SUMMARY:

• Team - oriented Cloud engineer with over 20 years of experience working with various technologies.
• Extensive experience in Confidential IAM such as ISAM/ISIM/TFIM/WAS/LDAP/IHS.
• Experience setting up ISAM/WAS in AWS EC2. Expert-level knowledge of Amazon EC2, S3, EFS, Glacier, Snowball, RDS,
• Elastic Load Balancing, SQS, SNS, AWS IAM, VPC, DynamoDB, AWS Directory Service,
• Certificate Manager, WAF, KMS, ECS, Route53, AWS HIPPA, Trusted Advisor, EMR, Presto,
• Elastic Beanstalk, Cloud Formation, Cloud Front. Extensive experience in AWS Federation/IAM. Knowledge in GIT.
• Experience in Docker and Kubernetes, Vagrant, Chef, Puppet, ansible, SaltStack, Jenkins. Knowledge in python.
• Experience in Big Data processing using Apache Hadoop.
• Experience in Hadoop administration activities such as installation and configuration of clusters using Apache, Cloudera, Hortonworks.
• Hands on experience in installing, configuring, and using Hadoop ecosystem components like Hadoop HDFS,Yarn,
• Zookeeper, journal Nodes, Hadoop HA, Hadoop HA Federation, Hue, MapReduce, HBase, Hive, Apache Ranger, Apache Sentry, Kerberos and Apache Knox.
• Experience in setting up the High-Availability Hadoop Clusters. focusing on high-availability, fault tolerance, and auto-scaling. Experience deploying Ngnix, HAProxy and Apache.

PROFESSIONAL EXPERIENCE:

Confidential

Devops/Hadoop/AWS Experts

Responsibilities:

• Install, configure, administer and troubleshoot ISIM 6, ISAM 8 and ISAM 9 and TFIM. Deploying ISAM into AWS EC2. Troubleshoot issues and resolve incidents as assigned.
• Strong focus on AWS security (AWS IAM). AWS Federation using AWS Directory service and on premise corporate directory(AD/ADFS). Deployed ISAM into AWS EC2. Created AWS Multi-Factor Authentication (MFA) for instance RDP/SSH logon using RSA token, and Google Authenticator. Locked down the AWS account and leverage IAM accounts. Worked with teams to lock down security groups.
• Design roles and groups for users and resources using AWS Identity Access Management (IAM)
• Involved in designing and deploying a multitude applications utilizing almost all of the AWS stack (Including EC2, Route53, S3, Glacier, ElasticBeanstalk, RDS, Dynamo DB, SNS, SQS, ECS, EFS, KMS, Certificate Manager, EMR, Presto, CloudFront, CloudFormation). Focusing on high-availability, fault tolerance, and auto-scaling.
• Design and deploy multiple VPCs and VPC peering
• Created multi AZ VPC instances to enable high availability for applications.
• Managed multiple AWS accounts with multiple VPC's for both production and non-prod where primary objectives included automation, build out, integration and cost control.
• Experience with monitoring tools such as Cloud Watch.
• Worked on automation and continuous integration processes with Jenkins, Chef/Puppet.
• Configured web servers (HAPROXY, Nginx)
• Providing automation and deployment of applications inside software containers by providing additional layer of abstraction and automation of operating system level virtualization on Linux using Dockers, Kubernetes, and Vagrants.
• Deployment of Docker containers for development
• Implementation of Docker, and various Docker orchestration tools such as docker-compose, docker swarm.
• Deploy Kubernetes in both AWS and Google cloud. Setup cluster, replicator. Deploy multiple containers in a pod.
• Administering and configuring Kubernetes .
• Expertise in implementing enterprise level security using Hadoop security/ACLs, MIT/AD/LDAP, Kerberos, Knox, Sentry and Ranger.
• Hands on experience in Zookeeper and ZKFC in managing and configuring in NameNode failure scenarios
• Experience in deploying Hadoop 2.0(YARN).
• Installing and configuring Hadoop eco system like HBase, hive.
• Monitored multiple Hadoop clusters environments using Ganglia, Kibana, Nagios.
• Hands on experience in installation, configuration, supporting and managing Hadoop Clusters using Apache, Cloudera (CDH5).

Confidential

Hadoop/Devops

• Install, configure, administer and troubleshoot ISIM, ISAM and TFIM. Integrate proprietary Healthcare software with ISIM/TFIM and ISAM such as EP Authenticate (AAM product), EP Catcher/Picher. Configure SAML SSO with EP Financial, EP Enrollment and Curam. Configure SSO using LTPA to Cognos and FileNet. Integrate TFIM with Webseal as POC and use Oauth protocol as a proof of concept.
• Strong focus on AWS security (AWS IAM). AWS Federation using AWS Directory service and on premise corporate directory(AD/ADFS). Deployed ISAM into AWS EC2. Created AWS Multi-Factor Authentication (MFA) for instance RDP/SSH logon, worked with teams to lock down security groups.
• Design roles and groups for users and resources using AWS Identity Access Management (IAM)
• Involved in designing and deploying a multitude applications utilizing almost all of the AWS stack (Including EC2, S3, Glacier, RDS, Dynamo DB, SNS, ECS, CloudFront, CloudFormation) focusing on high-availability, fault tolerance, and auto-scaling.
• Managed multiple AWS accounts with multiple VPC's for both production and non-prod where primary objectives included automation, build out, integration and cost control.
• Maintaining the security groups in EC2, EC2 VPC and controlling the inbound and outbound traffic that are allowed to reach the instances
• Enabled AWS Multi-Factor Authentication (MFA)
• Configured S3 versioning and lifecycle policies to and backup files and archive files in Glacier.
• Used Ansible/SaltStack to automate Configuration management & Applications.
• Configured web servers (HAPROXY, Nginx)
• Implemented Kerberos Security Authentication protocol for existing cluster.
• Working with data delivery teams to setup new Hadoop users. This job includes setting up Linux users, setting up Kerberos principals and testing HDFS, Hive.
• Setup Hadoop HA and HA Federation, namenode, secondary nameode and standby namenode
• Hands on experience in installation, configuration, supporting and managing Hadoop Clusters using Apache Hortornworks.
• Provide highly durable and available data by using S3 data store, versioning, lifecycle policies, and create AMIs for mission critical production servers for backup.

Confidential

Tivoli Identity manager admin

• Administer ITIM 5.1 and provide day to day support such as on boarding Winlocal, Mssqldb, Oracle db, DB2, Linux, Solaris and AIX services. Configured nightly reconciliation to synchronize ITIM user information with accounts on managed resources. Setup Recon and analyzing Recon Failure. Monitoring ITIM activities such as pending, HR Feed and Recon. Monitoring LDAP and ITIMDB. Perform tuning on ITIMDB and WAS. Perform backup/restore on LDAP DB, WAS and ITIM. Configure Services with the RMI adapter. Troubleshoot WAS, LDAP, DB2 and ITIM.

• Deploy, configure and Administer WebsphereDatapower XI52 and XG45 in HA. Major tasks include: Firmware upgrade, creation of users, domain, assigning ACL. Familiar with WebSphere DataPower configurations for Web Service Proxies (WSP), XML firewalls (XMLFW), multi - protocol gateways (MPGW). Ability to diagnose and resolve complex issues related to WebSphere DataPower. Expert Knowledge with security concepts (authentication, authorization, encryption, digital signatures), PKI concepts, and SSL. Configure WSRR registry with Datapower to manage services. Understand the concept of virtualization such as Endpoint virtualization, protocol virtualization. Understand traffic shaping. Configure FTP/SFTP, SNMP, and Log target. Integrating Datapwer with LDAP (ITDS).
• Design, Install and configure ISAM V8 in HA and provide a POC for ISAM for web (WGA) and ISAM V8 for Mobile (MGA). The integration explores using Confidential Security Access Manager for Mobile as a policy decision point (PDP) to Third party Policy Enforcement point (PEP). Setup OTP, RBA to accomplish the POC for Mobile apps. Configure Front End Load balancer (FELB) in HA, Web Reverse Proxy in HA. Configure multiple instances of Web Reverse Proxy on the appliance. Configure Policy server active and standby on the appliance for failover. Configure Distributed session cache (DSC) for session management. Configure peer to peer LDAP. Create cluster for ISAM V8. Configure web application firewall (PAM module). Apply Firmware updates as needed. Manage the environment using various methods such as LMI, Cli and dscadmin, WPM, and pdadmin.

Confidential

Tivoli Federated Identity Manager

• Designed and implemented highly-available and scalable security solutions involving TFIM 6.2.2.7.

• Installed and configured Tivoli Federated Identity Manager V6.2.2.7,
• Runtime and Management Services, Management Console and Web Services Security Management Client.
• Applied Fix pack 7 that include the new feature of TFIM (RBA, USC, and OTP). Created and deployed Domains in FIM. Configured global security for WebSphere Application Server 7 using AD as repository. Created JDBC Providers, data sources, and JAAS authentication aliases in order to provide connectivity to DB2 database for the RBA. Configure TFIM to use WGA(ISAM V7). Configured TFIM Risk Base Access (RBA) for authorization decisions (PDP) and Policy enforcement (PEP). Configure One-time-password (OTP) for strong authentication using email or SMS for the password generation. Configure User Self care (USC). Documented installation and configuration process and delivered Operations Runbook to client.

Confidential

WebSphere/TAM 6.1.1 /ISAM V7 Migration and TFIM

• Designed, installed, configured and implemented WAS V8 and TFIM 6.2.2.x in various environments. Configured FSSO using SAML 2.0 Federations with numerous businesses partner using Tivoli Federated Identity Manager. Customized TFIM identity mappings to pass required attributes in assertions. Documented the installation and configuration process and delivered Operations Runbook to client.

• Provide technical expertise in designed and migration of ISAM 7 from ITAM 61.1..x. Installed, configured and administered ISAM 7.x for e-business components such as policy server, Authorization, and Tivoli directory server on windows platforms. Used Parallel method to Migrate ITAM 6.1.1 Webseal instances to ISAM 7 Appliance. Migrated user registry to ITDS 6.3. Migrated Policy Server to ISAM 7 and provided Policy server fail over as active, standby. Configured Web Application Firewall (PAM module), Front End Load balancer and provided HA for the Front End Load Balancer. Configured peer to peer LDAP and LDAP replicas. Manage the environment using various methods such as LMI, Cli, WPM, and pdadmin. Applying firmware updates as needed. Provided backup, restore for LDAP, ISAM7 and Policy server.