IBRAHIM K

• Led the incident commander call for multiple security incidents.
• Fine tuned multiple Splunk alerts and updated SOPs which resulted in 30% reduction in the alert generation.
• Created 10+ new Use Cases in a short time period based on the new requirement.
• Reviewed internal systems and organized training plans to address areas in need of improvement.
• Conducted training sessions for the team members
• Mentored junior team members, sharing expertise, knowledge, and best practices to enhance overall team performance.
• Conducted regular reviews of operations and identified areas for improvement.

• Installed, configured and maintained multi-site Splunk enterprise environment for SOC monitoring
• Responsible for Onboarding Critical applications to SIEM Solution (Splunk) after analyzing security events for its availability and quality of minimum required fields
• Onboarded 100+ applications in 6 months to Splunk Solution for Monitoring after analyzing feasible solutions of integration
• Managed team of 10 resources working in Security Analysis and Onboarding of Data to Splunk solution
• Performed Risk Assessment for unavailability of security events from application and also for missing Mandatory fields that are required on Data
• Worked Directly of F4 audit Documentation relating to security Monitoring and evidence collection for one of major Bank in Europe
• Worked directly with multi-disciplined team structure, onboarding hundreds of infrastructure and business applications to SIEM solution
• Prepared 20+ Run books, deployment guides for Data collection and Troubleshooting

Worked as Splunk architect and Senior SOC Analyst with one of the most valuable clients (SAP) of Schweickert company in the area of Global Network Services. The main responsibility is to build Splunk platform for the customer to enable them to run their security use cases on top of it and maintain the stability of the Splunk platform. Also responsible for managing the Linux High Availability Cluster for the syslog to have effective logging with no or very limited log loss.

The day to day work activities involves below responsibilities:

• Configured and administered Splunk environment (78+ components) to support needs of SOC
• Maintained health of SIEM tool and ensured high availability and performance with available resources
• Designed and documented data on-boarding in Splunk
• Configured and managed syslog servers in high availability cluster
• Monitored complete functionality of Splunk infrastructure by implementing different levels of checks on log flow (scripts, Nagios, DMC)
• Resolved multiple issues that popped up as result of monitoring, involved Splunk support whenever needed
• Implement scripts to interconnect Splunk with external ticketing tools (spectrum, SPC)
• Managed Lifecycle management of complete Splunk infrastructure (upgrades, patching)
• Splunk License Management and certificate handling for secure communication
• Assisted in development of new monitoring tools from SAP (IT Operations Analytics, Enterprise Threat Detection) mainly on log parsing, regex and use case implementation

Worked as a Security & Privacy consultant in IBM India Private Ltd. Responsible for Managing the Axway Secure Transport Application which is a multi-protocol MFT gateway for securing, managing, and tracking file flows among people and applications.

• Analyzed, designed, developed and deployed Managed file transfer solutions using Axway Secure Transport Application for 200+ file transfers across banks, hospitals and insurance companies
• Automated 50+ File Transfer through Perl and Shell scripting
• Implemented secure file transfer using multiple protocols (FTP, SFTP, HTTP, and HTTPS)
• Implemented encryption technologies (PGP encryption) and Public Key Infrastructure within Axway tool
• Implemented Transformation of file content with Perl Script based on client requirement mappings
• Managed tickets via IBM Maximo (Ticket Management Tool) to handle and resolve file transfer related issues