Summary
Overview
Work History
Education
Skills
Certification
Timeline
Personal Information
Generic

Eustace Esotu

Brandywine,MD

Summary

Results-oriented and team-focused Splunk SME with solid experience in Splunk Infrastructure management and data processing. Proven track record of identifying and implementing continuous improvements that lead to standardized processes and increased operational efficiency.

Overview

12
12
years of professional experience
1
1
Certification

Work History

SIEM Engineer

ERNST & Young (EY)
07.2025 - Current
  • Led CIM normalization efforts across 80+ data sources (Cisco, O365, Netskope, Tenable.), ensuring alignment with Splunk Enterprise Security data models.
  • Automated data onboarding workflows using Cribl Packs and custom functions, enabling faster integration of new log sources and significantly reducing time to production.
  • Developed custom Cribl parsers and transformations to standardize telemetry from disparate sources, enabling better detection engineering and compliance reporting.
  • Configured and optimized field extractions, props.conf, and transforms.conf to map raw logs into CIM-compliant fields, enabling accurate correlation searches.
  • Conducted data validation and quality checks to confirm successful normalization into Security, Authentication, Endpoint, and Network Traffic data models.
  • Partnered with security teams to develop and fine-tune detection rules, dashboards, and reports leveraging normalized CIM fields.
  • Improved threat visibility and reduced false positives by standardizing disparate log sources into consistent CIM-compliant formats.
  • Collaborated with application and onboarding teams to troubleshoot field mapping discrepancies and ensure accurate ingestion into Splunk environments

Senior Splunk Engineer/Cybersecurity Consultant

KPMG
07.2024 - 07.2025
  • Configured Python remediation script, securing the Splunk environment against Log4J vulnerabilities and ensuring robust security measures to protect against Cyber attacks.
  • Successfully translated and adapted 80 LogRhythm Correlation rules to Splunk Enterprise to align with client-specific requirements.
  • Successfully created an Ansible AWX automation to orchestrate Splunk upgrades on over 30,000 Windows and Linux machines combined. This included up to date patching, eliminating the need to upgrade manually, resulting in increased workflows within the environment.
  • Create custom detection rules using SPL, such as Brute Force Attacks against Admin Credentials, Short-Lived Splunk and Azure Accounts, Agent Searches for Log4JExploitation Attempts, Failed Login Attempts from Distinct IPs, etc., to enable proactive identification of security incidents.
  • Develop Confluence-based documentation for leveraging onboarding playbooks, which includes each stage of the data onboarding lifecycle, including ingestion configurations, parsing techniques, and troubleshooting methods for both structured and unstructured data sources.
  • Developed and deployed Splunk SOAR playbooks to automate incident response workflows such as phishing triage, malware containment, and user account disablement.
  • Designed a troubleshooting dashboard, tracking traffic flows through firewalls to identify IP or Port blockages between Splunk Universal Forwarder clients and various Splunk components.
  • Configured and optimized the Palo Alto Networks Splunk Add-on to collect, parse, and normalize firewall logs from distributed devices, ensuring efficient data ingestion and integration with the SIEM environment.
  • Configured and deployed a native Domain Controller to support Windows Event Collector (WEC) and Windows Event Forwarding (WEF), establishing centralized log collection across the enterprise.
  • Leveraged a Data Bus Explorer (ABX) within Splunk to design and implement scalable data ingestion pipelines, optimizing query performance and enabling real-time analytics for security events, improving our overall incident response times.
  • Optimizing data routing and aggregation using Cribl to efficiently direct data to designated servers while consolidating logs into actionable metrics to enhance system performance.
  • Customized WEC event subscriptions, implemented secure communication channels, and optimized event filtering and retention policies to enhance log correlation and streamline incident response.
  • Optimizing Spunk by eliminating null values and duplicate events, as a result, data is streamlined and filtered before ingesting into Splunk saving ingestion costs.
  • Monitored XSIAM data sources to gather and analyze real-time security events, and developed client-specific correlation rule use cases to identify and respond to complex threat patterns.
  • Collaborated with cross-functional teams to fine-tune alert configurations, reduce false positives, and enhance overall incident response capabilities.
  • Designed a complete end-to-end ingestion pipeline for AWS cloud logs, including custom field extractions and normalization to support seamless integration into Splunk.
  • Deployed Cortex XDR agents across endpoints to gather telemetry data and analyze threats.
  • Integrate Azure Sentinel with multiple data sources, deploying custom playbooks and automated detection rules to enhance threat hunting capabilities.
  • Onboard over 60 critical homegrown and vendor applications into Splunk creating efficient data ingestion pipelines that supported organizational security and monitoring requirements.

Professional Services Consultant

Palo Alto Networks
02.2020 - 07.2024
  • Served as a Security Engineering Consultant, delivering SIEM and SOAR implementations with a focus on automation-driven detection and response across enterprise environments.
  • Led endpoint detection tuning initiatives across XDR-integrated environments, optimizing detection logic to reduce false positives and improve alert fidelity.
  • Designed and implemented SOAR playbook use cases aligned with modern Cortex XSIAM capabilities, including automated triage, enrichment, escalation, and response actions.
  • Supported migration and consolidation of endpoint detection use cases, translating and enhancing legacy detection logic from CrowdStrike Falcon into a centralized SIEM/SOAR framework.
  • Contributed to early adoption and evaluation of next-generation platforms such as Cortex XSIAM, aligning detection engineering and automation workflows with modern security operations models.
  • Led enterprise log onboarding and ingestion strategy, implementing structured pipelines with proper field mapping, normalization, and enrichment.
  • Engineered data pipeline optimization solutions, improving ingestion performance, reducing noise, and ensuring high-quality actionable data for detection use cases.
  • Built and optimized correlation rules and threat detection logic aligned to MITRE ATT&CK, increasing detection coverage across endpoint, network, and cloud telemetry.
  • Developed and maintained security data models, ensuring schema standardization and enabling scalable analytics and detection workflows.
  • Designed automation workflows for alert triage and enrichment, integrating contextual data such as threat intelligence, asset criticality, and user identity.
  • Performed advanced threat hunting and anomaly detection, leveraging large-scale telemetry to identify suspicious behaviors and uncover gaps in detection coverage.
  • Created SOC and executive dashboards, providing visibility into threat trends, vulnerability exposure, ingestion health, and detection effectiveness.
  • Implemented automation frameworks using scripting (Python, Ansible, etc.), streamlining platform operations, onboarding, and response workflows.
  • Applied regex and JSON parsing techniques to normalize logs, anonymize sensitive data, and improve search and detection efficiency.
  • Monitored and optimized platform health and performance, including ingestion rates, pipeline latency, and log source reliability.

Splunk Engineer

Wells Fargo
02.2019 - 02.2020
  • Ensure the stability of Splunk architecture across Stage and Prod environments, conducting daily and weekend health checks and performing routine maintenance tasks, including OS patching and upgrades.
  • Onboarded various applications by using methods such as Api collection for AWS Cloud, Microsoft Cloud, Okta, syslog for Cyberark, Fortigate, Microsoft Office 365, Hec for Infoblox, Zeek, and Secure Sphere, etc.
  • Configured a multi-site cluster for disaster recovery planning; Set up DR validation scripts that carried out DR tests on new infrastructure.
  • Enhanced predictive maintenance by deploying Splunk ITSI anomaly detection and thresholding on key application KPIs, allowing teams to address potential system failures before impacting end users.
  • Day-to-day tasks consisted of monitoring, measuring, and maintaining the availability and health of Splunk services and platforms.
  • Providing ongoing support for Splunk platforms and AWS Cloud services as required e.g., problem and incident management and taking part in troubleshooting for service recovery.
  • Created a Splunk dashboard that analyzed web traffic in real-time using ASM to detect and block malicious activities and attacks.
  • Acted as a single point of contact for Splunk technical questions, and software issues, and for management escalations, granting approvals and denials for infrastructure and platform change requests.
  • Engineered advanced Splunk dashboards and custom alerting systems for SOC teams, enabling real-time threat detection and enhancing security visibility across multiple data sources.
  • Collaborated with Azure teams to integrate Splunk with Azure Monitor, enabling comprehensive monitoring and management of Azure resources.
  • Responsible for configuring AWS resources, including S3 buckets, Load Balancers, Security Groups, and IAM Roles and policies.
  • Rebuilt syslog-ng to run on Syslog-ng as opposed to Rsyslog; used Syslog-ng to onboard over 800+ Aruba, Fortinet, Palo Altos, and Cisco devices.
  • Cleaned up searches to rectify slow-running searches by removing expensive commands and using the EVAL command when necessary; reviewed alerts and searches running without custom cron schedule and resolved accordingly.
  • Populated and constrained data models (authentication, network, web, intrusion, vulnerability, endpoint) with appropriate indexes ensuring data was CIM-compliant.
  • Provide onboarding support to engineering teams for setting up KPIs, dashboards, and custom alerts, ensuring all new data sources meet predefined detection and monitoring requirements.
  • Expert in implementing Cribl-based data pipeline solutions to optimize data collection and processing before data enters into Splunk.
  • Created and fine-tuned event correlation rules within Splunk's enterprise security framework, enabling the proactive detection of sophisticated threats by identifying patterns and relationships across diverse data sources.
  • Successfully implemented correlation logic to identify potential security incidents by cross-referencing events such as logins, firewall alerts, and anomalous network traffic, leading to a 20% increase in accurate threat detection.
  • Daily work with configurations for deployment servers, indexers, search heads (serverclass.conf, server.conf, apps.conf, props.conf, transform.conf).

Splunk Administrator

Erie Insurance
05.2016 - 02.2019
  • Implemented Index creation and Custom App automation for Splunk Universal Forwarder onboardings for the Splunk Enterprise Security team, optimizing operational workflows.
  • Developed a script to automatically update self-signed certificates before certificate expiration and managed SSL and TLS certificates for secure communications, ensuring the confidentiality of data.
  • Led the scaling of the Splunk Indexer cluster and Search Head Cluster, conducting server resizing to meet operational demands.
  • Implemented automated validation checks during onboarding, leveraging scripted inputs and data preview tools to ensure correct parsing and sourcetype assignments before promoting configurations to production.
  • Responsible for Splunk Platform Pager duty/On-call, resulting in responding to high-priority tickets or critical alerts that are triggered on a rolling basis.
  • Scaled environments to optimize pipeline queues and ensure efficient resource utilization.
  • Troubleshooted error/warning messages, skipped jobs, skipped searches, and addressed missing or delayed logs within the Splunk platform.
  • Develop, create, and manage custom Splunk Knowledge objects, including alerts, macros, eventtypes, field aliases, dashboards, etc.
  • Architecture deployment and SOPS and if necessary, file bug reports, work with Splunk support on diags, escalate cases to architects, and provide necessary process documentation through Confluence.
  • Decommissioned Splunk components and migrated indexers in preparation for the new IDX Cluster.
  • Monitor dashboards for security concerns, tweaked searches according to response requirements to new vulnerabilities and threats and needs of SOC team.
  • Standardized configurations across the environment: standardized all custom TAs throughout the organization to meet compliance concerns and specific naming conventions.
  • Conducted a thorough review and set up of new Props.conf and Transforms.conf configurations for all data sources within the Splunk platform, enhancing data enrichment and processing efficiency.
  • Developed and managed CICD workflows on Microsoft Azure for project deployments.
  • Responsible for the monitoring and management of systems ensuring all systems checks were completed and documented and any service incidents were managed, resolved, or escalated promptly.
  • Leveraged machine learning and AI algorithms within XDR to identify and mitigate advanced threats in real-time.

SQL Administrator/Database Developer

State of Ohio
05.2014 - 04.2016
  • Assisted in conducting field audits/assessments to identify safety hazards, and ensure compliance with company O&M, EHS, engineering & construction, and corrosion control standards, procedures, and best practices.
  • Tasked with creating database designs and implementing database objects and models for major stakeholders.
  • Executed field geomatics and engineering projects.
  • According to instructions provided by the client, project manager, and manager of pipeline operations.
  • Implemented large-scale projects for automation scripting.
  • Maintained Windows Servers for IIS, Active Directory, DHCP, DNS, as well as XenCenter, VMware.
  • Built Virtual Machines & Physical Machines per Standard setups.
  • And optimization of manual processes across several teams.
  • Monitored database servers by responding to alerts.
  • Performed database migrations and consolidations.
  • Tuned database and long-running queries.
  • Configured Azure SQL databases, elastic pools, and managed instances.

Education

Bachelor of Art -

University of Maryland, Baltimore County
Baltimore County, Maryland

Skills

  • Linux
  • Windows
  • MySQL
  • Git
  • Jenkins
  • Confluence
  • Jira
  • Ansible
  • Zabbix
  • Splunk
  • Cribl
  • ITSI
  • Python
  • Bash
  • Cron
  • SOAR

Certification

  • Splunk Certified Core User
  • Splunk Certified Power User
  • Splunk Certified Admin

Timeline

SIEM Engineer

ERNST & Young (EY)
07.2025 - Current

Senior Splunk Engineer/Cybersecurity Consultant

KPMG
07.2024 - 07.2025

Professional Services Consultant

Palo Alto Networks
02.2020 - 07.2024

Splunk Engineer

Wells Fargo
02.2019 - 02.2020

Splunk Administrator

Erie Insurance
05.2016 - 02.2019

SQL Administrator/Database Developer

State of Ohio
05.2014 - 04.2016

Bachelor of Art -

University of Maryland, Baltimore County

Personal Information

Title: Splunk Engineer/Cybersecurity