SUMMARY:

• Over all 7+Years Work experience in the design, testing, implementing enterprise - wide security applications usingCAIdentity Minder,CA Site-Minder and Sun One LDAP Directory.Work experience in deploying CyberArk privileged with Account Security Solution involving enterprise session manager, password vault. Ability to adopt new technologieswithin short period of time.
• Privileged Access Management project which includes implementing CyberArk Passwordexperience with performance tuning of policy servers and associated components and generatingperformance reports using customized crystal reports.
• Extensively worked on OIM Connectors like Active Directory, SOAP, ERP, LDAP, Okta, Exchange, OID, Database Management, Top secret, EDirectory, GTC.Experience in Security Identity Management (SIM) and Security Access Management (SAM) components.
• Experience in integrating applications withCAIDM. UI customization experience on IDM. Expertise in Microsoft Active directory with Red Hat Linux and Windows platforms. Experience in Multi Factor Authentication RSA AA.
• Created configuration files to implement for a directory path for Identity Manager Application in apache web server. Experience on BLTH/LAH, TEWS, Web services etc. Experience with Trust Builder Identity and Access Management.
• Professional in analyzing logs and troubleshooting of issues in integration of different application using CA Siteminder and IAM tools along with LDAP and web-server agents and Siteminder federation services.
• Configured CA Siteminder System objects like Agents, Agent Conf Objects, Host Conf Objects, User Directories, Domains, Administrators and Schemas. Expertise in migration for active directory using Quest Migration Manager tool.
• Created SP/IDP connections using Ping Federatewith external partners. Improvised skills in Multi master LDAP configuration and distributed environment and performance fine tuning for high availability and optimized response time.
• Experience with using IDP initiated and SP initiated SAML profiles with different binding methods like POST, Artifact, and Redirect to deliver a custom SSO environment as per the requirement.Certification in java at basic level.
• Experience on OAM (Oracle Access Management),SSO, ForgeRock OpenAM and OpenDJ. Involved in various SiteMinder upgrades including Okta, SiteMinder 6.0 to R12 and SiteMinder 12 to 12.52. Experience in Governance Minder, using 12.5.7 and worked on installing, configuring and troubleshooting.
• Expertise in Installation, Configuration, Deployment and Maintenance of SiteMinder Components like the Policy Server, Web Agent, ASA Agents, TAI Agents, Policy Store and Key Store. In-depth knowledge of Identity and Access management products -CA SiteMinder Access Manager, Oracle Access Manager, Oracle Identity Manager.
• Responsible to check and configure the integration ofSiteMinder 6.0 policies to work with roles defined in Identity Manager 6.0and Strong analytical and communication skills. Delivered services by meeting the strategic objectives of the organizations Risk management.
• Experience in administration of LDAP Servers including version 5.1, 5.2 and 6.3. Worked on Enterprise Users Single Sign On through browser and through services with third party application hosted in enterprise or cloud usingPing Federate, Ping One.
• Worked on windows authenticationusing NTLM login servers configuring it with NTSSO authentication schemes for many corporate environments. Extensive experience in Client interaction and support maintenance engagement in Web Authentication and implemented Web Access Management Solutions using Ping.
• UpgradedPing Federate from lower Version to higher version both for Console and Engine server (From 6.4 to 7.3 and 7.3 to 8.0). Experience in User Directory Administration, System Administration and Active directories, OAuth.
• Experience in debugging of authentication / authorization related issues and creating Rules, Responses, Realms and Policies. Integrated Ping Access with Ping Federate System to get authenticated byPing Federate and Authorized by Ping Access Servers using the Access Control Lists.
• Experience in Ping Federation using SAML and integrated with SiteMinder authentication.Integrated both IDP and SP initiated SSO usingPing Federate and with external partners.Worked on both Token Generator and Token Processor inPing Federate.
• Experience in deploying SAML based highly available solutions usingPing Federate and other security products, can create and process the SAML to get tokens which can be processed by other Web Access Management Products.
• Worked on creating connections with third party vendors for both as identity provider and service provider using Ping Federation.Worked on Automation of different manual tasks such as backups, logs file, monitoring and checking servers with shell and Perl scripts.
• Influences external Projects / Onboarding - gather requirements which would include scope, customization, etc. and account uploads. Expertise in Identity Access and Role Management Solutions Using Sail PointIdentity IQ.
• Worked on Installation and configuration of Sail Point application across all environment’s development, stage and production. Implementation of Password Self Service via Okta for user workstations. O-365 integration with Okta for SSO

PROFESSIONAL EXPERIENCE

Confidential, TX

Sr. IAM Engineer

Responsibilities:

• Responsible for the delivery of Single Sign On solution for on-premises and external based applications. Working in development of access management interfaces to Ping Federate, PingID/SSO services and SSO effected directory objects.
• Constructing and Providing an access management integration process detailing a technical integration template and procedure, Supports the technical integration needs design and development to facilitate connectivity between SSO, directory and provisioning tools.
• Evaluate client business process, systems and technology requirements and advise clients on best practices to help guide and solidify proposed designs, Monitoring the Linux server/engine successful up and run. Manual test execution Kerberos and HTML, FORM adapter for successful authentication in the ITG/Production environment.
• Responsible for Privileged Account Management with CyberArkPIM suite Administration with a good understanding of the underlying business processes. Configuration of CyberArk Password Vault Web Access (PVWA) to end user as well as Admin Console for managing all the privileged accounts in the organization.
• Worked as a key technical Engineer for Easy Access PingFederate Implementation Project. Deployed and Implemented from initial phase which includes adding domains, importing users from various AD domains both trusted and non-trusted (total of 32 domains and 190K Identities).
• Providing technical support during SSO software upgrades, server patching activities and enhancements. Working on the application integration by using federation protocols like SAML, OPEN TOKEN, OAUTH and OpenID connect.
• Implemented Password Vault for securing, managing, rotating the privileged passwords for sensitive applications and Integration with GIAM to secure credentials in the application. Configuration of CyberArk Central Policy Manager (CPM) for auto managing like change, verify and reconcile passwords for all the shared accounts.
• Providing Open token authentication based on Internet Information Service (IIS) and Apache Integration as per user requirement. Supporting daily activities related to End User issues and Technical issues. Providing MFA authentication to new users through the PingID/Pingone for cloud based, on-premises and SAAS based application troubleshoot the technical issues.
• Involved in troubleshooting various MFA related password reset, unlock account issues for individual users as well as domain wide related issues. Worked with other InfoSec team for planning, tracking and coordinating tasks towards CHI Easy Access project Implementation schedules.
• Working on internal projects Excalibur/Viking moving on-premises application to AWS/Azure cloud and, configuring single sign on for HP API Gateway application based on OAUTH protocol and, updating the token name for all the open token applications.

Environment: SAML 2.0, OAuth2.0, OpenID Connect, CyberArk 10.3Open Token (Windows IIS and Apache), Ping Federate 8.4.3/9.3.2, PingID/Pingone, Linux, Apache Directory Studio 2.0.

Confidential - Bentonville, AR

Ping Federate Engineer

Responsibilities:

• Working extensively on the Ping Federate product and integrating web applications in the Enterprise wide apps and Federate to the externally hosted vendor sites. Configured Ping Federate IDP and SP connections to connect to the external vendors and have a SSO from Internal application.
• Creating new SAML connections for the SSO with external vendors using SAML 2.0 post methods, Developing custom adapters and data stores. Responsible for the delivery of Single Sign On solutions like Ping Access and Ping Federate.
• Ensuring Project deliverables or directives are within Confidential ’s compliance mandates and IT Procedures, creating and maintaining secure web access within Confidential ’s global perimeter and with secure external websites outside of Confidential ’s firewalls.
• Integrating application with Ping Access security solutions to provide authentication and CGA(Course grained authorization) also working on federation solutions to secure SAAS based applications which are hosted outside of the Confidential network.
• Analyzing servers to ensure they are consistent across environments to aid in troubleshooting to ensure results. Ensuring critical operations, support and maintenance of the infrastructure SSO is performed with high availability, top performance and tight security.
• Co-ordination with the application team in debugging the problems and issues with the applications. Constructing and providing standard operating procedure documentation (SOP’s), Create SOP’s document on detailed information of the connection for management review.
• Prepare a plan for user communication to switch from ADFS to Okta SSO. Created a detailed implementation and migration guide for Office 365 Okta SSO integration. Document detailed technical steps to be executed by administrators to accomplish federation configuration switch from ADFS to Okta. Active member of PAM Team responsible for the deployment of CyberArk Security Initiatives.
• Created detailed document illustrating current user’s SSO experience using ADFS. Document client’s Okta SSO implementation and user guides. Leveraged IDM infrastructure to provision birth right SSO AD groups to provide access entitlements for end users.
• Involved in requirements gathering discussion with Workday app team and helped them utilize Okta’s SSO feature for Workday. Multi-tasking managing multiple application owners and technical contact to drive SSO integration and external user provisioning objective.
• Document existing Office 365 use cases as part of requirement gathering exercise. Prepare a plan for user communication to switch from ADFS to Okta SSO. Created a detailed implementation and migration
• Working on Policy Contract Migration internal project for Dev, Stage and Prod. Created Automated script for REST-API Using Postman API for raw data. Written PowerShell Script for Retrieving the data list of connections in all Environment.
• Working on Ping Federate Administrative API REST based Interface. Preparing documents for Policy contract migration, IVB’s and informing to the requester about upgradation of SSO Connection and validation. Working on daily routine request on Ping Federate and Ping access.
• Working on Linux server for logs, monitoring and troubleshooting the SSO Connections and particular to get a user information and internally to verify used Softerra LDAP Administrator.

Environment: SAML 2.0, OAuth2.0,Ping federate 9.1.1.0, OKTA Ping Access 4, Linux, LDAP 3.4.

Confidential, San Francisco, CA

Ping Federate Engineer/IAM Security engineer

Responsibilities:

• Worked on Ping Federate Clustering with Engine and console servers being part of cluster by maintaining multiple clusters for the high availability. Worked on Single Sign on for the applications to use the third-party services using Ping Federation.
• Configured Ping Federation Environment for SAML Federated Authentications for users coming from partner sites by configuring ID Provider/Consumer using SAML 2.0 POST binding. Configured AD pass-through authentication for Identity Access Manager (IAM).
• Configured and supported SAML 2.0 with various partners to create SSO/FEDERATION between our Identity Provider Landing page and Service Provider's Applications. Installed and configured the IAM suite components in production environments.
• Developed few scripts to update attribute in E-directory using ice import. Created policies, realms, rules and responses to protect the applications and configure them to work under the SSO environment. Implemented Single Sign-On using Siteminder on single/multiple cookie domains for Web applications and integrated SSO with SunOne LDAP and MSActive Directory and e- Directory.
• Provided technical direction to allow Active Directory on-Prem group to populate users through Ping Federated. Experience with MicrosoftActive Directory Federation Services.Designed and Implement application API Gateways for Company wide application services.
• Documented all design, development and upgrade efforts in testing, staging and production environments. Provided 24x7 support for Identity Manager Infrastructure in staging and production environments. Experience in Troubleshooting urgent priority tickets with minimum response time.
• Coordinated with testing team to perform load and regression tests on applications in different environments. Configured Authorization code and Resource Owner Grant in OAuth 2.0. Installed, configured SiteMinder policy server Web agents,Active Directory server (LDAP), ASA agents, Domino Agents and various Web & Application servers.
• Prepare a plan for user communication to switch from ADFS to Okta SSO. Created a detailed implementation and migration guide for Office 365 Okta SSO integration. Document detailed technical steps to be executed by administrators to accomplish federation configuration switch from ADFS to Okta. Set up Partner connection using Ping Federate 7.x(IdP and SP initiated SSO)
• Document existing Office 365 use cases as part of requirement gathering exercise. Prepare a plan for user communication to switch from ADFS to Okta SSO. Created a detailed implementation and migration guide for Office 365 Okta SSO integration.
• Generated ID token in Authorization code flow which is used for authentication by application teams. Worked with testing teams to Imported user accounts from production environment to staging environment to validate different test cases.
• Executing Backups and Recovery strategies for directory data (DIF), resolving backup and recovery issues in a High availability environment. Experience in configuring and deploying RSA Governance. The Project was to integrate On-premise IAM Solution of Client with Cloud based IDaaS
• Solution using Okta to enhance the security controls in place to protect client assets. It includes: On Premise Active Directory integration with Okta. IWA application setup for DSSO Multi-factor enrollment and authentication. AD migration of users and Okta user provisioning

Environment: SAML 2.0, OAuth2.0, Okta E-directory, SunOne Directory Server,Ping federate 7, Ping Access, Apache 2.x, Webserver 6.1, Tomcat 4/5.

Confidential - Irving, TX

SiteMinder/IAM/LDAP Security Analyst

Responsibilities:

• Installed, Configured, Administered and Monitored Netegrity SiteMinder Policy Server (5.5/6.0),CAIDM r8.1 and Sun One Directory Server 5.2/6.x/7.0 on UNIX, Linux, Windows and Solaris platforms. Worked on multiple applications as a Security Specialist using SiteMinder products to provide authentications, authorizations and Policy management.
• Installed, configured and integrated Web servers (plug-in file), SiteMinder agents and LDAP user directory with WebSphere Application Server. Automated Identity Management tasks such as user provisioning and application access based on each user's relationship with role within our organization usingCAIdentity Manager.
• Monitored & Supported Sun One LDAP Directory server and SiteMinder in Production Environment.Installed, Configured, Administered and Monitored Ping Federate 4.4/5.0 on UNIX platform.Supported the team in the analysis of the AgencyActive Directory structure and the building out of a Master User Record.PingFederate Performance tuning for supporting support heavy traffic.
• Experienced with SiteMinder policy server log files for Troubleshooting Site Minder environment.Fine-tuned response time by configuring Site Minder Agents, DIT's & LDAP parameters.Installed & Configured SiteMinder Policy stores, Key stores, User stores and Integrated with LDAP.
• Expert in setting up SSO Environment for SiteMinder and SunOne LDAP directory server. Augmented logical security application architecture integrating WebSphere Application Server 5.x, iPlanet LDAP Directory Server, Netegrity SiteMinder and implemented Single Sign-On security.
• Experienced with facilitating RSA authentication manager and RSA secure ID token-based authentication systems.Configured user provisioning and delegation of administration using RSA authentication manager for fine-grained access control of protected resources as per the policies developed in the policy store.
• Worked in defining schemas for Sun One LDAP Directory Server.Worked on SiteMinder SM Session, Persistent and Secure Cookies.Gained Sound knowledge about the SiteMinder environment databases like Policy Store, Accounting Logs, Key Store, Token Data and Session Server.
• Worked on defining and Policies, Realms, Rules, Responses in SiteMinder environment for Protected authorized access.Worked on Failover & Load Balancing strategies between Web Agent to Policy Server, Policy Server to User Directories and Policy Server to Policy Store.
• Administered and Maintained multiple Policy Servers and Web Agents in the SiteMinder SSO environment.SiteMinder Simple Network Management Protocol (SNMP) Support, Event Trapping and Trouble Shooting.
• Day-to-day maintenance ofSiteMinder policy servers and troubleshooting production issues, Coordinated with the Service providers and identity providers during the SAML Certificate upgrade.Audited, Reported and Monitored SiteMinder log files effectively, including using One View Monitor for identifying performance bottlenecks.
• Installed and Administered Policy Server and Web Agent Option Pack tools for using Federation security services and Telligent rules effectively.Configured enterprise applications and corrected performance problems by monitoring server availability and resource utilization analysis using Preview.
• Installation, integration and deployment of SailPoint Identity IQ. Involved in knowledge sharing sessions for SailPoint Compliance Manger component and involved in creation of design documents, code reviews.
• Installed and configured RACF SailPoint connector to integrate with Mainframe systems. Performed Installation and configuration of SailPoint 7.2. Onboarding and integrating various applications in to Sailpoint Identity IQ, configured Flat files and JDBC connectors in SailPoint.

Environment:CA SiteMinder 5.5/6.0, CA IDM r8/r12 Sun Java System Directory Server LDAP 5.x/6.x/7.0, WebSphere Application Server 5.x/6.x, sailpoint 7.2, Ping Federate 4.4/5.0, SSL, SNMP, UNIX, LINUX, Solaris, IBM AIX, Windows.

Confidential San Francisco, CA

SSO Integration Engineer

Responsibilities:

• Working extensively on the Ping Federate andSailpoint products and integrating web applications in the Enterprise wide apps and Federate to the externally hosted vendor sites. Configured Ping Federate IDP and SP connections to connect to the external vendors and have a SSO from Internal application.
• Create and configure Ping Federate adapters like HTML form, Open Token,SiteMinder and agentless adapters. Configured the agents on different web servers, Apache, IIS, HTTP web servers, etc. on Linux and windows environment to integrate with the apps
• Worked on PKI certificates to create, renew and deploy the certs for various implementation like Server HTTPS url, Encryption, Digital Signature.Experience in troubleshooting the issues by analyzing the trace and server logs and audit logs.Setup WS Trust connection for web service-based calls.
• Schedule a job to back-up the Ping Federate data every night.Providing 24x7 production support and on call support. Create reports on detailed information of the connection for management review.Follow standards for any change in environment, by creating RFC.Documenting any new change in SharePoint and team forge, for reference.Troubleshooting issues, documenting and promoting best practices
• Knowledge transfer session with new team members. Extensively worked on OIM Connectors like Active Directory, OID, Database User Management, and Flat File.Working on Identity Management service to enable client applications to manage identities such as users and roles.