Kedar Simmons
Sterling
Summary
Kedar is a seasoned Splunk Engineer with over 10 years of experience in cybersecurity, bringing deep technical expertise across Splunk platform engineering, security operations, and IT service management. He has a proven track record of leading complex initiatives from concept through successful delivery, consistently aligning technical solutions with organizational objectives. His experience spans Splunk administration, security analytics, and service operations, and he is known for his commitment to mentoring junior engineers and developing high-performing teams. Equally effective in individual contributor and leadership roles, Kedar excels at cross-functional collaboration and clear communication to drive sprint execution and operational success.
Overview
10
10
years of professional experience
1
1
Certification
Work History
Splunk Engineer
Comcast
06.2024 - Current
- Facilitated cross-functional collaboration among, including but not limited to, Network, SecOps, and Engineering teams to onboard diverse data sources—including firewalls, syslog, enterprise applications, Windows and Linux servers, and Domain Controllers—into Splunk Enterprise. Ensuring comprehensive visibility, standardized ingestion, and strengthened the foundation for advanced security analytics.
- Utilized Splunk configuration files—including inputs, props, and transforms—to streamline and standardize data onboarding processes.
- Deployed applications such as syslog-ng to efficiently manage and onboard syslog data, ensuring reliable ingestion and normalization across diverse sources.
- Submitted and managed formal workflow requests through ServiceNow to support the expansion and maintenance of the Splunk architecture.
- Diagnosed and monitored license violations stemming from inefficient indexing performance and excessive ingest volumes. Engaged directly with SecOps and DevOps stakeholders to remediate poor Splunk hygiene practices, including the use of suboptimal SPL queries and skipped scheduled searches, thereby improving system efficiency and compliance.
- Led the design and implementation of a centralized log aggregation initiative, integrating data from firewalls, (PaloAlto, Juniper, Cisco), intrusion detection systems (IDS), and both windows and linux servers. Ensured adherence to Common Information Model (CIM) standards to enhance data consistency and empower the Security Operations (SecOps) team with robust detection and response capabilities.
- Collaborated closely with SecOps, and Network teams to review and refine network traffic policies and firewall rules. Together, we identified and enabled only the logging necessary to support security-related detections, ensuring alignment with operational priorities. This initiative not only strengthened detection fidelity by filtering out irrelevant data, but also optimized system efficiency—reducing daily log ingestion volumes, cutting unnecessary Palo Alto traffic noise, and achieving a 10% reduction in license utilization.
Splunk Engineer/Administrator
T-Mobile
08.2021 - 02.2024
- Migrated Ansible automation from a single, locally managed Linux host to a centralized automation platform, improving scalability, governance, access control, and operational resilience.
- Standardized ansible playbooks, inventories, and roles for multi-team use, eliminating single-point-of-failure and local user dependency.
- Automated Splunk infrastructure tasks, such as Universal Forwarder, Heavy Forwarder upgrades, syslog-ng configurations, reducing manual intervention and configuration drift.
- Led Splunk IAM administration by defining role-based access models, mapping team access via Entra ID security groups, and managing SAML authentication configurations to enforce secure, centralized access control.
- Implemented revisioned data retention policies, in compliance with new regulations, tailored to meet departmental needs, ensuring efficient and secure data management.
- Coordinated with infrastructure teams to resolve platform outages and storage capacity incidents, overseeing incident tracking, escalation, and resolution through ServiceNow.
- Reduced Splunk license consumption through strategic implementation of data-reduction techniques, including null queues and selective event filtering, to optimize ingestion efficiency and control costs.
Security Analyst
Walmart
07.2019 - 02.2021
- Investigated security incidents within a collection of platforms such as SentinelOne, Microsoft defender, Orca and Splunk to determine root cause and threat analysis.
- Collaborated cross-functionally to evaluate new vendor applications by leading proof-of-concept (POC) and proof-of-value (POV) initiatives.
- Provided oversight and technical leadership to third-party vendors supporting daily security operations, including investigation and analysis of security related events.
- Facilitated phishing campaigns and penetration testing, providing results to stakeholders.
IT Help Desk Technician
Cyber Systems
02.2016 - 01.2019
- Respond to incident tickets, service requests, restoration of service, and request for change.
- Led onboarding and training for new help desk engineers, covering support workflows, ticket lifecycle management, service request fulfillment, and daily operational processes.
Education
Associate of Science - Software Engineering
Montgomery College
Rockville, MD10.2017
Skills
- Splunk certified User
- Splunk Certified Power User
- Splunk Certified Administrator
- Security
Certification
Certified Medical Administrative Assistant
Timeline
Splunk Engineer
Comcast
06.2024 - Current
Splunk Engineer/Administrator
T-Mobile
08.2021 - 02.2024
Security Analyst
Walmart
07.2019 - 02.2021
IT Help Desk Technician
Cyber Systems
02.2016 - 01.2019
Associate of Science - Software Engineering
Montgomery College