PROFESSIONAL SUMMARY:

IT security professional with extensive knowledge and hands on experience in designing, developing and implementing solutions focusing on security for cloud and on premise infrastructure.

SKILL:

Scripting: Python, Bash, HTML, CSS, JavaScript, PHP, SQL

IAM Tools: ForgeRock product suite - OpenAM / SSO, OpenDJ / LDAP, OpenIG / Reverse proxy and AWS IAM

Network Tools: Cisco ISE, Big F5 s Load Balancer/AWS ELB s, Wireshark, Fiddler and Nmap

Encryption and Key Management: Gemalto Luna SA HSM, Virtual Key Secure K150, HPE Enterprise Secure Key Management, Voltage SecureData Appliance, RSA Data Protection Manager, Vormetric Data Security Manager & Tokenization Server, Thales nSheild Connect XC & 1500 HSM, Venafi PKI and cloud HSM and KMS

Security: Skyhigh CASB, Qualys VM, CyberArk Password Vault, Proofpoint TAP, CrowdStrike and Nessus

SIEM and Monitoring: Splunk, Sumo Logic, Grafana, Looker and Wavefront

Others: GIT, Puppet, Jenkins, Ansible, Meinberg s Time Services, Selenium, OpenSSL, Apache and Tomcat

Platforms: Amazon Web Services, Azure, Google Cloud Platform, Windows, Linux (Redhat 6.x, 7.x)

EXPERIENCE:

Confidential

Responsibilities:

• Managed authentication platform for an enterprise of 27,000+ users using Forgerock product suite
• Hands on experience with various version of OpenAM like OpenSSO, OpenAM v9.5.5, v11.0.3 and v13.5 and AM 5.0
• Integration with MFA solutions like RSA SecurID and Forgerock Authenticator, and local authentication with Kerberos and BasicAuth
• Designed the upgrade and migration of OpenAM and various web containers like Glassfish, JBoss and Tomcat
• Architecture and design of authentication platform for external facing enterprise remote access application using web agents
• Supported directory services running on Oracle DSEE and ran PoC to evaluate OpenDJ
• Wrote several scripts or iRules for Big F5 load balancers to route and terminate SSO cookies.
• Configured reverse proxy mitigated security vulnerability by blocking endpoints and evaluated WAF

Confidential, Houston, TX

SECURITY ENGINEER

Responsibilities:

• Leading the GDPR efforts for United’s IT Security, Risk and Compliance and the Enterprise Encryption Services. Infrastructure Security Engineer for Azure and AWS platforms.
• Led the PoC efforts of United’s data protection activities for Oracle, MS-SQL and TeraData
• Designed the deployment and roll out of Vormetric tokenization in Cloud/AWS platform
• Served as engineering level of escalation for encryption services and designing architecture for new client on-boarding
• Managed CloudFormation templates and provided architecture sign-off for AWS deployments
• Delivered security assessment reports and remediated findings from more than 14 Azure subscriptions
• Triage BugBounty findings and hands-on remediation for the cloud deployments

Confidential, Atlanta, GA

SR. SECURITY CONSULTANT

Responsibilities:

• Ensuring enterprise wide encryption policies, standards and requirements.
• Created a migration plan to move clients from RSA DPM to Voltage and HPE Enterprise Secure Key Management
• Upgraded Home Depot’s entire Voltage SecureData product stack
• On boarded various clients to leverage symmetric encryption and tokenization
• Provided escalation support for critical infrastructure like Voltage, RSA DPM, Thales HSMs and ESKM
• Maintained PCI-DSS compliance reports for e-commerce transactions
• Migrated dashboards from Splunk to Looker and maintained visibility of 2200+ stores and their POS transactions
• Involved in POC of home depot’s CASB implementation
• Led projects to clean up the environment of legacy software, misconfigured systems, and gaps in security controls to reduce the firm’s attack surface

Confidential, New York, NY

IT SECURITY ENGINEER

Responsibilities:

• Served as level 3 escalation for Nomura’s SSO infrastructure, time services, encryption and key management implementation
• Configured several SAML v2 connections for Identity Federation
• Supported authentication modules for Kerberos, BasicAuth and two factor authenticators like RSA SecurID
• Implemented PKI / certificate-based authentication for corporate mobile devices managed by MobileIron MDM
• Introduced multiple authorization policies for Nomura’s remote access application serving 25,000 global users
• Created an upgrade plan from OpenAM v9 to AM5 and hands on experience with OpenAM v11, OpenAM v13
• Migrated OpenAM servers from obsolete RHEL and web containers like JBoss, Glassfish and Tomcat.
• Achieved data confidentiality and compliance requirements by deploying and managing Hardware Security Modules (HSM’s) to securely generate, manage and store cryptographic keys
• Engineered Nomura’s Key Management Service (KMS) using Gemalto’s SafeNet KeySecure appliances and hosted KMIP servers globally
• Maintained best practice throughout the life cycle of cryptographic keys from integrations, monitoring, backups, separation of duties using PED keys.
• Implemented PKCS#11 integrations with Symphony messaging, Cyberark and KMIP with McAfee Skyhigh CASB
• Achieved FIPS 140-2 level 3 compliance to provide encryption keys to Cloud Access Security Broker(CASB) for Salesforce CRM
• Implemented various SafeNet / Gemalto encryption connectors for application-level encryption and tokenization
• Remediated security vulnerabilities identified by IT Security to harden systems to prevent data and security breaches
• Wrote code to automate processes and analyze data to improve controls.

Confidential, Newark, NJ

INFRASTRUCTURE ADMIN

Responsibilities:

• Researched requirements, model and prototype for a multi - utility locational and security information hub.
• Led all the IT infrastructure components
• Developed a prototype for information exchange hub used in potential excavation work to meet the strategic requirements of US Department of Transportation using PHP, HTML, Bootstrap and jQuery- Link
• Enhanced provisioning of an information backbone for safe digging processes
• Improved IT for the location and securitization of underground infrastructure system by maintaining portal page that helps users in an excavation system to perform required tasks,