Current Role

In my current role at Deloitte, I am a Senior Consultant who provides cloud engineering services for AWS GovCloud clients.

Deploy/Maintain Production Server Environments

• Deploy EC2 services, configure Security Group settings, configure VPC routes, and ensure provisioned OS meet federal guidelines based on RMF.

• Deliver OS patches using WSUS for Windows environments and maintain RHEL Repos for package updates.

• Configure monitoring solutions, such as DataDog & Splunk, to monitor uptime and overall health of services and IT infrastructure. Provide Incident response services to address critical production issues.

Leverage AWS Services for Business Operations

• Configure IAM roles and policies to assign appropriate permissions and ensuring secure access to AWS resources.

• Design, deploy and managed AWS FSx for file system requirements of various applications.

• Configure CloudWatch and kinesis firehose to deliver logs to monitoring services like Datadog and Splunk.

Cloud Systems Engineer | AWS Specialist

August 2023 - Present

Vulnerability Remediation

• Performed baseline configuration scans of AWS services and perform remediation step to maintain compliance.

• Respond to OS/Applicaiton vulnerability scans performed against EC2 environments and resolve within remediation targets provided by NIST.

Previous Roles

Provided Splunk administrative services for Security Operation teams & provided security analysis services for AWS GovCloud environments.

Getting Data In

• Onboarded OS/Application logs and core AWS logs to Splunk Cloud, leveraging Splunk TA's and custom regex parsers.

• Ensured logs were standardized based off Splunk's Common Information Model (CIM) and tagged for Splunk Data model usage.

• Designed and deployed Splunk UF architecture for AWS environment, utilizing Splunk's Deployment Server feature set.

Develop Splunk Content

• Deployed and configured out of the box Splunk Apps, like Enterprise Security, using onboarded data to leverage security dashboards and reporting features.

• Developed custom dashboards / reports using SPL based on Security Operation team needs.

Splunk Admin | AWS Security Analyst

July 2021 - August 2023

Security Analysis

• Part-time team member of Incident response team, to triage Splunk alerts and perform security analysis originating from AWS GovCloud environments.

• Performed daily incident reporting to government clients summarizing previous day's threat activities and impact to IT infrastructure.

Specialized in creating custom Splunk queries to search logs and big data sets, to identify potential malicious behavior.

Custom Splunk Notables

• Worked with variety of clients across multiple industries, to develop custom Splunk Notables within Enterprise Security App to enable SOC/IR teams to review incidents in Splunk and pivot into historical or real-time data of security tools (EDR, UBA, Firewalls, SOAR) and endpoint logs.
  

• Mapped Splunk Notables to MITRE ATT&CK Framework.

Assess Security Posture

• Worked with client IT/Security Operation teams, to analyze security posture.

• Assessment included taking inventory of existing security tools versus potential. Verifying if all IT infrastructure were covered by existing security tools. Understanding if these security tools were sending logs to Splunk. And lastly, if the existing Splunk Notables covered all phases of MITRE ATT&CK framework.

Splunk Threat Detection Engineer

January 2019 - August 2021