Roomina Merali
Splunk Engineer – Analytics and Monitoring – Governance and Compliance
Experience
Splunk Engineer – Analytics and Monitoring – Governance and Compliance
Solsys Corporation (TD Bank Contract)
- Successfully onboarded new data from a variety of different inputs including syslog, HEC, UF, HF, Cloud, various Splunk TA’s such as DB Connect and Salesforce, Windows Event Collector Servers, and other database connections
- Created and managed Splunk knowledge objects (field extractions, event types, etc.)
- Consulted with management and Technology Asset Owners to determine and implement Security, Logging and Monitoring Audit requirements
- Responsible for mapping customer data to the Splunk Common Information Model (CIM) for Change and Authentication Audit requirements
- Coordinated and conducted event collection, log management, event management, and compliance automation
Platform Security Lead
Manulife Bank
- Provided expert guidance regarding the implementation of advanced security use cases
- Developed correlation & detection to support alerting and response capabilities for the SIEM environment
- Designed and implemented a SIEM solution using Splunk, which increased the organization’s ability to detect and respond to security incidents.
- Worked with security teams to ensure compliance with regulatory requirements such as HIPAA, PCI-DSS, and SOX.
- Monitored SIEM systems to detect and respond to security incidents.
- Collaborated with internal customers to aid with requests such as Log Source configuration, App installation, Data Parsing, monitoring and alerting
- Installed, configured and supported Devo syslog-ng relays, including parsing of events received
- Created detailed reports, queries, dashboards, alerts, and visualizations as defined by customer requirements
- Worked with the integrations and telemetry teams to onboard Devo events from various common and complex log sources, including AWS and Azure cloud
- Created and maintained standard operating procedures, technical documents, and troubleshooting guidelines, including process improvements as it related to Devo operations
- Conducted System Health Checks on managed technologies and provide recommendations on performance improvements
- Configured Grafana for log analysis and visualization, resulting in improved troubleshooting and performance optimization
- Conducted regular security assessments and vulnerability scans to identify and mitigate potential risks
- Responsible for identifying, investigating, managing and documenting Cyber Security events as part of Incident Management and CSIRT processes.
- Accountable for developing devo roles and responsibilities (RACI) document and educating SOC team members in taking over day-to-day Devo support.
- Acted as a subject matter expert (SME) while providing leadership, guidance, and mentorship to other security teams on the use of SIEM tools
Senior Security Specialist
BMOFG
Senior Analyst
NTT Data
Tivoli Specialist
IBM Canada
Summary
As an experienced Cybersecurity Engineer with extensive experience in deploying and maintaining SIEM infrastructures, I am well-versed in various security technologies and methodologies. With a strong understanding of IT security concepts and best practices, I possess a thorough understanding of risk and vulnerability management, log analysis, security monitoring, and threat detection. In my previous roles, I have successfully provided expert guidance and consultation to clients and project teams on technical guidance and troubleshooting complex problems. Additionally, I have mentored team members and possess strong leadership skills. My technical skills include proficiency in UNIX, Windows, and Linux, as well as scripting languages such as Python, Perl, and Splunk Search Language. I have also worked with various security tools such as CyberArk, IBM Security Identity Manager, RSA, and Qualys. With my experience in data analytics and reporting, I am capable of creating custom dashboards, reports, and alerts that deliver real-time insights into security events and incidents.
Ability to work independently in a senior/lead role on a diverse range of tasks, including coaching and mentoring team members
Subject matter expert, able to effectively consult with clients and/or project teams to provide technical guidance and highly complex troubleshooting and problem resolutions
Expertise in Risk and Vulnerability Management, Log Analysis, Security Monitoring and Threat Detection, KPI’s, Reporting and Data Visualization, assessment/penetration testing of web applications and networks
Demonstrated ability for deploying, maintaining, and supporting SIEM platforms such as Splunk in highly available distributed and cloud environments
Experienced in analyzing network, event, and security logs across a range of platforms including applications, storage devices, servers, data centers, and cloud environments
Data extraction, Field Mapping, Event Lookup, Log Analysis, CIM Compliance, Data Modelling, Elasticsearch, Logstash, Grafana
CyberArk, IBM Security Identity Manager (ISIM), RSA, Active Directory/LDAP, MITRE, NIST, SAML, Qualys, Endpoint security
Ansible, Git, BitBucket, Splunk, ServiceNow, JIRA, SourceTree
UNIX, Windows, and LINUX
UNIX Shell (KORN and C) Scripts, SQL, Perl, Python, Splunk Search Language (SPL)
Languages
Education
Herzing Career College
Diploma · Systems Analysis and Programming
Certifications & licenses
Splunk Enterprise 9.0 System Administration
Splunk Certified Power User
Splunk Core Certified User
Splunk Enterprise Security Administration
CyberArk Trustee Certification
ITIL Foundation Certified
Tivoli Professional - Certified IT Specialist
Similar Freelancers
Discover other experts with similar qualifications and experience