Professional Summary

A highly result oriented and task driven Security Architect with proven track record in delivering strategic security solutions for fortune 500 clients. A CISSP/CSSLP professional with more than 14 years of hand-on experience in complex and high transaction IT environments with significant expertise in security engineering and security architecture. Extensive hands on experience with security technologies along with capabilities to design develop and implement security solutions that adhere to compliance and regulatory requirements. Highly analytical with deep troubleshooting knowledge of Network infrastructure and web applications, including those that are highly secure and complex Web SSO applications that handle sensitive data.

Capabilities

• Expertise in Enterprise Security Architecture and delivery of strategic security solutions.
• Expertise in designing and implementing Enterprise Single-Sign-On SSO , Identity and Access Management solutions including Federated SSO using SAML.
• Ability to identify security patterns and provide security best practices for Java/J2EE, Spring, .Net, Identity and Access Management, and Web Services.
• Ability to support the business IT environment by providing security architecture design and roadmap for highly secure applications and data delivery.
• Ability to build relationships with business and technology stakeholders and produce security artifacts that clearly articulate security risks and mitigation.
• Architected and Deployed Identity and Access Management solutions using Oblix CoreiD, Novell e-Directory LDAP and Netegrity Siteminder.
• Experienced in the design and deployment of enterprise Identity Management solutions using IBM Tivoli security solutions IBM TIM/TAM/TDI/TDS/TFIM.
• Experienced in the design and deployment of Oracle Fusion Middleware IAM solutions.
• Excellent analytical and troubleshooting skills for web based applications with in-depth knowledge on network devices/topologies, application servers J2EE and .Net , and web servers.
• Expertise in Layered Multi-tier security DMZ and High availability web services infrastructures.
• Expertise with infrastructure monitoring solutions using Tivoli, Topaz, HP OpenView, BigBrother, Wiley J2EE and NetIQ.
• In-depth knowledge and experience with J2EE JACC, JAAS, JSSE, JCA and JCE, Kerberos GSS-API, Spring Security, Oauth 2.0, OpenIDConnect, SAML 2.0.
• Excellent knowledge of OOD/UML, Security focused Application Development Java/J2EE, .Net
• Experienced with enterprise application architecture, solution design and development.
• Experienced with security testing and vulnerability scanning tools HP WebInspect, IBM AppScan, Qualys, Tripwire, and ArcSight.
• Experienced with IP firewalls, XML firewall gateways, and Imperva.
• Experienced with Multi-Factor and OOB Authentication, OTP/SMS Delivery and Mobile Application Security.
• Excellent people management skills and leadership abilities.

Key Skills

• Information Security Management including Single-Sign-On SSO , Identity and Access Management.
• Security Planning, Risk Assessment and Mitigation ISO 17799, PCI, NIST, GLBA, SOX and HIPAA.
• Web Application Security Consulting and Secure Code Analysis SAST and DAST OWASP SWAAT, HP Fortify
• J2EE Security Architectures Security Patterns JAAS, JSSE, JCE, and JAVA Platform Security.
• Oauth 2.0 Java and Spring Security
• Federated SSO using SAML 1.1/2.0, XML Gateways Cisco ACE XML, Intel ESG SOA
• Role Based Access Control RBAC and XACML.
• SOA Messaging Frameworks JMS, MQ, Web Services, and WS-Security.
• Digital Authentication Basic/NTLM/Kerberos/SPNEGO, SSL Mutual Authentication, SAML 2.0 Web Browser SSO SP POST Request, IdP POST Response , RBA and Out-Of-Band Authentication technologies.
• Multi-Factor and Out-Of-Band Authentication, OTP/SMS Delivery, Voice Bio-Metrics
• Symantec Enterprise Security Manager SIEM-ESM , Tripwire, Intellitactics and IP360.
• Cloud Security Architecture and Consulting for Big Data and Hadoop.

Technologies

Application Server Software: Oracle Fusion Middleware - WebLogic, SOA and IAM stack, Tomcat, JBoss, Novell/NetIQ Identity and Access Manager, IBM TIM/TAM/TDI/TDS/TFIM, Oblix CoreID/ShareID, OAuth, OpenIDConnect, OpenAM, Ping Identity, Ping Federate, CA Siteminder, Novell e-Directory, Cisco ACE XML Gateway, Intel ESG XML Gatewa, Symantec SIEM/ESM, RSA Access Manager, Adaptive/Risk Based Authentication.

Operating Systems: SUSE ES, RHEL, Ubuntu, Windows 2008, legacy Unix Digital, Sun, HP

Experience

Senior Web Services Security Specialist

Confidential

• This is a senior web services specialist and engineering role responsible for the design/deployment and operation support for Cisco ACE XML Gateway and Intel ESG SOA Gateway.
• Engaged as the lead XML Security Engineer for various projects and successfully deployed the services on the gateways. Key accomplishments include security design, vulnerability assessment and mitigation of security gaps for new web service applications.
• Design, Development and Integration of Consumer and Provider Web Services Authentication using XML SOA Gateway security policies that include Basic Authentication, SSL Mutual Authentication, SAML 2.0 Web Browser SSO SP POST Request, IdP POST Response , Out-Of-Band Mobile Authentication etc.
• Work with Network engineering and perform troubleshooting for web application and web services connectivity. Use standard and advance tools for troubleshooting network and web application connectivity.
• Work with application developers and provide guidance in secure code development, digital authentication X509, SAML, Out-Of-Band technologies and web services integration.
• Operation support Tier 3 Escalation for critical production XML Gateway systems that process around 17 million transaction a day across multiple data centers.
• Engaged in Security Technologies like Qualys, Tripwire, Imperva and ArcSight.
• Engaged in multiple projects to assist the application teams in developing secure web services. Act as the Lead Engineer/Specialist for web services deployment and testing across multiple environments DEV, TEST, CERT, PROD, and DR.
• Work with product vendor Cisco, Intel to resolve platform related issues and perform patches and upgrades on the XML Gateways Linux based appliances .

Novell NetIQ IAM Security Architect

Confidential

• This is a Novell Access Manager NAM/NetIQ IAM Architect and Engineering role for design, deployment and support for customer integrations using the NetIQ IAM platforms.
• Translate business requirements for SSO and SAML Federation into technical design, development and integration. Advance troubleshooting for SSO web applications and SAML integrations Digital Key Management and Federated Identity partner integration.
• Troubleshoot Identity management issues on AD, Novel eDir, custom LDAP attribute mapping/configuration for web applications to enable seamless SSO across multiple business applications.
• NetIQ Access Manager Login/Logout page customization using JSP and JavaScript.
• Responsible for full lifecycle - delivery support, perform advance troubleshooting of Access Manager System configuration and performance issues, apply patches and updates and also provide on-call support.
• Provide SME level technical guidance on NetIQ IAM platform and work with multiple customers to resolve technical issues pertaining to SSO, Access Management and Federated SSO.
• Resolved critical NetIQ platform related issues by working with Novell Technical Support.
• Worked with customer technical teams and PhoneFactor to deploy Out-Of-Band multi-factor authentication PIN delivery to mobile devices via SMS text.

Security Architect/Expert

Confidential

• This is a 4-6 weeks assignment to assist Hitachi's technical design team in their SSO and Federated SSO architecture for a new service platform/integration.
• Presently engaged in providing security architecture, engineering, and technical design guideline for ADFS Active Directory Federation Services SSO integration for Hitachi's Global business solutions.
• Dynamic and Static Code Analysis Java, JSP, ASP, .Net, PHP , Web Application Vulnerability management.

CA Siteminder SME/Consultant

Confidential

• Represented CA support for Genentech Siteminder staff augmentation for r12 upgrade. This is a short 3 weeks engagement.
• After the upgrade, worked closely with Genetech Siteminder engineers to change the LDAP load balancing model for Siteminder Policy servers.
• Suggested configuration to use Virtual LDAP node LTM-F5 in the Policy server configuration instead of round robin LDAP load balancing. This off-loaded the load balancing to the LTM F5 .

Senior IAM Architect

Confidential

• Worked as a senior IAM architect for a short 3 months contract to perform due diligence on current SSO architecture and design.
• Completed a re-design of the SAP AS portal SSO for external users using SPNEGO and Juniper SAM infrastructure.
• Resolved certain design issues for extranet remediated SSO applications.

Senior Security Architect

Confidential

• Worked as a Senior Security Architect for Wells Fargo Bank's Wholesale Treasury Architecture Group.
• Managed a team of 10 Architects, developers in re-designing and automating the Wells Fargo's Enterprise Fraud Detection System.
• Key engagements include: Voice Biometrics Authentication, Centralized Fraud Management, Risk Based Authentication, Federated SSO using SAML v2.0, Web Services Security. Application Security Consulting for various projects using J2EE and .Net platforms.
• Created Reference Security Architecture for the Enterprise Fraud Management that includes a SOA framework and CEP based fraud detection and management for banking applications. Products include Actimize, RSA-Adaptive Authentication RSA-AA and Case Management system. Design includes creating a more extensible architecture for fraud data integration with various online banking channels.
• Provided strategic security architecture and technical design guidance for Partner Banking integration using a Federated SSO Model SAML v2.0 , WS-Security including X509 Mutual Authentication for Web Services.
• Provided security design consulting for Out-Of-Band-Verification OOBV and One-Time- Passcode OTP solutions for sensitive banking applications. Products evaluated include OAAM, RSA-AA, OpenAM, OTP.
• Provided security design consulting for Mobile Banking Voice Biometrics Authentication. Products include PerSay Vocal Password.
• Provided strategic security design for In-Session BEA Web Logic 'Perimeter Authentication using CA Siteminder ASA Application Server Agents .

Senior Security Architect

Confidential

• Worked as a Senior Security Architect FTE and lead the Application Security Architecture efforts including SOA security, Web Services security, Managed File Transfer infrastructure, Federation SSO and Enterprise Identity/Access Management efforts.
• Worked with Salesforce.com for SaaS hosted solutions for McKesson Business Applications and Federated Single-Sign-On.
• Responsibility also includes key deliverables pertaining to Reference Architectures, SME in various security technologies, Solution Architecture Design SAD and HIPAA focused Security Consulting for healthcare applications. This is a highly technical security architecture role covering all aspects of Security Architecture, Secure Application Development and Best Practices.
• Engaged in POC efforts for Ping Federate, CA Federated Identity Manager and Oracle Identity Federation OIF .
• Lead Security Architect for an Enterprise Managed File Transfer MFT solution, and McKesson Enterprise Identity and Access Management initiative.
• Provided security engineering and consulting for Information Rights Management IRM and Data Loss Prevention DLP efforts.
• Functioned as the lead security technologist for Secure Data Erasure solutions.

Senior Security Consultant

Confidential

• Worked for Sempra SGDE as a Senior Security Consultant for the Smart Meter project. Roles and responsibilities include:
• Assess the security posture of the Smart Meter wave1 architecture and provide security evaluation for various Smart Meter components.
• Perform security testing for the Smart Meter Web Application/Web Service integrations. Identify vulnerabilities and recommend strategies for risk mitigation.
• Executed Web Application Security vulnerability testing for Smart Meter Web Applications and Web Services.
• Provide security consulting and SME for SOA and web application security for BEA Web Logic infrastructure, Cisco ACE XML Gateway, and J2EE Application environments.

Information Security Architect

Confidential

• Worked with Visa's ISO Program Compliance and Engineering department as a security architect. Roles and responsibilities include:
• Engaged as the security architect with the re-architecture of the current Symantec ESM Enterprise Security Monitoring infrastructure. This is a highly visible initiative for centralizing ESM Security Events Reporting and Monitoring. This effort also includes regionalization of ESM across Visa Inc.
• Work with Corporate Risk to manage policies to support Visa's Key Controls and Technical Security Requirements.
• Work with the Controls team to test and implement security policies in ESM.
• Support the Controls Management tool by acting as 3rd level support for vendor escalation.
• Support the Visa Security Compliance Management VSCM process and systems by participating as a key member of the VSCM Team.
• Provide SME level assistance for System Engineers resolving out of compliance issues for alerts triggered by ESM, Intellitactics, and IP360.
• SIEM engineering and deployment experience with Symantec ESM, Intellitactics, and IP360.
• Provide SME and approval for controls exception and suppression requests.
• Provide SME to Operations, Technical Support staff, and Development groups in the remediation of non-compliance issues from the Controls Management reports. SME subject areas include UNIX, Linux, Windows and key Application Software.
• Designed and implemented the interactive security event reporting system for the Information Security Office ISO . This is a mini datamart for Security Events Monitoring analytics and trending. This individual effort received excellent senior management recognition.
• Lead security engineer for developing the enterprise ESM Agent Health Monitoring solution scoped for integration with the Remedy Auto-Ticketing system.
• Engaged with the Corporate PKI migration from Entrust to Microsoft PKI environment.
• Engaged with Symantec as the ISO engineering 3rd level ESM technical support.
• Provided security consulting for the corporate Wi-Fi infrastructure effort.

Enterprise Security Architect

Confidential

• Delivered strategic security solutions aligned with enterprise architecture standards and governance process.
• Engaged as a Security Architect for strategic initiatives for Enterprise Underwriting System EUS and Enterprise Policy Administration Systems EPAS .
• Worked closely with IT and Business to identify critical security requirements pertaining to P C Insurance strategic initiatives.
• Identified project security gaps/roadblocks and recommended security solutions for strategic alignment with enterprise security architecture, compliance and regulatory requirements.
• Recommended technical security solutions for enterprise application architectures that used J2EE IBM Websphere and .NET 2.0 technologies.
• Reviewed conceptual and detail design artifacts for security risks and concerns. Recommended appropriate security controls for risk mitigation.
• Developed security guidelines, standards and best practices for new security patterns.
• Played a lead role with design of SAP ERP-HCM Portal Single Sign On solutions using TAM WebSEAL and LDAP Directory.
• Participated with security certification for 3rd party hosting providers.
• Engaged with RFP/RFI development for new initiatives and vendor selection procedures.
• Engaged with design of SAP ECC and BI SAP GUI Windows SSO solutions using Microsoft Active Directory and Kerberos/GSS-API.
• Security engineering for IBM Websphere infrastructure and J2EE application integration environments, including SOA and Enterprise Service Bus infrastructures using IBM Websphere.
• Engaged with Strategic Security Initiatives SSI for Enterprise Identity Management, RBAC and Encryption strategies, road map and future state security architecture.
• Participated in the successful completion of POC for Identity Management using SUN Java Identity Manager 7.0.
• Designed the enterprise security guidelines for Web Services Security for SOA.
• Worked extensively with Reference Architectures pertaining to Enterprise Security, SOA for Identity Federation and Access Management.
• Completed security risk assessments for major projects. These assessments were intended for sign off by the Corporate Compliance Office, a critical step for moving the projects through the quality gates Conceptual to Detail Design .
• Identified and recommended security controls for enterprise SOA for critical business services integration deployed using IBM MQ series.
• Involved with strategic initiatives which includes an enterprise security road map that offers a more robust Identity Management System for centralized policy enforcement.

Information Security Consultant

Confidential

• Provided security consulting services for Wells Fargo's Wholesale Banking Risk Assessment and Security Planning department. Roles and Responsibilities include:
• Develop and implement security standards, procedures, and guidelines for multiple platforms and diverse systems environments.
• Review the development, testing, and implementation of security plans, products, and control techniques.
• Investigate and recommend appropriate corrective actions for data security incidents.
• Provide security consulting and project management services on highly complex information security projects and issues.
• Identify security risks to the organization and ensure that appropriate data security procedures and products are implemented.
• Maintain an awareness of bank security policies and government regulations pertaining to information security.
• Identify regulatory changes that will affect information security policy, standards, and procedures and recommend appropriate changes.
• Assist with solutions and drive standardized, compliant, and cost effective technical security designs and architectures for Projects in conjunction with Wells Fargo Services' Corporate Information Security CIS team.
• Maintain an awareness of all PCS IT platforms, architectures, applications, tools and constantly seek more efficient and effective security solutions.
• Risk assessment and Mitigation for Wells Fargo Projects and functions.
• Develop reporting and metrics for the security planning process as well as overall PCS risk management.
• Lead security related projects focused on compliance and new technology deployments.
• Serve as liaison to Project Architecture and Standards, Wells Fargo technical teams, and ISO groups.

Infrastructure and Security Consultant

• Confidential Worked as an Infrastructure and Security consultant on project basis for certain banking and finance organizations in India. The projects involved with the design and deployment of web infrastructures with high availability using content services switches. Tasks included Directory server design and deployment. Multiprocessor Intel hardware with SUN Solaris X86 32/64 bit and Linux operating systems were deployed for n-tier web services.
• Architected and deployed Enterprise SSO and LDAP infrastructures for Identity and Access management.
• DSML framework was implemented for non LDAP applications to integrate with Enterprise SSO through web services over HTTP/SOAP.

Infrastructure and Security Architect

Confidential

• Worked as a Technical lead for the B2C web infrastructure migration project. B2C web infrastructure hosts web content and applications for Daimler Chrysler brand web sites with a total of over 170 domains and 70 mission critical J2EE applications. SUN JASS JumpStart Architecture and Security Scripts were used for hardening Solaris.
• Functioned as a technical project lead for migrating outdated B2C server infrastructure 40 SUN Servers to the latest SUN server hardware with minimum downtime. Participated in B2C security audit reviews.
• Lead infrastructure architect for migrating a high transaction and complex IBM Websphere application infrastructure to a more robust SUN/AIX infrastructure. This project was completed in 18 months with reduced downtime for Chrysler brand web sites.
• Performed technical architecture reviews for J2EE applications pertaining to solution outline, macro/micro design, systems context diagrams and use cases.
• Involved with the implementation of a Border Gateway Network BGN that incorporates layered security architecture for high available content delivery.
• Involved with the Architecture and Deployment of Global L R Identity and Access Management project using Oblix CoreiD, Novell e-Directory LDAP and Netegrity Siteminder.
• Involved with Web Content Management implementation using Vignette and IBM WebSphere.
• Implemented Enterprise Monitoring and Reporting solutions using HP OpenView, Mercury TOPAZ TMS, Tivoli, Big Brother, Wiley J2EE and SiteSeer.
• Worked closely with the security teams to provide security solutions for J2EE applications using J2EE- JAAS, JSSE, JCE frameworks.
• Provided solutions to ensure privacy requirements GLB for certain B2C applications.
• Engaged in Security Audit evaluations, Risk Assessment and Mitigation.
• Involved with the development of processes and interfaces for B2C web services infrastructure.

Senior Technical Analyst

Confidential

• Functioned as a lead technical analyst in the design, development, test, integration, and implementation of the enterprise security infrastructure. Functioned as the central point of contact within IT for communications related to information security issues and concerns.
• Performed a lead role in Planning and performing Vulnerability and Penetration testing and assisted in implementing security polices/standards/guidelines, and ensured that effective security controls are in place.
• Designed and Implemented - Multi-tier layered security solutions for the Internet services infrastructure.
• Corporate Internet Web Proxy environment with content filters. Netscape Proxy Server 3.53 and Smart Filter were deployed.
• Web auto-proxy environment for Xerox OPB and its global field offices using autoproxy configuration scripts.
• Installed SecureComputing's Sidewinder firewalls, NOKIA Checkpoint firewalls with high availability using VRRP NOKIA and HSRP CISCO .
• Provided strategic security solutions for the intranet/extranet e-business application integration. Administered Web Servers, Secure SSL web servers and FTP servers.
• Administered web proxy, reverse proxy, firewalls and DNS servers and implemented secure split DNS environment using chroot.
• Implemented monitoring and reporting solutions used NetIQ, and SiteSeer.
• Implemented high available content delivery solutions used CISCO CSS 11000 series Content Services Switches.
• Provided 24x7 lead technical support for XEROX OPB's Internet and Security Services Infrastructure and Provided internal consulting in CGI Perl , JavaScript, Java, HTML, Web Application Integration.

Lead Systems and Network Consultant

Confidential

• Worked as Lead Architect for security infrastructure projects, firewall implementations, and proxy server implementations with LDAP authentication
• Worked as Lead solutions architect for network monitored, intrusion detection systems, DNS/Mail service infrastructures, and Enterprise Anti-Virus solutions
• Worked as Lead in Web Infrastructure and Security Services
• Worked as Technical lead for UNIX Systems Security and Network Security client engagements
• Designed multi-tier web services infrastructures with high available content service switched and server clusters
• Designed IDS architectures with S-TAP and zone isolation techniques.
• Designed single-sign-on distributed authentication solutions based on KERBEROS.
• Deployed vulnerability and penetration tests.
• Deployed security tools such as COPS, Crack, TCP wrapper, Tripwire, PortSentry, Nmap, Nessus, and SNORT.

UNIX Systems Support Engineer

Confidential

• Performed UNIX system administration duties
• Installed, configured and optimized Digital UNIX 4.0 on DEC Alpha 1000/1000A servers
• Implemented Digital UNIX as a Trusted Computed Base TCB : ENHANCED Controlled Access Protection used secsetup
• Configured enhanced Digital UNIX security features: Audit, ACL, and Extended Authentication with NIS
• Administered the Audit Subsystem: Audit Events, Audit Log, Audit Reports, and Audit Data Recovery
• Administered ACL's, Ensured Authentication Database Integrity, and supported Digital UNIX security configurations used the Security Integration Architecture SIA framework
• Used Performance Manager, System Configuration and Tuned, Event Translation and Reported and Kernel Debugged for Digital UNIX systems management
• Managed file system and logical storage. Administered the Polycenter AdvFS and Logical Storage Manager Components
• Organized and automated backup and restore procedures.

Senior Systems Support Engineer UNIX

Confidential

Installed and configured 200 UNIX AT T System V and BSD servers Administered XENIX systems, SCO-UNIX systems, and Apollo AEGIS CAD stations Installed and configured HP 9000 series servers and administered HP-UX Worked as Lead Engineer in Client Engagement for design and build of data centers with UNIX servers used TCP/IP enterprise network architecture Performed UNIX system administrator role for key financial and health care industries Implemented RAID solutions for enterprise class UNIX servers and developed backup and restore procedures Migrated closed system environments to open system client/server UNIX environments.