Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Forsab Brilian

Houston,TX

Summary

Highly motivated, Insightful, result driven Splunk Engineer and Cyber Threat Intelligence Analyst with more than 7 years in general, IT, SOC, a strong SPLUNK troubleshooting skills, monitoring, Logs management and having extensive knowledge and proficiency in the system and project management administration. Worked extensively across Windows/Unix and Linux platforms. Have excellent communication skills, a great team player with a fast-learning curve. Works perfectly and effectively under stressful conditions where speed and accuracy are necessary for mission-critical systems.

Overview

10
10
years of professional experience
1
1
Certification

Work History

Splunk Engineer / Cyber Security Engineer

CAPGEMINI
04.2019 - Current
  • Installed, Configured, Maintained, Tuned, and Supported Splunk Enterprise Server 6.0 and above
  • Administered a complex cluster-based environment involving search heads in a cluster while the indexers are in standalone mode
  • Configured Splunk forwarder to send unnecessary log events to "Null Queue" using props and transforms configurations
  • Created and configured management reports and dashboards in Splunk for application log monitoring
  • Active monitoring of Jobs through alert tools and responding with certain actions to logs analyze the logs and escalate to high-level teams on critical issues
  • Cloud administrator with AWS administration, lunch EC2 Instances, and IAM Confluence and Jira, service now, remedy and click up administration Scripting using Shell, Bash, writing, and modifying complex SPL quarries for reporting purposes
  • Identifying numeric thresholds, notable events, and modifying correlation searches in Splunk ES (SIEM)
  • Upgrade Splunk to the different version as they go out of life support
  • Configure and implement Splunk smart store to optimize system performances by limiting storage on SSDs Page II
  • Use Splunk Enterprise Security as a SIEM tool to tackle real-time security monitoring, advanced threat detection, forensics, and incident management
  • Responsible for developing Splunk queries and dashboards targeted at understanding application performance and capacity analysis
  • Splunk SOAR development and alert automations, creation/modification of SOPs, Playbooks
  • Have been involved as a Splunk Admin in capturing, analyzing, and monitoring front-end and middleware applications
  • Created Splunk App for Enterprise Security to identify and address emerging security threats using continuous monitoring, alerting, and analytics
  • Created and configured management reports and dashboards in Splunk for application log monitoring
  • Responsible for administering, maintaining, and configuring a 24 x 7 highly available, Splunk app for the production portal environment
  • Work closely with Application Teams to create new Splunk dashboards for Operation teams using advanced XML and CSS
  • Created Shell Scripts to install Splunk Forwarders on all servers and configure with common configuration files such as Bootstrap scripts, and Outputs
  • Conf and Inputs
  • Conf files
  • Extensively used Splunk Search Processing Language (SPL) queries, Reports, Alerts and Dashboards
  • Installation and implementation of the Splunk App for Enterprise Security and documented best practices for the installation and performed knowledge transfer on the process
  • Using DB connect for real-time data integration between Splunk Enterprise and databases
  • Analyzing at the forwarder level to mask the customer-sensitive data able to manage distributed search across a set of indexers
  • Responsible to filter the unwanted data in a heavy forwarder level thereby reducing the license cost
  • Worked with administrators to ensure Splunk is actively, and accurately running, and monitoring the current infrastructure implementation
  • Worked on properly creating/maintaining/updating necessary documentation for Splunk Apps, dashboards, upgrades, and tracked issues
  • Extensive experience in setting up Splunk to monitor customer volume and track customer activity
  • Administering the MS SQL Server by Creating User Logins with
  • Appropriate roles, dropping and locking the logins, monitoring the user accounts, creating of groups, granting privileges to users
  • Provided On-call support for various production applications
  • Help the SOC Team on incident investigations and containment of compromised systems
  • Investigates network traffic and help in setting up WAF detection rules (Palo Alto)
  • Administered various shell and Python scripts for monitoring and automation
  • Leverage the information within the MITRE ATT&CK framework and monitor, detect and investigate various security incidents from different alerting sources
  • Work with the vulnerability management team and used various IOCs to create new alerts and set detective rules and policies.

Cyber Threat intel Analyst

LEIDOS CYBER
02.2017 - 03.2019
  • Conduct pivoting analysis on Threat Intelligence to identify current impact or proactively process mitigations for defense through security technologies and proactive mitigations including zero-day patching identification, anomalous behavior, and recommendations of remediation action
  • Assist in the formulation and enforcement of standards, the assigning of schedules, supervising team members, communicating policies and intent, and ensuring that tasks are implemented in a timely manner
  • Conduct technical/cybersecurity-focused analysis by initiative or in response to identifying threats to the client’s operational environment and its enterprise activities
  • Develops intelligence products and performs expansive cyberspace intelligence analyst duties
  • Lead and assist in investigations of critical incidents, and escalated tickets from level 1 and 2 analysts
  • Incidents range from phishing emails to malware-related incidents
  • Work on alerts from our Linux environment
  • Investigate users’ activities on running suspicious commands
  • Participate in client weekly meetings for environmental development
  • Help in the training of new analysts and general training for analysts needing more knowledge in certain areas or tools (Exabeam, Splunk, crowd trike, EPO, etc)
  • Utilized end-user management tools like Exabeam or AIP to investigate and resolve incidents related to user login, login failures, login from outside of the US, and impossible travel activities
  • Analyze reports to understand threat campaign(s) techniques, and lateral movements, and extract indicators of compromise (IOCs)
  • Review and respond to service request tickets created by the MSSP
  • This includes requests to whitelist, add, delete, modify, or change system configurations or rules within the environment
  • Help in content creation as more use cases are reviewed weekly and corrected or created
  • Developed and presented weekly and monthly reports to upper management
  • Lead daily shift turnover and presentations of notable incidents by analysts on shift
  • Developed playbooks from incidents and investigation procedures for incidents within the environment
  • Experience with SIEM, Vulnerability scanning systems and tools, IDS/IPS, HIDS/HIPS, Anti- malware technologies, Firewalls, Data Loss Prevention (DLP), Web/Email Proxy filtering systems, and Security Event Correlation
  • Experience with reviewing and generating security artifacts, including security
  • Deliver status reports, briefings, recommendations, and findings to management and executives as Required
  • Conduct network, endpoint, and log analysis by utilizing various consoles on a regular basis (e.g., SIEM, IPS, firewall, etc.)
  • Responds to alerts from various monitoring systems and platforms to address potentially malicious events in a timely manner
  • Detects the full spectrum of known cyber-attacks (e.g., DDoS, malware, phishing, ransomware & others) along with any security and compliance violations
  • Serves as a subject matter expert (SME) for performing security and threat assessments Works within operational and performance metrics to drive continuous improvement Collaborates with Cyber Security to improve prevention, detection, and response capabilities
  • Lead or assist in site-specific project work including staff moves and reconstruction of seating in the workplace
  • Knowledge of security frameworks such as MITRE, NIST, SOC 2, ISO 270001, HIPPAA, HiTrust, etc.

AWS Cloud Security

NATIONAL OILWELL VARCO
02.2016 - 01.2017


  • Design, implement, and maintain security controls for AWS cloud environments
  • Conduct security assessments and audits to identify and mitigate vulnerabilities
  • Collaborate with cross-functional teams to integrate security best practices into the development lifecycle
  • Implement and manage IAM policies, S3 bucket policies, and VPC configurations to ensure a secure AWS environment
  • Monitor and respond to security incidents, conduct root cause analysis, and implement corrective actions
  • Led the implementation of AWS security controls to achieve compliance with industry regulations and standards
  • Collaborated with infrastructure teams to implement network security measures, including Virtual Private Cloud (VPC) configurations and security groups
  • Conducted training sessions for IT staff on AWS security best practices and procedures
  • Worked closely with AWS Support to resolve technical issues and implement recommended security enhancements
  • Contributed to the development and maintenance of security awareness programs for employees
  • Spearheaded the design and implementation of AWS security solutions, ensuring the confidentiality, integrity, and availability of critical assets
  • Conducted regular security assessments and audits, identifying vulnerabilities, and providing recommendations for remediation
  • Collaborated with cross-functional teams to integrate security measures into the DevOps lifecycle, promoting a culture of security by design
  • Developed and maintained security documentation, including policies, procedures, and guidelines
  • Implemented and configured AWS security services, such as AWS Identity and Access Management (IAM), AWS Key Management Service (KMS), and AWS WAF
  • Responded to security incidents, conducted forensic analysis, and implemented corrective actions to mitigate risks
  • Participated in the development of disaster recovery and business continuity plans for AWS environments.

IT Support Analyst

NATIONAL OILWELL VARCO
04.2014 - 01.2016
  • Maintained high User Access Management (UAM) with user password development, user accounts closure/setup, access control list, active directory on platforms (VMware workstations, databases, Eventpro360, ServiceNow, and OneLogin)
  • Involved in application, network, data, storage, device, and subscriber management and development on different cloud platforms
  • Scanned IP addresses for malware, malicious activities, open vulnerability on system using NESSUS
  • Port scanning, OS dictation, network inventory, traffic generation using Nmap
  • Focused on Security Incident Management, Detection, Investigation, Technical Response/Reporting
  • Managed several incoming email alerts
  • Opened incidents based on email alert guidelines
  • Created and manage ticketing requests in different environment
  • Monitored customer activities, web logs, machine behavior, security threats, fraudulent activities using Splunk, Paessler Router Traffic Grapher (PRTG)

Education

Master of Science - Information Technology

Grand Canyon University
Phoenix, AZ

Skills

  • AREAS OF EXPERTISE/ TOOLS
  • Splunk implementation and management
  • Deployment clients and other instances and distributed environment
  • ES (enterprise security admin)
  • JAVA, SPL, SQL, Shell scripting, etc Conduct Splunk Environmental Assessment
  • Incident Management
  • Splunk Data Onboarding and Integration
  • Linux and Windows operational systems Software Development Lifecycle (SDCL) Performance Optimization
  • Dashboard and Report Optimization
  • PYTHON, PowerShell
  • Strong knowledge of AWS cloud Experience working with Splunk/Splunk Experience with Splunk UBA/ UEBA
  • Experience with Microsoft Azure cloud
  • Splunk smart store storage deploys apps and configurations on Use of deployment server to maintain
  • Experience leveraging DevOps tools such Comfortable working in both stand-alone Experience implementing Splunk Monitoring and Performance tuning Incident Response Management
  • Symantec Endpoint Protection, IDS/IPS, DLP, FireEye (NX, EX, HX)
  • McAfee e-Policy Orchestrator (ePO) Exabeam, Crowdstrike, Carbon Black, Recorded Future, NetApps, ThreatINSIGHT, FortiSandbox, Nessus, Network Mapper (Nmap), firewalls Email Investigations (Abnormal Security, O365, Proofpoint Tap)
  • Ticketing systems, Jira, Resilient, Hives, and Splunk SOAR (Phantom)
  • CERTIFICATIONS AND

Certification

  • Splunk Core Power
  • User Certified Splunk Enterprise Admin Certified
  • Splunk Enterprise Security Admin
  • Certified Splunk Architect (In Progress)
  • CompTIA Sec+
  • CompTIA Linux+
  • Certified Ethical Hacker. (CEH)
  • Splunk Certified Cloud Developer


Timeline

Splunk Engineer / Cyber Security Engineer

CAPGEMINI
04.2019 - Current

Cyber Threat intel Analyst

LEIDOS CYBER
02.2017 - 03.2019

AWS Cloud Security

NATIONAL OILWELL VARCO
02.2016 - 01.2017

IT Support Analyst

NATIONAL OILWELL VARCO
04.2014 - 01.2016

Master of Science - Information Technology

Grand Canyon University

Similar Profiles

CREATE PROFILE
Forsab Brilian