Offer Zone

$100

Hourly Consulting Rate

Contact Chethan

Chethan Kumar

Independent Consultant

Industry Experience

Banking/Mortgage

Media Production

Telecommunications

Location Supported

Australia

India

Languages Supported

English

Skills

  • Technical consultant
  • Programming
  • Analytics

Product Specialization

  • Splunk Enterprise
  • Splunk Enterprise Security

About

Qualified and experienced Splunk and SIEM engineer with over 12 years of experience in the technology industry. In-depth and hands-on experience of Splunk architecture, logs onboarding, query language, dashboarding and reporting. In-Depth and hands-on experience in Threat Detection, Threat Intelligence, Data Models, Data Normalisation, Intrusion Detection as part of SIEM.

Top Project Highlights

Cyber Defence Uplift

The Project's aim was to uplift the cyber defence capability in threat detection, threat management, threat intellignece and Intrusion Detection across the critical infrastructure of the organisation. Splunk is used as the main SIEM tool, along with the Enterprise Security app, to aggregate logs, normalise the data, write queries for proactive detection of potential malicious activities.

    Employment

    Cyber Security Engineer

    2019 - Present

    • As a Cyber Security Engineer working in cyber defence team, following were my responsibilities –

      • Field extractions, Data normalization for security related events with CIM data models. Specifically worked on user behaviour intelligence logs to identify relevant data models and to normalize the data.
      • Writing correlation searches for Threat Detection using Splunk Enterprise Security framework. Making use of ES Threat Intelligence framework to get intelligence feeds and correlating with organisational logs
      • Using Risk based framework of Enterprise Security to create Risk Scores on the entities based on activities which poses security risk.
      • As part of cloud security initiative, on-boarding of AWS guard duty, security hub, VPC flow, cloudtrail and cloudwatch logs through HEC tokens.
      • Data modelling of AWS logs through specific splunk add-ons to map it to CIM data models such as Intrusion Detection, Malware, Authentication, Change etc.
      • Writing threat detection queries to catch unusual/malicious activities on AWS logs.
      • Installing and configuration of AWS splunk add-ons, dashboards, reports on splunk AWS app.

    Education

    Bachelor of Engineering in Computer Science
    2003-2007

    - Data Structures

    - Algorithms

    - Programming

    - Network Security

    - Network Management

     

    Certification

    Splunk Enterprise Certified Admin
    2019-Present

    Splunk Enterprise Certified Admin

    ITIL V3 Foundation
    2012-Present

    ITIL V3 Foundation

    Ooops!

    Maximum of Three products are allowed for comparision