Sahil Sharma
London,United Kingdom
Summary
Profile Summary A competent professional CRISC Certified, Splunk Admin, Splunk Enterprise Security Admin Certified with 12 years of experience in domain of Cyber Security, Cloud Security, RISK management, Risk Identification, Threat Hunting in various cloud Platform (AWS, Azure, GCP & Alibaba Cloud) Monitoring tools & SIEM tools Implementer and Architect .
Overview
12
12
years of professional experience
2
2
years of post-secondary education
1
1
Certification
Work history
Cyber SME/Consultant & Lead Cloud Security Analyst
HSBC Bank
London, England
12.2022 - Current
- Technologies: Splunk, Splunk Enterprise Security, Azure Sentinel, GCP, AWS, Alibaba Cloud
- Integrate SIEM with Cloud Platforms like Microsoft Azure, Amazon Web Services, Google Cloud Platform and Alibaba Cloud
- Design use case process flow and provide the solutions how to implement in Cloud platforms
- Working on security event logging, monitoring, detection, and response on one or more of the leading Cloud platforms using tools and native capabilities such as AWS Guard Duty, Azure Sentinel, Google Security Command Centre and Alibaba Cloud Security Centre
- Creating new detection rule for Kubernetes (GKE, EKS, ACK) in different cloud platforms
- Technical expertise in analysing threat event data, evaluating malicious activity, documenting unusual files and data and identifying tactics, techniques and procedures used by attackers
- Demonstrated experience in analysis and dissection of advanced attacker tactics, techniques, and procedures in order to inform adjustments to the control plane
- Having good stakeholder experience as well as Business analyst and management experience to lead/Consult the SOC team
- Expertly led teams of 6 to successfully achieve productivity KPIs.
Technical Architect
Tata Consultancy Services
London, England
08.2018 - 12.2022
- Part of Global Cloud security operations team, Check the data quality of multiple cloud platform like GCP, AWS, Azure Sentinel and Alibaba cloud
- Architected, designed and delivered large and complex public cloud projects .
- Created multiple use cases Development in Azure Sentinel, Splunk Enterprise security
- Identified new detections for Azure O365 , Azure Active Directory , Microsoft Defender for Cloud
- Design Architecture, Workflow for Asset onboarding, Use cases Lifecycle, Data validation steps in SIEM tools
- Migrate Splunk environment to Splunk Cloud and manage 6 TB data
- Investigate and solves security breaches and other cyber security incidents and provide incident response
- Identify the threat, vulnerabilities, interpret the risks and realize the consequences, also Identify the Risk Analysis, Perform Risk Assessment and investigate the risk listed for assets and identities involved in a notable event
- Fine tuning for all use cases and perform vulnerabilities assessment, Risk assessment in the use cases design
- Create Correlation search in Splunk Enterprise security that evaluates events for security use cases , adjust risk score and performs an adaptive response action
- Build greater understanding about the impact of IT risk and how it relates to the overall organization
- Good experience in Kafka, JIRA , Confluence , Git Hub , Bitbucket tools
- Engaged in assisting in the design & implementation of the Security environment for Second and third level support; giving suggestions while developing guidelines on how support issues would be resolved
- Part of Splunk engineering team as Splunk Engineer to handle and troubleshoot Splunk issues
- Responsible for Data quality checks for each cloud platform as per Splunk CIM compliance , Mapping issues, fields extraction and Line breaking event issues
- Responsible for dashboard creation, Alerts configuration and report creation
- Get data in using the Splunk HTTP Event collector
- Install the Universal forwarder and Heavy Forwarders in servers
Specialist Administrator
Wipro Technologies
Pune, India
08.2017 - 08.2018
- Implement Splunk ITSI on Dev and Prod environment
- Created Glass Tables and services in Splunk ITSI
- Integrate Splunk ITSI with Service now
- Deploy Multiple Add on in Splunk to on-board new data in Splunk
- Integrate Splunk with Service now and Evolven
- Gather requirements from client
Technical lead
Cognizant technologies
Pune
09.2014 - 07.2017
- Implementation of Splunk 6.4.1 to 7.0 in Production environment
- Integrate Splunk with Service now and CA Spectrum
- Data Onboarding of multiple application in Splunk Environment
- Upgradation of Splunk Environment from 6.4.1 to 6.6
- Installed Splunk Universal Forwarder & SPLUNK on Windows and Linux environment
- Utilized Apps & Data indexing in Splunk, Created dashboard & report and configuration in Splunk
- Troubleshoot Issues in Splunk and worked with Splunk Professional Services.
Senior Engineer
Mindtree Limited
Bengaluru
06.2013 - 07.2014
- Member of the team that successfully integrated EHealth, Spectrum, Customization and Discover Network Devices , Windows , Unix servers
- Part of the team that redesigned and implemented new Domain Name System (DNS) for KPN resources that improved security and introduced ease of support
- Installed CA spectrum, CA Ehealth, CA SOI and Splunk on new servers in Windows & Linux
- Ascertained new network devices in Spectrum & Ehealth and integrated SOI with Spectrum & Ehealth connectors
- Accumulated information regarding the current installation of tools and managed the tickets as per the customer requirements
- Scheduled database through multiple options to reduce execution time
Engineer
Celerity Networks
02.2012 - 03.2013
- Installed CA Nimsoft 5.1 to 6.2 in POC Lab and Tested different network devices in the lab
- Installed & configured IBM servers running on Windows 2008, 2005 ,2012
- Worked on remote installation of Spectro Server & One Click and escalating reports to manager
- Ascertained approx
- 400 network devices and arranged network topology
- Generated global collections/ grouping of network devices
- Engaged in creating user groups and setting user security
- Scheduled database backups and engaged in e-mail configuration
- Configured SANM and Alarm notifier to send email alerts
Education
B.E - Computer Science Engineering
Shaheed Udham Singh College of Engineering & Technology, Punjab Technical University
2011
HSLC - Non medical
DAV School
Pathankot 04.2005 - 06.2007
SSLC - undefined
Government Model High School, B.S
2005
Skills
- Splunk Products : Splunk, Splunk Enterprise Security, Splunk ITSI
- Cloud Computing : AWS, Microsoft Azure, GCP , Alibaba Cloud
- SIEM tools : Splunk Enterprise Security, Azure Sentinel
- Kubernetes
- Risk Management, Risk assessment
- Monitoring tools : CA Spectrum, CA eHealth, CA Nimsoft, CA, SOI, CrowdStrike
- Software : MS Office (Word, Excel, PowerPoint), MS SQL Server, Oracle DBA (Basics)
- Operating Systems : Windows (2003 / 08 / 10), Standard & Enterprise Linux
- Ticketing tool : Service Now, JIRA
- Other Key Areas : Actively help my organization in recruiting best candidates for various Splunk role
- Framework and tools : Agile, JIRA , Confluence
- Information Security
Certification
Splunk Certified Admin
CRISC (Certified in RISK and Information System Control)
Splunk Enterprise Security Admin
Cisco Certificate Networking Associate (CCNA
Additional Information
- | Cyber, Cloud Security
Timeline
Cyber SME/Consultant & Lead Cloud Security Analyst
HSBC Bank
12.2022 - Current
Technical Architect
Tata Consultancy Services
08.2018 - 12.2022
Specialist Administrator
Wipro Technologies
08.2017 - 08.2018
Technical lead
Cognizant technologies
09.2014 - 07.2017
Senior Engineer
Mindtree Limited
06.2013 - 07.2014
Engineer
Celerity Networks
02.2012 - 03.2013
HSLC - Non medical
DAV School
04.2005 - 06.2007
B.E - Computer Science Engineering
Shaheed Udham Singh College of Engineering & Technology, Punjab Technical University
SSLC - undefined
Government Model High School, B.S