Summary
Overview
Work History
Education
Certification
Timeline
Generic

Meaza Asfaw

Clarksburg,MD

Summary

Meaza is a certified Developer/Engineer with years of experience working and specializing in Splunk. has the ability to work within small and big organizations, is a quick learner and great team player. Analyzed and correlated complex data sets to detect abnormal conditions of servers and develop custom searches with Splunk query language. Created advanced Splunk dashboards with HTML, XML and CSS to support custom user interactions and visualizations. Experienced in building clustered Splunk environments as well as supporting teams with scaling infrastructure. Meaza has great communication skills and expertise in creating Splunk documentation and is looking forward to contributing as a valuable team member

Overview

10
10
years of professional experience
1
1
Certification

Work History

Splunk Developer/Engineer

NIH
04.2023 - 07.2024
  • Developed and maintained an interactive M-21-31 compliance dashboard with drilldown features to track NIH institutes' progress.
  • Performed gap analysis for M-21-31 data onboarding across NIH institutes and centers, identifying areas for improvement.
  • Mapped sourcetypes to align with M-21-31 standards and regularly updated asset lists for accurate reporting.
  • Managed NIH asset
  • Wrote SPL queries to update NIH institutes' asset inventory, improving dashboard efficiency and accuracy.
  • Led weekly technical meetings with NIH IT teams to provide assistance on Splunk configuration and data onboarding.
  • Created complex SPL queries, reports, lookups, and saved searches to power M-21-31 dashboards.
  • Optimized search queries and leveraged loadjob to improve dashboard performance and reduce query run times.
  • Managed asset data within Splunk to ensure accurate tracking, reporting, and data integrity.
  • Troubleshot Splunk issues to ensure smooth data flow and integrity.
  • Reviewed M-21-31 and NIH documentation to classify data logs by maturity level as defined by M-21-31.
  • Integrated application logs from various sources using APIs and HTTP Event Collector (HEC).
  • Set up automated alerts and scheduled jobs for data integrity monitoring and compliance tracking.
  • Onboarded syslog data using Cribl and Splunk for enhanced data routing and filtering.
  • Used Cribl to normalize the logs so that Splunk can process everything smoothly, regardless of where the data is coming from
  • Can route critical logs to Splunk for real-time analysis and send less important logs to cheaper storage like S3

Splunk System Engineer

CVS
04.2021 - 04.2023
  • Integrates a multitude of tools with Splunk, including but not limited to: ProtectWise, NGINX, PostgreSQL, MongoDB, Citrix Netscaler, Okta Identity Cloud, Microsoft SCOM, RSA Archer, Tanium (via REST), RSA SecureID, NGINX
  • Responsible for managing FW security groups via AWS for inbound and outbound traffic of the Splunk infrastructure
  • Mitigates security vulnerabilities (such as: CVE-2021-44832, CVE-202145105); applied OS patches; reorganizes AD groups (delete, reassign and create new) to provide more cohesive and secure access control to Splunk systems
  • Develops dashboards, eg.: Service Monitoring (included information about count of servers throughout the domain, tier listing, compliance status, Open CVEs, Risk score and other related data), Safecom Data device etc.), PureStorage FlashArray dashboard (Purity version, volumes of arrays, snapshots, Share Space, Data Reduction etc.)
  • Parses a wide range of data formats through props.conf
  • Manipulates data through transforms.conf: anonymizes PII/PHI data, extracts delimiter-based fields, overwritten metadata (host, source, sourcetype), merges multiple source types together, send events to the nullQueue
  • Configures indexer discovery
  • Installs and configures Universal Forwarders and Splunk Enterprise instances (Search Heads, Deployment Servers, Indexers, Cluster Masters, Deployers, Heavy Forwarders, License Master, Monitoring Console)
  • Optimizes search heads performance by setting up queries execution restrictions through limits.conf, assigning orphaned knowledge objects, cleaning up searches and other knowledge objects
  • Develops architectural blueprint and led to fruition a project of setting up a centralized network data ingestion infrastructure which consist of 35 syslog-ng servers established in a centralized topology connected to the Splunk indexers via universal forwarders
  • Resolves bundle replication issues by switching replication method from the classic to cascading one
  • Written dozens of pages of comprehensive confluence Splunk documentation on company's SOPs and Splunk-related topics.

Splunk Engineer

Salesforce
02.2020 - 04.2021
  • Set up systemd management of the Splunk instances - configured necessary prerequisites (eg
  • Systemctl sudoers rules for non-privilaged splunk user, THP/ulimits)
  • Builds, configures and connects multiple multisite indexer clusters in a single distributed environment due to data governance policies related to location of the onboarded data
  • Lead ITSA (IT Service Acceptance) efforts; perform cyberflows infrastructure scans and mitigate detected issues with newly-built Splunk instances
  • Configured Splunk SMTP-based email engine for 'send an email' alert actions
  • Improved management of Universal forwarders by centralizing configurations through a Deployment Server
  • Configured and managed S3 and Azure Blob remote storage
  • Built multisite indexer and search head clusterings consisting of more than 120 instances located in two different sites: Oregon and N.Virginia
  • Managed and monitored licensing in the infrastructure: analyzed onboarding throughput capacity through internal logs and monitoring console; developed alerts and reports in license violation mitigation efforts; recommended license expansion to accommodate for growing ingestion rates
  • Utilized monitoring console capacity to oversee and improve overall system health
  • Comprehensively worked with Universal Forwarders, Heavy Forwarders, HEC and API calls in data onboarding efforts
  • Managed HEC: centrally configured inputs through a Deployment Server, maintaining more than 300 inputs spread out over 4 Heavy Forwarders
  • Performed administrative duties through REST calls via adhoc queries and the curl command
  • Replaced SSL certificates throughout the whole infrastructure due to the expiration of the old ones
  • Designed a multitude of custom dashboards following content creation best practices, and utilizing custom HTML/XML code and out of the box CSS aesthetics
  • Performed hundreds of SPL queries utilizing a multitude of commands for a wide range of purposes, eg.: stats, predict, chart, timechart, transforms, eval, rest, join, append, rex, regex and many others
  • Migrated deployer and an entire multisite search head clustering to a new, cloud-based environment
  • Administrated Splunk environment through comprehensive work with configuration files such as inputs.conf, outputs.conf, props.conf, authorize.conf, authentication.conf indexes.conf, server.conf and many others.

Splunk Developer

Comfort Systems USA
06.2018 - 02.2020
  • Administrated Search Heads in a distributed environment: cleaned up knowledge objects, reassigned ownership, managed roles, users and roles' capabilities, optimized search queries, built apps
  • Provided end-users with a simplified methodology of development work by creating dozens of macros delivering advanced, yet easily accessible SPL ready to be used in search queries
  • Created data models for different teams, e.g.: IBM team, Puppet team, Netops.
  • Using different datamodels like Network traffic, performance, Malware, Vulnarability and authentication from CIM app
  • Developed a common data format standard by mapping all of the onboarded data to CIM
  • Developed dozens of dashboards for a wide range of teams and purposes, e.g.: a set of multi paneled dashboards for administrative framework providing detailed overview of the overall health status of Splunk infrastructure
  • The dashboard consisted of information such as: count and types of error sorted by different parts of the environment; count of users and audit information; utilization of the system (cpu, ram, and storage wise); etc
  • Fixed, optimized and revamped users' search queries
  • Assisted end users in optimal and effective usage of the Search Heads: fixed and rewritten search queries, hosted Splunk 101 sessions introducing clients to dashboarding and reporting functionalities; provided adhoc support to any technical queries
  • Created alerts to optimize NetOps, SOC and SysAdmins day-to-day processes and issues responsiveness
  • Resolved Job Queue utilization by staggering users' reports and alerts
  • Provided support for Splunk Architects and Engineers in a handful of back-end work, eg: troubleshooted configuration and performance issues, enabled multi site clustering, set up and connected new Splunk components
  • Written, executed and troubleshooted hundreds of search queries.

Data Analyst

Kroger
10.2014 - 06.2018
  • Participated in the operation planning and operating divisions strategies preparation
  • Analyzed decision-making processes and recommended changes
  • Participated in the preparation of documentation
  • Prepared reports and dashboards for pricing analyst and other stakeholders based on data acquired from a multitude of sources
  • Performed liaison activities between the reporting & analytics team and the event management team to understand reporting needs
  • Communicated results of data analysis across various audiences
  • Maintained a high customer satisfaction score on all engagements via tickets
  • Collaborated with other team members and business leaders in multiple domains to understand visibility and reporting needs
  • Assisted in the growth of company's data warehouse
  • Assisted data quality initiatives by creating solutions to enforce data governance policies
  • Performed content development work and data analysis activities through Splunk search heads


Education

Associate Degree (A.S) - Networking and Security

Montgomery College

BS - Computer Networking and Cybersecurity

University Maryland Global Campus

Certification


Splunk Certified Core User

Splunk Certified Power User

Splunk Certified Admin User

Timeline

Splunk Developer/Engineer

NIH
04.2023 - 07.2024

Splunk System Engineer

CVS
04.2021 - 04.2023

Splunk Engineer

Salesforce
02.2020 - 04.2021

Splunk Developer

Comfort Systems USA
06.2018 - 02.2020

Data Analyst

Kroger
10.2014 - 06.2018


Splunk Certified Core User

Splunk Certified Power User

Splunk Certified Admin User

Associate Degree (A.S) - Networking and Security

Montgomery College

BS - Computer Networking and Cybersecurity

University Maryland Global Campus

Similar Profiles

CREATE PROFILE
Meaza Asfaw