Senior Security Engineer
Current* Architected and implemented the Splunk Enterprise Security (ES) deployment. This included right-sizing the environment to meet the additional search and indexing load, configuring access control, implementing the Assets and Identities framework using data from multiple sources, and following best practices.* Created a detection as code pipeline to enable the SOC team to keep security detections in our code repository and deploy them to the environment in a controlled, consistent and automated way.* Implemented detections from publicly available Sigma rules and Splunk’s Enterprise Security Content Updates (ESCU) as well as created custom detections. Performed detection tuning based on SOC analyst feedback.* Automated processes such as patching the systems in the Splunk environments, and created a CI/CD pipeline for pushing Ansible code to the various Splunk environments.* Onboarded data from numerous sources, such as infrastructure data from cloud vendors such as Azure and GCP, EDR, static code analysis tools and others. This included transforming and reducing data using Cribl.* Evaluated and implemented best practices in distributed Splunk Enterprise deployment. Created architecture design diagram, documented architecture, data catalog and administration processes.