Install, configure, and maintain various components of Splunk enterprise, like forwarders (universal and heavy), search heads, indexer, deployment manager, license master etc. on RHEL systems on cloud environmentAdministering Splunk and Splunk App for Enterprise Security (ES) log management, ingestion, normalization.Splunk data integrations with business-critical enterprise applications and systems.Develop specialized Splunk Security and Compliance applications, add-ons, data models, dashboards, content using Splunk SPL.Develop custom risk scoring to weed out white noise and only show actionable incidents to SOC AnalystsDevelop Dashboards for Security Analysts with detailed drill down capability for incident response.Adopt a use case driven mindset to gather requirements, conduct analysis, and develop/deploy threat detection content and investigation workflows for security operationsDevelop triage workflows for analysts to assign and track ongoing investigations.Knowledge and implemnt of SIEM technologies including SOAR.implemnt nids(snort v3) and integrate with siem (snort v3)

Since 2017 , I have been working as a consultant for information technology and part - time with the Dibariss textile company .The design of the network infrastructure and consulting in the use of new devices within the organization for more efficiency.The textile company has operated in the field of yarn production and includes 3 offices and a factory.1-VPN Server2-Configure IIS3-Configure FW Fortigate Rule & Kerio Control UTM4-Configure Vcenter & Manage VM5-Define Policy In Eset Smart Security v8.0 & Kaspersky Antivirus v10.06-Microsft Services Based on Windows Server 2012 R27-Citrix Virtual Apps (formerly XenApp) & Tsplus

Arman Economic Leaders Group works in the field of providing IT technology for Export Development Bank .Since 2019, I have worked in the SOC section.I first met with banking services and began operating at the same time as SOC.With regard to security periods on the SOC of knowledge, I have improved my knowledge and made my work more efficient with regard to existing equipment within the bank as well as available access, and I can find a better understanding of the performance of the machines in different layers.Descriptions of tribes and items done in the section:.Works with Splunk SIEM infrastructure. Monitore events, response to incidents and reporte finding. Analyse security event data from the network (IDS, SIEM). proactively look for suspicious anomalous activity based on data alerts or data outputs from various toolsets and SIEM platform.Perform network traffic analysis using raw packet data, network flow, Intrusion Detection Systems (IDS), and custom sensor output from communication networks.. Work with protocols at layers 2 and higher in the OSI model, to include ARP, TCP, UDP, ICMP, DNS, Telnet, SSH, HTTP, SSL, SNMP, SMTP, and other common protocols that use the well-known ports.. Providing shift handover reports for documentation and knowledge transfer to subsequent analysts on duty. Operate As 24 * 7 * 365 responsible for responding to security incidentsIt should be mentioned that I have been teaching Sans 504 to the work department for 20 hoursIn centralized, I am mostly acquainted with the following items during the working period.1-Fortigate2-FortiAnalyzer3-Fortiweb4-Splunk5-Sophos6-Symantec Messaging Gateway