customize and configure Splunk in order to meet their requirements

Project #7 Project Title: IoT device performance monitoring Duration: 14th Nov. 2018 to 31st Jan. 2019

Role - Area:  Splunk Developer – Developer      

Skill Used:  Splunk Enterprise 7.x
 

Description:  

• Client wants to connect IoT device with Splunk and monitor the IoT devices from remote location 
• Real time performance monitoring of IoT device should be establish 
• Any unexpected condition of IoT device should be notified through email

 

Responsibility:  

• Configure HTTP Event Collector in Splunk. Write a token of HTTP event Collector in IoT Device 
• Establish the connection between IoT Device and Splunk. Monitor the logs received by IoT device to the Splunk 
• Create the alert on any unexpected behavior of IoT Device 
• Create the documents and presentations to explain the step by step procedure of IoT device interaction with Splunk.

Project #8 Project Title: Design a Splunk App for Web Application Duration: 11th Aug.2018 to 31st Oct. 2018

Role - Area:  Splunk Developer – Developer      

Skill Used:  Splunk 7.x
 

Description:  

• Client needs Splunk app by which user can interact with their website 
• Client has given various parameters which should be included in interactive dashboard of this Splunk app 
• Client wants to monitor the behavior of Splunk App for each user at their Splunk Enterprise Master server.

 

Responsibility:  

• Design a floor plan to create Splunk App. Design a Splunk App to monitor the behavior of web application 
• Insert an interactive cascaded dashboard in this Splunk App to facilitate the customer interaction with Web Application 
• Configure HTTP Event Collector to establish the communication between Splunk App and Splunk Master 
• Design a document with detail procedure of Splunk App creation 
• Design a presentation to explain the use of Splunk App to satisfy the client requirement.

Project #10 Project Title: Remote Performance Monitoring Duration: 30th Jun. 2016 to 30th Nov. 2016

Role - Area:  Splunk Consultant – Developer      

Skill Used:  Splunk 6.x
 

Description:  

• Client wants to monitor the performance of their web application and network using Splunk 
• Client should be notified on any unexpected behavior of network or web application 
• Dashboard should be created to show various KPIs and control points

 

Responsibility:  

• Install Universal Forwarders and observe all essential log files of server through Splunk 
• Provide training on the recommended tool and network 
• Analyze the performance of infrastructure with scheduled dashboard and alerts 
• Create document with detail step by step procedure to monitor the whole IT infrastructure using Splunk.