Jacob Evans

Senior Engineer, IT Security

St. Petersburg, FL (Remote)

• Lead architect of the global double-digit TB Splunk and distributed Syslog-NG infrastructure
• Saved hundreds of thousands of dollars by strategically implementing CIM data models and optimizing hundreds of searches and heavily utilized dashboards.
• Set up summary indexing to extend data retention from months to years and reduce related compute load by over 90% and storage needs by 50%
• Assessed and documented system architecture and integration components and non-functional requirements (availability, scalability, performance, data retention, monitoring)
• Assisted with detection-as-code Azure DevOps pipeline development and deployment for automated Splunk Security use case prioritization, development, testing, and deployment, improving efficiency and consistency across threat hunting and incident response teams.
• Led CIM compliance initiatives, assisting clients in making log sources CIM compliant and improving data quality, normalization, and enrichment.
• Designed and implemented automation for incident response, ticketing, and resolution, reducing MTTR and improving visibility across security operations.
• Collaborate cross-functionally with SRE, DevOps, IAM and security teams to deliver tailored solutions aligned with security and operational goals.
• Drove end-to-end migration to the Splunk Victoria Experience leading planning, prerequisite validation, execution, and post-migration support.
• Engineered custom API integrations (e.g., Infoblox) using Splunk add-on builder to enhance threat intelligence and data enrichment capabilities.
• Automated SSO identity and access management (IAM) configuration for all Splunk environments, improving security and compliance.
• Continuously coordinated the upgrade of ~50k Splunk universal forwarders across 10 global teams with minimal downtime, ensuring business continuity.
• Maintained Splunk content and infrastructure documentation, creating hundreds of internal knowledge articles for onboarding and cross-functional team use

Senior DevOps Engineer

Indianapolis, IN (Remote)

• Constructed Azure DevOps pipelines to automate Splunk and ServiceNow deployments via API and ACS, supporting CI/CD best practices and reducing manual errors and deployment times by 90%.
• Modernized configuration management by migrating all Splunk configurations to GitHub, enabling version control, ISO compliance, and collaborative DevOps workflows.
• Developed a custom Splunk Python automated testing framework for continuous integration and quality assurance.
• Automated configuration management with Puppet, decreasing application upgrade times from hours to under 15 minutes.
• Eliminated 95% of legacy processing scripts, reducing system complexity and failure points.
• Standardized SDLC process by automating technical documentation and Jira automation, improving team efficiency and knowledge transfer.

Senior Software Engineer (Splunk Administrator)

Indianapolis, IN (Remote)

• Sole Splunk Admin responsible for all data onboarding, development, testing, operations, and automation.
• Led migration of Splunk infrastructure from Windows to Linux, improving system performance and reliability.
• Created, configured, and maintained two Splunk Enterprise instances for development and testing
• Designed and implemented real-time monitoring dashboards and alerting to proactively identify and resolve operational issues.
• Mentored seven team members in Splunk development, troubleshooting, and automation best practices, expanding team capability.
• Created Confluence documentation for Splunk configuration, testing, and high-level code explanations

Splunk Administrator

Arlington, VA

• Modernized and re-architected the Department of State’s Splunk platform, delivering true real-time IT operations monitoring, improved system visibility, and CIM compliance.
• Engineered a robust KPI-based Splunk "Application Health Overview" app with data models, summary indexing, and javascript- and CSS-based instant-load dashboards to monitor 20+ mission-critical applications that are still the centerpiece of the SOC today.
  • Built dynamically to allow new features (KPIs) to be implemented in minutes
  • Includes the entire pipeline from Splunk architecture, data ingestion, CIM normalization, transformation, field extraction, and analysis to user-facing reports, alerts, and dashboards with <1 second load times
  • Includes multiple dashboards granting privileged users limited abilities to make changes normally reserved for Splunk administrators (e.g. temporarily disabling alerts or updating lookups)
  • Implemented automatic resolution for common issues freeing 10% of system administrators’ time to focus on non-repetitive tasks
• Led end-to-end Splunk environment re-architecture: data ingestion, normalization, search optimization, macro use, automated forwarder updates, deployment restructuring, and UI enhancements.
  • Significantly enhanced production monitoring for quicker issue identification and resolution
  • Decreased internal production Splunk error counts by 80% (down from millions per day)
  • Added dynamic recipients to alerts based on conditions in the results to optimize alert distribution
  • Installed, upgraded, and configured Splunk Enterprise and splunkbase apps
• Reduced Splunk production error volume by 80%, increasing reliability and reducing support tickets.
• Automated resolution of common issues, freeing 10% of system administrators’ time for strategic work.
• Developed a unified Oracle security compliance dashboard using SQL, DB Connect, PowerShell, and file system auditing, aligned to standard operating procedures.
• Built dynamic, templated Splunk apps for system owners, enabling holistic, customizable plug-and-play application monitoring.
• Built new Splunk environments for development, test automation, and staging validation.

Senior Consultant

Arlington, VA

• Architected and deployed a production Splunk environment from nothing to monitoring hundreds of VMs supporting the Department of State's financial management ERP system, improving operational visibility and reducing recovery time from days to minutes.
• Served as the lead point of contact for production issue resolution across the full application stack: Oracle, webMethods, Tuxedo, WebLogic, Control-M, and external integrations (API, HTTP, SOAP, JMS).
• Automated deployments, upgrades, monitoring, and maintenance of 25+ environments using Control-M, PowerShell, and Splunk, reducing incident resolution time and manual effort.
• Mentored four junior developers and analysts in system support, development workflows, technical troubleshooting, and documentation.
• Optimized multi-day SQL batch jobs, slashing major release downtimes by over 80 hours.
• Built advanced dashboards and alerting to track transaction integrity, system errors, timeouts, and security events.
• Created comprehensive documentation of processes, solutions, and deployments in Confluence for repeatable delivery.

Technical Consultant (PeopleSoft Developer)

Arlington, VA

• Improved performance on five paramount data conversion applications by up to 30%
• Created three end-to-end custom conversion programs to populate application with legacy data
• Wrote and updated SQL for Oracle database optimization, customization, maintenance, and reporting
• Identified, documented, tested, and reapplied all conflicting customizations to upgraded environments
• Mentored college hire to fulfill client’s expectations and deadlines

Indiana University - Bloomington

GPA: 3.10