SUMMARY

• 8+ years of experience in IT field including Installation, Configuration, Development, Deployment, Administration, Trouble Shooting and network security, database systems, and Enterprise Document Management in large scale organizations
• Experienced in IAM/PAM tools with deployment, configuration, integration and troubleshooting CyberArk Privileged Account Security product suite - Enterprise Password Vault, Password Vault Web Access, Central Policy Manager, Privileged Session Manager, Application Identity Manager, and Privileged Threat Analytics
• Performed, Manage, Resume, Release Privileged Credential using CyberArk Privileged Management Vault Administration, configuration, troubleshooting and installation of Windows 2003, 2008, 2008 R2 and 2012/R2.
• Hands-On experience in integrating and troubleshooting platforms with CyberArk Privileged Account Security, such as Windows / UNIX servers, VMware ESXi, Network Devices, Middleware and Databases
• Worked on Configurations including AD integration and Management of CyberArk Enterprise Password vault and Managed Safes and Server/ host addresses in Enterprise Password Vault. Good experience in Implementation and Installation from CyberArk 9.0 to 10.9 version, Privileged Identity Management (PIM) Suite.
• Provided guidance in addition, removal, change and lifecycle of Privileged ID Management (PIM) in order to provide the highest quality levels of Security. Installed, Managed and Troubleshot DNS in multiple zone environments
• Experience with PAM Operational Tasks - Defining Access Control, User Entitlements, Manage Applications, Credentials and User Access Policy Management. Troubleshooting and Maintenance of the Password Vault, CPM, PSM, AIM, DR Vault in DR Server
• Migrate user accounts into Password Vault using Bulk upload utility. Installation, configuration and troubleshooting of AIM clients for various teams. Installation and capacity management of Cyber-Ark Privilege Session Manager (PSM) including RDS Session host and licensing
• Experience in providing support to internal and external teams for multiple web-based enterprise app’s for integration with CA SiteMinder and Ping Federate, Integration of third-party applications with various Single Sign On matrix like Open Token, Agentless and SAML based services through Ping Federate
• Created both WS-Fed and SAML 2.0 protocol Service Providers endpoints using Ping Federate Experience with using IdP initiated and SP initiated SAML profiles with different binding methods like POST, Artifact, redirect to deliver a custom SSO environment as per the requirement
• Exporting Metadata, creating Adapters, Service Provider connections, Identity Provider connections, replicating configuration archive, importing and exporting SSL certificates using Ping Federate Configured Ping Gateway to Authenticate the users and API’s through Ping Access and Ping Federate
• Experience in implementation of Security Management tools in enterprise wide Applications to achieve Authentication, Authorization and Accountability, Experience in administering LDAP based directory servers like IBM Tivoli, Oracle and Microsoft Active Directory, Experience in upgrading SiteMinder/Identity Minder from 6.x to 12.0 and from 12.0 to 12.51
• Experience in analyzing the logs (trace logs, logs) and troubleshooting issues in integration of other applications using CA SiteMinder (Single Sign on) and Identity Management tools along with LDAP and Web-server agents
• Proficient in developing custom workflows to handle access requests and Self-registrations. Hands on experience in developing custom rules such as customization rule, build-map rule and connector rules. In-depth knowledge of deploying and troubleshooting IP protocols. Hands on experience with implementation of Sun Identity Management for various users account

TECHNICAL SKILLS

IDE/ Tools: Eclipse, Net Beans, Edit Plus, Macromedia Dreamweaver, XML SPY, JBuilder, RAD 7.0/6.0, WSAD, ITCAM, Tivoli, UML (Rational Rose, RUP), VSS, CVS.

Security Tools: IBM Identity Management and p6, CyberArk Privileged Account security 10.9, IBM Tivoli Access Manager 6.1.1, Tivoli Federated Identity Manager 6.2.2.

Core Java Concepts: Collections, Generics, Multithreading, Serialization, Exception Handling, RMI, File I/O and Reflection, API.

J2EE: Java 1.6/1.7, JSP, Servlet, EJB-Session Beans, Entity Beans, JMS, JDBC, JNDI

Operating Systems: SUSE Linux 9/10/11, Windows Server 2000/2003/2008 , Unix

Languages: SQL, PL/SQL, J2EE, HTML, JAVA Script, Shell Scripting

Databases: ORACLE 8i/9i, MSQL, MS Access, MySQL

Web Servers: Sun One 4.1/5.1/6.1, Apache 2.0/2.2.4, IIS 5.0/6.0/6.5, Tomcat 4/5

Directory Services (LDAP): Novel eDirectory 8.7.x/ 8.8.1/8.8.5 , Sun One/I Planet DS 5.x/6. x., eDirectory 8.X, Active directory (ADLDS), Tivoli Identity Management, Forefront Identity ManagerSSO and Identity: Novell/NetIQ Access Manager, Ping Federate 6/7/8, SiteMinder R12 SP2, SP3 / R6 SP1, SAML 2.0. HP Service Manager, IBM Vantive, BMC Remedy, Service Now

PROFESSIONAL EXPERIENCE

Sr. CyberArk Engineer

Confidential, WA

Responsibilities:

• Responsible for managing 30k privileged accounts, and 10k user accounts centrally from CyberArk 10.5 for protecting account credentials, Identity Management and access management for better control, visibility and reporting capabilities and meeting PCI goals
• Involved in all stages of CyberArk 10.5 PAS implementation to secure business critical accounts- Privileged accounts, Windows Local Admins, and Domain Admins to provide enterprise wide security solution, Installed and Configured core CyberArk 10.5 components (EPV, PSM, CPM, PVWA and PSMP) in Production and Dev Environments on Windows Server 2016 from the scratch
• Configured F5 GTM and LTM load balancers for PSM and PVWA components across different locations for High Availability. Installed RDP health check for Privileged Session Manager (PSM) service on Windows server ‘16.
• Reviewed and made changes to PSM and CPM hardening scripts to fit the enterprise compliance requirements Worked on PKI certificates on CyberArk windows servers, web applications, for RDP SSL/ TSL handshake and client-server trust model and created self-signed certificates for EPV.
• Made changes to Domain GPOs, Windows server Local Policies, AppLocker policies, and ACLs for CyberArk servers as per requirements. Designed and architected EPG’s (End-Point Groups) for Network firewall ports connecting Point to Point between CyberArk servers
• Installed and configured Privilege Session Management Proxy (PSMP) in production Environment with Load balancer in RedHat Linux version 7.5 to secure root and super admin accounts, SPOC for access provisioning on safes, managed RBAC in CyberArk. Configured custom platform settings for enterprise compliance requirements and smooth user experience.
• Involved in configuring CyberArk End-point Privileged Manager (EPM) for Implementing least privilege and Credential theft protections for Win and Mac Desktops, and Windows Servers to contain attacks and stop lateral movement
• Worked on CyberArk utilities like, PADR, PA Client, PAR Agent, PA Restore, Export Vault Data, Create Cred File, Auth File, CA Vault Manager, CA Cert, Create Env, and PA Replicate leveraging full EPV functionality, Implemented CyberArk policies, and managed Win domain accounts, Win local Admin accounts, Linux based root accounts, service accounts, and Database Administrator accounts
• Implemented Privilege Threat Analytics (PTA) for maintaining risk-based strategy and automatic remediation with policies in place for auto onboarding and reconciling unmanaged accounts, extensively worked on Privileged Session Manger (PSM) troubleshooting issues, GPO compliance with PSM service, RDS licensing, RemoteApp and other Hardening issues.
• Worked on custom CyberArk PSM connectors for ADUC, PowerShell/ ISE, PSM-PVWA, PSM-PrivateArk, MMC, Win Server Manager, and CMD for secure session Isolation and session recording, Designed Naming Convention for Safes, Accounts, Platforms according to the organizational standards and a feasible model for administration and operations. Configured Duo MFA for CyberArk 2 Factor Authentication.
• Involved in Saviynt (IGM), AAM (Application Access Management), EPM (Endpoint privilege Management) and PTA (Privilege Threat Analytics) implementation for CyberArk Integration. Worked on Password Upload Utility (PUU), REST API’s, PowerShell Scripts for automating CyberArk administration jobs. Engaged with CyberArk support for troubleshooting P1 issues on Production Vault.
• Integrated LDAPS, SMTP, ENE, NTP, RADUIS MFA, SIEM (Syslog), and SNMP (Splunk) with EPV for AD user authentication, email notification, time sync, two factor auth, Syslog, service monitoring respectively, Good experience in troubleshooting Windows servers, Networking issues, Debug CyberArk issues, read trace logs, and leverage CyberArk Xray tool.
• P2 and P3 on call support for CyberArk issues. Good Communication skills, analytical skills, interpersonal skills.

Environment: CyberArk 10.x and 11.2, LDAD, AD Integration, PSMP, PTA, EPM, AAM, UNIX, Firewall, IDS/IPS, SIEM, Symantec MSS LCP, Palo Alto, VMware, ACS, DNS, TCP/IP, Saviynt, Splunk, SAML, RADIUS DUO, SAML 2.0, OAuth, F5 Load Balancer LTM/ GTM, and Network Security EPG’s

Sr. IAM CyberArk Engineer

Confidential

Responsibilities:

• Involved in Gathering Technical Requirements from the client and worked closely with network team for requirements. Experience in Implementation and Installation of different versions of Cyber Ark Suite 7.0, 8.1.0 and 9.2.1.
• Experience in CyberArk Privileged Account Security product suite - Enterprise Password Vault, Password Vault Web Access, Central Policy Manager, Privileged Session Manager. Perform vulnerability assessments of Systems/Network device. Knowledge of Security tools like Cyber Ark, IDS/IPS, SIEM, PIM, Cisco ASA Firewalls, ACS, NMAP, Nessus and Wire shark etc.
• Managing Cyber-Ark Security that offers any enterprise a wide range of services and support options to making digital vault solution a success; these services include implementation, consulting, training, maintenance, online support and vault.
• Worked on PAM Operational Tasks Defining Access Control, User Entitlements, Manage Applications Credentials and User Access Policy Management. Experience in performing Privileged Access Reviews, Compliance Reporting, Access Control Processes and other associated tasks with Privileged User Management.
• Designed, developed, and documented IAM services including Single Sign-on, Self-Service registration, workflows, user management, management dashboard, Role Base Access Control, Attribute Base Access Control, resource and business layers Provisioning, credentialing, federation, and auditing.
• Developed and maintained the solution System Design Document that defined the solution’s architecture framework, component-level design, identity schema, user interfaces design, use cases and process flows. Implementation of Check Point firewall and Virtual firewall; Checkpoint VE on VMware, Blue Coat proxy (SG, and Blue coat Director), F5 Fire pass SSLVPN, Radware Load Balancer and Juniper Firewall.
• Implement application account management by Cyber-Ark on Windows and Linux servers using AIM module. Upgraded Cyber-Ark software version on the Production and DR vaults and pertaining CPM/PSM and PVWA. Troubleshooting and maintenance of the Password Vault, CPM, PSM, AIM, DR Vault.
• Migrate user accounts into Password Vault using Bulk upload utility. Experienced in Privilege Identity Management, Identity & Access Management, and Single sign On, SAML, OAuth, ADLDS, ADFS, OKTA, TLS/SSL, and Active Directory. Developed authentication policy’s to using PingOne authentication (Internal/External).
• Fixed Active Directory mapping connection to provision users and groups into Cyber-Ark vault and e-mail notification failures. Implemented AIM solutions to manage Windows and Linux application account passwords. Configured Auto-Detection processes to provision and manage Windows service accounts.
• Installed and configure PingFederate and Ping Access and configure ping access and ping one for new POC based applications for cloud SASS apps. Upgraded the ping federate environment to 9.0.2 across multiple environments, providing solutions for the external SSO using PingFederate/SAML/SiteMinder.
• Created federation trust between PingFederate and SiteMinder for seamless SSO for applications during migration strategy for utilizing SMSESSION using Core blox token service adapter. Experience in configuring and deploying adapters and token processors for Ping depending on the requirements for the application.
• Step up authentication for external users who are external to enterprise network and IWA for internal users. Migrated apps from legacy header-based approach to applications that are more standards-based approach like SAML 2.0, OAuth/opened connect.
• Experience with the implementation of DUO two factor authentication tokens for the integrated web service security in a SSO environment for the service provider applications highly skilled in Splunk to build, configure and maintain different environments and in-depth knowledge of log analysis generated by various operating systems.

Environment: Cyber Ark 7.0, 8.1.0, 9.2.1 PIM, LDAD, AD Integration, UNIX, Firewall, IDS/IPS, SIEM, Cisco ASA Firewalls, ACS, NMAP, VMware, Routers, ACS, DNS, TCP/IP, PingFederate Server 9.0,2, PingAccess Server 4.2.2, PingOne, Splunk, SAML, Netegrity SiteMinder v5.5, v6.0, 12x Web agents 5.x, 6.x, DUO, SAML 2.0, OAuth F5 Load Balancer, Network Security.

Sr. IAM Ping LDAP Consultant

Confidential

Responsibilities:

• Configured SSO Integration Adapters for session cleanup as part of Single Logout (SLO) in the SSO implementation, Developed self-service portal for enterprise federation. Worked on Access Management for providing Authentication, Authorization, Scalability and Accountability for the Applications.
• Configured SSO integration for O365 with modern authentication in place, Created Access Control List and protected object Policies and authorization rules for fine grained access control. Experience in deploying SaaS based connectors like AWS, Slack, box and many more depending on the new integration patterns.
• Experience in setting up Open ID/OAuth connection templates and working with app teams on deploying the apps to support next generation standards. Published migration strategy for applications preparing for Cloud based deployments using Proxy/Gateway model or agent-based model.
• Performed Installation and configuration of SailPoint 7.1. Configured Flat files and JDBC connectors in SailPoint. Preparing Audit reports for monitoring. Adding the LDAP certificates through iKeyman. Installed, integrated and deployed SailPoint IdentityIQ.
• Use of both PingFederate SDK and PingAccess SDK for any of the custom requirements like creating any custom adapter or setting up new policies using SDK. Created SAML and WS-Federation trust for both SaaS applications and internal SharePoint apps
• Creating objects in PingAccess like creating virtual hosts, site authenticators, policies, authorization and authentication policies, identity mapping headers, run time engine nodes for HA using REST API method or manual approach.
• Implemented Performance tuning for LDAP and CA SiteMinder for better response time. Installed and Configured SiteMinder and its components such as Policy Server, Web Agents etc. Integrated homogenous and heterogamous application with SiteMinder / LDAP.
• Migrate PingFederate and PingAccess instances, Configured SCIM provisioning using PingFederate for user provisioning and de-provisioning. Configuring the Siteminder web agents on Apache, IBM Http Server (Domino Go), IBM Http Server (Apache), and IIS webservers for comprehensive WAM deployment model.
• Creating the agents, aces, rules, realms, policies for the new applications. Configuring Windows NTLM Authentication Scheme on the policy server. Configuring the Credential collector web servers to support NTLM Authentication Scheme. Configuring Form Based authentication schemes.
• Upgraded LDAP to Oracle Directory Server Enterprise Edition 11gr2 from Sun one Directory server 6.3. And from ODSEE 11gr2 to CA directory. Worked on Building Schema, Access Controls for CA directory (LDAP).
• Implementing and maintaining security infrastructure solutions across the enterprise using PingFederate, CA Single Sign-on/SiteMinder, ODSEE and CA Directory (LDAP) on platforms like UNIX, Solaris and Windows.
• Performing Proof-of-Concept of Okta’s SSO solutions to integrate with on-premise and cloud applications. Integrated Okta with enterprise directory for both internal and external environments. Migrated all SaaS based SSO solutions from SiteMinder to Okta.
• Creating new SAML connections for the SSO with external vendors using SAML1.1 and SAML 2.0 post methods. Provided strategic security architecture and technical design guidance for Partner Banking integration using a Federated SSO Model SAML v2.0, WS-Security including X509 Mutual Authentication for Web Services. Trouble shooting policy server and web agent issues.
• Installation, integration and deployment of SailPoint Identity IQ. Involved in knowledge sharing sessions for SailPoint Compliance Manger component and involved in creation of design documents, code reviews. C onfiguring Okta for user provisioning to Office 365(Azure AD), Box, Workday and SFDC.
• Mainly responsible for converting the combination of manual and CONTROL-SA provisioning to direct SailPoint provisioning via both out of the box SailPoint connectors, and custom written Java code connecting to a variety of systems via mechanisms such as SOAP and REST web services, JDBC, custom API's etc.
• DSML framework was implemented for non LDAP applications to integrate with Enterprise SSO through web services over HTTP/SOAP, Automated server provisioning using Puppet, Installed Ping SDK agents on the servers that do not support SAML or WS-FED for maintaining SSO between different realms of system security.
• Mentor development team in Agile SDLC and version control, Install and configure SiteMinder policy server v6.0 sp 5. Creating provisioning flows for the new users and existing users using the CA Identity minder. Installing v6 web agents on the client servers. Trouble shooting Federation issues with external vendors

Environment: PingFederate Server 9.0,2, PingAccess Server 4.2.2, PingOne, Splunk, SAML, Netegrity Siteminder v5.5, v6.0, 12x Web agents 5.x, 6.x, DUO, SAML 2.0, OAuth 2.0, GitHub, Jenkins, Chef, Fiddler, CyberArk Privileged Account security 9.8, SAML tracer, CA Identity Minder,IIS5, IIS6, Apache, JBoss, IBM Http Server, LDAP, Active directory

Information Security Engineer

Confidential

Responsibilities:

• Installed, configured and maintained Netegrity/CA SiteMinder Policy Server 6.X/12.X, CA IDM r12.x and Sun ONE Directory Server 5.2 on distributed platforms. Installed, configured Web agents, Netegrity Transaction Minder, Sun One Directory server (LDAP) with various Web & Application servers.
• Involved in the architecture and implementation of CA Identity Manager Solution for provisioning, delegated administration, workflow implementation and generating audit reports to be compliant with the security regulations.
• Involved in Designing infrastructure, documenting Identity manager requirements for migration to 12.5 from 8.0. Installed and configured PingFederate 7.0.1 with the existing Siteminder environment and used LDAP authentication for the admin console.
• Updated Corporate User store with the expanded user base as a result of new business acquisitions by directory acquisition and Correlation schemas using custom attributes. Extensively used web services variables to facilitate federation of web services.
• Used custom attributes properties to track the information about the recipients of the application site. Created and updated the provisioning policies as per the change in the business environment using Policy Xpress. Implementing custom agents on Siteminder admin console for PingFederate connections.
• Worked extensively on creating Custom Password policies and Authentication schemes as per the requirement.
• Configured CA SiteMinder policy server, framing Rules and Policies, Policy Server maintenance, SSO call clearance, Web Agent & Application agent installations, trouble shouted production problems.
• Involved in Migration of SiteMinder6.x to 12.x for advanced Load balancing, failover configurations and for facilitation of user impersonation. Installed, configured and integrated Web servers (plug-in file), SiteMinder agents and LDAP user directory with WebLogic Server V10.
• Installed SiteMinder Policy Server Optional Pack and Web Agent Optional Pack for Federation web services. Configured SiteMinder web agents, Affiliate agents and RADIUS agents to provide federation of web services in the SSO environment.
• Configured user impersonation feature to enable Customer service department to provide a better service to the business clients. Experienced in assisting Web Administrators, LDAP Administrators to determine what the best values for SiteMinder parameters and tune the system to boost SiteMinder performance in the Web Tier, the Application Tier, and the Data Tier.
• Configured Ping Federate 6.x/12.x for SSO across multiple web-based enterprise applications. Performed user provisioning in Identity Provider (IDP) site Service Provider (SP) site using SAML for SSO, Experience with using Integration Kits and Token Translators for integrating identity enabled web services into SSO environment.
• Installation configuration and maintenance of RSA authentication manager 6.x for enabling token-based authentication along with the form-based authentication as a part of the security solution. Hands on experience with configuring IDP initiated and SP initiated SAML profiles with different bindings like POST, Artifact, and Redirect as per the custom business and security requirements.
• Configured SSO Integration Adapters for session cleanup as part of Single Logout (SLO) in the SSO implementation. Creating OpenSSL Certificates and using the same for Federation of external Services to achieve the purpose of maintaining confidentiality, message integrity and bilateral Authentication.
• Worked on new Directory Server Schema's as per the needs of the business. Worked with existing user stores and new external LDAP stores. Integrated Active Directory & Sun One directory servers as user stores & SQL Server as Policy store. Experience in trouble-shooting the issues by analyzing the trace and TAI logs.
• Experience with using Wily and One view monitor for performance monitoring of identity management servers and components. Experience with performance tuning of policy servers and associated components and generating performance reports using customized crystal reports. 24x7 production support.

Environment: JDK 1.4/1.5, J2EE, JDBC, XML, SAML 2.0, CA SiteMinder 5.X/6.X/12.x, Sun ONE Directory Server 5.X/6.X, CA Identity Manager r8/r12, Tomcat 5.5, Apache 2.0, Wily Introscope 7.0/7.2, Solaris 8/10, Windows 2000/2003, Oracle 10g/11g, SQL Server 2005, DB2 8.X.