Responsible for leading the development of strategies, engineering conecepts, automated workflows, and the implementation of operational aspects to delivering modern application monitoring solutions for the organization.Manage Splunk environment architecture changes, design, as well as deployments such as ground up environment builds of all server roles. Assist clients in cloud migration efforts.Manage the end-to-end integration of log sources, ensuring proper parsing, event normalization, and enrichment for security monitoring.Design, configure and maintain log aggregation solutions, with a strong focus on data normalization.Implement and manage security event correlation and alerting rules to detect and respond to suspicious activities.Fine-tune and optimize log forwarding streams to avoid unnecessary noise, reduce false positives, and prioritize security-relevant dataDevelop and customize SIEM dashboards, alerts and reports to meet security monitoring needs.Develop and implement new SIEM detection correlation rules, and alerts for emerging threats and attack vectors.Identify opportunities for automating log ingestion, enrichment, and correlation within the SIEM to reduce manual effort and enhance detection.Experience with automating MITRE listed TTPs and ways to detect relevant IOCs and IOAsIntegrate various log sources in to Splunk for real-time monitoring and analysis.Created monitoring and diagnostic performance profiles of mission-critical applications.Responsible for data onboarding which may include application/add-on installation, custom parsing rules, and CIM compliance.Experience in optimizing data pipelines for performance and efficiency, handling large data volumes, and implementing best practices for data integrity and consistencyStrong analytical and problem-solving skills, with the ability to effectively prioritize and execute tasks

Extensive experience designing, deploying, and managing clustered Splunk Enterprise systems – Clustered Indexers, Search Heads, HTTP Event Collectors, and Forwarders.Experience in maintaining SIEM tools and components, such as log aggregators, forwarders, and data oberservability systems.Experience in performing continuous tuning and optimization of SIEM process, qureis, and searches to improve performance and efficiency.Conduct regular reviews of system health, ensuring high availability and reliability of the SIEM platform.Collaborate with security teams to understand usecases, refie detection capabilities and ensure appropriate data ingestion and analuysis.Stay up to date with latest security trends, Vulnerabilities, and technologies and apply them to improve the SIEM capabilities.Support and execute arrangements considering a full information lifecycle (Search & Investigate, Add Knowledge, Monitor & Alert, Report & Analyze).Experience managing data retention policies and performing index administration, maintenance and optimization, and configuration backups.Work with internal and external stakeholders to provide su pport and solutions for data collection and analysis.

Expertise in creating the Splunk app for Enterprise Security to identify and address emerging security threats through th use of continuous monitoring, and analytics.Hands on experience in developing custom dashboards, visualizations, configurations, reports and search capabilities using customized Splunk quries.Onbaording different data sources using syslog, HEC and scripted inputs.Experience in managing Splunk DB inputs to onboard Database logs.Administering Splunk with a wide variety of legacy data sources and industry leading commercial tools.Installing and configuring indexes, Search Head, Deployment servers on Amazon AWS.Knowledge of a Scripting language and UNIX command line.Experience in integrating Spluk with third party tools like Service now, Jira and Confluence.

Developed Splunk Search Processing Language (SPL) queries, created Reports, Alerts and Dashboards and customized them.Responsible for the study and analysis of the system design and implementation.Create a Dashboard views, Reports, lookups and Alerts for events and configure alert mails.Assigning User and role authentication including LDAP authentication and scripted authentication.Fetching the data from database using “DB Connect Application”Implemented workflow actions to drive troubleshooting across multiple event types in Splunk.