SUMMARY:

• Designed, Installed, configured and maintained CA Siteminder Policy Server 6.X/12.X, and LDAP, Microsoft Active directory on Red Hat Linux and Windows platforms, worked on windows authentication using NTLM login servers configuring it with ntsso authentication scheme for many corporate and commercial environments.
• Installation and Configuration of other IAM components - Tivoli Access Manager Policy Server, Access Manager Authorization Server, Tivoli Access Manager Web SEAL Server, ITDI 6.0, Web Sphere Application Server (WAS 5.1 ), IBM UDB DB
• Installed and configured the WebLogic Admin, OIM and SOA managed servers in a single as well as multiple domains.
• Privileged Access Management (PAM) project which includes implementing CyberArk Password Experience with performance tuning of policy servers and associated components and generating performance reports using customized crystal reports.
• Created the trusted host and other configuration settings using web agent Configuration wizard.
• Created the Policy Domains and Affiliate Domains.
• Created the Realms and Policies under the Domains.
• Installed and Configured Ping Federate.
• Installed the web agent optional package for FSS.
• Experience in configuring SSO using SAML 2.0
• Created the Federation web Services Domain to use SAML 2.0 requests.
• Created and configured the SAML service Providers under the Federation Partners.
• Configured the SSO (Single sign-on) and SLO (Single Log-off) for all the service providers.
• Configured the signed Authn Requests for all the SSO.
• Expertise in implementing SAML as both Identity Provider and Service Provider across multiple platforms Using SiteMinder and Ping Federate.
• Installed and configured the simple SAMLas SP.
• Developing, customizing, and maintaining IBM Tivoli Identity Manager, TAM, and Tivoli Directory Server, LDAP, TFIM, ISAM, ISIM, WS-Federation, and WebSphere with a UDB DB2
• Created custom FCC login page and configured in the Authentication Schemes.
• Installed Default and client specific certificates on to policy services using smkeytool.
• Worked on troubleshooting for LDAP and Siteminder issues with Support Teams for newer initiatives at organization level.
• Worked on Enterprise Users Single Sign On through browser and through services with third party application hosted in enterprise or cloud using Ping Federate, Ping One.
• Upgraded Ping Federate from Version 7.1.1 to 7.3.
• Installed & configured Directory Server Console Center (DSCC) on various platforms in various environments.
• Involved in writing the scripts like backup, replication monitoring and configuration statistics for Oracle .
• Experience with Oracle Identity Manager (OIM), Oracle Access Manager (OAM), Oracle Internet Directory (OID), Service Oriented Architecture (SOA), Oracle Enterprise Manager (OEM), Oracle Virtual Directory and many other products of Oracle Identity and Access Management. Created/Deployed new SOA composites and workflows using JDeveloper. Also created SOA projects and modified the existing ones.
• Experience in Sailpoint tool customization, Report Generation, Integration with end/target systems, Sailpoint API's and Application Development. Directory server 11g.
• Experience in design, integration and support of new applications with SSO.
• Worked on creating the Identity access to the employees and managing the certifications and provisioning accordingly with the Sailpoint Identity IIQ.
• Trouble shooting various issues related to policy server and webagent.
• Experience in supported operations & maintenance of Sailpoint.
• Experience in troubleshooting various issues in LDAP database. Exporting, importing, performance tuning, creating and maintaining user and group profiles in LDAP database.
• Knowledge in CA Authminder and Riskminder.
• Experience on OAM (Oracle Access Management) SSO (Single Sign on), ForgeRock OpenAM & OpenDJ.
• Highly proficient in design, installation, configuration and administration of ITIM, TAM/WebSeal, IBM Directory server, IBM Tivoli Directory Integrator, WAS WebSphere portal server, IBM HTTP server and Tivoli Federated Identity Manager
• Experience in trouble shooting various issues, checking and maintaining health of Unix environment.
• Good Knowledge with Install, Deploy, Configure Oracle products, servers and domains related to OIM such as the Web Logic server, RCU, SOA, OIM, OAM OID, OIF and ODSEE.
• Automation of various manual tasks like backups, logs housekeeping, monitoring and checking health of servers with shell and Perl scripts.
• Installation and implementation of monitoring tools Sitescope, Appdynamics, CA Wily APM for SSO.
• Ability to adopt new technologies
• Good communication and interpersonal skills.
• Strong analytical skills
• Active Directory server (LDAP) and various Web & Application servers. On Solaris, Windows platforms and Red hat Linux Operating systems. Installed and Configured SiteMinder 5.5 Policy Servers, Web Agents, Sun ONE 5.2 and Active Directory Servers.
• Experience in implementation of Security Management tools in enterprise wide Applications to achieve Authentication, Authorization and Accountability.
• Experience in analyzing the logs (trace logs, logs) and Trouble Shooting issues in Integration of other applications using CA SiteMinder (Access Management) and Identity Management tools along with LDAP and Web-server agents and Siteminder federation services.
• Experience in deploying CyberArk's Privileged Account Security Solution involving Enterprise Password Vault, Session Manager, and Application Identity Manager.

WORK EXPERIENCE:

Confidential, Detroit, MI

IDM/ Information Security Engineer

Responsibilities:

• Installed, configured and maintained Netegrity/ CA SiteMinder Policy Server 6.X/12.X, CA IDM r12.x and Sun ONE Directory Server 5.2 on distributed platforms.
• Installed and configured CyberArk Privileged Identity management suite and session management suite for version 9.7.
• Worked as an OIM engineer for performance engineering and development.
• Configured CyberArk Central Policy Manager (CPM) for Auto-managing the password of all the shared accounts.
• Implemented Tivoli Directory Integrator adapters using Java and Java Script.
• Work closely with SailPoint architect and engineers for design and solution architecture
• Co-ordination with Ping Federate vendor if any software related issues
• Maintained both Test and Production servers for Ping Federate along with the cluster management and timely Replications to deploy changes to servers.
• Developed custom Ping Agent using Ping SDK and Implemented SAML Protection with Digital Signature.
• Managed audit readiness interview schedules (with global staff), deliverables, and milestones.
• Ping Federate Performance tuning for supporting support heavy traffic.
• Developed/delivered multiple workshops formats for ForgeRock (PoC, Design/Discovery) establishing technical leadership in the IAM space for ForgeRock
• Managed client requirements and configure SailPoint connectors for various applications.
• Extensive experience with CyberArk's security products such as Enterprise Password Vault, Privileged Identity Management, Application Identity Management including design and implementation of Disaster Recovery hot-site and development of the BCP plans using LDRPS.
• Licensing Specialist covering Novell, NetiQ and SUSE products
• Work closely with SailPoint architect and engineers for design and solution architecture
• Worked on Identity Access Management, and used it effectively in the design and implementation of Sailpoint
• Worked on upgrading 6.4,7.0,7.1,7.2 and Patching of 6.4,7.0,7.1 versions of SailPoint.
• Involved and implementation of CA Identity Manager Solution and CA Governance Minder for provisioning, delegated administration, workflow implementation and generating audit reports to be compliant with the security regulations.
• IBM Tivoli Identity Manager, TAM, and Tivoli Directory Server, OBIEE, BI Publisher, LDAP, TFIM, ISAM, Federation, and WebSphere
• Expertise in setting up, configuring and administering CA Governance Minder connector.
• NetIQ DRA, Application Monitor, Security Manager Administration.
• Installed and configured Pingfederate 7.0.1 with the existing Siteminder environment and used LDAP authentication for the admin console.
• Converted from Sun IDM in production to OIM and add a TAM LDAP Java plugin.
• Implementing custom agents on Siteminder admin console for Pingfederate connections.
• Created AWS and Azure templates for scaling IAM infrastructure to multiple locations across the geography.
• Customizations in OIM UI like adding new UDF's, task flow implementation using custom beans and adding/modifying features of OIM UI.
• Customizations in OIM UI like adding new UDF's, task flow implementation using custom beans and adding/modifying features of OIM UI.
• Extensively worked on configuring Identity Provider 'IDP' and Service Provider 'SP' on Tivoli Federated Identity manager (TFIM) and configured SSO using SAML 2.0.
• Have effectively handled IDM administrative tasks including password policies, bulk account actions, creating, defining and editing IDM objects and IDM approval.
• Worked closely with the production team for daily monitoring and stabilizing of production issue related to OIM 11.1.2.2, AD, ED, RAS and RACF.
• Created and updated the provisioning policies as per the change in the business environment using Policy Xpress and Prepared test cases for migration of sun IDM.
• Integrated IDM with CA SSO, Providing Authentication and Authorization to IDM.
• Configured CA SiteMinder policy server, framing Rules and Policies, Policy Server maintenance, SSO call clearance, Web Agent & Application agent installations, troubleshooting prod issues.
• Involved in Migration ofSiteMinder6.x to 12.x for advanced Load balancing, failover configurations and for facilitation of user impersonation.
• TAM configuration and monitored
• Installed, configured and integrated Web servers (plug-in file), SiteMinder agents and LDAP user directory with Weblogic Server V10.
• On boarded and Integrated additional business applications into OIM for centralized management and OAM for single sign-on, authorization and audit functions.
• Implemented Password Vault for securing, managing, rotating the privileged passwords for sensitive applications and integrating with Identity Manager to secure hard coded credentials in the application codes to be secured in CyberArk Digital Vault securely.
• Configured CyberArk Enterprise Password Vault(EPV) to secure, manage, automatically change and log all activities associated with all types of Privileged Passwords
• Configured CyberArk Password Vault Web Access (PVWA) to end User as well as Admin Console for managing all the service accounts.
• Administrating Active Directory Domain Services and Implementing Group policy objects.
• To manage the user identities CA IDM was used. Identity Management, Multifactor authentication and Password Management.
• Experience with using Integration Kits and Token Translators for integrating identity enabled web services into SSO environment.
• Installation configuration and maintenance of RSA authentication manager 6.x for enabling token based authentication along with the form based authentication as a part of the security solution.
• Experience in administering LDAP based directory servers like iPlanet/Sun ONE Directory Server and Microsoft Active Directory.
• Configured SSO Integration Adapters for session cleanup as part of Single Logout (SLO) in the SSO implementation.
• Installation and Customization of ISIM 6.0, ISAM 8.0 and TFIM 6.2.
• Designed and deployed Sailpoint Identity IQ to connect to data sources on diverse agency networks and integrated Sailpoint IIQ data with multiple external databases and applications.
• Creating Open SSL Certificates and using the same for Federation of external Services to achieve the purpose of maintaining confidentiality, message integrity and bilateral Authentication.
• Experience in configuring SSO with Ping Access using various authentication schemes like Form based and certificate based.
• Experience with using Wily and One view monitor for performance monitoring of identity management servers and components. Experience with performance tuning of policy servers and associated components and generating performance reports using customized crystal reports.
• Responsible for 24x7 On call, Setting up of new UNIX boxes and installing the Sun Solaris and Linux OS on them.

Environment: SAML 2.0, CA SiteMinder 5.X/6.X/12.x, LDAP, CA Governance Minder 12.6.1, Active Directory, Sun ONE Director y Server 5.X/6.X, CA Identity Manager r8/r12, PingFederate 6.x/7.x, CyberArk Privileged Account security 9.7.2, Tomcat 5.5, Apache 2.0, Wily Introscope 7.0/7.2, OIG, OID 11.1.1.6, Sailpoint IIQ,Red Hat Linux, Ping Federate 7.1, Ping Federate 7.3, Ping Federate 8.2Solaris 8/10, Windows 2000/2003, Oracle 10g/11g,SQL Server 2005, DB2 8.X.

Confidential, Bentonville, AR

SiteMinder/ IDM/ LDAP Security Analyst

Responsibilities:

• Configured SiteMinder for SAML Federated Authentications by configuring ID Provider/Consumer using SAML 2.0 POST binding, Installed Web agent Option Pack and created Partnerships, Documented Visio for SAML, AuthSchem.
• Configured Single Sign On to backend products (TAM and Third-party applications).
• Day-to-day maintenance of SiteMinder policy servers and troubleshooting production issues, Coordinated with the Service providers and identity providers during the SAML Certificate upgrade and architectural changes.
• Worked on CA IDM. Used CA IDM predominantly for the Identity management of the users in the company.
• Created custom person object class in Tivoli Directory Server.
• Implemented Federation between Siteminder FWS and ADFS where ADFS is a Service provider for cloud based apps like Azure hosting tenant resources and Vanguard as IDP and authentication logic is going through Siteminder.
• Served as back-up for AD Account Administrator; handled GPO configuration / NTFS permissions and network drive / folder access, provided users requested access without any interruptions.
• Primary support for the IDM team to resolve account propagation and sync error issues for users across the globe.
• Involved in Installation, Configuration, and Maintaining of Microsoft Windows 2003/2008/2012 Servers, and Microsoft Active Directory Services.
• Upgraded CA SiteMinder to R12 from 6 and installed the Admin UI and configured the FSS Admin GUI Configuring User Authentication Stores, Policy Stores and Key Stores on VDS and maintained replicated environment for load balancing and failover.
• Configuring CA Siteminder System objects like Agents, Agent Conf Objects (ACO) Host Conf Objects (HCO), User Directories, Domains, Administrators and Schemas.
• Administered the RSA/ACE servers for issuing the Soft tokens for the VPN purpose as well as the applications which uses RSA Token authentication.
• Experience in implementing Password Policies and reading the password blob using SM agent API, Created policies, realms, rules and responses to implement the single and dual factor authentication.
• DSML framework was implemented for non LDAP applications to integrate with Enterprise SSO through web services over HTTP/SOAP.
• Performed Installation and configuration of SailPoint Identity IQ.
• Implemented password policies for all the applications using Siteminder Policy Server. Configured APS, FPS, Rules, and Help Desk Functionality Replacement.
• Build and Configure SailPoint in-built tasks like aggregation, ID refresh, schedule tasks, correlation, etc
• Responsible for day to day maintenance of Policy Servers and provided 24X7 support to the testing as well as production Siteminder infrastructure, Attribute and authorization portability across autonomous security domains for customers. Documented all the Siteminder related on JERA Digital Confluence.
• Underwent the training for AuthMinder from CA and did the installs/setup for AuthMinder in sandbox and DEV environments Implemented Ping Identity's PingFederate v.2.1 using SAML 1.1 protocol to provide authentication.
• In House Applications: Access Request Portal(ARP), Atti, Directory Services, IdM Support Tools, eMIDAS, eAccess, Password Management Tool, DB Sec ISAC.

Environment: CA Identity Manger r8.1, 12.5, Active Directory, AXM Server LDAP 5.2, CA Siteminder Secure Proxy Server r6.0, SiteMinder R6 SP1/SP5/SP6, R12 SP2/SP3, Ping Federate 6RSA Access Management 6.1 sp1, 6.2, RSA Federate Identity 4.1, 4.2, IHS Web server, Rational tools, SQL Server 2005, Linux, Windows 2008, 2008R2, J2EE.

Confidential, Detroit, MI

Siteminder consultant

Responsibilities:

• Designing solution for integration of existing siteminder policy server infrastructure with Iportal for user logon.
• Preparing functional requirements and assisting in non functional requirement preparation. ands on experience on Ping Federate, CA Single Sign-ON, CA Advance Authentication, CA Secure Proxy Server, Ping Access, and Ping Cloud.
• Provided solutions for complex application using SiteMinder and Ping Federate.
• Upgraded SiteMinder to R6 SP1/SP5/SP6, R12 SP2/SP3.
• Experience in SAML based authentication 1.1 and 2.0 using Ping Federation, SiteMinder Federation and integrate with SiteMinder authentication and adapter.
• Migrated SAML Based SSO partners from CA Single Sign-On federation to Ping Federate.
• Used Ping API to deploy and create SAML changes.
• Setup and maintain distributed IT systems including computational resources, servers, storage and networking.
• Configured both Ping Access Proxy Gateway to decode the JWT tokens and installed the agent on application server to communicate with Ping Federate server.
• Worked on OpenID Connect for the user Authentication using Ping Access.
• Guiding front end code development team for required pages developed/modified for new requirement.
• Exchange knowledge with Iportal team and parameters required for SSO.
• Creating, exchanging and importing certificates for secure communication between SP and IDP.
• Create new policies, authentication schemes for integration in policy server.
• Setup jobs for LDAP data sync between both systems.
• Work and guide with test team to create testing scenarios, performance tests and analyses output to improve configuration.
• Provide support post deployment and continuous enhancements where possible.
• Incident/Problem/Change management.

Confidential

LDAP- Siteminder Administrator

Responsibilities:

• Installed, configured and administered Sun One LDAP Directory server and siteminder policy server on Sun Solaris and implemented single sign on across multiple domains using Cookie Provider.
• Installed and configured various web agents in accordance with the web servers involved
• Performance tuning for LDAP and siteminder for better response time and throughput.
• Configured load balancing and failover mechanisms for various SiteMinder components in different environments.
• Configured multi-master replication setup in the production environment across multiple data centers.
• Upgraded CA Policy Server from version 12 SP3 CR09 to 12.5 CR02 or later in development, staging and production environments. Upgraded Web
• Agents and maintained further releases of Siteminder.
• Installed and configured Web agent on Apache 2.2 and configured the Proxy Connections to the Application Server.
• Assigned as SSO project consultant to provide and maintain application security through CA Netegrity Siteminder Single Sign On. Major work included design, development, installation, migration, configuration, and deployment of Netegrity Siteminder policy server 6.0 SP4 on Sun One Directory Server 5.2.
• Installed web agents ERP Agents and created Siteminder Realms, Rules, Responses and Policies to protect the applications and validate the users to work under SSO environment.
• Configured and Optimized Identity and Access Management for Users using Advanced Password Services (APS)
• Assist load testing team during load tests.
• Prepare project plan and submit weekly progress reports, throughout the project duration.
• Understanding the business requirements and leverage the technology to meet the delivery goals using CA
• Siteminder R12 and CA LDAP for authentication and authorization.
• Implemented Multi master replication and Hub Replication on LDAP Sun ONE Directory server.
• Effectively maintained the policy store, key store and the user store.
• Involved in server, policy store and key store configuration file backups.
• Experience with Change management procedures.
• Migration of Siteminder 5.5 to 6.0 for advanced Load balancing, failover configurations and for facilitation of user impersonation.
• Installed and configured Webagents on Webservers like IIS 5.0/6.0, Apache 2.x, SunOne Webserver 6.1/7.0.
• Configured and Defined the Policy Domains, User directories, Rules, Realms, Policies and Responses in Siteminder and configured Siteminder web agents, Affiliate agents and RADIUS agents to provide federation of webservices in the SSO environment.
• Configured user impersonation feature to enable Customer service department to provide a better service to the business clients. Worked extensively on creating Custom Password policies and Authentication schemes as per the requirement.
• Updated Corporate User store with the expanded user base as a result of new business acquisitions by directory acquisition and Correlation schemas using custom attributes. Extensively used webservices variables to facilitate federation of web services.

Environment: Sun One LDAP Directory server, Sun Solaris, CA Policy Server, version 12 SP3 CR09 to 12.5 CR02, Apache 2.2, Netegrity Siteminder policy server 6.0 SP4, Sun One Directory Server 5.2, Advanced Password Services (APS), Siteminder R12, Hub Replication, Siteminder 5.5 to 6.0, Webservers like IIS 5.0/6.0, Apache 2.x, SunOne Webserver 6.1/7.0, the Policy Domains, Siteminder web agents, Affiliate agents and RADIUS agents.

Confidential

Siteminder Admin

Responsibilities:

• Middleware administration like Web sphere, Site minder, and Web Hosting services.
• Handling incident management (remedy), change management (SES) and problem management tickets.
• Installed, configured and maintained Netegrity/ CA Siteminder Policy Server 6.X/12.5, CA IDM r12.5 and Sun ONE Directory Server on distributed platforms.
• Providing solutions for the external SSO using SAML and Siteminder.
• Worked with Web Administrators, LDAP Administrators to determine what the best values for Siteminder parameters and tune the system to boost Siteminder performance in the Web Tier, the Application Tier, and the Data Tier.
• Configured IDP initiated and SP initiated SAML profiles with different bindings like POST, Artifact, and Redirect as per the custom business and security requirements.
• Worked on cron jobs for rotation & clearings of logs
• Used WLST to automate the Stop-Start & Deployment scripts.
• Integrated Weblogic with People Soft HR & Apache HTTP Servers.
• Generated various SLA reports on Tools like HP SM7 & Remedy.
• On-call Support (24x7) for both testing and production environments.
• Configured Siteminder web agents, to provide federation of web services in the SSO environment.
• Used custom attributes properties to track the information about recipients of the application site.

Environment: Web sphere, Site minder, and Web Hosting services, management (remedy), change management (SES), problem management tickets, Netegrity/CA Siteminder Policy Server 6.X/12.5, CA IDM r12.5, external SSO, SAML, Web Administrators, LDAP Administrators, Web Tier, Application Tier, Data Tier, IDP, POST, Artifact, Redirect, WLST, Stop-Start & Deployment scripts, Weblogic, Stop-Start & Deployment scripts, People Soft HR, Apache HTTP Servers, HP SM7 & Remedy