Jacob Evans

Indianapolis, IN  · (260) 437‑1501 · jacob . [middle initial] . evans [at] gmail . com

Splunk Architect, SOAR Developer, and AI Enthusiast with a passion for DevOps and automating all the things


Experience

Senior Engineer, IT Security

Raymond James Financial
St. Petersburg, FL (Remote)

  • Lead architect of the global double-digit TB Splunk and distributed Syslog-NG infrastructure
  • Saved hundreds of thousands of dollars by strategically implementing CIM data models and optimizing hundreds of searches and heavily utilized dashboards.
  • Set up summary indexing to extend data retention from months to years and reduce related compute load by over 90% and storage needs by 50%
  • Assessed and documented system architecture and integration components and non-functional requirements (availability, scalability, performance, data retention, monitoring)
  • Assisted with detection-as-code Azure DevOps pipeline development and deployment for automated Splunk Security use case prioritization, development, testing, and deployment, improving efficiency and consistency across threat hunting and incident response teams.
  • Led CIM compliance initiatives, assisting clients in making log sources CIM compliant and improving data quality, normalization, and enrichment.
  • Designed and implemented automation for incident response, ticketing, and resolution, reducing MTTR and improving visibility across security operations.
  • Collaborate cross-functionally with SRE, DevOps, IAM and security teams to deliver tailored solutions aligned with security and operational goals.
  • Drove end-to-end migration to the Splunk Victoria Experience leading planning, prerequisite validation, execution, and post-migration support.
  • Engineered custom API integrations (e.g., Infoblox) using Splunk add-on builder to enhance threat intelligence and data enrichment capabilities.
  • Automated SSO identity and access management (IAM) configuration for all Splunk environments, improving security and compliance.
  • Continuously coordinated the upgrade of ~50k Splunk universal forwarders across 10 global teams with minimal downtime, ensuring business continuity.
  • Maintained Splunk content and infrastructure documentation, creating hundreds of internal knowledge articles for onboarding and cross-functional team use

February 2023 - Current

Senior DevOps Engineer

TriMedx
Indianapolis, IN (Remote)

  • Constructed Azure DevOps pipelines to automate Splunk and ServiceNow deployments via API and ACS, supporting CI/CD best practices and reducing manual errors and deployment times by 90%.
  • Modernized configuration management by migrating all Splunk configurations to GitHub, enabling version control, ISO compliance, and collaborative DevOps workflows.
  • Developed a custom Splunk Python automated testing framework for continuous integration and quality assurance.
  • Automated configuration management with Puppet, decreasing application upgrade times from hours to under 15 minutes.
  • Eliminated 95% of legacy processing scripts, reducing system complexity and failure points.
  • Standardized SDLC process by automating technical documentation and Jira automation, improving team efficiency and knowledge transfer.

October 2022 - February 2023

Senior Software Engineer (Splunk Administrator)

TriMedx
Indianapolis, IN (Remote)

  • Sole Splunk Admin responsible for all data onboarding, development, testing, operations, and automation.
  • Led migration of Splunk infrastructure from Windows to Linux, improving system performance and reliability.
  • Created, configured, and maintained two Splunk Enterprise instances for development and testing
  • Designed and implemented real-time monitoring dashboards and alerting to proactively identify and resolve operational issues.
  • Mentored seven team members in Splunk development, troubleshooting, and automation best practices, expanding team capability.
  • Created Confluence documentation for Splunk configuration, testing, and high-level code explanations

May 2021 - October 2022

Splunk Administrator

Pernix Consulting
Arlington, VA

  • Modernized and re-architected the Department of State’s Splunk platform, delivering true real-time IT operations monitoring, improved system visibility, and CIM compliance.
  • Engineered a robust KPI-based Splunk "Application Health Overview" app with data models, summary indexing, and javascript- and CSS-based instant-load dashboards to monitor 20+ mission-critical applications that are still the centerpiece of the SOC today.
    • Built dynamically to allow new features (KPIs) to be implemented in minutes
    • Includes the entire pipeline from Splunk architecture, data ingestion, CIM normalization, transformation, field extraction, and analysis to user-facing reports, alerts, and dashboards with <1 second load times
    • Includes multiple dashboards granting privileged users limited abilities to make changes normally reserved for Splunk administrators (e.g. temporarily disabling alerts or updating lookups)
    • Implemented automatic resolution for common issues freeing 10% of system administrators’ time to focus on non-repetitive tasks
  • Led end-to-end Splunk environment re-architecture: data ingestion, normalization, search optimization, macro use, automated forwarder updates, deployment restructuring, and UI enhancements.
    • Significantly enhanced production monitoring for quicker issue identification and resolution
    • Decreased internal production Splunk error counts by 80% (down from millions per day)
    • Added dynamic recipients to alerts based on conditions in the results to optimize alert distribution
    • Installed, upgraded, and configured Splunk Enterprise and splunkbase apps
  • Reduced Splunk production error volume by 80%, increasing reliability and reducing support tickets.
  • Automated resolution of common issues, freeing 10% of system administrators’ time for strategic work.
  • Developed a unified Oracle security compliance dashboard using SQL, DB Connect, PowerShell, and file system auditing, aligned to standard operating procedures.
  • Built dynamic, templated Splunk apps for system owners, enabling holistic, customizable plug-and-play application monitoring.
  • Built new Splunk environments for development, test automation, and staging validation.

April 2019 - July 2020

Senior Consultant

CGI Federal
Arlington, VA

  • Architected and deployed a production Splunk environment from nothing to monitoring hundreds of VMs supporting the Department of State's financial management ERP system, improving operational visibility and reducing recovery time from days to minutes.
  • Served as the lead point of contact for production issue resolution across the full application stack: Oracle, webMethods, Tuxedo, WebLogic, Control-M, and external integrations (API, HTTP, SOAP, JMS).
  • Automated deployments, upgrades, monitoring, and maintenance of 25+ environments using Control-M, PowerShell, and Splunk, reducing incident resolution time and manual effort.
  • Mentored four junior developers and analysts in system support, development workflows, technical troubleshooting, and documentation.
  • Optimized multi-day SQL batch jobs, slashing major release downtimes by over 80 hours.
  • Built advanced dashboards and alerting to track transaction integrity, system errors, timeouts, and security events.
  • Created comprehensive documentation of processes, solutions, and deployments in Confluence for repeatable delivery.

September 2016 - April 2019

Technical Consultant (PeopleSoft Developer)

Oracle
Arlington, VA

  • Improved performance on five paramount data conversion applications by up to 30%
  • Created three end-to-end custom conversion programs to populate application with legacy data
  • Wrote and updated SQL for Oracle database optimization, customization, maintenance, and reporting
  • Identified, documented, tested, and reapplied all conflicting customizations to upgraded environments
  • Mentored college hire to fulfill client’s expectations and deadlines

September 2013 - September 2016

Software Developer (Summer Intern)

Raytheon
Fort Wayne, IN

  • Automated C++ code creation directly from requirements documentation
  • Resolved issues and enhanced functionality of custom bug-tracking Java app involving dynamic SQL generation
  • Developed Perl scripts to dynamically generate SQL scripts to upgrade a local database to a multi-site implementation maintaining ACID properties

May 2009 - August 2012


Education

Indiana University - Bloomington

Bachelor of Science
Computer Science
Minor
Business

GPA: 3.10

August 2009 - May 2013

Homestead High School

Fort Wayne, IN

GPA: 3.88

August 2005 - May 2009

Skills

Skills, Programming Languages, & Tools
  • Automation
  • Scripting
  • Regular Expressions
  • Windows
  • PowerShell
  • cmd
  • Oracle / Databases
  • SQL & PL/SQL
  • Jira
  • Confluence
  • Technical Documentation
  • System Integration
  • JSON
  • YAML
  • XML
  • Linux
  • Bash
  • AWS & Azure
  • Azure DevOps / Pipelines
  • Visual Studio Code
  • Python
  • Perl
  • HTML, CSS, & JavaScript
  • Git & GitHub
  • Terraform
  • Ansible
  • Puppet
  • Eclipse
  • Active Directory
  • C, C++, and Java
  • APIs & Web Services

Splunk-specific
  • Certified: Splunk Cloud Admin, Splunk Architect, Splunk Admin, Splunk Advanced Power User, and Splunk Enterprise Security Admin
  • Versions 6.x to 9.x
  • 15+ TB/day; 1k+ SVC; 50k+ UF environments
  • CIM (Common Information Model) Compliance
  • Advanced SPL (Splunk Processing Language)
  • Data on-boarding & normalization
  • Data models
  • Summary Indexes
  • Metrics Indexes
  • Qmulos
  • Interactive Dashboarding
  • Splunk Web Framework
  • Splunk Enterprise, Forwarder, and app/add-on Upgrades
  • Searches, Reports, and Alerts
  • Search & Dashboard Optimization
  • Environment Troubleshooting & Tuning

Awards

  • 2025 (Raymond James) - Multiple formal appreciation awards for developing innovative solutions, delivering under pressure, and providing critical after-hours support during high-impact platform incidents
  • 2018 (CGI) - Company-wide recognition from C-suite executives for extraordinary efforts during a low-staffed and demanding period of the project
  • 2018 (CGI) - "Spotlight Award" for continually accepting additional responsibilities while both exceeding existing duties and training multiple new hires
  • 2015 (Oracle) - "Self-Initiative Spotlight" for quickly training college hire while exceeding own expectations

Languages

  • English
  • Spanish

Interests

  • Adventure & Outdoors: Passionate about scuba diving (favorite spot: San Pedro, Belize), snowboarding in Michigan and Colorado, hiking, running, and spending time outside. Whether it's exploring underwater reefs, hitting the slopes, or just enjoying the fresh air, the outdoors is my relaxation.
  • Home Automation & Lab: Building a fully automated smart home and lab, anchored by a UniFi Dream Wall, Proxmox server, and a growing collection of Home Assistant-integrated devices (Ecobee, Alexa, Apple Home, Ring, and more). Favorite automations include leak detectors (saved my fish tanks more than once!), automated garden watering, and presence-based garage/lighting/temperature routines.
  • Aquarium Tech: Both freshwater and saltwater tanks (75 gal) with custom automations for lights, wave-makers, and filtration. Saltwater tank features clownfish, feather dusters, corals, goby, pistol shrimp, and more - all monitored and managed with smart sensors and alerts.
  • AI & DevOps: Hands-on with AI tools (GitHub Copilot at work for code, PRs, and commit messages; Claude Code and Gemini CLI at home for automation). Building a Terragrunt/Terraform/Ansible stack to manage Proxmox end-to-end, aiming for zero manual configuration. Always exploring how to run AI in secure, autonomous, and cost-efficient ways.
  • Security-First, Open Source, and Learning: Security is always top-of-mind. I learn by doing - diving into new tech, listening to This Week In Tech and other podcasts, and keeping YouTube running in the background. I now share some of my own projects publicly, even when it's a work in progress.
  • Community & Collaboration: Active in Splunk Slack, sharing insights and learning from the Splunk Trust. Proud of architecting real-time, CIM-compliant Splunk drill-down dashboards still in use today. Dreaming of a future with a full server rack, Luxury Lutron automation, and custom AI-powered home assistant hardware.
  • Fun Fact: My dream is to have every device in my home and lab cataloged, automated, and easily reset or reconfigured with a single configuration update. Until then, I’ll keep tinkering, automating, and learning - one project at a time.