Summary
Overview
Work History
Education
Skills
Accomplishments
Timeline
Generic

FAROOQ MOHAMMED

Tandur

Summary

Splunk Administrator IT professional with technical knowledge and skilled in information security, system administration, computer network security, project management and IT project scheduling seeking an Information Security (InfoSec) opportunity on a Cyber Security Operations team to proactively defend against evolving security threats.

Overview

6
6
years of professional experience

Work History

Splunk Administrator

Versatile Solutions
10.2022 - Current
  • Troubleshoot new and current data collection issues that make system unstable
  • Support the deployment of all supported and unsupported Splunk apps and Add-ons that are required for specific data source
  • Manage Splunk upgrade, update change management document
  • Delivered a comprehensive Splunk deployment document that detail the specification, data ingestion methodology and other architectural consideration in a production environment
  • Performed inventory of system and requirement gathering to develop security policies and procedures
  • Maintain role-based access control solution around the data collected
  • Architect, design and maintain Splunk infrastructure including log storage and event collector
  • Troubleshoot Forwarder and server issues
  • Tune searches and index performance
  • On-board new data source into Splunk and analyze data for anomalies and trends and build dashboard highlighting key trends
  • Monitor and troubleshoot existing input (files monitoring, http and optimizes search performance
  • Implement policies for the use of the computer system and network to ensure best practices and standardization
  • Manage Access Control List (ACL), Network Access Control
  • Host security, user account creation, password, least privilege, identity management, adding/deleting/creating/modifying user account information
  • Apply upgrade and patch
  • Support installation of Splunk components such forward, indexers, search head, UF and deployment server
  • Assist to build defense system using detection and prevention tool which alert for potential security violation Continuously monitor network traffic, logs analysis and report trend
  • Used tools to conduct cyber security alerting, analysis and enhanced situational awareness
  • Answering end-user queries, troubleshooting and fixing reported problems by providing technical support to computer users and analyze, solve, and correct issues in real time, providing end-to-end problem resolution
  • Enhanced client infrastructure supporting application and server, data, reporting, custom queries, dashboard, and security role Assist in all phases of incident response procedure from securing system, preserve evidence with the aim of prosecuting the perpetrator, determined contingency plan and prevented the reoccurrence of the incident
  • Work with teams to collect data for incident metric reporting
  • Support/facilitate incident remediation and prevention documentation and conformed to processes related to security monitoring
  • Monitor system performance to ensure 24/7 operability to keep the network up and running/uptime and collect data to evaluate and optimize network and system performance
  • Create a backup and recovery policy and monitor network communication to identify and recover critical data and information.
  • Onboarding the data from various datasource through API, HTTP token, Syslog, universal forwarders agent, dbconnect etc.
  • Creating custom TA for custom data sources for parsing and data integrity and to achieve CIM compliance for Datamodels.
  • Troubleshooting the issues in Splunk for any data source onboarding and for any data assessment.
  • Managing distributed environment of Splunk servers.
  • Enabling and fine tuning OOTB use cases according to the onboarded data sources.
  • Creating custom use cases for alerting the suspicious activity in organization.
  • Working to the clients like Alrajhi bank , Mobily, Absher, IMCTC, etc clients in Saudi Arabia.



Use Case Developer

Capgemini Technology Services
08.2021 - 10.2022
  • Maintained high availability of Splunk enterprise service
  • Monitor system infrastructure for capacity planning and optimization
  • Managed user, role and permission and apps creation
  • On-board and maintain wide variety of data source, including OS and application logs
  • Optimize application to reduce impact on resources
  • Managed configuration and tunning in large Splunk environment
  • Ensured that company’s workstations worked efficiently, stayed connected to the central computer network and telecommunication network, upgraded network by developing, testing, evaluating, and installing enhancements
  • Designed and implement Splunk infrastructure and support operation activities
  • Manage multiple assignment, changing priority
  • Provide general engineering and design support for distributed Splunk environment Maintained network performance by performing network monitoring and analysis, and performance tuning; troubleshooting network problems; escalating problems to vendor(s)
  • Create custom dashboard, write queries and generated reports, set up alert and notification Protected organization's value by keeping information confidential.
  • Creating and fine tuning custom use cases by using Datamodel and index base data.
  • Data Assessment for CIM compliance and whitelisting indexes according to the data to specified Datamodels.
  • Creating Splunk searches for alerts, reports, correlation searches and Dashboards.
  • Experts in Splunk SPL commands and SPL searches.
  • Correlating use cases with miter tactic and techniques.
  • Creating knowledge objects in Splunk examples: lookups, macros, event types , tags etc.
  • worked with many clients in use case developing projects with Coles Australian super market, Azqore banking services.

Security Analyst

Certiview IT & Management Solutions Pvt. Lt
10.2017 - 08.2021
  • Working in Security Operation Centre (24x7), monitoring of SOC events, detecting, and preventing the Intrusion attempts.
  • My role is to analyses suspicious offenses in Splunk and taking immediate incident response and incident Management depends upon their magnitude.
  • Fine tuning use cases on requirement of soc team.
  • Escalating the security incidents based on the client's SLA for real time alerting, response and providing information by doing in-depth analysis of event payload, security logs and providing recommendations which in turn makes the customer business safe and secure.
  • Investigating and creating Quick searches and Reference Sets in Splunk for the security threats and forwarding it to Onsite SOC team for further investigation and action.
  • Contacting the customers directly in case of high priority incidents and helping the customer in the process of mitigating the attacks.
  • Having knowledge on creating Use cases and Fine tuning of rules in Splunk for triggering the offense.
  • Analyses and investigate the alerts in SOC monitoring tools to report any abnormal behaviors, suspicious activities, traffic anomalies, malicious activities, unauthorized access etc.
  • Monitoring security alerts and raw logs as well as alerts triggered in SIEM tool integrated with various devices like IDS/IPS, Firewalls, Endpoint tools to make sure all the company assets are free from external attacks.
  • Support security incident response processes in the event of a security breach by providing incident reporting.
  • Preparing the metric reports for events generated by each tool and appropriate statistics sending it to the client on weekly, monthly, and quarterly basis.
  • Performing vulnerability Assessment and Management through Nexpose of complete assets of the customer and coordinating with various team to mitigate the risk associated with the assets
    based on CVSS score and other factors.
  • Worked on IPS/IDS to identify, research, and analyse incident alerts as well as create rules to future remedy malicious events and block Intruders.
  • Reviewing URL’s, Domain’s, IP’s and blocking them to prevent users from accessing malicious websites.
  • Reviewing, analyzing security breaches to determine their root cause, and respond to daily security violations and alerts.
  • Document security records and escalate incidents including history and impact based on severity.
  • Investigating complex issues related to Anti Malware Software detections, gathering necessary data, escalating issues to Research team for deep analysis.
  • Analysing and performing dynamic analysis of the files or Applications related to FP/FN received from the customers through Research studio and determining them as PUA or Malware.
  • Evaluating URL profiles in Research studio before categorizing them.
  • Tracking telemetry records for Hash/URL.
  • Determining IOC’s while threat hunting by correlating and analyzing a variety of application, network and host-based security logs and determining the correct remediation actions and escalation paths for each incident
  • Working in Collaboration with Threat Intelligence Team to be updated with latest attacks that. can help in providing the more security services by creating daily Alert/News for latest attack.
  • Monitoring the signature release and guiding customers to update to the latest signatures to cover the FP/FN files detected by Microsoft Windows Defender.
  • Performed creation and configuration changes of prevention policies, Sensor update and USB device.
  • Policies, White-listing, and prevention hashes.
  • Expert in identifying and handling phishing attacks and Spam Emails by analyzing the message headers, Attachments, URL’s and taking actions appropriately to block Sender, IP, Domain on
    firewall and email gateway and security tools like Proof point and
    Website Anti-Malware monitoring and real-time alerting based on anomalies detected.
  • Generating reports based on cases triggered on Weekly, Monthly basis and providing it to the clients.

Education

Bachelor of Science - Mechanical Engineering

JBIET College
Hyderabad
04.2017

MPC

Sri Chaitanya Junior College
Hyderabad
04.2013

Skills

  • KNOWLEDGE AREAS
  • Incidence & Threat Analysis
  • System Hardening
  • Logs Review, Dashboard
  • Network Monitoring,
  • Software Development Life Cycle (SDLC)
  • Linux Operating System & Security
  • Project Planning & Tracking
  • Acas Scan/Compliance
  • Storage Mgmt
  • TCP/IP Network Protocols
  • Splunk Health
  • HTTP/SIEM/LDAP
  • SIEM / Firewalls/Anti-virus
  • Infrastructure /Routers/Switches
  • NIST Risk management (RMF)
  • Forwarder and Indexer Deployment
  • Technical Skills / tools
  • Network Monitoring Tools:
  • Tcpdump, Wireshark , Nessus
  • Multiple Priorities Management
  • Software / Applications: Microsoft Word, Excel, Access, PowerPoint, Visio, Outlook, Project, SharePoint
  • Operating Systems: Windows, Linux/Unix
  • Hardware: Cisco Switches/Routers, Firewall,
  • Networking: TCP/IP, DHCP, DNS, ACL Telnet, SSH

Work Planning and Prioritization

  • Team Building and Leadership
  • Project Management
  • Reporting and Documentation
  • New Hire Onboarding
  • Equipment Usage Tracking
  • Cribl administration
  • Cyber Incident Response and Management
  • Data Loss Prevention
  • Splunk UEBA
  • vulnerability Assessment
  • use case developer
  • CIM compliance
  • syslog-Ng
  • Problem-solving abilities

Accomplishments

  • TS Clearance | Splunk Enterprise Syst Administrator| PMP | Security+ | Linux+ |Microsoft (MCTS) Managing Projects, DoJ Splunk Training (2019) professional development ~ Training & COURSES ~
  • Program Overview:
  • Cybersecurity Fundamentals
  • Computer Forensics
  • Cybersecurity Risk Management
  • Network Security
  • Program Overview:
  • Information System Security
  • Malicious Codes and Attacks, Threats, and Vulnerabilities
  • Access Controls
  • Security Operations and Administration
  • Auditing, Testing, and Monitoring, Risk, Response, and Recovery
  • Cryptography, Membership
  • Project Management Institute Member (PMI) cyber security / information assurance
  • IT security compliance standards


    • SPLUNK CERTIFICATION.

  • Splunk User Certification
  • Splunk power user certification
  • Splunk admin certification
  • Splunk sales engineering 1 certification
  • Splunk sales engineering 2 certification
  • Cribl user certification
  • Cribl Admin Certification

Timeline

Splunk Administrator

Versatile Solutions
10.2022 - Current

Use Case Developer

Capgemini Technology Services
08.2021 - 10.2022

Security Analyst

Certiview IT & Management Solutions Pvt. Lt
10.2017 - 08.2021

Bachelor of Science - Mechanical Engineering

JBIET College

MPC

Sri Chaitanya Junior College

Similar Profiles

  • Hailey Poehler

    Hailey PoehlerHailey Poehler

    Accounts Receivable (A/R) at Versatile Physicians Solutions Medical Billing Company (VPS)Accounts Receivable (A/R) at Versatile Physicians Solutions Medical Billing Company (VPS)

    View Profile
  • Travis VanWinkle

    Travis VanWinkleTravis VanWinkle

    Owner at Versatile Technology SolutionsOwner at Versatile Technology Solutions

    View Profile
  • Gage Chittenden

    Gage ChittendenGage Chittenden

    CNC Operator at Versatile Wood SolutionsCNC Operator at Versatile Wood Solutions

    View Profile
FAROOQ MOHAMMED