PROFESSIONAL SUMMARY:

• Over 8 years of experience in architecting, designing, implementing Identity and Accesssuite like CA Site Minder, CA Layer 7 API Gateway,Ping Federation, and Ping Identity and Access Management suite of products.
• Implementation of Security Management tools in enterprise wide Applications to achieve Authentication, Authorization and Accountability.
• Strong working experience with Directories, SSO, Federation, Delegated administration, API gateways (Layer 7).
• Experience in deploying SAML based highly available solutions using Ping Federate and other security products.
• Extensive experience in client interaction and support maintenance engagement in security.
• Designed and implemented Ping Identity Solution for Web Access Authentication using Ping Access and Ping Federate.
• Migrated Web Authentication solutions from CA Single Sign - On (SiteMinder) to Ping Access 3.
• Delivered strategic and tactical service and feature enhancements to end users, including Ping Federate SAML & OAUTH SSO for over 25 connections and a services integration layer.
• Hands on working experience on LDAP products like Oracle ODSEE, CA Direction.
• Successfully upgraded Ping Federation Services from 6 to 7 and 7 to 8.
• Experience working with API Gateway solutions like: CA API Gateway (Layer 7), API Gateway.
• Working experience with CA Technologies API Gateway (Layer 7) and policy design.
• Experience in development and administration related tasks of CA API Gateway server.
• Experience in deploy, configure, tune and monitor API Gateways.
• Experience in configuring the multiple docker images and creating docker container to provide end to end automation of CA API Gateways.
• Designed Custom reports for CA API Gateway, enabled client by providing trainings on CA API Gateway.
• Worked on Integrating CA API Gateway with Ping Federate for Single Sign On.
• Requirements Gathering, Analysis, Designing, developing, testing, deployment and application support of Identity and Access Management solutions.
• Experienced in all aspects of Identity and AccessManagement including, eDirectory, Access Control, Audit, Single Sign-On, Privileged AccessManagement, Policy Designing, PKI, Firewalls and load balancers.
• Implemented OAuth and OpenID for mobile and non-browser solutions using PingFederate.
• Experience working on all the PingFederate OAUTH grant types to get the access token for accessing the protected API.
• Resolved user support tickets for all systems (Access Manager, Ping Federate, Adaptive Authentication) Participated in meetings and discussions regarding the rebuild of the current IAM infrastructure.
• Successfully implemented Web Access Management Solutions using Ping Access 3 and other security products like CA Single Sign-On (CA Site Minder), migrated Web Authentication solutions from CA Single Sign-On (Site Minder) to Ping Access 3.
• Designed and implemented Ping Identity Solution for Web Access Authentication using Ping Access and Ping Federate. Experience in deploying SAML based highly available solutions using Ping Federate and other security products.
• Experience in working on Pingfederate 5.1, 6.1, 7.1, 7.3, SAML 2.0, SAML 1.1, SAML 1.0, Oauth 2.0, OpenID/Connect (OIDC).
• Demonstrated POCs for API security like integration with Open AM, Site Minder, OAuth 2.0, JWT token and certificate authentication.
• Created the Federation service between Site Minder federated web services to Pingfederate for classic migration of applications that are SAML and WS-FED based applications.
• Experience on Single Sign On (SSO) Integration project using CA Site Minder (Netegrity Policy Server version R6.0 and R12 & Site Minder Agent versions 5qmr 7, 6qmr5, R12 and R12.52).
• Protected Restful API's using OAuth in PingFederate so that it can be accessed only with Access Tokens.
• IT Risk/ Identity & Access Management project management, providing web-based applications security.
• Experience in CA Identity Manager in Web Security Administration SSO/Site Minder, Agents for SharePoint, Secure Proxy Servers, Sun ONE LDAP Directory Server, Active Directory Server.
• Integration with LDAP, deployment of web agents for access control, configuration of authorization models, single sign-on configurations, build of approval and provisioning workflows, deployment of provisioning adapters, SSL Configuration, configuration of user management, self-service, password resets, forgot password functionality.
• Worked on Web Servers: Apache; IIS; and on Windows based & UNIX based OS.
• Involved in installation, configuration, deployment, troubleshooting and implementation of Sun Identity Manager (IDM).
• Experience in creation and maintenance of digital certificates to be integrated with PINGFederate for integrity of assertion.
• Experience with Sun Directory Server, Tivoli Directory Server, Novell Directory Server, CA Directory.
• Successfully completed version upgrades from CA Site Minder R6 to R12, R12 to R12.5 involved in the Sun One directory server upgrades from version 4.x to 5.1 and 5.1 to 5.2, 5.2 to 11g.
• Configured multiple types of SSO methods for clients, including SAML 1.1/2.0, LDAP, IIS- IWA, Salesforce.
• Involved in troubleshooting efforts and follow problem resolutions guidelines in an effective manner, using HTTP Analyzer, Web Debugger, Tomcat, Apache SSL logs, Event logs and SSO login logs.
• Interfaced with functional teams including Database, System Admin, Network, and IT Security providing support and troubleshooting from Application perspective.
• Experience in administering LDAP based directory servers like iPlanet/Sun ONE Directory Server and Microsoft Active Directory.
• Created and Configured Security Policies using Tivoli Access Manager ebiz, Policy Server for Access Control Information, Policy Scripts and Directory Integration for multiple business units as per their security requirements.
• Worked on OAM installation and configuration to protect the applications and allow users single sign.

TECHNICAL SKILLS:

Access Management Platforms: CA Single Sign On (Site Minder), CA Authminder, CA Riskminder, Ping Identity Ping Federate, CA API Gateway, CA Secure Proxy Server, CyberArk.

Open Standards: Oauth, OpenID, Fast Identity Online (FIDO), SAML

LDAP directories: Microsoft Active Directory, CA directory, Oracle RDBMS, MySQL, IBM DB2, Sun Java Enterprise System (JES) Directory Server, Oracle Virtual Directory. BOSS 4.1, IPlanet, Sun One, Tomcat 6, IBM WebSphere 6.x, Rational Weblogic6.x

Programming and Markup Languages: Java, PHP, Perl, Unix Shell (Bourne, Bash, Korn/ksh), HTML/XHTML, XML/XSL, JavaScript (including jQuery and AJAX), C/C++, SQL, Oracle PL/SQL, Python, Visual Basic.

Web Technologies: Apache web server, IBM HIS, ASP.NET, C#, VB.NET, Web Services, JSP, JAVA, HTML / DHTML, XML, SAML, OAUTH WebLogic and WebSphere.

WORK EXPERIENCE:

Confidential, MA

Sr. IAM Engineer

Responsibilities:

• Implementing Federation Solution using Ping Federation to allow the usage of Third Party applications with Marriott wherein Marriott being IDP and the vendors acts as SP.
• Migrated SAML Based SSO partners from CA Single Sign-On federation to Ping Federate 7.
• Hands on CA SiteMinder primary Security Operations.
• Used Ping API to deploy and create SAML changes.
• Implemented Design Security Network on CA Single Sign On.
• Integrated Ping Access and Ping Federate using OAuth. Worked on Implementing OAuth Configuration with the Clients to get the Access Token to access the web API’s.
• Worked on OAuth Grant types to get Access Token to access Protected API’s.
• Integrated OAuth with Ping Access to protect rest full API’s.
• Worked on ID Token to get the user information from user info endpoint and send to OAuth client in the form of scope.
• Experience in doing Web service federation (WS) between two web services’ using SAML and by creating connection between the two soap Service clients.
• Worked on Token Generator and Token Processor to establish a connection between two web services from different Enterprises and Ping Access and JWT tokens to authenticate the user using Ping Federation.
• Configured and supported SAML based Identity & Service Provider connections
• Implemented OpenID and OAuth solutions using Ping Federate.
• Implemented JWT token instead of traditional http headers.
• Created Custom Adapter replacing SiteMinder 3.0 Ping Federate Identity Provider adapter.
• Performed Proof of concept for Open AM, Ping Access 3 and CA Single Sign-On R12.52.
• Supported development with integration of Mobile Apps using OAuth/SAML in PingFederate
• Developed custom Ping Agent using Ping SDK and Implemented SAML Protection with Digital Signature.
• Configured Ping Federate clusters and configured ping one desktop for cloud based SSO.
• Configured Open Token adapter to send session ID & attribute details to applications integrated with Ping Federate.
• Have implemented API Gateways (CA API Gateway/Layer 7).
• Responsible for developing Docker Images to configure API Gateway, my sql and migrating gateway and joining individual images to make complete automation.
• Updating the certificates in Ping Federation. Experience in ping configuration involving OAuth Implementation for APIs.
• Developing Adaptor, Scheduler, Connector with the Help of API.
• Operational 3rd level support and administration of the L7 API Gateways.
• Worked on Application API Gateways (CA Technologies Layer 7 API gateway) and WS-Policy based policy and assertion development.
• Worked on Implementing OAuth Configuration with CA API Gateway to provide JWT token to get access to gateway for Clients.
• Involved in Configuring Gateway cluster and auto provision a Gateway.
• Used Ping API to deploy and create SAML changes.
• Worked on API Gateway Migration Utility tools to Migrate the entire gateway for automation.
• Migrated SAML Based SSO partners from CA Single Sign-On federation to Ping Federate 7.
• Application onboarding using PING Federate, integration of User Directories (AD, LDAP) with PING Federate.
• Creation and maintenance of digital certificates to be integrated with PING Federate for integrity of assertion.
• Involved in working on Ping Federation, configuration of Identity Provider and Service Provider and troubleshooting various issues regarding Authentication Request, SAML token.
• Provided solutions for complex application using Site Minder and Ping Federate.
• Ping federation installation, creating adaptors, upgrading Certs, creating IDP and SP based connections using POST and ARTIFACT bindings.
• Responsible for Site Minder administration implementation and configuration of Netegrity Site Minder policy server framing and management of Realms Rules Responses and Policies.
• Creating security Policies for authentication and authorization of users in Policy server and creating Access Control policies in CA Directory.
• Experience in working various web servers like IIS, Sun One, Apache, IBMHTTPD Server and integrating the web agent for these web servers.
• Extensive experience in troubleshooting the various issues involved in ping federate regarding SAML response, SAML assertion, Authentication request.
• Developed custom Ping Agent using Ping SDK and Implemented SAML Protection with Digital Signature.
• Expertise in Security Integrating of Tivoli Access Manager ebiz with IBM Web Sphere Portal 5.x and Web Sphere Application Server 5.x/6.x
• Experience working with LDAP based directories - IBM Security Directory Server formerly known as IBM Tivoli Directory Server, CA Directory.
• Migrated Federated Single Sign on solution from CA Siteminder12.52sp2 with IBM Tivoli Federated identity Manager6.0.

Environment: CA API Gateway9.2, PingFederate 7.1 SAML 2.0, OAuth2.0, AD, Java, PowerShell, Oracle ODSEE 11g, Web Agents, Policy Servers, Oracle LDAP Directory Server 11.0g, IBM WebSphere, SQL Server, HTML, SQL MS Visual, Cyber Ark, Azure Active Directory, AWS Directory, LDAP, ILM, Active Directory.

Confidential, New Jersey

Sr. SSO Engineer

Responsibilities:

• Implemented fully API based SSO architecture using CA Site Minder, CA IDM, PingFederate, and Radiant Logic Virtual Directory Server which accomplishes end applications integration with SSO easier.
• Configured CA API Portal, CA API management tasks, Implementation of Rest based security policies, preparing testing strategies, automating maintenance solution, preparing design document and business requirements and implementation of security templates.
• Integrated SiteMinder with PingFederate using OAuth token to bridge the SSO gap between applications protected on either system.
• Involved in Requirements gathering, development if required, integrating and testing for enabling SSO for the application.
• Integrated internal Applications, SAAS based applications using SAML 2.0, SAML 1.1, WSFED and OAuth 2.0.
• Provided solutions for complex application using SiteMinder and PingFederate.
• Integrated SiteMinder to third party internal applications like Clarity, Good for work and Service Now.
• Experience in CA API Management tasks, configured CA API Gateway and REST API.
• Successful completed upgrading CA API Gateway from 8.6 to 9.2 and the Sun One directory server upgrades from version 4.x to 5.1 and 5.1 to 5.2.
• Involved in integration Services, specifically API Gateway (Layer 7), ADFS and external federation.
• Experience in writing policies for CA API Gateway (Layer 7).
• Created STS ID's used by SOAP Web Services for Authentication wherein the API would authenticate with STS ID and receives SAML Token when posted to Ping STS Endpoint URLs.
• Designing, developing and promoting standards, guidance and best practices of API Management platform and policies.
• Extensively worked on integrating third party applications with Ping Federate and Federated more than 50 Applications as Identity Provider with SAML 2.0 protocol.
• Created Custom Adapter Replacing Site Minder 3.0 PingFederate Identity Provider adapter.
• Performed Proof of concept for Open AM, Ping Access 3 and CA Single Sign-On R12.52.
• Supported development with integration of Mobile Apps using OAuth/SAML in Pingfederate.
• Designed, deployed and supported highly available and scalable Pingfederate infrastructure in AWS and On-premise that provides single-sign-on (SSO) and federation solutions for internal accesses.
• Performed POC for Ping Access Authentication Solutions.
• Created SP/IdP connections using PingFederate with external partners.
• Developed shell scripts for backing up current setup and upgrading between different Pingfederate versions.
• Hands on Vulnerability Assessment page injection flaw.
• Deployed several Pingfederate integration kits for Apache, CoreBlox, Atlassian, Java, PHP, Symantec VIP, Agentless, IWA etc., to establish the "first- and last-mile" implementation of a federated-identity.
• Deployed Policy Agents across different HTTP and application servers: Apache, JBoss, Jetty, Tomcat.
• PingFederate Performance tuning for supporting support heavy traffic.
• Responsible for assisting vendors to resolve issues aroused during integration.
• Worked on OGNL Expressions for sending Attributes with modification from CDSN Directory.
• Hands on in on boarding Ping OAuth Client ID's for REST Web services Authentication with Grant types: Client Credentials, Access Token Validation (Client is a Resource server).
• Integrated Native Mobile Application with OAuth Infrastructure using Grant Type: Authorization Code, Implicit.
• Hands on experience with CA Single Sign-On SSO, SAML, user directories, and web accessmanagement technologies.
• Developing custom components to enhance the existing out of the box functionalities provided by CASite Minder Policy Server and Webagent.
• Single Sign On, Identity federation using SAML and OAuth.
• Installing and configuring Site Minder Advanced password services (SMAPS), Site Minder Proxy server (SPS) etc.
• Enhancement of Site Minder and overall application performance by doing performance analysis of Site Minder components.
• Configuring Site Minder policy server, framing Rules and Policies, Policy Server maintenance, SSO configurations, Web Agent & Application Agent installations, TroubleshootingSite Minder integration specific problems.
• Experience in using Unix/Linux utilities for analyzing logs, and trouble-shooting the applications with Application servers and Security/Identity management servers.
• Integrated Site Minder to third party internal applications like Clarity, Splunk, Alarm Point, Good integration and Service Now.
• Deliver support on tight deadlines projects after thorough understanding of needs by speaking to application team. Their useful information enabled me to efficiently reach their target.

Environment: PingFederate 7.1, CA API Gateway 8.6 - 9.2, SAML 2.0, SAML1.1, WS-FED, OAuth2.0, Active Directory, Java, C#, PowerShell.CA Identity Manager, Cyber Ark, Azure Active Directory, AWS Directory, LDAP Active Directory.

Confidential, Coppell, TX

IAM Engineer

Responsibilities:

• Providing identity and role-based access. Participated in planning Integration with LDAP, deployment of web agents for access control, configuration of authorization models, single sign-on configurations.
• Installation of License file using CA API Gateway- policy manager which provides a graphical interface for managing the Virtual Appliance.
• Involved in installation and upgrade of the policy manger (CA API Gateway).
• Troubleshooting password related issues using CA API Gateway.
• Involved in Configuring Single Sign-on SSO using SAML with Ping federate identity provider.
• Implemented Federation Solution using SAML 2.0 PingFederate 6.
• Aided application teams in integrating Site Minder, Ping Federate and Multifactor authentication.
• Executed platform upgrades for Ping Federate.
• Worked on installing and configuring Ping Access.
• Experience in activities relating to integration of Ping Federate and Ping Access.
• Installed Policy server 12.0 and configured with different policy store like ODSEE, SQL.
• Designing password management policies. Configuring security policies in consultation with the management and respective application managers. Automating user administration processes and providing a customizable platform to support the unique way each organization conducts its user administration, for each of its user communities.
• CASiteMinder Installation and integration with following application MDAS, Energy Audit, Identity Minder, Container and MDM (Mobile Device Management)
• Managed centralized user privileges using Site Minder, LDAP and Enterprise Directory.
• Architecture documentation including Access Management, Password Management, LDAP Management, Provisioning, Delegated Administration.
• Implemented federation between the partner application using SAML 2.0
• Configuring SAML authentication schemas to support SAML Communication between Partners.
• Installing and configuring the web agents for IIS and Apache web servers and troubleshooting the issues encounter during the registration.
• Integrated web applications with Site Minder, Sun ONE LDAP server using custom APIs and various affiliate agents in both Production and Non-production environments.
• Generate time-stamped record of every administrative and policy-driven change to access rights.
• Enhancing the Site Minder policies as per the application team requirements.
• Installing and configuring the CASite Minder in all the environments (Dev, QA and Prod) in Solaris Platform.
• Troubleshooting Site Minder environment using Site Minder test tool and Site Minder policy server log files and agent log files in both Production and Non-production environments.
• Integrated Site Minder with Sun ONE Directory Server to use directory server instances as Policy Stores and User stores for Policy Servers.
• Ability to troubleshoot the issues related to Site Minder and web agent independently
• Experience in CA Secure Proxy Server R12 installation and configuration.
• Integrated numerous applications using Web Agents traditional model and CA Gateway Access model.
• Migrated R6 Policy Server to R12.5 and worked on XPS commands to administrate the policy store.
• Worked on Web Agents installation on different web servers including Apache, IIS and Sun One.
• Worked on different Operation Systems like Linux RHEL, Unix and Windows 2008 R2.

Environment: CA API Gateway, CASite Minder R6/R12, CA IDM r12 Sun Java System Directory Server LDAP 7.0, Web Sphere Application Server 8.5, Ping Federate 6.1, SSL, UNIX, LINUX, Solaris, IBM AIX, Windows.

Confidential

Systems Engineer

Responsibilities:

• Supporting the applications which are integrated with Site Minder and LDAP.
• Enhancing the Policies and Directory server configurations as per the application team requirements.
• Integrating new applications in Site Minder and working with application teams in requirements gathering and configuring the web agent.
• Successfully upgraded Ping Federation Services from 6 to 7.
• Implemented PingFederate solution with Services like AWS, Service-Now, Salesforce, Oracle Fusion.
• Installing and configuring the Site Minder and directory server.
• Used smregtool to create a super user to allow maximum Site Minder privileges.
• Upgraded SiteMinder Policy server from version 6.0 sp1 to 6.0 sp5.
• Created Realms, Rules, Policies and Responses for protecting applications to work under single sign on environment. Implemented password policies for all the applications using SiteMinder.
• Implemented password policies for all the applications using SiteMinder.
• Integrating new applications in Site Minder and providing authentication and authorization services to the applications.
• Installed Tomcat Application server and deployed the war files for Directory Administration Control center.
• Migrated Web and Database Applications such as Cold Fusion, Oracle Databases, SQL, Web Logic.
• Installing and configuring the web agent for IIS and Apache webservers.
• Worked on upgrading Site Minder agent from R6.0 to R12.0.
• Configuring the Multi master Replication environment by setting up Masters and consumers and enabling the replication between them to sync the data in all server instances.
• Configuring the application to provide Single sign on and CDSSO (cross domain single sign on) services between the applications.
• Focused mainly on infrastructure deployment, integration of Site Minder and Sun One LDAP.
• Worked on user concurrent functionalities like SMAuthLimit and implementing then in configuration.
• Managing the user profiles in the directory server and working with the issues reported by the customers and application teams.
• Creating indexes and enhancing the schema with new object classes and suffixes.
• Configuring the ACIs for the application accounts and providing the read/write/search permissions for them on application specific attributes.
• Meeting the SLAs in resolving the issues related to Site Minder, web agent and LDAP.
• Coordinating with the application and network teams in troubleshooting the critical tickets.

Environment: Ping Federate, CA Site Minder 6.0 SP6, Sun one directory server 5.2, Apache 2.x, IIS 6.0, Solaris10 windows 2003 server, BMC Remedy.