Professional Experience
- Reviewed detailed design documents across network/application security domains; provided feedback on design and approach.
- Built cyber-security lab; installed and configured Trellix (ePolicy Orchestrator).
- Drove Splunk infrastructure change management; configured forwarders, indexers, and search heads for new SSC clients.
- Developed custom Splunk forwarder parsing and AD Group Policies for automated agent deployment.
- Designed and deployed SolarWinds SCM monitoring (SNMP, WMI, PowerShell).
- Delivered MDE (Microsoft Defender for Endpoint) POC via MECM, including testing for air-gapped networks.
- Built custom packet capture / NetFlow generation integrated with Splunk ES.
- Deployed security controls (Nexpose, ClamAV, Zabbix, Ansible) and integrated alerts into Splunk and ELK.
- Deployed and configured Splunk Enterprise Security: log onboarding, detections, dashboards, and documentation.
- Built VMware-based sandbox to test cyber-security solutions; reviewed monitoring solution designs.
- Installed and managed VMs, tools, and sandbox software for evaluations.
- Developed functional requirements for CD-DAR, assessing firewalls, AV, IDS, and SIEM options.
- Investigated ML and data analytics approaches for future cyber-security capabilities.
- Assessed Splunk deployment health; aligned with best practices and use cases.
- Installed/evaluated Splunk apps; implemented health monitoring for forwarders, distributed search, and app deployment.
- Delivered staff training, documentation, work instructions; developed use cases and backups strategy.
- Note: Overlap with DND (Nov–Dec 2021) on an on-call basis.
- Developed Splunk apps and integrations for SOC automation; created dashboards and tuned tasks.
- Integrated Splunk Enterprise Security with ServiceNow SIR via REST; built custom Python app with XML dashboards.
- Rolled out GitHub Enterprise-based revision control for Splunk configs; trained SOC personnel.
- Customized ServiceNow Security Incident Response; translated ArcSight content to Splunk rules and Syslog-NG.
- Designed and deployed QRadar SIEM architecture for insider threat detection.
- Integrated Windows events via Splunk UF to QRadar; resolved parsing and ingestion issues.
- Built detection content, rules, and reports; coordinated with application and network teams.
- Administered Linux systems, upgrades, patches, permissions, disk partitioning.
- Reviewed ArcSight attack detection model (rules, reports, dashboards, active channels).
- Integrated ePO, CyberArk, Tanium; updated network model and threat content relevance.
- Built automated TAXII/STIX threat intel ingestion to ArcSight using Python; onboarded CCTX and other feeds.
- Optimized SIEM licensing via content rationalization and event routing.
- Managed ArcSight lifecycle; built custom threat content and resolved event flow/performance issues.
- Developed customer web portal (Java, C#) with database integrations; implemented security controls (CSRF, XSS).
- Created custom connectors and APIs; delivered reporting for compliance and SOC use cases.
- Transitioned from testing to development; later focused on MSS for automation and security tooling.
- Built automated IDS signature distribution and exception logging; created Linux malware scanning/reporting.
- Authored SOC incident management app (C#) and external client portal for service-level reporting and communications.
- Integrated numerous security tools with ArcSight; built parsers, rules, automation, and compliance dashboards.
- Provided 2nd level support; collaborated with NOC on connectivity and email issues.
- Developed real-time issue tracking system for the call center.