SUMMARY:

• A customer service award - winning enterprise Identity and Access Management architect and engineer with over two decades of experience serving various government agencies and private institutions.
• Expertise spans the entire Oracle technology stack.
• Highly skilled Identity Consultant with 10+ years of experience in designing and implementing Identity and Access Management in high availability environments;
• Expertise in WebLogic, OIM, OAM, OAAM, OID, OUD, OVD, OEM, SOA, JDeveloper, Java/J2ee development; Proficient in Database and Directory Domain Environment; Experienced in architecting and deploying Identity and Access Management, LDAP Directories, Provisioning and De-Provisioning/Identity Workflows, Access Management, Role-Based and Attribute-Based Access Control (RBAC and ABAC), Compliance and Auditing Technologies, Enterprise System Architecture, Security Infrastructure Design, Authentication and Authorization technologies and custom-built security and technology frameworks; Strong hands-on experience in providing technical support on project planning, system design, integration, installation, customization, implementation, maintenance, and diagnostics associated with such technologies under heterogeneous environments.

TECHNOLOGY & SKILLS:

OPERATING SYSTEM: Sun/Oracle Solaris 2.6, 8, 9, 10 and 11, Red Hat Enterprise Linux 2.x,4.x, 5.x, 6.x, 7.x; CentOS 6.5 and 7.x; VMware ESX/ESXi servers 5.0, 4.1, vSphere 5, Oracle Enterprise Linux 5.x, 6.x, 7.x and Oracle VM, Oracle Virtual Box, SuSe Linux 8.0, Windows Server 2000/2003/2008 R2/2012R2, Window NT Server 4.0, IBM AIX 5.1 and 6.0, HP-UX 10.xx and 11.xx; Debian 6.x

HARDWARE: Oracle Database Appliance X6-2-HA, Sun Fire Servers from V240 up through E25000, Sun SPARC T3, T4, and T5 series; Dell PowerEdge T110, T310; HP (Compaq) Proliant, IBM RS/6000 SP2, IBM System x3650 M3, Cisco CSS 11500 Series Content Services Switch, F5 BigIP Local Traffic Manager (540's and 6400's), F5 Big-IP 8950/8950S, F5 BIG-IP LTM-2200s, F5 BIG-IP Global Traffic Manager 2000S; NetApp FAS6080/3140 SAN storage systems

Governance, Standards & Compliance Management: Security Assessment, authorization, & continuous monitoring that implements (BSIMM4, Sarbanes-Oxley, HIPAA, Gramm-Leach-Bliley, FFIEC, SB1386, HSPD-12, SAS 70,NIST 800-26, 30,39, 53A, FISMA, FIPS 199, OBM A-123, 127 & 130, PCI-DSS Standard & OWASP, SCORM, BSIMM4, NICE, FedRAMP baseline controls & templates)

LANGUAGE: SQL, PL/SQL, Java, JavaScript, Perl, C/C++/C##, CGI, Python, PHP, FORTRAN, BASIC, UNIX Shell Script, HTML/DHTML/XHTML, XML, CSS, SAML 1.0/2.0, XACML, VB, VBScript, ASP etc.

Protocols: OSI model, HTTP, LDAP, SOAP, IPX/SPX, IPXODI, TCP/IP (V4 & V6) SMTP, SFTP, TFTP, LPD, BootP, SLIP, PPP, PPTP, L2TP, SAP, ARP/RARP, ICMP, IGMP, IGRP, RIP I-II, NETBIOS

APPLICATION SOFTWARE: Oracle Identity Management 12.2.1.3.0 (PS3); Oracle WebCenter Suite 12.2.1.3.0 (Woracle WebCenter Content, Oracle WebCenter Portal, Oracle WebCenter Sites), Oracle SOA Suite 12.2.1.3.0 ; Oracle Traffic Director 12.2.1.3; Oracle GoldenGate Studio 12.2.1.3.0 ; Oracle Enterprise Manager Cloud Control 13c (13.1); Oracle Fusion Middleware 11g Release 1 & 2 (11.1.1.6, 11.1.1.5, 11.1.1.4., 11.1.1.3, 11.1.1.2, 11.1.1.1, 11.1.2.1, 11.1.2.2, 11.1.2.3), WebLogic Server (12c, 10.3.6, 10.3.5, 10.3.4, 10.3.3, 10.3.2), Oracle Identity Management 11g Release 1 & 2 (11.1.1.7, 11.1.1.6, 11.1.1.5, 11.1.1.2, 11.1.1.1, 11.1.2.1, 11.1.2.2, 11.1.2.3), Oracle Identity and Access Management 11g R1 and R2 (11.1.1.5, 11.1.1.6, 11.1.2.1, 11.1.2.2, 11.1.2.3), Oracle OpenSSO Fedlet 11.1.1.3.0, ForgeRock Identity Management (AM 5.1.x, DS 5.0.x, IDM 5.0.x, IG 5.0.x); PingIdentity (PingFederate 8.3, 8.2, 8.1, PingAccess 4.3.2, PingID); SecureAuth IDP 9.x, 8.x, 7.x (Multi-Factor Authentication, SSO, Adaptive Authentication); Microsoft Forefront Identity Manager (FIM) 2010 R2, Windows Server 2012 R2 and 2008 R2. Identity Management for UNIX, Windows Server 2008 R2 DNS Server, Active Directory Domain Services, Active Directory Certificate Services and Lightweight Directory Services, Oracle Application Server 10g Release 2 and Release 3 (10.1.2, 10.1.3) and Oracle Identity Management 10g Release 2 (10.1.4), Oracle SOA Suite 11g(11.1.1.7, 11.1.1.5, 11.1.1.4, 11.1.1.3), Oracle Portal 11g (11.1.1.5 and 11.1.1.6), Oracle Form and Report 11g (11.1.1.5 and 11.1.1.6), Oracle WebCenter Content/Enterprise Content Management Suite 11g Release 1 (11.1.1.5) and Universal Content Management 10g (10.3.3), Site Studio 11g, Oracle WebCenter Portal 11g Release 1 (11.1.1.5, 11.1.1.3, 11.1.1.1), Oracle BPEL Process Manager (10.1.2.0.2, 10.1.3.x), Oracle Business Intelligence Suite Enterprise Edition 11g (11.1.1.5, 11.1.1.3) and 10g (10.1.3.3.x, 10.1.3.4.x), Oracle WebTier Utility 11g (HTTP and WebCache Server), Oracle Application Express (2.x, 3.x, 4.x) and Oracle HTML DB 2.0, Oracle 9iAS (1.0.2, 9.0.2, and 9.0.3), Oracle E-Business Suite (11.5.x, 12.1.x), Oracle Discoverer 10g (10.1.2.0.2 and 10.1.2.2), Oracle Collaboration Suite (9.0.3, 9.0.4, and 10.1.2). Oracle Enterprise Manager Grid Control 10g (10.2.x) and 11g and Oracle Enterprise Manager Cloud Control 12c, Oracle Enterprise Manager (8.1.x, 9.2), Oracle Developer Suites 11g (11.1.1.x) and 10g(10.1.2, 9.0.4), Allfusion Erwin 4.1, Oracle Warehouse Builder 10 g Release 2 (9.0.4, 9.2, 10.1, 10.2), Oracle JDeveloper (11.1.2.x, 11.1.1.5, 11.1.1.2, 10.1.3, 10.1.2, 9.0.5, 9.0.4), Apache Ant 1.6, 1.7, Apache Tocat (2.x, 3.x, 4.x, 5.x, 6.x), Cognos Series 7, 8, Plumtree Software 5.x, 6.x (Portal, Content Server, Collaboration Server, Workflow Server), Media Wiki 1.18, OSQA, BEA WebLogic Server (7.x, 8.x, 9.x), IBM Websphere Application Server (5.x, 6.x), JBoss Application Server (3.2.x, 4.0.x, 5.x, 6.x, 7.x), VMWare 4.0, 5.0, LDAP Browser (2.0, 2.6), SSH Secure Shell (3.x), Exceed (6.0, 8.0, 10.0), Microsoft Office, Microsoft Visio, SAS 6.0, 8.0, SQL Navigator, BrioQuery Explorer, Seagate Crystal Reports, Quest Production Availability Suite (I/Watch, Space Manager, Spotlight on Oracle, SQLab Expert), BMC Patrol, SQL Navigator, ADSM/ TSM, Schema Manager, Legato Storage manager, cvs-1.1x; Axway Validation Authority (VA) Suite, Tumbleweed Validation Authority (VA) - Tumbleweed Validation Authority Server 4.8 & 4.9, Tumbleweed Desktop Validator 4.7.X, 4.8 & 4.9; Oracle Access Manager (11.1.2.x); Oracle Identity Manager (11.1.2.x); Oracle Adaptive Access Manager (11.1.2.x), Oracle Unified Directory (11.1.2.x); Oracle Internet Directory (10g, 11g); Oracle Virtual Directory (10g and 11g); Oracle Privilege Account Manager (11.1.2.3), Oracle Entitlements Server (11.1.2.3), Oracle Privileged Account Server (11.1.2.3), Oracle API Gateway (11.1.2.x)

DBMS: Oracle Database 12c Release 2 & 1 (12.2.0.1, 12.1.0.2 and 12.1.0.1), Oracle Database 11g Release 2 (11.2.0.4, 11.2.0.3, 11.2.0.2, 11.2.0.1), Oracle Database 11g Release 1 (11.0.7, 11.0.6), Oracle Database 10g Release 1 and Release 2 10g (10.0.x, 10.1.x, 10.2.3.x), Oracle Database 9i (9.0, 9.1, 9.2), Oracle Database 8i (8.1.6, 8.1.7) and 8 (8.0.5). Microsoft SQL Server 2017, 2014, 2012, 2010, 2008, 2005, 2000, and SLQ Server 7, 6, 5, 4.21, MySQL Server 5.7.20, 5.6, 5.5, 5.1, 4.1, PostgreSQL 10.0, 9.1.2, 9.0.6, 8.4.10, 8.3.17, 8.2.23, Microsoft Access 2010, 2007, 2003, 97 95, 2.0.

PROFESSIONAL EXPERIENCE:

Confidential

Oracle IAM System Engineer

• Designed and implemented the latest release of Oracle Identity Management 12c PS3 ( 12.2.1.3.0 ) with Multi Data Center (MDC) configuration across two data centers. This deployment with the components of OHS, WebLogic, OAM, OIM, SOA, OUD, OUD Proxy, OEM and RAC Database in a lab environment aims to replace the current GSA’s GAMS system.
• Provided support for the operations and maintenance of the current GSA’s GAMS, which consists of Oracle Identity and Access Management 10g and 11g suites, as well as a customized access center. My duties include manage configuration, operations and maintenance support for the GAMS application environment that includes separate environments for Development, Integration & Testing, and Production.
• Coordinate and support GAMS server operating system patching with GSA IT Server Patching Team.
• Analyze and address performance issues found in GAMS system, such as WebLogic, OAM, OAAM, OIF, OID, OVD and RAC databases.
• Provide support for integrating GAMS system with applications such as PBS Portal, Liferay Portal etc.
• Provide support for data correction among data sources from AD, OID, database to support PIV card authentication.
• Manage customer support for IT systems integrated with GAMS, and coordinate with their business owners on GAMS changes, maintenance and operational issues.
• Support GSA IT change management processes for GAMS including support for change request analysis, release board (RB) and change control board (CCB) activities.
• Provide Tier 2 and Tier 3 support for GAMS, and maintain appropriate Tier 1 help desk processes and scripts.
• Provide support for GSA IT helpdesk ticket based fedlet integration requests. This type of request is typically from GSA FAS IT, where some FAS applications were integrated with Oracle Identity Federation 11g with legacy open source OpenSSO product, via Oracle OpenSSO Fedlet 11.1.1.3.0 .
• Provide support for PBS Portal Oracle HTTP Server (OHS) WebGate application integration requests and user data management through ODSM against OID.

Confidential

Senior Software Security Architect

• Provided to E&M Technologies, Inc consulting services as a Senior Software Security Architect for the GEOAxIS program in Herdon, VA. My main responsibilities included scripting for monitoring, updating and automation deployment of Identity and Access Management components (WebLogic, OAM, OES, OIF, OID, OUD OVD, Certificates). Exported, Adding, Modifying and Importing Authentication and Authorization Policies using OAM API. Developed and tested SQL procedures, packages and triggers by calling java programs to audit users’ access to GEOAxIS IDM applications within AWS environments.

Confidential

Senior Architecture Subject Matter Expert

• Designed and implemented USPTO RBAC system with Oracle Identity and Access Management (IDAM) Suite 11g. This includes all the IDM suite components: Apache HTTP servers, WebGate, Access Managers (OAM), Access Adaptive Manager (OAAM), Identity Manager (OIM), Oracle Service-Oriented Architecture (SOA), Oracle Unified Directory (OUD) and Oracle RAC database 11g for IDM metadata.
• Integrated OAM with Active Directory (AD) for Windows Native Authentication (WNA) using Kerberos authentication scheme. This integration provides the single sign-on (SSO) solution for the USPTO RBAC system to support USPTO intranet (internal-face) web based applications.
• Installed and configured OIM AD User Management connector and deployed it onto the .NET Connector Server shipped along with the connector package. Configured user management connector to run in the identity reconciliation (trusted source) mode so that AD serve as trusted source and user identity data are reconciliated from the AD to OIM and provision to OUD within the RBAC system. Installed and configured Microsoft Active Directory Password Synchronization connector to uses SPML Web service for password propagation to OIM.
• Integrated OUD with enabling Enterprise User Security (EUS) in the RBAC system to support USPTO’s Enterprise Data Warehouse (EDW) system with centrally managing database users across the enterprise. Worked with EDW team to provide user authentication service for the EDW system that provides access to integrated United States Patent and Trademark Office (USPTO) data to support the decision-making activities.
• Implemented integration of OAAM with OAM to control access to USPTO internet (external)-face applications resources with OAM and provide strong multi-factor authentication and advanced real time fraud prevention with OAAM. Advanced login security includes the virtual authentication devices, device fingerprinting, real-time risk analysis, and risk-based challenge.
• Engineered, designed, and implemented integration of OAM with Oracle Application Express (APEX) that hosts the USPTO’s multiple enterprise tools, including the DART applications that provide services for collection of multiple enterprise tools for the training website, travel site, etc. This integration was done by registration of APEX instances into OAM, creation of WebGate agent and Application Domain, configuration of protected APEX application (Callback) resources with Authentication Policies of KerberosScheme, and customized Authorization Policies of HTTP Headers variable, as well as the deployment of WebGate on the APEX OHS servers and utilization of its web listener Oracle REST Date Services (ORDS).
• Designed, implemented and worked with development teams to integrate RBAC system with USPTO’s Central Enterprise Data Repository Infrastructure (CEDR Infra) applications. The CEDR INFRA software architecture adheres to the USPTO’s e-Commerce Service Oriented Architecture (SOA) foundation and leverage the following industry-leading and USPTO-approved architectural frameworks, tools, and environments - Angular JS, JQuery, Bootstrap, Spring Framework, MyBatis, F5 Load Balancer, JBoss EAP, Oracle 12c Database, Redhat Enterprise Linux VM, (RHEV) Hypervisor Manager (Virtualization) and Redhat CloudForm. This integration had achieved that CEDR applications (RESTful service) utilize OAM kerberos authentication schemes (WNA) for authentication with customized authorization policies to control access RESTful service API/UI resources for GET, PUT, POST, DELTE, OPTIONS, HEAD, and other operations . In this implementation, a single entry point URL for CEDR applications is used to reverse proxy its UI and services to its back-end UI and RESTful Services VIPs. Users IDs and Credentials reside on AD and are populated to OIM and OUD. Creation of CEDR INFRA Roles and Roles Assignment are performed using OIM and then the CEDR Roles are populated to and stored in OUD. Authorization Policies Headers are defined within OAM.
• Addressed issues for integrating MyUSPTO Webget Single Page Applications (SPAs) with OAM. MyUSPTO is a personalized collection of widgets that serve Patient applicants’ recent news, information, and status changes. In OAM real world deployment scenarios, it’s totally ok that customers want to use separate WebGates for JavaScript and REST services. This breaks the Same-Origin policy right. The XHRs (XML HTTP Requests) made by the browser on behalf of the JavaScript would be automatically denied. To address this, I provided and implemented solution on how to deal with this by using the CORS (Cross Object Request Sharing) mechanism, as well as how to handle pre-flight requests and HTTP redirects in the context of REST services protected by OAM.
• Assisted to integrate USPTO’s GeoMaestro learning management system (LMS) and elearning delivery platform with RBAC’s OAM by configuring Federated Single Sign-on (SSO) based on SAML. This was done by enabling the LMS as Service Provider, downloading the Service Provider (SP) Metadata, importing it into the Identity Provider (IdP), adding the provided IdP metadata to the Service Provider setup, and protecting resources using Kerberos scheme.
• Designed, installed, configured and implemented high availability deployment for Oracle Entitlements Server (OES) components that provide fine-grained authorization for USPTO’s RBAC system to protect its applications resources by defining and managing policies that control access to, and usage of, these resources.
• Installed, configured and deployed OES Clients as Policy Decision Point (PDP) with various Security Module (SM), such as Java SM, WebLogic SM, Web Service SM, JBoss SM, RMI SM in Controlled-Push Mode High Availability.
• Installed, configured Oracle API Gateway (OAG) 11g and integrated with the RBAC existing OAM for authenticating USPTO users when they access RESTful service applications against RBAC’s OAM and upon successful authentication, the API Gateway authorizes the user against OAM or OES. This is an on-going proof-of-concept initiative.
• Installed, configured, and implemented Oracle Privileged Account Manager 11g (OPAM). Integrated OPAM with OUD and configured RBAC’s Redhat Linux to generate, provide, and manage access to passwords for privileged accounts for Linux ‘root’ and ‘oracle’, and for OUD’s IDM LDAP super accounts such as oudadmin and weblogic idm. Enabled auditing and establishes accountability for users with access to privileged account credentials.
• Installed and configured Oracle Enterprise Management Cloud Control 12c. Implemented Oracle Identity Management Pack to manage and monitor all RBAC components. Installed JVM Diagnostics and deployed JVMD agents to the target JVM (IDM Java components) for collecting real-time JVM data for monitoring and trouble-shooting purposes for the RBAC system
• Served as an advisory committee member of CIO/CTIO and provided reports on “Evaluation and Recommendation of USPTO RBAC Infrastructures”.
• Developed and deployed design solution for Multi-Datacenter for Active-Passive and migration to Active-Active.
• Designed and implemented PKI, CA, x.509 certificates, Cryptography for RBAC system. Successfully implemented End-To-End SSL encryption for the entire Oracle Identity & Access Suite and related applications.
• Supported RBAC day-to-day maintenance and addressed issues encountered during RBAC components and integrated USPTO applications operations in all environments (Dev, Lab, QA and Prod).
• Analyzed, configured and implemented finger-printing functionalities for OAM and OAAM-client IP tracing, enabling X-Forwarded-For for RBAC components, including F5, Apache, OAM and OAAM. Provided supports for Session managements and auditing.
• Provided consulting services and assistances for addressing POAMs findings for RBAC components and its associated applications.
• Provided advice, solutions and recommendations for USPTO applications development teams for integrating and consuming RBAC services.
• Interacted with higher management for project related updates and plans.
• Provided high level guidelines and insights on technical issues to technical team members.
• Worked with F5 BigIP Load Balancer team with VIPs & Cert SANs requirement. Assisted F5 team for RBAC VIPs health check and monitoring for RBAC components.

Confidential

Consultant

• Served as a consultant under a sub-contract from SAIC to support upgrading US Coast Guard TFSMS Portal, Identity Management system and Oracle E-Business Suite that is integrated with APEX applications. Performed infrastructure and software upgrade design and provided technical support and instructions for installation, upgrade, configuration and integration of Oracle Portal 11g (11.1.1.6), Webtier(OHS, Webcache 11.1.6), Oracle Identity Management 11g 11.1.1.6 (OID, ODSM, DIP, OINV), Oracle Access Manager 11gR2 (11.1.2.1), WebGate and AccessGate for EBS. Assisted for a successful roll-out of these upgraded applications from Development, Test and QA environments to a production environment.
• TSA WebLogic Infrastructure Design and implementation - Performed WebLogic infrastructure architectural design for TSA enterprise Java Applications. Conducted installation and configuration of WebLogic cluster from Test, QA to production environments. Enabled Single Sign-on and LDAP services for the WebLogic cluster Java applications. Implemented the authorization codes for the application PARIS 3.0. Produce System Design Document (SDD) and Build Document for the entire WebLogic Java Cluster system. Supported the integration testing and release.
• Application Systems Data Center Move - Laid out and wrote Data Center Move Plans for Oracle E-Business Suite (EBS) and Cognos Business Intelligent (BI) for TSA OED. The Department of Homeland Security (DHS) requested TSA to re-locate from its existing location of Pod A1 to Pod A3 at DC2. Two of the major application platforms currently existing in the TSA Operating Platform (TOP) are Oracle E-Business Suite (EBS) 11i and IBM Cognos BI. The written move plans for these two systems included the detailed analysis for the existing EBS and Cognos BI infrastructure (hardware and network), their hosting applications and services dependencies, the proposed migration strategy (Application and Data Base Level Migration), the approach for utilizing the native toolset provided within the applications (EBS and Cognos BI) to perform the underlying migration, and the detailed tasks that TSA should take to implement the migrations.
• Oversight - Provided oversight for ITIP vendor operations, particularly for those components that utilize identity management components in the TSA TOP environment. Validated POA&M security findings by IAD. Reviewed PDRs and CDRs. Reviewed TSA Identity, Credentialing, Access Management Segment Architecture (ICAM). Reviewed planning and implementation of PKI Validation System, which included OCSP Responder, PKI Validation Client components and the Personal Identity Verification (PIV) card reader middleware. Reviewed Functional and Business Requirements and Implementation Plan for TSA Identity Management Infrastruture Upgrade. Provided oversight on Oracle grid Control and its monitoring targets. Verified and established baseline of existing server infrastructure in PROD, ITE & DTE. Provided oversight for FP/LEDA design, implementation, configuration and security compliance in DTE, ITE and production environments.
• Technical Support for Acquisitions -- Conducted market research and advised on TSA's needs for an integrated PKI Validation System based on Online Certificate Status Protocol (OCSP). Reviewed PAD for TSA.
• Identity Management Infrastructure Upgrade - Served as an SME (Subject Matter Expert) for Self-Service Password Reset (SSPR) Project. Wrote, reviewed and worked with government project managers for the functional and business Requirements. Recommended infrastructural design and components to be implemented - Oracle Identity and Access Management Suite 11g R2 with OAM, OIM and OAAM for user authentication, fraud detection and password management, combining with use of OID, OVD to integrate with other directory such as Active directory and E-Business Suite in TSA environments. Provided technical overview, recommendation and suggestion to project team during the infrastructure design, IDAM software installation, components configuration, patching and testing.
• Technical Support for Projects -- Provided technical recommendations for deployment and test for Finger Print / LEDA applications using F5 Load Balancer and removing the Web Proxy to directly invoke WebLogic Managed Server. Verified STIP authentication and authorization data flow and provided suggestions for Identity Management Upgrade plan. Reviewed existing audit records on SSO and OID to determine whether data needs to be retained, backed up, or deleted, and made recommendations on how auditing should be set up. Reviewed file systems and directories and logs for application servers, and made suggestion for more efficiant trace and management of those logs.
• Operations Support -- Analyzed J2EE TOP application logs in production and ITE for performance tuning pertinent to utilize SSO and OID. Performed extensive troubleshooting on the issues encountered in the maintence and monitoring SSO and OID. Performed troubleshooting on F5 configuration issues for using SSL protocol during FP/LEDA deployment and test in ITE. Investigated, troubleshot and assisted to resolve WebLogic configuration issues during FP/LEDA test in DTE. Recommended application code change (wsdl) for FP/LEDA to use virtual host name. Investigated capabilities of Oracle GridControl as a monitoring tool for Oracle platform. Performed integration of Oracle Report with Oracle SSO and OID in Systest, ITE and Production environments. Setup Microsoft Identity Management for Unix for proof of concept purpose.
• Engineering Support -- Provided engineering support for POA&M Remediation for all Oracle systems. Supported POA&M Remediation for all systems. Supported engineering and implementation of the FP/LEDA systems in DTE.

Confidential, Herndon, VA

Senior Enterprise Architect

• A Senior Enterprise Architect responsible for the design, management and operational supports of the major Information Portal Systems of and inside.bia.gov for Bureau of Indian Affairs within the U.S. Department of the Interior. My duties mainly focused on performing system architect design, virtualization, upgrade, administration and maintenance of various components of Oracle Fusion Middleware 11g. These components/technologies stacks include Oracle RAC databases (11g), Oracle Secure Search (SES), Oracle
• WebCenter Portal and Enterprise Content Management Suite 11g (ECM 11g), Oracle SOA, Oracle WebLogic (10.3.x), Oracle Portal, Form & Report 11g, Oracle Identity Manager (OIM), Oracle Access Manager (OAM), Oracle Adaptive Access Manager (OAAM), Oracle Internet Directory (OID), and Oracle Virtual Directory (OVD). My duties also included defining processes and procedures to ensure services stability, performance and availability, supporting integration between legacy application systems and the new Oracle Middleware products.
• My responsibilities extended to re-design, convert and migrate BIA’s portal systems to a virtualized infrastructure. To achieve BIA’s cost-reduction strategy and business needs, I was also leading a team for design, implementation, and maintenance of various applications using open sources software. These applications included
• an organization-wise Media Wiki for knowledge sharing purpose among all BIA’s employees, and an Ideation tool serves as an open meeting place for employees to share ideas, ask questions and get answers from their peers.
• There were the two instances of the same tool focused on different purposes: one is for questions and answers, while the other focuses on idea generation. The Open Government task group identified ideation tools as an essential part of the Open Government initiative. The DOI Public Affairs office has identified ideation tools as a high priority item for the DOI Web site.
• My major responsibilities as the VP of Technology for Confidential . were to provide general technical solutions during contract competition. Technologies mainly focused on Cloud Based Content Management and Identity Management.
• Designed, installed, customized and implemented the Ideation system on BIA’s virtualized environments using open source OS - CentOS 6.2, and OSQA, an open source question-answer system written in Python with Django, and the data layer relied on PostgreSQL. The self-help features offered by Q&A segment of the ideation tool provide IA users with more timely and accurate assistance options for a wide range of topics as the tool’s use evolves. Self-help answers to common questions reduce the burden of repeatedly answering the same question from Help Desk and field support staff. Additionally, the ideation tool help identify and grow initiatives that can save time, money and effort for the IA organization.
• Designed, installed, customized and implemented the MediaWiki system on BIA’s virtualized environments using open source OS - CentOS 6.2, and MediaWiki, an open source wiki package written in PHP, and the data layer relied on MySQL. The MediaWiki system has provided IA employees for knowledge sharing and searching purpose.
• Designed, installed, configured and implemented the BIA’s Portal system. This system provides internet and intranet application services for the BIA’s employee and its customers (Indian tribes and Alaska Native entities). This system consists of Oracle Identity Management Suite 11g (OID, OVD, OAM, OAAM, OIM)that associate with Microsoft Active Directory (AD) to provide user provisioning, authentication and authorization to the system, Oracle Enterprise Content Management Suite 11g (ECM) for BIA’s web contents hosting and management, Oracle WebLogic, SOA, and WebCenter Portal that host ADF applications for BIA’s financial reporting and auditing system, Oracle Enterprise Secure Search for the BIA’s Web and file Contents search, and use of the Oracle Database Server 11g (RAC) for metadata and contents . High availability, security and scalability were considered during design and implementation, and during installation and deployment. These considerations were achieved by employing Oracle Real Application Cluster (RAC) for databases, setting up of cluster for WebLogic managed servers and virtual ip for AdminServer, using shared storage for the file systems, configuring entries using encryption, as well as enhancing security by setting up firewall and patching for the entire system.
• Re-designed, upgraded Oracle Universal Content Management 10g (UCM 10.3.3) to Oracle Enterprise Universal Content Management Suite 11g (11.1.1.5). Migrated BIA’s web contents from UCM Site Studio 10g to ECM Site Studio 11g.
• Designed GINNE MAE Image and Vital Record Management System. This design employed Amazon Web Services (AWS) and Amazon Elastic Compute Cloud (EC2) and Oracle Enterprise Content Management technologies.

Confidential, Chantilly, VA

Senior Semantics Analyst

• Worked on site for U.S. Customs and Border Protection (CBP), an agency of the U.S. Department of Homeland Security in Alexandra VA. Duties included exploring use of Oracle Spatial technologies, particularly the use of Geo
• Coding combining with Analytical Statistics Modeling to enhance probability of seizing those illegal cargo shipments and passengers during Customs scanning.
• Provided Initial concepts analysis and data set selection
• Built statistical model using historical data within data warehouses, with enhancement of including Geo Coding data.

Confidential, Reston, VA

System Architect and Engineer

• System architect and engineer for the enterprise applications of a major component (TSA) within the Department of Homeland Security. Influenced agency’s acceptance of building a new architectural environment (ITEARCH) for patching, new application products test and design purposes. Led DBA and SA teams to set up multiple
• Infrastructure baselines (DTE, Breakfix) with cloned databases and applications servers from the pre-product environment (ITE) and product environments. Re-designed and implemented the agency’s enterprise application web tier with greatly improved availability, performance and security. Successfully re-engineered and upgraded the agency’s Identity Management system and leading the DBA team for its implementation in testing and production environments. Designed and led implementing conversion of Oracle E-Business Suite from external application to partner application for Single Sign-on and Oracle Internet Directory.
• Designed integration of SS/OID with Active Directory and enabled Kerberos authentication for applications within the TSA TOP platform. Integrated various applications deployed to Oracle Application Servers (OC4J and Weblogic) and E-Business Suite with Oracle Identity Management. Provided security assessment and recommendation for CPU Patching to the agency’s applications. Designed infrastructures used for and implemented multiple instances of SOA suite, OBIEE and UCM with considerations of high availability and security. Prepared and engineered migration of current applications in Oracle Application Server 10g to the newest release of Oracle Fusion Middleware 11g. Worked as an executive manager to coordinate project-wise work among DBA team, QA team and architect group.
• Designed integration of Single Sign-on and Oracle Internet Directory with Microsoft Active Directory and enabled Windows Native Authentication (WNA) for applications within the TSA TOP platform.
• Configured and secured Oracle Enterprise Manager used for management of the TOP enterprise application, with focus on user roles and privileges management, and user authentication with Single Sign-on.
• Led DBAs and SAs for installation, configuration, patching and upgrade for various Oracle Fusion Middleware components (such as APEX, J2EE apps, OBIEE, BPEL and ESB, UCM etc.)
• Designed the infrastructure for, engineered and led DBAs and SAs to build multiple architecture/patching environments (DTE, Breakfix etc) with cloned databases and applications (J2EE apps and E-Business Suite) from pre-production environments. The fully functioned infrastructures were handed over to other development contractors such as IBM and Deloitte development teams.
• Re-designed and upgraded TSA’s TOP Identity Management System with Oracle Identity Management (Single Sign-on and Oracle Internet Directory) featuring with high availability improvement (OC4J cluster for SSO and LDAP load balancing), and security enhancement (password policies and password hash algorism).
• Customized User Provisioning Applications, including EBS’s User Manager (UMX) and a TSA’s User Management Application (UM) for LDAP integration.
• Redesigned for isolating web tier from application tiers in TSA’s TOP environments and led DBAs and SAs to implement such security hardening. These were achieved by replacing Web Cache with Apache 2.0 using reverse proxy, ajp13 and employed mod security techniques.
• Architected and implemented integration among J2EE applications, E-Business Suite, SOA Suite, OBIEE, Content Management (Oracle’s Universal Content Management and EMC Documentum), Weblogic applications and Oracle Identity Management for authentication and authorization purposes.
• Strategically planned and led the Identity Management system migration from one data center to another (DC2).
• Designed with using of Enterprise Management Pack for managing and monitoring of databases, application servers, and BPEL processes.

Confidential, Rockville, MD

Principal Architect

• Responsible for architect consultancy of Oracle Technologies with focus on Identity Management Suite. This involved design, setup, configuration, and maintenance of Oracle Internet Directory, Virtual Directory, Access and Identity Manager with high availability for these components.
• Designed, implemented and integrated existing applications with the new identity management system to provide a Web Single Sign-on solution for AARP’s clients. The AARP’s Web Access Management (WAM) is AARP’s authentication, authorization, and user management solution for web-based applications. WAM is made up of 3 applications (OAM, OVID, and OID) from the Oracle Identity Management suite (10.1.4.0.1 ) and is integrated with a variety of applications (Microsoft Active Directory, Microsoft SharePoint, Databases (IBM DB2 and Oracle Server and J2EE application etc.). Completed the 1st phase WAM system roll-out in production.

Confidential, Washington DC

Infrastructure Architect and DBA/App DBA Team Lead

• Led a DBA team and worked with PBGC architect groups and other application development teams for architectural design, installation, configuration and deployment of Oracle Portal, BPEL, Reports and various J2EE applications. Performed architectural design, application software installation, configuration, implementation, maintenance, and diagnostic support associated with Oracle 9iAS R1/R2 and Oracle Application Server 10g R1/R2 on Sun SPARC Solaris and Red Hat Linux. Was a key architect and project lead for Oracle Internet Directory and Single Sign-On services for PBGC Unified Desktop project. Was a leading architect for migrating E-Business Suite e-CRM from Solaris Platform to Linux environment. Supported various development efforts as an in-house subject matter expert on Oracle Warehouse Builder. Authored system standards, technical guidelines and operational documentation and ensured adherence to departmental processing standards. Additionally supported a variety of Unix and NT based applications, including Plumtree Portal, Cognos Software, and TSCENSUS etc. Provided support on RDBMS administration in CDE, ITC and production environments. Performed database creation, design, conceptual analysis and routine maintenance. Designed, documented, implemented and maintained PBGC’s standby databases and data guard in production and COOP environments.
• Led a DBA team and worked with PBGC architect groups and other application development team for architectural design, install, configure and deploy Oracle Portal and BPEL during “Unified Desktop” project.
• Was a key architect for Oracle Internet Directory and Single Sign-On that provided enterprise-wise services for PBGC’s “Unified Desktop”. Performed technical design, multiple team co-ordination, co-operation,and implementation in multiple OS platforms and various environments using up-to-date technologies. These technologies included Kerberos authentication (Windows Native Authentication), Security Socket Layer, Directory Integration and Synchronization, clustering, Java Authentication and Authorization Service and Single Sign-On etc. The implementation of OID and SSO not only provided an enterprise-wise Single Sign-On served for the current PBGC Unified Desktop project (J2EE applications, Portal, and E-Business Suite), but also laid the foundation for future integration of the entire PBGC multi-platforms applications with a centralized identity management.
• Provided assistance and trouble shooting for development team for integration of customized J2EE partner applications and E-Business Suite with Oracle Identity Management Services (Single Sign-On and Oracle Internet Directory).
• Engineered, designed, documented and implemented Oracle E-Business Suite (CRM) migration from Solaris platform to Linux. The successful implementation of the CRM application migration in PBGC’s CDE, ITC and Production environments had proven it is a technically sound and sophisticated design.
• Designed, documented, standardized and implemented 9iAS/AS10g architecture to various applications and held training sessions with developers. Documented various models for 9iAS/AS10g architecture.
• Was responsible for Oracle Warehouse Builder for data consolidation and modeling team. This project involved in data warehouse/data mart design, implementation of data warehouse design time and runtime repository and application instances, as well as the analysis of the database, the extraction, verification, and loading of the data, the creation of aggregate and summary information, and the creation of the end-user interface.
• Reviewed and analyzed the Oracle CPU patching, provided lists of the applications and AS10g instances to be patched, analyzed the patching impacts, and documented patching procedures and performed trouble shooting when needed.
• Assisted development of J2EE compliant applications as well as Form and Report services (6i and AS10g) ; Assisted in designing and maintaining software applications within the enterprise by authoring proof of concept functionality, authoring prototype applications, and assisting in critical support issues.
• Enhanced performance, scalability, and high availability of the Application Servers through configuration of Web Cache, HTTP servers and virtual hosts, or creation of cluster servers with file/farm-based repository. Established the Application Server 10g cluster in development, production, and COOP environment.
• Implemented and managed application server users through LDAP directory service, directory integration and provisioning services, as well as integrated third party authorization and authentication tools such as Wedgetail Single Sign-on and Microsoft Active Directory with OracleAS 10g.
• Designed network infrastructures (SSL accelerator and Load-Balancer) for various application servers and implemented the Self-Service Web-Portal (Oracle Portal 3.0.9) for providing FAQ functionality of CRM to PBGC’s customers.
• Installed, configured and maintained a variety of vendor-specific application servers and the backend databases that automatically managed hardware and software, detailing PC, UNIX, and server assets across the entire Pension Benefit Guaranty Corporation.
• Created, customized and supported several instances of Oracle Collaboration Suite (9.0.3 and 9.0.4) for PBGC Enterprise Architecture and Strategy Planning Pilot Project that served for the purposes of collaboration (email and workflow), content management (file system), calendaring, and portal service.
• Established PBGC’s standard procedures for the creation and configuration of 8i and 9i standby and Dataguard. Created, coordinated and administered Oracle DataGuard and standby databases for PBGC’s Continuity of Operations Planning (COOP) that serves as PBGC’s disaster recovery strategy.
• Migrated 8i database from 8i to 9i as well as redesigned and implemented new data dictionaries for the associated applications (e.g. ASSETCenter).
• As a DBA team member, created, maintained, patched, backuped, tuned, and migrated a variety of testing and production databases and applications for PBGC.

Confidential, Burlington, Massachusetts

Database Administrator

• Provided support in installation, configuration, and management of the Comprehensive Cost and Requirement (CCaR) automated financial management system at Hanscom Air Force Base.
• Administered the related databases in Unix and NT environments. Duties included performance tuning, backup and recovery, and troubleshooting.
• Assisted data loading through writing PL/SQL codes, modifying SQL*Loader control files and use of VB applications.
• Performed databases cloning for testing purposes from production databases on Solaris 2.6; conducted database migrations from 8.0.5 to 8.1.6; installed new applications and the underlying Oracle databases; established new users accounts and security for the existing databases.
• Provided SQL and PL/SQL training to new end users such as payroll, HR, and management personnel.