SKILLS SUMMARY:

• Netegrity/CA E - Trust SiteMinder, Identity Manager
• Microsoft Active Directory Federation ADFS 2.0
• Ping Identity Ping Federate
• SAML 1.1, SAML 2.0, WS-Federation, IDP Initiated SSO, SP Initiated SSO, Post Profile, Artifact
• Apache/Mod Proxy/Mod ReWrite, Tomcat, ServletExec
• IIS 6.0, 7.0, 7.5 (Windows 2003 - 2008 R2)
• Confidential Web Sphere
• C/C++, Java, J2EE, Sun JCE, Visual Basic, HTML, XML, Java Script, C# .NET 2.0 & 3.5, SQL, Perl,
• Design and Architect LDAP DIT / Repositories. Design and Architect high availability servers
• Customize LDAP Schema; Creation and Extension of Objects, X.509/PKI Implementation.
• Optimize DIT Topology for Identity Management and Web Single Sign-on. Improve LDAP Authentication performance.
• Migration between different LDAP vendors. IPlanet/SunOne to Active Directory.
• LDAP Vendor experience includes: Novell E-Directory, IPlanet/SunOne LDAP Directory, Microsoft Active Directory 2000, 2003, 2008, Microsoft ADAM, Confidential Directory Server, OpenLDAP, Oracle Internet Directory (OID)

EXPERIENCE:

Confidential, Chicago, IL

Identity and Access Management Lead/Architect

Responsibilities:

• Architect & Design SiteMinder Infrastructure within Jones Lang LaSalle
• Swim Lanes, Authentication Flows, Network Diagram, Logical Diagram
• Install and Configure SiteMinder Policy Server 6.0 and R12.5
• Migrate SiteMinder Policy Server 6.0 to R12.5
• Migrate WebAgents from 6.X to R12.X.
• Setup Policies for Access Control to different applications
• Develop Roles and Groups for Access Control into various Application
• Help Developers to integrate Custom Delegated Management Solution into SiteMinder
• Install and Configure WebAgents on various Windows/IIS Platforms.
• Customize Integration with SharePoint 2007 with NTLM based authentication.
• Wrote JAVA based SiteMinder API to customize Password Policies with Active Directory
• Change Password upon first login
• Forced password Change
• Password Expiration warning redirection
• Redirection based on no email address
• Maintain and troubleshoot all SiteMinder related problems.
• Generated custom audit reports from SiteMinder logs
• Patching WebAgents and Policy Server
• Help Developers understand SiteMinder and customize policies with their need.
• Configured various Active Directories and also used MS SQL 2005 Database for user authentication & Authorization.
• Mentor/Train Jr. Administrators about SiteMinder & PingFederate
• Architect & Design Ping Federate Infrastructure within Jones Lang Lasalle
• Swim Lanes, Authentication Flows, Network Diagram, Logical Diagram
• Architect various Federation integrations with Confidential applications.
• Attended numerous meeting with JLL's clients to help/guide them with SAML Integration into JLL
• Setup & Configure 30+ SP Connections to JLL Network (Various SAML profiles)
• Attended many meeting for JLL business groups to integrate SAML with SAAS providers
• Setup & Configure IDP Connections to SAAS Providers. For example, SalesForce, Brandworkz, Box.NET, Egencia, GiveaWow, Coupa, Lynda.com, ADP, AON Hewitt, Microsoft Azure ACS
• Setup Roles Based Access Control to SAAS application using custom Database and views
• Architect SharePoint 2010 Integration with Ping Federate/SiteMinder
• Wrote Powershell Scripts to Configure SharePoint 2010
• Used SiteMinder for authentication and Ping Federate to generate WS-Federation Tokens
• Configured HTML(External Users) & Windows Integrated (Internal Users) authentication for SharePoint 2010
• Provided input to custom integration for Session Management, Custom People Picker Integration with Active Directory
• Setup CRM 2011 Integration with ADFS 2.0, Setup Ping Federate to ADFS to CRM for seamless SSO experience
• Install and Configure Ping Federate 6.X in Test and Production Environment.
• Setup failover/clustering mode in Production
• Setup SiteMinder plug-in to integrate with SiteMinder’s SSO system
• Setup SQL Server integration with Ping Federate
• Developed Code to help developers integrate with SAML/Federation
• Wrote Custom Code with .C# NET 2.0 to Generate SAML 1.1 Compliance assertions which allowed developers to check SAML integration without testing with an external partner.
• Wrote Sample Code to use Ping Federate opentoken library.
• Troubleshoot and Maintain all SAML/Federation related applications and servers
• Patched & Upgraded PingFederate in Production & Test Environments

Confidential, Jacksonville, Florida

Project Lead

Responsibilities:

• Requirement and Analysis for new project; conversion of old system to new Identity Management based system.
• Analyze and design LDAP schema: Custom Attributes and Objects, Configure Replication & Failover for Sun One Directory Server 5.X,
• Wrote Perl scripts to convert data to LDIF files for import
• Setup/Configure CA’s SiteMinder with WebAgents & Policy Server
• Configure CA’s IDM, to for profile information, password management: Forgotten Password, Email Notification of Expiring Password, Account Lockout/Password Reset with Challenge/Response
• Wrote Java Program using SiteMinder API for a custom Response to redirect users without profile.

Confidential, Dallas, TX

IT Security Audit

Responsibilities:

• Risk Analysis; Identification and Mitigation.
• Analyze data gathered to evaluate effectiveness of controls, assess threats/vulnerabilities and identify inadequate control measures.
• Documented all Risk and Gap issues. Worked with IT Teams to develop project plans for remediation. Coordinate/present results to management.
• Subject Matter Expert on all SiteMinder projects; Project Management & Architect work on SiteMinder projects.
• New projects -- Helped development and management teams to bring SiteMinder into existing environment. New policy and rules setup; Work with Audit and Security teams for security rules compliance.
• Architect Active Directory/LDAP performance tuning for multi-national companies and users base up to 50,000.
• Deployment of SiteMinder agents and various policy configurations.
• IIS 6.0 Agent Installation and Password Policies.
• Developed Documents on Agent Installation on various platforms including AIX, Linux, Solaris, Windows 2000 & Windows 2003.
• Provide Identity Management services for custom applications, multiple authentication levels - digital certs, RSA soft & hard IDs, authorization & backend synchronization.
• Implemented Identity Minder and setup password services along with provisioning.
• Project work includes: performance evaluation/clean-up of existing SiteMinder environments; Active Directory integration and performance evaluation; Level 4 Support on current Web Infrastructure (Apache, SiteMinder, Cold Fusion on Solaris 8, Active Directory)
• Developed and Installed various scripts in conjunction with Monitoring software such as IPMonitor -- monitor availability of resources such as Active Directory (LDAP Interface), SiteMinder and other user’s Service Accounts, TCP monitoring (Port based), ICMP Ping Monitoring, SiteMinder Authentication and Authorization monitoring (SiteMinder Perl interface), Disk space, Basic HTTP and Application Level Monitoring, Setup 24x7 monitoring rules based on client’s SLA.
• Project work includes: Outlook Web Access Single Sign-on, RSA SecurID Authentication, SiteMinder Secure Proxy, Apache Reverse Proxy w/ Web Agent, Performance testing, Document and revise Web Security Framework, J2EE Integration w/ Web Sphere using TAI, Domino/Quick Place/Same Time w/ Web Agent. JSP based password services, LDAP Schema modifications, Confidential Secure Way LDAP optimization.
• Oracle 9iAS integration through Secure Proxy Server and Custom Java API.
• Configuration of Policies with CRL (Certification Revocation List) (LDAP).
• Schema Modification for SiteMinder in Active Directory.
• SiteMinder 4.6 to 6.0 Upgrades.
• Migration of Netscape Directory Server to Active Directory (Policy Store).
• Migration of users store from Netscape/Iplanet LDAP to Active Directory
• Project Planning, Analysis, Design, Testing & Deployment
• R&D on Java (JNDI) LDAP, Novell E-Directory LDAP API
• SiteMinder Secure Proxy configuration for X.509 Digital Client Certs.
• Developed SiteMinder Secure Proxy custom filters with SiteMinder Java API.
• Developed SiteMinder Active Response using SiteMinder Java API to be used in Apache Reverse Proxy.

Confidential

Security Architect

Responsibilities:

• Played a vital role in transitioning OCC’s Legacy Options Trading software to N-Tier environment. Provided Security improvements and critiques over several phases of SDLC process.
• Played an important role in designing and implementing redundant/off-site datacenter for various software and hardware components.
• Project Management: Planned & multitasked several projects on time.
• Documented various R&D projects, Evaluations, Requirements, Training, Approach, Security Policies, Risk Assessment, and Audit.
• Network Architect & Support: Management and design of Nokia/Checkpoint Firewall & Fail-Over Capability, Load balancing with F5, Management of F5s
• Maintained over 40 Siteminder Web Agents: Includes Different policy servers for Development, System Test, Pilot and Production. Maintained Rule Sets, Response, Customized Forms, Password Services
• Involved in a project migrating E-Directory to Active Directory
• Evaluated different integration scenarios with single Forest/Multiple domain, Tree Designing, External Clients Integration
• DNS (Bind) Integration with Active Directory
• Research and tested Siteminder Installation and Integration with Active Directory, Single Sign-On
• LDAP (Directory Services Projects)
• LDIF Exports from Netscape Directory Servers and Import into Novell & Active Directory. Wrote custom Perl scripts for importing new OCC Customers.
• Tree Designing, Directory Replication & Optimization using Active Directory & Novell E-Directory
• Custom Attribute Additions, Group Maintenance & Application Support using Java (JNDI) and with C/C++ using Open LDAP libraries.
• App Server, Web Server & Single Sign-on:
• Performed Evaluation on Several SSO Vendors
• Implemented and Integrated Siteminder 4.6 with Confidential Web Sphere, Netscape IPlanet Web Servers, & Apache with Novell E-Directory (Netware 5.X) as a authentication repository.
• Integrated RSA Soft and Hard Tokens with Siteminder Security based on architecture goals.
• Architected Custom CORBA/C++ Siteminder Authentication Agent (Siteminder API) for use with Orbix (Iona).
• Architected SSO models using Java beans for Enterprise use of myocc portal.
• Customize Login, Second Factor Login, Login Failed/Disabled etc. pages for Siteminder
• Design High Availability Architecture for Siteminder, Web Servers & App Servers
• Portal Integration
• Design and Integrated J2EE, Novell E-Directory and Netegrity’s Siteminder.
• Customize LDAP directory (additional attributes) for use with Delegated Management Services
• RSA Ace Server: Administration and troubleshooting of Ace 4.1 & 5.0 Servers, performed Migration of 4.1 to 5.0 Ace Server
• Architect Software Token Download Scheme via Signed Java Applet to ensure one time only download. (software tokens were stored in E-Directory (LDAP) )
• Provided solutions to cross site scripting /authorization with the use of JCE PBEWithMD5AndDES Cipher.
• Virus detection: R&D - Used EXE packers to change virus signatures of various Trojans and Viruses.
• Tested Desktop Virus Detection Software (e.g. McAfee, Symantec) with new executables.
• Tested Email Gateway with new executables.
• Published Results for Infosec presentation.
• Vulnerability Scan:
• Used ISS and Nessus to accredit various OS e.g Solaris, NT, Novell, Cisco IOS
• Publish results and recommendation documents
• SSH/SCP
• Replaced automated ftp procedures with SCP for Extranet clients.
• Develop and document procedures for extranet customers for SSH/SCP.
• Intrusion detection:
• R&D:SNORT,ACID
• ISS Network Sensor: Co-Managed with ISS to develop Alerts for various scans and attacks.
• X.509 Digital Certificate
• Integrate Verisign PKI onto OCC Architecture
• Installed and Maintain server SSL certificates on F5s
• Used Novell E-Directory Certificate Server for in-house SSL servers.
• VPN
• Setup and managed CISCO VPN 3000
• Created Client Package CDs -Develop deployment and installation documentation, modified install package for OCC specifics.
• Integrated VPN Authentication with RSA SecurID

Confidential

Security Engineer

Responsibilities:

• Develop Security policies document for Internet Applications, Extranet Clients and Internal Network
• Managed Firewall Rules/Policies for CISCO PIX Firewall
• Managed CISCO IDS
• VPN: R&D - Tested and documented VPN 3000 deployment for EYAS employees
• Vulnerability Scans using ISS
• Solved several external DNS issues (BIND)

Confidential

Web Architect/Security - Independent Contractor

Responsibilities:

• Helped transition from old data center.
• Co-Managed FW Rules/Policies with Exodus (Third party Hosting Services) using Checkpoint FW-1
• Managed Sun Solaris 2.6, BIND, BIGIP F5, Windows NT 4.0 w/ IIS, MS SQL 6.5
• Setup Daily, Weekly, Monthly Backups and MS SQL dumps.
• Helped developers to phase code from development and pilot to production.

Confidential

Security Architect

Responsibilities:

• Managed Rules and Policies for Raptor Firewall for primary and secondary sites
• Setup and manage; Site to Site VPN (Using Raptor), VPN for extranet clients, VPN for Employees.
• Maintained DNS services using Raptor for external (Internet) access.
• Configured CISCO 2600 for use with AT&T ISP (T1) and UUNET(T1)
• Maintained and Setup MS IIS and MS Proxy for Internal users; Installed and renewed SSL certificates, register domains
• Published Web Trends reports on Intranet.
• Setup Website monitoring and alerts using WhatsUp Gold
• Performed Vulnerabilities Scan for servers to be deployed for Internet.