ysusmitha 16081998

Specialist / SOC Analyst

6+ yrs exp 90 · Outstanding

About

Self-motivated, passionate, and organized IT professional with strong analytical, troubleshooting, and problem-solving skills in Splunk Administration, Cybersecurity, SIEM/SOC Monitoring, and Infrastructure Support. Extensive knowledge of Splunk architecture, machine data analytics, operational intelligence, and cybersecurity monitoring across enterprise environments.

Skills & Expertise (74)

Splunk Enterprise Expert

9.2/10

Years Exp

SIEM Expert

9.0/10

Years Exp

SOC Monitoring Expert

9.0/10

Years Exp

Threat Detection Expert

8.8/10

Years Exp

Incident Response Expert

8.7/10

Years Exp

DHTML IBM Websphere WebLogic Apache Tomcat SOAP Services REST APIs XSLT XML JavaScript Shell Scripting HTML Parsing Indexing outputs.conf inputs.conf transforms.conf props.conf Git System Testing System Integration UML OOAD Requirement Analysis Agile Methodology SDLC Docker JBOSS Jenkins Azure AWS C++ Java Bash Sybase Python Red hat LDAP RBAC Security Analytics log correlation SIEM Monitoring SOC Operations Ubuntu CentOS PKI UNIX LINUX Windows 10 Windows Server Splunk ITSI Splunk Enterprise Security Splunk Cloud Reporting DB2 MySql MS SQL Server Oracle 10g Oracle 11g Infrastructure Monitoring KPI Monitoring Data Visualization MS Access Alerting Dashboard Development PCI-DSS SOX Compliance Monitoring TLS SSL

Work Experience

Specialist / SOC Analyst

HCL

Jan 2020 - Present

Designed and implemented highly available Splunk Enterprise infrastructure by configuring clustered environments across multiple data centers. Installed, configured, administered, maintained, upgraded, and supported Splunk Enterprise servers and Universal Forwarders across Linux, UNIX, and Windows platforms. Architected and implemented distributed Splunk environments including Search Heads, Indexers, Deployment Servers, License Masters, Heavy Forwarders, and Universal Forwarders. Implemented Splunk Enterprise Security (ES) for SIEM/SOC monitoring, cybersecurity analytics, threat detection, incident response, and security event correlation. Monitored security incidents, suspicious activities, unauthorized access attempts, and abnormal behavior using SIEM dashboards and Splunk correlation searches. Worked closely with SOC teams to investigate security alerts, analyze logs, identify threats, and support incident response activities. Created correlation searches, notable events, alerts, and dashboards for proactive cybersecurity monitoring and threat intelligence. Integrated logs from firewalls, IDS/IPS devices, VPNs, Windows event logs, Linux security logs, and enterprise applications into Splunk for centralized security monitoring. Performed field extractions, transformations, regex parsing, event correlation, and log normalization using Splunk configurations and SPL queries. Designed, optimized, and supported enterprise Splunk solutions for infrastructure monitoring, cybersecurity monitoring, and operational intelligence. Installed and configured Splunk Universal Forwarders and Heavy Forwarders to onboard logs from servers, databases, applications, middleware, and network devices. Supported Splunk version upgrades, migration activities, and deployment standardization across enterprise environments. Created advanced dashboards, reports, alerts, KPI visualizations, SOC dashboards, and operational monitoring solutions using Splunk SPL and XML-based dashboard customization. Monitored Splunk infrastructure for indexing performance, license utilization, forwarder health, search performance, scalability, and capacity planning. Worked extensively with Splunk DB Connect for real-time integration with Oracle, SQL Server, MySQL, and other enterprise databases. Managed Splunk Searching & Reporting modules, Knowledge Objects, Lookups, Dashboards, Clustering, and Forwarder Management. Performed monitoring and troubleshooting of Splunk internal logs including splunkd.log, metrics.log, and indexing-related issues. Configured Syslog servers and implemented log forwarding using TCP/UDP protocols for centralized log collection and security monitoring. Implemented security best practices including RBAC, LDAP integration, PKI, SSL/TLS, authentication, authorization, and secure access management. Supported compliance monitoring activities for SOX, PCI-DSS, HIPAA, audit logging, and enterprise governance requirements. Configured Splunk forwarders to filter and mask sensitive customer data using props.conf and transforms.conf configurations. Reduced Splunk license utilization by filtering unwanted events at Heavy Forwarder level using null queue configurations. Developed proactive monitoring alerts and automated monitoring solutions for infrastructure, applications, cybersecurity threats, and security incidents. Worked closely with SOC, infrastructure, database, and application teams for incident analysis, root cause investigation, and monitoring optimization. Created and maintained operational documentation, cybersecurity procedures, deployment guides, upgrade documents, and knowledge transfer sessions. Performed 24x7 production support, incident management, troubleshooting, and on-call support for critical Splunk and SOC environments. Developed Shell and Python scripts for Splunk automation, monitoring, forwarder deployment, log analysis, and administrative activities. Monitored WebLogic, JBoss, Apache Tomcat, database logs, middleware applications, and server infrastructure for application performance and security event analysis. Administered MS SQL Server user access, permissions, roles, groups, and database security management activities. Worked on machine data analytics, operational intelligence, threat monitoring, customer activity tracking, and enterprise security monitoring solutions using Splunk. Performed vulnerability monitoring, log auditing, and anomaly detection to identify potential security risks and operational issues. Assisted cybersecurity teams in security investigations, threat hunting activities, forensic log analysis, and incident remediation support.