SUMMARY:

• Around 8+ years of experience in IT field including Installation, Configuration, Development, Deployment, Administration, Trouble Shooting and network security, database systems, and Enterprise Document Management in large scale organizations.
• Experienced in IAM/PAM tools with deployment, configuration, integration and troubleshooting CyberArk Privileged Account Security product suite - Enterprise Password Vault, Password Vault Web Access, Central Policy Manager, Privileged Session Manager, Application Identity Manager, and Privileged Threat Analytics
• Experience in handling various modules of CyberArk, mainly Enterprise Password vault (EPV), Application Identity management (AIM), Central Policy Manager (CPM), Privileged Session management (PSM), Event Notification Engine (ENE). Upgrading CyberArk suite of products from 7.x to 9.x. (CPM, PSM, EPV and PVWA)
• Experience as a security professional in installing, managing and monitoring of CyberArk Privileged account security tool modules.
• Part of Privileged Access Management (PAM) Remediation and Engineering team whose role is to secure Web Based applications on user access and authorization.Performing daily operations support and maintenance of all security technologies centric to Privileged Access related information security solutions.
• Experience in SAML based authentication 1.1 and 2.0 using Ping Federation, Site Minder Federation and integrate with Site Minder authentication and another adapter.
• Experience in deploying SAML based highly available solutions using Ping Federate and other security products.Worked on Ping Access Integration with Ping federate to Protect the applications using Ping Access Tokens. Worked on ping federate both inbound and outbound calls using SAML 2.0.
• Migrated SAML and OAuth connections from NetIQ Access Manger to Ping Federate in staging Environment.
• Experience with Single Sign On technologies such as PingFederate, Ping Access, ADFS, Azure AD.
• Hands on experience with IIS, IBM IHS, Apache, Sun One Web servers and WebLogic and WebSphere Application servers in Identity and access management environment.
• Worked with Active Directory, LDAP/UNIX groups, Networks, Human Resource systems for Identity and Access Management. Designed SailPoint deployment activities - connector configuration, custom rule development, workflow configuration, and development and third-party system integration.
• Experience with Implementation and Administration of Sail Point for large population of users. Experience in SailPoint tool customization, Report Generation, Integration with end/target systems, SailPoint API's and Application Development.
• Experience with Installation and configuration of CyberArk Vault, CPM, CyberArk PVWA, OPM CyberArk PSM, AIM, and PSM SSH proxy Architecture and design.
• Experience on IAM products from ForgeRock (OpenIDM, OpenAM and OpenDJ) and building IAM solutions implementing OAuth2 and ODIC specification.
• Extensive experience on boarding Windows, UNIX, Database servers, RACF and Network device into CyberArk. Experience in managing applications access in Okta and Active Directory. Exposure in design and architecture of PIM using Cyber-Ark. Account management i.e. adding /deleting accounts /group management. Managing policies and platforms. Creating and assigning Safes, reconciling accounts, rotating passwords.
• Generating various reports in IIQ like Identity Reports, Orphan Account reports, Account Discrepancy reports, Role composition report and Application attribute reports etc.
• Coordinating with existing Provisioning Team for the application in order to get the existing User Access Management (UAM) model to make it fit in to IIQ.
• Provisioning application's requests in IdentityIQ to Create/Amend/Delete user access for the on boarded applications. Good understanding of policies in CyberArk Central Policy Manager (CPM) and PAM.
• Developing Application instances and entitlements and Integrating New Application (Connected and disconnected) with OIM.
• Involve in cross communication across functional teams, Managing Stakeholders expectation. Strong understanding of full software development life cycle, including troubleshooting, debugging and production support.
• Proven ability to tackle and succeed in all endeavors from business development to customized software development and implementation. Have repeatedly lead teams in successfully deploying complex technical solutions.

TECHNICAL SKILLS:

Domains: Logistics, Mining and Manufacturing, Banking.

RDBMS: Microsoft SQL Server 2008/2012, ORACLE 10g/11g

Platforms and Misc.: Microsoft Visual Studio 2008/2010/2012 , Windows: XP /Vista / 7 / Server 2003/2008, Linux, HP Quality Centre, Active Directory, ADCS, ADFS, SCCM.

IAM Tools: Tivoli Identity Management, Forefront Identity ManagerFramework ITIL, ISO27001, NIST, PCI, SOX

SIEM: RSA Envision

Ticketing Systems: HP Service Manager, IBM Vantive, BMC Remedy, Service Now

Security Tools: IBM Identity Management and p6, CyberArk Privileged Account security 9.7.2,IBM Tivoli Access Manager 6.1.1,, Tivoli Federated Identity Manager 6.2.2.

Core Java Concepts: Collections, Generics, Multithreading, Serialization, Exception Handling, RMI, File I/O and Reflection, API.

J2EE: Java 1.6/1.7, JSP, Servlet, EJB-Session Beans, Entity Beans, JMS, JDBC, JNDI

Operating Systems: SUSE Linux 9/10/11, Windows Server 2000/2003/2008 , Unix

Languages: SQL, PL/SQL,J2EE, HTML, JAVA Script, Shell Scripting

Databases: ORACLE 8i/9i, MSQL, MS Access, MySQL

Web Servers: Sun One 4.1/5.1/6.1, Apache 2.0/2.2.4, IIS 5.0/6.0/6.5,Tomcat 4/5

Directory Services (LDAP): Novel eDirectory 8.7.x/ 8.8.1/8.8.5 , Sun One/iPlanet DS 5.x/6.x., eDirectory 8.X, Active directory (ADLDS)

SSO and Identity: Novell/NetIQ Access Manager, Ping Federate 6/7/8, SiteMinder R12 SP2, SP3 / R6 SP1, SAML 2.0. PingFederate v8.2.2, PingAccess v4

PROFESSIONAL EXPERIENCE:

Confidential, San Antonio, TX

Ping Federate/ LDAP

Responsibilities:

• Designing and implementing applications integration with PingFederate/ PingAccess /PingID in both Non-Production and Production. Working with application's business and technical teams to gather requirement to integrate application with PingFederate/PingAccess/PingID for Single Sign On.
• Design and Administer J2EE applications using single-sign-on tools CA SiteMinder, Ping Federate and LDAP across all the environments Migration of critical 200+ applications that are secured using CA SiteMinder to Ping Federate version 7.1/7.3 Providing support to internal and external teams for integration of applications with CA SiteMinder and Ping Federate
• Integration of third party applications with various Single Sign On matrix like Open Token, Agentless and SAML based services, Created both WS-Fed and SAML 2.0 protocol Service Providers endpoints using Ping Federate
• Exporting Metadata, creating Adapters, Service Provider connections, Identity Provider connections, replicating configuration archive, importing and exporting SSL certificates using Ping Federate, Configured Ping Gateway to Authenticate the users and API’s through Ping Access and Ping Federate.
• Installation of CA Siteminder Policy Servers, CA Siteminder Web Agents and configured custom configuration like Authentication schemas for CA Siteminder Policy Server for Authentication and Authorization, Working on integration of web applications with Siteminder and various affiliate agents.
• Creating SP /IdP connections in Ping Federate using SAML2.0 protocol based on applications details or metadata.
• Working with IBM team to gather requirement to migrate Junction based application from IBM to Ping Access.
• Designing and implementing solution to migrate junction-based application from IBM to Ping Access.
• Worked on Ping Federate Clustering with Engine and console servers being part of cluster by maintaining multiple clusters for the high availability
• Configured Ping Federation Environment for SAML Federated Authentications for users coming from partner sites by configuring ID Provider/Consumer using SAML 2.0 POST binding.
• Designing and implementing solution to migrate federation-based application from IBM to Ping Access
• Creating various Ping Access configuration - creating site, application, Identity Mapping, Web Session etc.
• Configuring Ping Access logout and sharing the URL with Application team.
• Configure Ping ID MFA in ping Federate for providing two factor authentications for some applications
• Troubleshooting application integration/migration issue with respect to Ping SSO.
• Identify security gaps through Ping; if there is any, then will develop roadmap/solutions that fit with company/customer systems architecture standards.
• Research, evaluate, design, test, recommend, and plan implementation of new and/or improved information security with a focus on SSO and MFA with consumers, caregivers, vendors and partners.
• Manage SSO and MFA server inventory and work with different teams to manage SSO servers, firewalls, storage, network etc.
• Demonstrate a working knowledge of identity and access standards and technology including SAML, OAuth, OpenID Connect.
• Integrate Ping with common identity stores like LDAP, relational databases, application servers, virtual directory servers, physical access management system
• Used Fiddler and SAML Tracer to analyze/debug/resolve the issues. Provided the Load balancing of the clustered PingFederate servers using Cisco F5.

Environment: Ping products (PingFederate, Ping Access, Ping Governance, Ping Datasync, Ping Directory), SAML 2.0, SAML1.1, WS-FED, OAuth2.0, Active Directory, LDAP Sun One Directory Server, Sun On web server 6, IIS, LDAP, Oracle, Sql, Java, Unix Shell Scripting, Perl, Solaris, Linux.

Confidential, Austin, TX

Sr. SailPoint Developer

Responsibilities:

• Manage client requirements and configure Sail point connectors for various applications. Develop Rules like Build Map, Correlation, Exclusion, Policy Violation, Policy Formatting etc., as part of connector development.
• Design & Implementation of SailPoint IIQ. SailPoint IIQ Installation and Configuration as required by the design solution. Implementation of Self Service feature, Password features (PTA, forgot password, Change Password provisioning feature, configuring various roles and policies in SailPoint Set up SailPoint IIQ policy server on 4 environments (Dev., QA, UAT and Production).
• Designed and deployed Identity & Access Management solution to improve user experience, meet compliance, and reduce costs. Involved in Designing & Implementation of SailPoint IdentityIQ.
• Implementation of Self Service feature, Password features (PTA, forgot password, Change Password), provisioning feature, configuring various roles and policies in SailPoint.
• Worked on resolving tickets using Servicenow implementation. Involved in Application development by using connector configurations like Oracle unified directory, delimited, DB, SAP and Active Directory etc.
• Supported operations & maintenance of SailPoint and LDAP connectivity. Triggering custom mail notifications to manager when company or department or manager of an Identity updated in IdentityIQ.
• Worked as SME for business critical tasks for data migration and business process testing.
• Developed a custom form in the SailPoint UI so that various admins can create user accounts manually through UI and provision users. Set up SailPoint IdentityIQ policy server on 4 environments (Dev, QA, UAT and Production).
• Developed a new environment and deployed Novell Access Manger 4.2 for implementing OAuth 2.0.Configured OAuth 2.0 to test different grant types. Used OAuth play ground to retrieve access token and refresh token.
• Documented and presented different OAuth flows to different teams. Upgraded Novell Access Manager from 4.2 to 4.3 to fix issues faced in OAuth 2.0. Worked with different teams to implement single sign on using SAML 2.0.
• Frame set up for Role mining, Role Based Access Control (RBAC), Entitlement Management and Identity Management. Successfully organized, tested, and upgraded SailPoint IdentityIQ version 6.3 to version 7.1p1.
• Participate in all SailPoint deployment activities - connector configuration, custom rule development, workflow configuration and development, third party system integration. Configuring the Applications (Authoritative and Non-Authoritative) using AD, Flat file, JDBC and LDAP connectors to load the Identity Cubes.
• Develop a custom form in the SailPoint UI so that various admins can create user accounts manually through UI and provision users. Set up Sail point IIQ policy server on Dev, QA, UAT and Production. Strong development experience in implementing the LCM events workflows, rules and custom reports.
• Provisioning application's requests in IIQ to Create/Amend/Delete user access for the on boarded applications.
• Configuration of Roles, Policies and Certifications for governance compliance and configure business processes to manage ongoing changes.
• Working experience in the development of Websphere Portals, Portlets, CA-SiteMinder Single sign-on Services with Siteminder configurations (setting up policies, realms, rules and responses), Google Federation along with posting credentials to FCC from a custom Application Login JSP/HTML pages.
• Involved in creating custom reports, certifications to cater various data feeds and knowledge in bean shell scripting, workflows rules.

Environment: Sail Point IIQ, Active Directory, LDAP, C, JAVA, J2EE, JDBC, JavaScript, CSS, HTML, XML, AJAX, Oracle database, SAML 2.0, OAuth2.0, E-directory, SunOne Directory Server, CyberArk, Ping federate 7,Ping Access, Apache 2.x, Webserver 6.1, Tomcat 4/5.SQL Developer, SQL, PL/SQL, NetIQ Access Manager 3.2/4.2/4.3,Ping Federate 7/8, CyberArk Privileged Account security 9.7.2

Confidential, New York

IAM Engineer

Responsibilities:

• Configured SiteMinder for SAML Federated Authentications by configuring ID Provider/Consumer using SAML 2.0 POST binding, Installed Web agent Option Pack and created Partnerships, Documented Visio for SAML, AuthSchem and Day-to-day maintenance of SiteMinder policy servers and troubleshooting production issues.
• Coordinated with the Service providers and identity providers during the SAML Certificate upgrade and architectural changes, Upgraded CA SiteMinder to R12 from 6 and installed the Admin UI and configured the FSS Admin GUI.
• Engaged to help client design and implement a Single Sign on Solution using the Forgerock stack using Open AM and OpenDJ for a billion users, with a rapidly changing software base using an Agile model and continual build / test process.
• Experience in implementing CA Siteminder policy server, framing Rules and Policies, Policy Server maintenance, SSO call clearance, Web Agent & Application agent installations, troubleshooting production problems.
• Configured Affiliate agents, RADIUS agents to provide federation of web services in the SSO environment providing authentication & authorization to IDM. Microsoft FIM, Sailpoint IIQ, Oracle IM, SAP IDM, NetIQ IDM ForgeRockOpenIDM and CA Identity Manager.
• Installed and Configured Ping Federate. Integrated internationalization for Ping One web applications.
• Hands on experience on Ping Federate, CA Single Sign-ON, CA Advance Authentication, CA Secure Proxy Server, Ping Access, and Ping Cloud. Have good knowledge on Ping Access. Worked on version 4.0.
• Experience in SAML based authentication 1.1 and 2.0 using Ping Federation, Siteminder Federation and integrate with Siteminder authentication and adapter.
• Experienced in migrating NetIQ Access Manager to Ping Federate. Deployed Ping One in Cloud and integrated with Ping federate on premise. Created ACO, HCO, User Directory for LDAP and AD.
• Implemented Siteminder monitoring using Siteminder SNMP client, SiteScope and Zabbix monitoring system. Implemented Siteminder password policies for external SunOneLDAP user repositories.
• Installed and configured BOXI Report Server for Siteminder audit logs registered with JBOSS.Installed, configured and administer Sun One LDAP Directory and Site-Minder Policy Servers. Optimized volumes, AWS EC2 instances by creating multiple VPC's and balanced load effectively.
• Extensive hands on experience on SailPointIdentityIQ, ForgeRockOpenAM&OpenDJ, IBM Security Identity Manager, IBM Security Access Manager and IBM Security Access Manager for Enterprise Single Sign On, IBM Security Directory server, IBM Security Directory Integrator, Session Management Server, WebSphere Application Server and SUN Identity Manager implementations.
• Configured and deploying Scheduled Tasks, developing process forms and child forms and doing customizations in connector configurations using design console. Implemented AWS solutions using EC2, S3, RDS, EBS, Elastic Load Balancer, Auto scaling groups.
• Worked closely with the production team for daily monitoring and stabilizing of production issue related to OIM 11.1.2.2, AD, ED, RAS and RACF.Configure synchronization of Users/Groups from AD to OID.
• Designed and deployed Forge Rock Open AM and Open IDM to migrate from CA Cloud minder.Multi Factor Authentication (RSA, DUO, SecureAuth, ForgeRock, SailPoint, CA Arcot, Okta).Configured Process Tasks, Adapters and Event Handlers for provisioning and de-provisioning of users.
• Implemented a single sign on authentication from Ping Federate Server and AD server. Users are generated on the fly using LDAP import with their corresponding role based access.Performed stress tests and tuning of the pre-production and production environments.
• Migrated SAML Based SSO partners from CA Single Sign-On federation to Ping Federate.Implemented SiteMinder security zones.
• Tuning of Web Logic parameters such as JTA, JDBC connection timeouts, OIM DB and SOA connection time outs.Patched and maintained installations.
• Responsible for provisioning users across endpoints like Active Directory, LDAP, Unix, and RACF/Mainframe along with explore and correlating users from various endpoint, Worked on application in resolving integration issues related to provisioning and single sign-on. Checking/Obtaining patches as required for the environment and applying them.
• Created new scheduled jobs on Dev environment for user reconciliation and clean-up.Good knowledge with PIV-Personal Identity Verification.
• Provided solutions for complex application using SiteMinder and Ping Federate.

Environment: CA siteminder 12.52/12.6, CA SPS, F5 APM module CA API Gateway and Mobile API Gateway, CA IDM, CA AdvancedAuthentication (CA Strong Auth and CA Risk Auth), Apache,,Linux, IBM Lotus Notes, LDAP, Oracle Identity Manager 11g R2, Microsoft Active Directory, OIG, OID 11.1.1.6, Web logic 10.3.6

Confidential, Jersey city

Siteminder/IAM Admin

Responsibilities:

• Integrate applications from development to production, assist development teams in identifying and resolving various issues related to Siteminder. Created Rules, Rule groups, Response, Response groups, Realms and Policies for Directory Server users, implemented Siteminder policy based security.
• Coordinated with the Service providers and identity providers during the SAML Certificate upgrade and architectural changes. Worked with Siteminder engineering team to document technical specifications and procedures for Siteminder best practices.
• Implementation of SSO and authentication services using CA Netegrity Siteminder. Responsible in Performance Tuning for Siteminder to provide better response time, low latency, high availability and maximum throughput.
• Created policies, realms, rules, responses in Siteminder Policy Server to protect the applications and validate the users to work under SSO environment.
• Understand business processes and challenges to supply recommended Identity Management Solutions, Educate application teams on how to integrate with Identity & Access Management solutions.
• Communication of project status to project managers and management. Identify issues within a solution and supply leadership with technical answers and options, Provide support and documentation to assist in sustaining the project during the transition to production.
• Experienced in overall administration and technical support of CA SSO and CA Access Gateway ensuring acceptable and consistent levels of performance through optimization.
• Installed and Configured CA Siteminder Policy Server 12.7, CA Access Gateway 12.7 and CA Web agent 12.52 on Microsoft Windows, CentOS, Red Hat Enterprise Linux and Solaris environments.
• Experienced in Installation and configuration of web agents on Apache, IIS, IHS, WebLogic, Web Sphere and SunOne Webservers.
• Configured Policy Stores, Key Stores on CA Directory, User Store on Active Directory and Session Store on SQL Servers, Configured and defined the Policy Domains, User directories, Rules, Realms, Policies, Password Policies and Responses in Siteminder to protect and manage access to enterprise resources.
• Proxy service protection for internal Web infrastructure by providing SSL, fault tolerance and load balancing. Assist load testing team during load tests. Prepare project plan and submit weekly progress reports, throughout the project duration.
• Provided roll-back plans to all application teams when any issue. Supported endurance and regression testing in pre-production environment. Involved in daily Site minder updates for Production, UAT and Development environment.
• Assisted multiple applications during any production outage. Handled multiple alerts related to servers in various environments. Assisted Infrastructure Team during any changes.

Environment: CA Siteminder R12 SP3, Sun Solaris 9/10, Windows Server 2003, SunOne Directory Server, IIS 6.0, Apache 2.x, Webserver 6.1, Tomcat 4/5. Siteminder policy server R12 to latest, CA Directory, Secure Proxy Server, JBoss, Tomcat 6x, Red Hat 5/6.

Confidential, Missouri

LDAP /Siteminder

Responsibilities:

• Worked on Ping Federate Clustering with Engine and console servers being part of cluster by maintaining multiple clusters for the high availability. Experience in implementing LDAP security models. Utilized Resource Analyzer and Log Analyzer for performance testing and troubleshooting and Knowledge managing LDAP Policy Store.
• Configured Open LDAP with UNIX pam, and enabled users to authenticate against LDAP. Installed, configured and integrated Web servers (plug-in file), Siteminder Web agents and LDAP user directory with Websphere Application Server.
• Configured Ping Federation Environment for SAML Federated Authentications for users coming from partner sites by configuring ID Provider/Consumer using SAML 2.0 POST binding. Configured AD pass-through authentication for Identity Access Manager (IAM).
• Developed few scripts to update attribute in E-directory using ice import. Scheduled chron jobs to run LDIF scripts to update attributes. Configured Web servers with SiteMinder Single Sign on (SSO). Migrated user store and policy store data from Active Directory to LDAP
• Deployed and configured Directory Server 6.x as User Store and Policy Store in different environments. Involved in designing the directory server architecture according to requirement, Installed and configured Sun Directory proxy Server 6.x in different environments.
• Specifying Proxy Rules for the Secure Proxy Server. Involved in resolving the mix-mode replication issues between directory server 5.x and 6.x,Involved in developing the day-to-day backup scripts for directory server
• Assisted in architecting LDAP schema designs and directory tree structures from Site Minder perspective to merge and migrate authorization groups and external users. Involved in upgrade of directory server 5.x to 6.x
• Designed the LDAP schema and replication to support Siteminder Policy, User store and Key Store in highly available mode. Configured the Replication for user directories on Sun One LDAP servers.
• Used ILM to manage identities through a SharePoint-based policy and workflow management console
• Worked on Single Sign on for the applications to use the third-party services using Ping Federation. Created policies, realms, rules and responses to protect the applications and configure them to work under the SSO environment. Revised LDAP directory and security architecture for J2EE applications.
• Designed and Implement application API Gateways for Company wide application services. Documented all design, development and upgrade efforts in testing, staging and production environments.
• Strong troubleshooting skills in various technologies like F5 load balancers, MQ 6.x, Sun ONE LDAP directory server 5.2 as part of production support. Provided 24x7 supports for Identity Manager Infrastructure in staging and production environments.
• Experience in Troubleshooting urgent priority tickets with minimum response time. Coordinated with testing team to perform load and regression tests on applications in different environments.
• Configured Authorization code and Resource Owner Grant in OAuth 2.0. Generated ID token in Authorization code flow which is used for authentication by application teams.

Environment: SAML 2.0, OAuth2.0, E-directory, SunOne Directory Server 5.x & 6.x, Ping federate 7,Ping Access, Apache 2.x, Webserver 6.1, Tomcat 4/5. Windows 2003, Red hat Linux 2.1AS, Solaris 9, Apache 2.0, JBOSS3.x