About
Results-driven SOC and Splunk Security Engineer with 4+ years of experience in Splunk Development, Splunk SIEM, Security Operations (SOC), and enterprise log analytics. Experienced in designing, deploying, and optimizing distributed Splunk environments, developing SPL-based detections, and building security monitoring dashboards for real-time threat visibility. Proven ability to improve security monitoring by developing correlation searches, threat detection rules, and automated alerts that strengthen incident response and threat hunting capabilities. Skilled in network security monitoring, log onboarding, CIM normalization, and MITRE ATT&CK mapping to identify suspicious activity and reduce detection time. Hands-on experience working with Networking protocols, security devices (Firewall, IDS/IPS), AWS integrations, and large-scale log pipelines. Adept at collaborating with SOC teams and stakeholders to deliver actionable insights, accelerate incident investigations, and enhance security posture across enterprise environments.
Skills & Expertise (29)
Work Experience
Associate Consultant
Birlasoft
Jun 2024 - Present
Developed and optimized Splunk SIEM detections and correlation searches to identify security threats including brute-force attacks, unauthorized access attempts, and suspicious login activities. Built SOC monitoring dashboards providing real-time visibility into malware activity, authentication anomalies, and network security events. Onboarded logs from Windows, Linux, network devices, databases, and HEC sources, enabling centralized security monitoring across enterprise infrastructure. Implemented CIM-based normalization and data model optimization, improving search performance and accelerating security investigations. Designed advanced SPL queries using joins, lookups, and transforming commands to generate actionable security insights. Developed custom dashboards and reports using XML configurations, tokens, and base searches to enhance performance and usability. Created automated alerts with throttling and cron-based scheduling, reducing manual monitoring effort for SOC teams. Integrated Splunk with AWS services, enterprise SSO systems, and multiple technology add-ons to extend monitoring capabilities. Monitored security events from firewall, proxy, IDS/IPS, and Active Directory logs, enabling faster identification of potential threats. Mapped detection rules and alerts to the MITRE ATT&CK framework, improving threat classification and incident response workflows. Created ServiceNow incident tickets for detected threats and coordinated with security and infrastructure teams for remediation. Developed dashboards to analyze network performance issues such as latency, packet loss, and connection failures. Managed Splunk knowledge objects including macros, event types, tags, calculated fields, and lookups to optimize data correlation. Delivered Splunk POCs and onboarding sessions for internal teams and stakeholders to demonstrate data flow and operational use cases. Automated operational tasks and health checks using cron jobs and shell scripting.
IT Analyst
LTI Mindtree
May 2022 - Apr 2024
Installed, configured, and maintained Splunk Enterprise environments in distributed and clustered architectures. Designed and implemented search head clusters and indexer clusters to support large-scale enterprise logging infrastructure. Onboarded and parsed logs from multiple data sources, ensuring accurate field extraction using regular expressions and Rex command. Developed SPL-based searches, reports, and alerts to support proactive monitoring and incident detection. Troubleshot and resolved issues related to indexers, search heads, and forwarders, ensuring high availability of logging infrastructure. Supported the deployment and configuration of Splunk Enterprise Security (SIEM) for enhanced security monitoring. Performed data validation, log normalization, and indexing optimization to improve query performance. Implemented disk space optimization and maintenance strategies for Splunk components. Collaborated with Splunk support teams to resolve technical issues and manage licensing. Maintained sandbox and testing environments for validating new configurations before production deployment.
Education
B.Com Computer Application - Albedo School of Business Management
- 2022 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Need Sponsorship
Relocation
Open to Relocation
Skills (29)
Click a skill to find developers with the same skill
