PROFESSIONAL SUMMARY:

• Over 8 years of experience in architecting, designing, implementing Identity and Accesssuite like CA Site Minder, CA Layer 7 API Gateway,Ping Federation, and Ping Identity and Access Management suite of products.
• Implementation of Security Management tools in enterprise wide Applications to achieve Authentication, Authorization and Accountability.
• Strong working experience with Directories, SSO, Federation, Delegated administration, API gateways (Layer 7).
• Experience in deploying SAML based highly available solutions using Ping Federate and other security products.
• Extensive experience in client interaction and support maintenance engagement in security.
• Designed and implemented Ping Identity Solution for Web Access Authentication using Ping Access and Ping Federate.
• Prepare a plan for user communication to switch from ADFS to Okta SSO. Created a detailed implementation and migration guide for Office 365 Okta SSO integration.
• Document detailed technical steps to be executed by administrator’s to accomplish federation configuration switch from ADFS to Okta. Active member of PAM Team responsible for the deployment of CyberArk Security Initiatives.
• Migrated Web Authentication solutions from CA Single Sign - On (SiteMinder) to Ping Access 3.
• Delivered strategic and tactical service and feature enhancements to end users, including Ping Federate SAML & OAUTH SSO for over 25 connections and a services integration layer.
• Hands on working experience on LDAP products like Oracle ODSEE, CA Direction.
• Successfully upgraded Ping Federation Services from 6 to 7 and 7 to 8.
• Experience working with API Gateway solutions like: CA API Gateway (Layer 7), API Gateway.
• Working experience with CA Technologies API Gateway (Layer 7) and policy design.
• Experience in development and administration related tasks of CA API Gateway server.
• Experience in deploy, configure, tune and monitor API Gateways.
• Experience in configuring the multiple docker images and creating docker container to provide end to end automation of CA API Gateways.
• Designed Custom reports for CA API Gateway, enabled client by providing s on CA API Gateway.
• Worked on Integrating CA API Gateway with Ping Federate for Single Sign On.
• Requirements Gathering, Analysis, Designing, developing, testing, deployment and application support of Identity and Access Management solutions.
• Experienced in all aspects of Identity and AccessManagement including, eDirectory, Access Control, Audit, Single Sign-On, Privileged AccessManagement, Policy Designing, PKI, Firewalls and load balancers.
• Implemented OAuth and OpenID for mobile and non-browser solutions using PingFederate.
• Experience working on all the PingFederate OAUTH grant types to get the access token for accessing the protected API.
• Resolved user support tickets for all systems (Access Manager, Ping Federate, Adaptive Authentication) Participated in meetings and discussions regarding the rebuild of the current IAM infrastructure.
• Successfully implemented Web Access Management Solutions using Ping Access 3 and other security products like CA Single Sign-On (CA Site Minder), migrated Web Authentication solutions from CA Single Sign-On (Site Minder) to Ping Access 3.
• Designed and implemented Ping Identity Solution for Web Access Authentication using Ping Access and Ping Federate. Experience in deploying SAML based highly available solutions using Ping Federate and other security products.
• Experience in working on Pingfederate 5.1, 6.1, 7.1, 7.3, SAML 2.0, SAML 1.1, SAML 1.0, Oauth 2.0, OpenID/Connect (OIDC).
• Prepare a plan for user communication to switch from ADFS to Okta SSO. Created a detailed implementation and migration guide for Office 365 Okta SSO integration.
• Document detailed technical steps to be executed by administrator’s to accomplish federation configuration switch from ADFS to Okta. Active member of PAM Team responsible for the deployment of CyberArk Security Initiatives.
• Demonstrated POCs for API security like integration with Open AM, Site Minder, OAuth 2.0, JWT token and authentication.
• Created the Federation service between Site Minder federated web services to Pingfederate for classic migration of applications that are SAML and WS-FED based applications.
• Experience on Single Sign On (SSO) Integration project using CA Site Minder (Netegrity Policy Server version R6.0 and R12 & Site Minder Agent versions 5qmr 7, 6qmr5, R12 and R12.52).
• Protected Restful API's using OAuth in PingFederate so that it can be accessed only with Access Tokens.
• IT Risk/ Identity & Access Management project management, providing web-based applications security.
• Experience in CA Identity Manager in Web Security Administration SSO/Site Minder, Agents for SharePoint, Secure Proxy Servers, Sun ONE LDAP Directory Server, Active Directory Server.
• Add new Symantec VIP token types: VIP Access and Yubico Yubikey.
• Integration with LDAP, deployment of web agents for access control, configuration of authorization models, single sign-on configurations, build of approval and provisioning workflows, deployment of provisioning adapters, SSL Configuration, configuration of user management, self-service, password resets, forgot password functionality.
• Worked on Web Servers: Apache; IIS; and on Windows based & UNIX based OS.
• Involved in installation, configuration, deployment, troubleshooting and implementation of Sun Identity Manager (IDM)

PROFESSIONAL EXPERIENCE:

Confidential, Pittsburgh, PA

Sr. IAM Engineer

Responsibilities:

• Implemented and Customized Manage Access and Manage Identity modules as per customer requirements in SailPoint IIQ.
• Identify and evaluate business and technology risks, internal controls which mitigate risks and related opportunities for internal control improvement.
• Designed and developed the application using Java Server Faces (JSF) framework and Struts framework.
• Played a key role in design, deployment and testing of IBM Security IAM suite providing efficient user management through an innovative, enterprise-wide automated provisioning system.
• Excellent Enhancements, Troubleshooting and Support Skills of ITIM, TAM, ISAM and its Inter dependent components (like IBM Tivoli Directory Server, IBM Tivoli Directory Integrator, IBM HTTP Server, WebSEAL Server and Policy Server).
• Installation and configuration of LDAP - IBM Directory Server
• Experience working with API Gateway solutions like: CA API Gateway (Layer 7), API Gateway.
• Working experience with CA Technologies API Gateway (Layer 7) and policy design.
• On boarded flat file applications like HR-Employees.
• Developed Service Now Custom Connector with SailPoint which tracks the ticketing system in Service Now and returning ticket status to SailPoint.
• Interacting with the clients for requirements.
• Developed custom approval work flows for provisioning Role Based Access Control (RBAC) entitlements
• Add new Symantec VIP token types: VIP Access and Yubico Yubikey.
• Involved in creating, custom reports, to cater various data feeds.
• Planning and rolling out of phase wise implementation of re applications globally.
• Integrated web service based applications to authenticate and authorize users based on their access and data in SailPoint IIQ.
• Involved in adding direct connectors for Active Directory, LDAP, Exchange Online, Box andUNIX.
• Installed and Configured Ping Federate Servers on both Windows and Linux environment as both engine and admin servers. Worked on upgrading Ping Federate from Version 8.3.2 to 9.3.0
• Adept at setting up infrastructure for Siteminder, ADFS 2.1/3.0/4.0 and Ping federate
• Worked on O-Auth Integration using Ping Federate and Ping Access and implementing Federation SAML services to SSO into third-party vendors.
• Experienced in using multiple Ping Federate adapters http adapter, Open token, composite adapters.
• Experience providing federation solutions using SAML 2.0, Ping Federate and CA SiteMinder Federation Service. Enforced the Ping Access policies to authorize the user for a protected resource.
• Creating Adapters, Service Provider and Identity Provider connections, replicating configuration archive, exporting Metadata, importing and exporting SSL s using Ping Federate
• Worked with API Gateway solutions like: CA API Gateway (Layer 7), API Gateway.
• Build a Active directory server on prem on non-production and production environments and connected to Management UI while integrations with federations to web agents using NPS server extension with Azure AD for MFA.
• Build and configured, maintenance and support on Network policy server (NPS) in Production for MFA with Azure AD. (Troubleshooting MFA issues with NPS logs)
• Providing web applications Single-Sign on and Federation technology with Azure AD using protocols like, SAML, Oauth, Open ID Connect, WS-Federation.
• Integrating Microsoft Azure MFA with CyberArk, VPN, Oracle access manager, VDI and other third party tools.
• Customized workflows as per client needs.
• Worked on Provisioning use case development, role definition, building to meet compliance controls, and IAM governance.
• Tested build map rules, creation rules and customization rules to create Employee and Contractor user accounts in SailPoint from their current application’s exported feed files
• Worked on customizing connectors, workflows, forms, rules, policies, report etc. in IIQ for testing purpose.
• Documenting and maintaining the audit communications, metrics and re artifacts.
• Developed the rules like build map, correlation and manager correlation rules.

Environment: Sailpoint IIQ 7.0, 6.4, XHTML, Layer 7,HTML, CSS, Java Script, Bean shell scripting, Apache Tomcat 7.0, SQL, UNIX, db2.

Confidential, Tyson, VA

I AM Engineer

Responsibilities:

• On-boarding complex application to satisfy business requirement also Design SailPoint deployment and solution architectures.
• Perform Integration with multiple applications such as AD, Exchange, RDBMS, and Flat File & LDAP.
• Communicate the functions, capabilities, and processes of proposed enterprise IAM programs with clients and users.
• Build and Configure SailPoint in-built tasks like aggregation, ID refresh, schedule tasks, correlation, etc.
• Have done customizations in business process/workflow, reports, in IIQ console to add new commands.
• Development of key modules and custom requirements in the project. Perform User Access Administration using Active Directory. Implementing the provisioning feature of SailPoint IIQby using various connectors.
• Performed Requirements Gathering for a Proof of Concept to be implemented into their environment in development for Azure AD, PingFederate and Microsoft Active Directory server.
• Experience in Replication, Chaining, Load Balancing and other Administration tasks involving Netegrity/CA SiteMinder, Pingfederate Policy Server, Active directory, Azure AD in both Production and Non - Production environments.
• Expertise in Developing, Configuration, Deployment, Troubleshooting and Management of Enterprise Applications for Pingfederate, Azure AD and CA e-trust Directory server.
• Solid understanding of Identity Access Management architecture and exposure to entire features of CA SiteMinder (Policy Servers & Web Agents), PingFederate 7.1.2, 8.4, 9.1.3 and later versions, Azure AD, AD, ADFS. ADDS, ADCS.
• Azure Active Directory (AAD) configuration and management, policies and provisioning, Azure AD Connect, Azure AD, Multi-Factor Authentication, ADFS, AD DS, AD CS.
• Troubleshooting issues related to SSO, authentication and authorization, as well as troubleshooting LDAP issues.(TID,LID mapping methods)
• Worked on Single Sign on (SSO) to implement security polices and handle LDAP, Pingfederate and Webserver on Solaris environment. Also maintenance of RSA256 SecureID.and OAEP Algorithm
• Manage User Access/Login Security to SailPoint Applications.
• Modifications were done in their existing active sync process to manage the users.
• Coordinating with the Clients / on-site team for gathering enhancement requirements, status updates and issue handling.
• Developed workflows and Application Connectors
• Involved in test cases preparation and setting up test environment.
• Used IQService as part of IdentityIQ for Active Directory (AD) provisioning.
• Responsible for new team members in the project.
• Conducted internal and external in SailPoint IIQ for new projects.

Confidential, Stamford, CT

IAM Engineer

Responsibilities:

• Performing development, customization, and administration on the CA Single-Sign-On Identity and access management application for mapping it to the existing business process. Installed new CA Single-Sign-On (SSO) R12.52 SP1 policy servers and pooled them into clusters in development, staging and production environment.
• Analyzing planning and implementing CA Single-Sign-On on multiple Cookie Domain and internet security to Enterprise level web applications using CA Single Sign On integrated with Oracle Directory Server Enterprise Edition 11g. Experienced in Single-Sign-On Test tool and Single-Sign-On policy server log files for Troubleshooting Single-Sign-On environment.
• Debugging of authentication / authorization related issues and creating Rules, Responses, Realms and Policies in CA Single-Sign-On. Monitor user activity through CA APM web view, HP Site scope and other exception reports to ensure security is being maintained.
• Assisted in executing the implementation of IAM systems and upgrade to systems as needed. Assist in updating (SailPoint IIQ) workgroups and Monitor SailPoint IIQ product functionalities. Implemented Self-service feature, Password management feature, Provisioning feature and forgot password change in SailPoint.
• Installed and configured settings for provisioning users from various AD domains. Involved in configuring Okta for user provisioning from Active Directory. Created groups for specific users to enable access for applications such as Duo Security, Service Now, and Zoom.
• Worked on de-provisioning users from few domains that are in-active and unregistered domain from Windows servers Okta AD Agent Manager, Automated various tasks by using Windows PowerShell script for extracting reports for User Registrations, PWR and Unlock accounts.
• Implemented Access, Automated Provisioning and Governance aspects of IIQ. Develop complex workflows and service adapters in the SailPoint Identity IQ configuration interface. In the process of upgrading the IdentityIQ product from SailPoint 6.3 to SailPoint 7.0.
• Configured Ping Federate 6.x/12.x for SSO across multiple web based enterprise applications. Installed and configured PingFederate 7.0.1 with the existing Siteminder environment and used LDAP authentication for the admin console.
• Administrating & Configuring UNIX & Windows servers and ensure all applications are up and running on all servers. Implementation of federation Services (SAML 1.0/1.1/2.0) through CA Single-Sign-On with third party vendors for Single-Sign-On both as Service provider and Identity provider.
• Performed Installation and configuration of SailPoint 7.0. Configured Flat files and JDBC connectors in SailPoint. Assist in updating (SailPoint IIQ) workgroups. Monitor SailPoint IIQ product functionalities.
• Managed client requirements and configure SailPoint connectors. Responsible to manage Administration functionality of the SailPoint such as loading data, create roles, create policies, scheduling tasks and s and reports.
• Expertise in analyzing the logs (trace logs, smaccess logs) and Trouble Shooting issues in Integration of other applications using CA Single-Sign-On and Identity Management tools along with LDAP and Web-server agents.

Environment: CA SiteMinder R12 SP2, Identity Manager 6.0, Okta AD Agents, Active Directory, PxM9.5,J2EE, JDBC, XML,JBOSS 7, OKTA Microsoft Identity Manager SAML 2.0, Sailpoint 7.0,Ping Federate IIS 7.1/7.3, Solaris 8/9/10.