SUMMARY

• 5+ Years of experience on Identity and access management tools like Ping Federate, Ping Access, Ping ID, Ping One, Ping Central, Azure AD, ADFS, CA Authminder, CA Siteminder, InAuth, and Okta.
• Achieved Single Sign On (SSO) solutions among the enterprise application by installing, configuring, deploying different products like Ping Federate/Ping Access/ CA SiteMinder on windows as well as on Linux servers based up on the requirement.
• Hand on experience in implementing SSO concepts like SAML 2.0, Open Token, WS - Fed, Open ID connect (OIDC) and OAuth 2.0 for enterprise and customer facing applications.
• Accomplished Federation protocols to establish the trust relationship between Identity Provider (IDP) and Service Provider (SP) by implementing different protocols like SAML1.1, SAML2.0, WS-Federation, OAuth2, Open ID Connect (OIDC), WS-Trust.
• Experienced in installing and configuring Server Administration, Attribute Mapping, SSO Connections, OAuth 2.0 Configuration, Open ID Connect Configuration, Logfiles using PingFederate.
• Experience in implementing SSO and Multi Factor Authentication using Ping Federate and Ping ID.
• Experience on setting up SAML flow for applications with custom IDP chaining requirements.
• Adept at OIDC, OAuth 2.0 flows and helped organizations move from legacy protocols to modern authentication.
• Have led application migration efforts from on-premises to cloud environments.
• Good working knowledge for cloud platforms like AWS and Azure.
• Proficient in provisioning and de-provisioning users to various applications in OKTA.
• Experience in setting up infrastructure for Secure Proxy Server which would act as both reverse proxy as well as the federation engine for external applications.
• Configured various applications with ADFS for Single Sign On (SSO).
• Experience in using web agent option packs to build and maintain Federation infrastructure to provide SSO functionality to external applications.
• Experience in syncing objects, users, groups, from on-premisesactivedirectorytoAzureActive Directory (AAD).
• Experience in ActiveDirectoryFederation Services (ADFS), SAML, web Single Sign-on (SSO), OAuth and related authentication technologies
• Proficiency inSiteMinderAdministration, Load Balancing, Performance Tuning and Maintaining High Availability in both UNIX and Windows based environments.
• Proficient in configuration of SiteMinder Authentication Schemes, Policies, Realms, Rules and Responses.
• Adept in upgrading CA SiteMinder Policy Server, Policy Store, Admin UI, Web Agents from R12.0 to R12.52.
• Extensive experience in installing and configuring different SiteMinder web agents on IIS and Apache web servers, WebLogic and WebSphere app servers and troubleshooting issues associated with these configurations
• Experience in programming languages like C, C++, PowerShell, UNIX Shell Scripting and Servlets and Web technologies like HTML, CSS, Java Script, and XML.
• High Proficiency in analyzing Root Cause analysis, implementing solutions and documenting.
• Experience in services like change, problem, and incident management, proficient in tools like HPSM, Cherwell with a good understanding of ITIL concepts.

TECHNICAL SKILLS

Identity and access management solutions: Ping Federate, Ping Access, Ping ID, Ping One, Ping Central, Azure AD, Okta, Azure MFA, CA SiteMinder r12.5x/12.52sp1, CA SPS12.52sp1, ADFS 1.1/2.0/2.1/3.0 , Shibboleth

Web Servers: IIS 6.0/7/7.5, Apache 2.2/2.4, JBoss 5.x, 6.x and Sun One Web Server6.x

Directory servers: Sun ONE Directory Server 5.1, 5.2, 6.3, ODSEE 11g, Microsoft AD 2008/2012.

Programming and scripting: C, C++, PowerShell, UNIX Shell Scripting

Change Management: HPSM, Cherwell, ServiceNow

Monitoring and Administrative Tools: Splunk, Wily Introscope, Softerra LDAP Administrator.

Operating Systems: Windows 2008/2012 R2/2016, Red Hat Linux, Solaris 9/10.

PROFESSIONAL EXPERIENCE

Confidential, Houston, TX

IAM Engineer

Responsibilities:

• Integrating and Configured applications to Ping Federate and Ping Access as per the Application team needs, without changing their code.
• Integrate applications with Ping Federate using SAML 2.0 & OIDC and provided seamless login.
• Participated in ping federate upgrade project from 8.3.2/9.0 versions.
• Member of design, deployment, implementation, and architecture team to move Ping Access and PingFederate deployment to AWS Cloud.
• Part of on-boarding team and closely working with the application teams and vendor in requirement collection and recommending them the appropriate federation methods for implementation.
• Federated web/native/hybrid applications with PingFederate using the Open ID connect protocol
• Implemented attribute customization for SAML vendor applications.
• Helped application team to build shibboleth as a SP and integrated with application, Ping Federate as an IDP.
• Created authentication policies for moving away from the legacy composite adapters and moved away from the legacy authentication policies.
• Implemented policy contract approach rather than mapping the adapter at the connection level.
• Implemented open token flow for legacy applications which didn’t have a capacity to consume SAML or modify their code to leverage OIDC.
• Have written custom policies to embed user attributes in JWT token as per the vendor and application team requirements decreasing the overhead on clients to make further DICE calls for user attributes
• Upgrade PingID from version 1.0 to 1.1 throughout the environments.
• Write selector policies to apply MFA for applications like Slack, G-Suite, and Office 365 based on source of originating request and various other parameters.
• Answer customer queries on Slack SSO Channels.
• Hand hold and work with application teams to migrate applications from on-premise ping federate solution to cloud infrastructure.
• Part of certificate update squad team to update the SAML signing certificate for the federated applications.
• Designed/architected solutions in collaboration with middleware team to leverage NGINX for applications which were not capable of consuming SAML/JWT tokens to move away from CA Siteminder.
• Participated in developing PingFederate custom Authentication schemes with Application teams as part of requirement.
• Have setup federation between Keycloak as service provider and PingFederate as identity provider for SPA applications using micro-services.
• Responsible for running the Jenkins jobs for periodic builds to rehydrate the servers in AWS.
• Part of the team responsible for building next generation ping federate environment.
• POC’ed Docker deployments of Ping Federate and Ping Access.
• Install Barracuda WAF communication with internal PingFederate servers to serve externally originating application requests.
• 50% Part of the operations and 50% part of the development team.
• Responsible for checking the Cherwell tickets and resolve them within the SLA.

Environment: Ping Federate, Ping Access, Ping ID, AWS, ADFS 2.0/2.1/3.0, SPS r12.52SP1, Windows Server 2008/2012, ADLDS 2008R2, Oracle ED, RHEL 5/6, IBM WAS7/9, HPSM, Cherwell, Kibana, Wily Introscope

Confidential, Plano,TX

SSO Engineer/Analyst

Responsibilities:

• Assigned as a consultant to install, configure, upgrade, maintain and support enterprise infrastructure security solutions and middleware solutions on Ping Federate.
• Ping Federate administration for agents, agent configuration objects, logs and cache management.
• Involved in setting up policy servers, web agents, and web agent option packs for Ping Federate federated web services.
• Experience with SAML 2.0 while implementing Federation between Partner Websites.
• Integrate Applications from development to production, assist development teams in identifying and resolving various issues related to Ping Access
• Configured the Policy Domains, User directories, Rules, Realms and Policies for protected web resources.
• Worked with Ping Federate federation services to provide the necessary sign on solutions for SSO with external partners.
• Apply Option Packs and Servlet Exec on IIS for Federation with other PHP Products and SAML 2.0.
• Implemented different password policies according to the requirement.
• Configure Service providers, Identity Providers and update SAML Certs for SAML and troubleshoot any issues related to it.
• Worked with application owners to design applications and policies. in SiteMinder policy Server R12 and install Web Agents on web Servers such as IIS 7.x and over, Apache 2.x. Provide Role based access as per requirement.
• Deployed applications on clustered environment and performed load balancing.
• Worked with Web Administrators, LDAP Administrators to determine what the best values for Ping Access parameters and tune the system to boost Ping Access performance in the Web Tier, the Application Tier, and the Data Tier.
• Configured and tested LDAP connection settings for applications requiring access to the Active Directory tree.
• Manage and troubleshoot Lightweight Directory Access Protocol authentication for applications.
• Configured failover, load balancing and high availability solution for Policy Servers, Policy Stores and User Stores.
• Cross forest/domain migration of users for acquisition and removal from the enterprise.
• Part of team Migrating the corporate Active Directory from Windows Server 2008 to Server 2012 R2.
• Worked on Migrating users and groups from windows 2008 domains to windows 2012 domains using Aelita's tool.
• Good Understanding of F5, BIGIP and DMZ and Network configurations.
• Coordinated with testing team to perform baseline and regression tests on applications.
• Have set up the environments in RHEL LINUX, Windows and Unix.
• Worked on Integrating Windows Authentication (IWA) Scheme and Form based Authentication (FBA) scheme accordingly to Different vendor s requirements.

Environment: Ping Federate, Ping Access, Apache 2.x, JBOSS app servers, BEA Web logic 8.1, Sun One Directory Server 5.2, Windows Server 2008r2/2012, Solaris 10 and RHEL 4/5, Splunk, Wily Introscope.

Confidential

Siteminder Engineer

Responsibilities:

• Worked in a SiteMinder engineering team providing services to design and implement CA SiteMinder SSO and Federation integrations.
• Worked on upgrading SiteMinder environment from R12.5 to R 12.52.
• Worked on the projects to design, develop and enforce the Single sign on multi-domain infrastructure.
• Worked on a project to add additional infrastructure capacity to increase the load handling capability in the Production environment by adding 4 new servers in the Production environment.
• Install and configure CA secure proxy server R12.5 and setup SiteMinder Federation services using SPS.
• Assisted the team to upgrade SiteMinder policy servers, policy stores and web agents on multiple platforms as part of the SiteMinder upgrade project.
• Created policy server objects like ACO, HCO, Agents, Rules, Realms, Responses and Policies, installed web agents on various web servers and configured agents to integrate existing and new applications in SSO
• Co-ordinate the changes for an optimized plan to minimize downtime across the DEV, TEST, STAGE and PRODUCTION environment.
• Configuring and defining the policies of SAML Affiliate Agents where as these policies can be followed by partner sites federated authenticated users. Used SAML to implement single sign-on to external web applications.
• Worked on day to day tasks including creation of SiteMinder configuration objects and working with application teams to resolve issues.
• Worked on creating policy objects as required by the application teams to implement sound and secure SSO solutions.
• Worked on integrating new applications with SiteMinder by creating the required realms, rules, and policies as required.
• Completed the protection and provided support as needed.
• Worked on multiple projects to provide SSO with SiteMinder federation setup with 3rd party vendors using the SAML protocol.
• Helped application teams to design and implement the SSO solutions for both internal and external applications.
• Responsibilities included attending the preliminary discussions and further work with the technical teams to gather requirements and attend multiple calls to complete the integrations.
• Worked on a large corporate project from initial stages to design and build the SSO solution to support the project until it was pushed live.
• Provided support and troubleshooting facilities to existing SAML federation partners for issues and quick fixes.
• Worked on a project with the CA core team to discuss and design health check suggestions to improve the health and performance of the SiteMinder environment within the Infrastructure.

Environment: CA SiteMinder r12.5/r12.52 Sp1, CA Secure Proxy Server r12.5, Oracle Directory, IIS 6.0/7.x, Apache 2.x, JBOSS app servers, Windows Server 2003/2008, and RHEL 4/5, IBM WAS7, Splunk,