Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Eustace Esotu

Summary

Results-oriented and team-focused Splunk SME with solid experience in Splunk Infrastructure management and data processing. Proven track record of identifying and implementing continuous improvements that lead to standardized processes and increased operational efficiency.

Overview

11
11
years of professional experience
1
1
Certification

Work History

Senior Splunk Engineer/Cybersecurity Consultant

KPMG
07.2024 - Current
  • Onboard over 80 critical homegrown and vendor applications into Splunk creating efficient data ingestion pipelines that supported organizational security and monitoring requirements
  • Configured Python remediation script, securing the Splunk environment against Log4J vulnerabilities, and ensuring robust security measures to protect against Cyber attacks
  • Successfully created an Ansible AWX automation to orchestrate Splunk upgrades on over 30,000 Windows and Linux machines combined. This included up to date patching, eliminating the need to upgrade manually, resulting in increased workflows within the environment
  • Create custom detection rules using SPL, such as Brute Force Attacks against Admin Credentials, Short-Lived Splunk and Azure Accounts, Agent Searches for Log4j Exploitation Attempts, Failed Login Attempts from Distinct IPs, etc., to enable proactive identification of security incidents
  • Develop Confluence-based documentation for leveraging onboarding playbooks, which includes each stage of the data onboarding lifecycle, including ingestion configurations, parsing techniques, and troubleshooting methods for both structured and unstructured data sources
  • Designed a troubleshooting dashboard, tracking traffic flows through firewalls to identify IP or Port blockages between Splunk Universal Forwarder clients and various Splunk components
  • Leveraged Azure Data Explorer (ADX) within Splunk to design and implement scalable data ingestion pipelines, optimizing query performance and enabling real-time analytics for security events, improving our overall incident response times
  • Optimizing data routing and aggregation using Cribl to efficiently direct data to designated servers while consolidating logs into actionable metrics to enhance system performance
  • This involves eliminating null values and duplicate events, as a result, data is streamlined and filtered before ingesting into Splunk saving ingestion costs
  • Designed a complete end-to-end ingestion pipeline for AWS cloud logs, including custom field extractions and normalization to support seamless integration into Splunk
  • Built new Splunk Indexer VMs from scratch to aid in increased resources within the environment
  • Integrate Azure Sentinel with multiple data sources, deploying custom playbooks and automated detection rules to enhance threat hunting capabilities

Splunk Engineer

Aetna
02.2021 - 07.2024
  • Serve as the Lead Splunk Engineer for Creating Custom Splunk Apps as per requirements and onboarding new data sources via various methods including Splunk Universal Forwarder, HTTP Event Collector (HEC), Splunk DB Connect, and Syslog
  • Utilized detailed metrics from Cynet 360 XDR and Netscout to design and implement a Security CVE vulnerabilities dashboard, detecting vulnerabilities across all operating systems for Splunk Enterprise Security
  • Developed and implemented an automated Splunk version upgrade framework for all Splunk components; automated tasks such as backing up critical files and directories, capturing app bundles, downloading and installing appropriate Splunk Tgz package, and initiating Splunk upgrade commands on Splunk hosts
  • Principle Splunk Engineer in charge of the migration project to Splunk Cloud, integrating AWS and On-Prem clustered environments and establishing a new search head and index cluster as part of Splunk consolidation efforts
  • Lead Splunk Architect responsible for designing complete Splunk infrastructure architecture as part of migration efforts, leveraging Miro to visualize and document Splunk deployment topology; resulting in a clear comprehensive representation of Splunk environment's end state
  • Rebuilt Splunk user roles and access controls during migration to align with updated security policies, leveraging Splunk's RBAC model for enhanced governance
  • Transitioned and consolidated data retention policies and storage configurations during the migration project, ensuring compliance and organizational data management
  • Successfully created Ansible workflow script for user reassignment of over 5,000 orphaned reports, macros, eventypes, dashboards, etc due to Splunk migration efforts
  • Created local Ansible automation for regenerating and replacing old PEM files and Splunk Certificates stored in Venafi enhancing security measures
  • Ensure log ingest processes are CIM compliant; facilitating Data Model Acceleration to accelerate queries, dashboards, and correlation searches for efficient log management
  • Increase dashboard performance with the creation of base searches for panels running similar queries as well as referencing saved searches, using text inputs with tokens using set or unset, and drill-downs
  • Engineered Python script to assist in HEC token creation, port mapping, index creation, and Splunk Role to AD group mapping to help maintain version control within GitHub
  • Expert in utilizing regex to anonymize personal data PII, PHI, etc, and to set up filters within the Syslog servers
  • Expert in implementing Cribl-based data pipeline solutions to optimize data collection and processing before data enters into Splunk
  • Developed a Non-intrusive alert capable of triggering upon any Production change, the alert is also set to trigger a JIRA notification and gets assigned to the Team Lead for auditing
  • Implemented Dynatrace for application performance monitoring (APM) and end-user experience management (EUM) across multi-cloud and hybrid environments
  • Partnered with the NOC team to develop and optimize Splunk-driven monitoring tools, enhancing visibility into network operations and security incidents, resulting in quicker detection of anomalies and improved overall system uptime
  • Implemented and managed Application Security Manager (ASM) solutions to protect web applications from various cyber threats while performing regular vulnerability scans
  • Engineered an In-House Symphony Messaging Plugin Integration for AWS Splunk
  • Optimizing regex to conduct field time extractions and to efficiently parse data logs utilizing props.conf and transforms.conf
  • Expert in automating manual platform management processes using advanced scripting tools/languages such as Python, Regex, SQL, PowerShell, Bash, Java, SPL, GitHub, GitLab, and Ansible
  • Troubleshoot Splunk issues to ensure optimal performance for its various components, such as search heads, indexers, heavy forwarders, and universal forwarders
  • Extensively work with spl while running search queries: executing both basic and advanced search commands (eg.:eval, stats, metadata, regex, rex, where, etc) to build content

Splunk Engineer

Wells Fargo
02.2020 - 02.2021
  • Ensure the stability of Splunk architecture across Stage and Prod environments, conducting daily and weekend health checks and performing routine maintenance tasks, including OS patching and upgrades
  • Onboarded various applications by using methods such as Api collection for AWS Cloud, Microsoft Cloud, Okta, syslog for Cyberark, Fortigate, Microsoft Office 365, Hec for Infoblox, Zeek, and Secure Sphere, etc
  • Configured a multi-site cluster for disaster recovery planning; Set up DR validation scripts that carried out DR tests on new infrastructure
  • Enhanced predictive maintenance by deploying Splunk ITSI anomaly detection and thresholding on key application KPIs, allowing teams to address potential system failures before impacting end users
  • Day-to-day tasks consisted of monitoring, measuring, and maintaining the availability and health of Splunk services and platforms
  • Providing ongoing support for Splunk platforms and AWS Cloud services as required e.g., problem and incident management and taking part in troubleshooting for service recovery
  • Created a Splunk dashboard that analyzed web traffic in real-time using ASM to detect and block malicious activities and attacks
  • Acted as a single point of contact for Splunk technical questions, and software issues, and for management escalations, granting approvals and denials for infrastructure and platform change requests
  • Engineered advanced Splunk dashboards and custom alerting systems for SOC teams, enabling real-time threat detection and enhancing security visibility across multiple data sources
  • Collaborated with Azure teams to integrate Splunk with Azure Monitor, enabling comprehensive monitoring and management of Azure resources
  • Responsible for configuring AWS resources, including S3 buckets, Load Balancers, Security Groups, and IAM Roles and policies
  • Rebuilt sysloggers to run on Syslog-ng as opposed to Rsyslog; used Syslog-ng to onboard over 800+ Aruba, Fortinet, Palo Altos, and Cisco devices
  • Cleaned up searches to rectify slow-running searches by removing expensive commands and using the EVAL command when necessary; reviewed alerts and searches running without custom cron schedule and resolved accordingly
  • Populated and constrained data models (authentication, network, web, intrusion, vulnerability, endpoint) with appropriate indexes ensuring data was CIM-compliant
  • Provide onboarding support to engineering teams for setting up KPIs, dashboards, and custom alerts, ensuring all new data sources meet predefined detection and monitoring requirements
  • Expert in implementing Cribl-based data pipeline solutions to optimize data collection and processing before data enters into Splunk
  • Created and fine-tuned event correlation rules within Splunk's enterprise security framework, enabling the proactive detection of sophisticated threats by identifying patterns and relationships across diverse data sources
  • Successfully implemented correlation logic to identify potential security incidents by cross-referencing events such as logins, firewall alerts, and anomalous network traffic, leading to a 20% increase in accurate threat detection
  • Daily work with configurations for deployment servers, indexers, search heads (serverclass.conf, server.conf, apps.conf, props.conf, transform.conf)

Splunk Administrator

Erie Insurance
05.2016 - 02.2020
  • Implemented Index creation and Custom App automation for Splunk Universal Forwarder onboardings for the Splunk Enterprise Security team, optimizing operational workflows
  • Developed a script to automatically update self-signed certificates before certificate expiration and managed SSL and TLS certificates for secure communications, ensuring the confidentiality of data
  • Led the scaling of the Splunk Indexer cluster and Search Head Cluster, conducting server resizing to meet operational demands
  • Implemented automated validation checks during onboarding, leveraging scripted inputs and data preview tools to ensure correct parsing and sourcetype assignments before promoting configurations to production
  • Responsible for Splunk Platform Pager duty/On-call, resulting in responding to high-priority tickets or critical alerts that are triggered on a rolling basis
  • Scaled environments to optimize pipeline queues and ensure efficient resource utilization
  • Troubleshooted error/warning messages, skipped jobs, skipped searches, and addressed missing or delayed logs within the Splunk platform
  • Develop, create, and manage custom Splunk Knowledge objects, including alerts, macros, eventtypes, field aliases, dashboards, etc
  • Architecture deployment and SOPS and if necessary, file bug reports, work with Splunk support on diags, escalate cases to architects, and provide necessary process documentation through Confluence
  • Decommissioned Splunk components and migrated indexers in preparation for the new IDX Cluster
  • Monitor dashboards for security concerns, tweaked searches according to response requirements to new vulnerabilities and threats and needs of SOC team
  • Standardized configurations across the environment: standardized all custom TAs throughout the organization to meet compliance concerns and specific naming conventions
  • Conducted a thorough review and set up of new Props.conf and Transforms.conf configurations for all data sources within the Splunk platform, enhancing data enrichment and processing efficiency
  • Developed and managed CICD workflows on Microsoft Azure for project deployments
  • Responsible for the monitoring and management of systems ensuring all systems checks were completed and documented and any service incidents were managed, resolved, or escalated promptly
  • Leveraged machine learning and AI algorithms within XDR to identify and mitigate advanced threats in real-time

SQL Administrator/Database Developer

State of Ohio
05.2014 - 04.2016
  • Assisted in conducting field audits/assessments to identify safety hazards, and ensure compliance with company O&M, EHS, engineering & construction, and corrosion control standards, procedures, and best practices
  • Tasked with creating database designs and implementing database objects and models for major stakeholders
  • Executed field geomatics and engineering projects
  • According to instructions provided by the client, project manager, and manager of pipeline operations
  • Implemented large-scale projects for automation scripting
  • Maintained Windows Servers for IIS, Active Directory, DHCP, DNS, as well as XenCenter, VMware
  • Built Virtual Machines & Physical Machines per Standard setups
  • And optimization of manual processes across several teams
  • Monitored database servers by responding to alerts
  • Performed database migrations and consolidations
  • Tuned database and long-running queries
  • Configured Azure SQL databases, elastic pools, and managed instances

Education

Bachelor of Art -

University of Maryland
Baltimore County, Maryland

Skills

  • Linux
  • Windows
  • MySQL
  • Git
  • Jenkins
  • Confluence
  • Jira
  • Ansible
  • Cron
  • Zabbix
  • Splunk
  • Cribl
  • ITSI
  • Python
  • Bash
  • Scripting
  • Regex
  • XML
  • CSS
  • HTML
  • AWX

Certification

  • Splunk Certified Core User
  • Splunk Certified Power User
  • Splunk Certified Admin

Timeline

Senior Splunk Engineer/Cybersecurity Consultant

KPMG
07.2024 - Current

Splunk Engineer

Aetna
02.2021 - 07.2024

Splunk Engineer

Wells Fargo
02.2020 - 02.2021

Splunk Administrator

Erie Insurance
05.2016 - 02.2020

SQL Administrator/Database Developer

State of Ohio
05.2014 - 04.2016

Bachelor of Art -

University of Maryland

Similar Profiles

CREATE PROFILE
Eustace Esotu