PROFILE

• Over 12 years of IT experience and 6 years of Application Security experience
• Over 6 years of extensive experience in Software Development including architecture, analysis, design, development, deployment and testing experience in B2C, B2B, Web Portal environments.
• Over 6 years experience in architecting and deploying Identity Management, Access Management, LDAP Directories, Single Sign-On (SSO), Provisioning & Approval Workflows, RBAC (Role-Based Access Control), Compliance and Auditing Technologies, Identity Federation, Enterprise System Architecture, Security Infrastructure Design, Authentication and Authorization technologies, as well as custom-built security and technology frameworks.
• Good analytical & technical skills combined with good communication & inter-personal skills. Skilled in working as Team Lead as well as Team member.
• Proven technical leadership skills include the ability to manage teams, earn the respect of its members, lead by example, and thrive in an entrepreneurial environment.
• Fast learner and able to understand unfamiliar areas independently. Very easily adaptable to new systems and tools.
• Can clearly express technical information and concepts to a non-technical audience and vice versa
• Persuasive verbal and written communication skills compliment a proven ability to multi-task, maintain an organized approach, and ensure success - even when faced with high-pressure or high-risk situations.

• Identity Management: Oracle Identity Manager 9x, Sun Identity Manager, Novell Identity Manager 2.x/3.x, Novell DirXML 1.1a, Thor Xellerate 8.7.x
• Access Management: CA SiteMinder, Sun OpenSSO Enterprise 8.0, Sun Access Manager, RSA Access Manager, Web Agents, Policy Servers
• Identity Federation: RSA Federated Identity Manager 2.5/3.1, Netegrity SiteMinder Option Pack, Oracle Identity Federation, PingFederate 5.3/6.0, Sun Federation Manager 7.0, Sun OpenSSO Enterprise 8.0
• Directory Services: Novell eDirectory, Sun ONE Directory Server 5.2, Microsoft Active Directory
• Security Technologies: , SAML 1.1/2.0, WS-Security, Kerberos, PKI, LDAP, General Cryptography, and Federated Identity Management
• Security Testing Tools: Tenable Nessus, IBM AppScan, nmap, snort, snoop, tcpdump
• Web/Internet Technologies: ASP, ASP.NET, ADO.NET, J2EE (JSP, Servlets, JDBC), XML, XSL, XSLT, XL-FO, SAX/DOM, HTML/ XHTML/DHTML, CSS, JavaScript, VBScript, C#, Perl CGI.
• Web Servers: IIS4.0/5.0/6.0, Apache, Tomcat, SunOne WebServer
• App Servers: Weblogic Server 5.0/6.0/8.1/9.2, Oracle Application Server, Sun Glassfish Server, IBM Websphere, JBoss, Apache Tomcat
• Programming Languages: Visual Basic 5.0/6.0, Java 1.4.2/1.5,1.6, PL/SQL, Unix Shell Scripts.
• APIs: J2EE, J2SE, JDBC, JNDI, ODBC, Perl CLI for Netegrity SiteMinder, Java SDK for Netegrity SiteMinder, Novell NDK for eDirectory, Oracle Identity Manager API
• Standards: HTML, CSS, XML, SOAP, XSLT, XPath, LDAP, DOM, HTTP, PDF, UML
• Dev Tools/IDE: Eclipse 3.2, Microsoft Visio, Microsoft Project, Oracle JDeveloper, Microsoft Visual Studio 6.0, Microsoft Visual Studio .NET, SQL Navigator, Quest TOAD, Allaire Homesite, Macromedia Dreamweaver, Microsoft Frontpage, , Softerra LDAP Browser, Microsoft ADSI Edit
• Databases: Oracle 10g/9i/8i, MS SQL Server 6.5/7.0/2000, MS Access.
• Source Code Control Systems: Visual SourceSafe, Rational ClearCase, Stellent ECM, SVN
• Operating Systems: Windows XP/Vista/2000/2003, Linux, Sun Solaris

EDUCATION

• Bachelors of Engineering (BE) in Computer Science

CERTIFICATIONS

• Oracle Identity Manager: Develop Identity Provisioning
• RSA ClearTrust 5.5 Installation and Configuration
• RSA ClearTrust 5.5 Administration

EMPLOYMENT HISTORY

Confidential, Century City, CA

Nov 07 – Present

Environment: Sun Solaris, Windows 2003 Server, RSA FIM Server 2.5/3.1, SunOne LDAP, RSA Cleartrust 5.5, Microsoft IIS 6, BEA Weblogic 8.1, FIM APIs, Eclipse 3.2, Ping Federate 5.3/6.0

Security Applications Consultant

• Implemented RSA Federated Identity Management 3.1.2 using SAML 1.x protocol to provide authentication, attribute and authorization portability across autonomous security domains for TBG alliance partners and customers.
• Designed/Developed custom Attribute & Subject plug-ins using RSA FIM Java APIs on the Relying Party (MullinTBG) to facilitate Federation with other business partners.
• Developed the SAML receiver and integrated it with the MullinTBG web application framework. SAML assertions were signed with XML Signature to prevent "man in the middle" attacks. SAML assertions were defined to have very small time windows of validity to prevent "replay" attacks.
• Directly responsible for the architecture and design process for migrating to PingFederate from the RSA Federation solution to Ping Federate 5.3 & later in the upgrade to Ping Federate 6.0
• Implemented various SSO connections with business partners using SAML1.1/SAML2.0 profiles
• Performed application vulnerability assessments with tools such as AppScan, Nessus and generated reports. Presented relevant items to developers/sys-admins with detailed implementation steps to fix these vulnerabilities.

Confidential, Newark, NJ

Nov 08 – Jan 09

Environment: Sun Solaris, Windows 2003 Server, Sun Access Manager 7.1U1, SAMLv2 Plugin for Access Manager, Sun Federation Manager 7.0, Sun Open SSO Enterprise 8.0, SunOne Directory Server 5.2, Microsoft IIS 6, IBM Websphere 6.1, OpenSSO/Access Manager/SAMLv2 Plugin APIs, Eclipse 3.2

Federation SME

• Directly responsible for the architecture and design process for implementing Sun Open SSO Enterprise 8.0 with session failover & load-balancing for high-availability
• Develop custom IdP & SP Attribute Mappers.
• Demonstrate POC with SAML1.x, SAML2.0 use cases with Horizon acting as an IdP & SP. The use cases also demonstrated signing & encryption of SAML Responses.
• Proposed architecture design changes to protect Access Manager components from users. This involved introducing a reverse proxy architecture using Sun WebServer acting as a Reverse Proxy

Confidential, Torrance, CA

Nov 06 – Nov 07

Environment: Sun Solaris, Thor Xellerate 8.7.4, Oracle Identity Manager 9.0.1.3, Microsoft Active Directory, RSA Cleartrust 5.5, SunOne Webserver 6.1, BEA Weblogic 8.1, Eclipse 3.2

Team Lead/Security Applications Architect

• Directly responsible for the architecture and design process, as well as the overall implementation. Led a team of two developers on this engagement and served as the day-to-day lead for the engagement.
• Planned and ran upgrade implementation of Oracle Identity Manager 9.0.1.3 from Thor Xellerate 8.7.4. Created high level and technical project plans. Worked with Database COE & QA Teams to coordinate respective activities.
• Working with various BTS application teams/departments and replacing home grown provisioning system with provisioning/approval workflows in Sec1.
• Developed provisioning/approval workflows for various target systems like Active Directory User Management/Password Sync, Novell eDirectory, Windows/Unix servers, Oracle Databases, IBM Lotus Notes, Employee Reconciliation with PeopleSoft
• Worked with the business to define the role governance process and business process for modification, approval and removal of roles.
• Vetted architectural diagrams for Provisioning systems & SSO. Provided recommendations for improvements in the SSO architecture.
• Conducted an impact analysis on the migration of the Sec1 system to a new Datacenter. This involved analyzing the architecture diagrams to identify SSO applications that would be impacted. Also had to ensure that the existing provisioning systems operated smoothly and target systems were available.
• Helped integrate BTS applications to the SSO framework using RSA Cleartrust. This involved installation & configuration of RSA Web Agents, setting up entitlements using Entitlements manager for authentication/authorization, bulk loading users into the user store. Upgraded Cleartrust servers & Web Agents with recommended patches from RSA
• Own Sec1 / SSO Infrastructure related production issues, incident reports & defects queue.
• Performed application vulnerability assessments with tools such as AppScan, Nessus and generated reports. Presented relevant items to developers/sys-admins with detailed implementation steps to fix these vulnerabilities.
  

Aug 05 – Nov 06

Environment: Sun Solaris, Novell eDirectory 8.7.x/8.8.x, Apache WebServer, Reverse Proxy, Netegrity Siteminder Policy Server 6.0, WebAgent 4.x/5.x,6.x, DirXML 1.1a, Novell Identity Manager 2.x/3.x, Novell Designer, Eclipse 3.2

Application Security Consultant

• Technical Lead for identity management and user provisioning. Design and implementation of an identity management solution Implementation of a meta-directory for managing the identity and access rights of all internal users to multiple target systems like multiple Novell eDirectory trees, Microsoft Active Directory, various Oracle & DB2 applications, PeopleSoft.
• Implementation of an RBAC (Role-Based Access Control) system linked with the IAM system to manage authorizations on Netegrity SiteMinder (using AD, eDirectory) through roles and role hierarchies.
• Developed various web based/standalone Java based tools for eDirectory account management utilizing JNDI.
• Implemented a Novell DirXML 1.1a based solution for account and password synchronization from an existing Novell eDirectory tree to a new Microsoft Active Directory domain.
• Fixing inconsistencies in the underlying business logic (DirXML) using JNDI, Novell NDK applications to resolve sync issues between applications and Novell eDirectory.
• Own SiteMinder / LDAP and Web Infrastructure related production issues, incident reports & ClearQuest defects queue.
• Lead technical resource in implementing a multi-phase upgrade of DirXML to Novell IDM 3.x

Confidential, Torrance, CA

May 04 – Aug 05

Environment: Sun Solaris, Netegrity SiteMinder Policy Server 5.5/6.0, WebAgent 4.x/5.x,6, Novell eDirectory 8.7.3, Sun ONE Directory Server,

Web Security Admin

• Interface directly with various teams (e.g. Development, Security, Frameworks, etc.) to analyze and resolve technical issues.
• Install new software releases, system upgrades, evaluates and installs patches and resolves software related problems.
• Conduct systems architecture studies of new and existing SiteMinder and LDAP infrastructure; develop tactical plans to address short-term deficiencies in current infrastructure.
• Develop/review technical documents to ensure consistency, accuracy and compliance with corporate technology directions.
• Supporting the web infrastructure which includes iPlanet/Apache, IIS, Reverse Proxy.
• Perform advanced SiteMinder / LDAP and Web Infrastructure troubleshooting and interfaces directly with various IT teams to resolve technical issues in production environment.
• Own and maintain operational/administration manuals as well as the troubleshooting processes & procedures.
• Own SiteMinder / LDAP and Web Infrastructure related production issues, incident reports & CCRA (Change Control Risk Assessments).
• Plan, design, develop, deploy and maintain the SiteMinder related infrastructure and architecture, security framework, API and application integration for authentication, authorization/entitlement and data encryption.
• Consistently improve SiteMinder infrastructure (High Availability, Disaster Recovery) and performance to maximize system uptime.
• Perform ongoing SiteMinder infrastructure load testing, tuning to support business growth.

Confidential, Stamford, CT

Jan 03 – Oct 03

Environment : Netegrity SiteMinder 5.5, Iplanet (Sun One ) Directory Server 5.1, Java 2, Apache 1.3.26, Iplanet Webserver 6.0, Weblogic 7.0

SSO Implementation and Maintenance

• The client had a number of web applications, which had their own authentication mechanisms. This resulted in a requirement for Single Sign on for security and simplification. My role was to understand the current security architecture for each application and suggest solutions on how well these applications can be integrated in a Single Sign On Environment with minimum impact to the business.
• Manage and understand client requirements for SSO
• Responsible for upgrading Policy server to SiteMinder 4.51 Sp4 CR11 and later on to version 5.5 Sp2 CR8.
• Worked with the application owners to design the rules, responses and policies for each application & integrated new applications with the SSO environment.
• Installed the web agents on Apache Web servers(version 1.3.26), Netscape Web servers(4.1) and IIS
• Coordinated with GE corporate to implement the custom authentication scheme.
• Worked with Netegrity support to resolve certain issues.
• Designed and implemented the registration, login and administration flows on internet and intranet.
• Maintaining the logs and trouble shooting.

Confidential, Pittsburgh, PA

Feb 00 – Jan 03

Environment : ASP, JSP, Java, Servlets, Oracle 8i/9i, Solaris, Windows 2000, JDBC, ODBC, ADO, Visual Basic, HTML, Java, Microsoft IIS, Apache Tomcat, BEA Weblogic 7.0/8.1

Sr Software Engineer

• Provided consulting services for various iGate clients including GE Transportation, GE Medical Systems, GE Aircraft Engines on a variety of projects
• Worked closely with clients and functional owners to gather project requirements.
• Co-ordinate communication with the client and Offshore. Managed a team of 4 developers/Testers. Responsible in preparing specifications, estimate effort required, schedule work, monitor and control progress
• Design/Development of user interface screens using JSP, ASP, Servlets, HTML and JavaScript. Also responsible for developing backend code using JDBC/ADO.
• Database design & normalization. Created stored procedures, triggers, and functions using PL/SQL. Fine tuning queries for faster data retrieval.

Confidential

Oct 96– Feb 00

Environment: ASP, ADO, SQL Server 7.0, PL/SQL, Visual Interdev 6.0,VB Script, Java Script, IIS 4.0, Visual Source Safe 6.0, Perl, Microsoft Site Server, Flash ActionScript
Technology Lead

• Directly responsible in design & architecture of ecommerce B2B/B2C portals for Annet Communications & its clients. These portals were fully integrated with shopping carts, user personalization, session management using Microsoft technologies ASP, Visual Basic
• Responsible in the setting up of Microsoft Exchange server & configure email accounts for over 100 employees.
• Design & set up database objects and tables
• Writing server side ASP scripts using ADO to communicate with the database.
• User interface design using HTML, Javascript, DHTML.
• Handling Web server, Database, DNS, Email administration and support issues.