SUMMARY:

• Looking for IBM Tivoli Security Position
• Extensive experience in IBM IAM such as ISAM/IBM MMFA/ISIM/TFIM/WAS/LDAP/IHS. Experience setting up ISAM/WAS in AWS EC2. Expert - level knowledge of Amazon EC2, S3, Elastic Load Balancing, AWS IAM, VPC, AWS Directory Service, Trusted Advisor. Extensive experience in AWS Federation/IAM. Implemented ISAM on Azure Cloud Infrastructure. Implementing Microsoft Azure Multi-Factor Authentication (MFA).
• Knowledge of GIT. Knowledge in Docker and Kubernetes, Vagrant, Chef, Puppet, ansible, SaltStack, Jenkins. Experience deploying Ngnix, HAProxy and Apache.

EXPERIENCE:

Confidential

Responsibilities:

• Implemented ISAM 9.0.4, AAC, MMFA on AWS Infrastructure.
• Deployed IBM Multifactor Authentication on AWS Infrastructure.
• Integrated MFA with ISAM Federation and provided SSO to Microsoft Azure Office 365 Applications.
• Provided Web base SSO and Thick client SSO with Microsoft Office 365 applications.
• Utilized SAML 2.0, Quick Connect for SSO integration with Microsoft Office 365
• Provided a POC for ISAM 9.0.4 WS-Federation

Confidential

IBM Security/Cloud Security AWS Expert

Responsibilities:

• Deployed ISAM into AWS EC2. Troubleshoot issues and resolved incidents as assigned.
• Strong focus on AWS security (AWS IAM). Provided AWS Federation using AWS Directory service and on premise corporate directory(AD/ADFS). Created AWS Multi-Factor Authentication (MFA). Locked down the AWS account and leverage IAM accounts.
• Deployed multiple VPCs and VPC peering
• Created multi AZ VPC instances to enable high availability for applications.
• Managed multiple AWS accounts with multiple VPC's for both production and non-prod.
• Experienced with monitoring tools such as Cloud Watch.
• Configured Azure Virtual Networks (VNets), subnets, DHCP address blocks.
• Designed Network Security Groups (NSGs) to control inbound and outbound access to network interfaces (NICs) and subnets.
• Knowledge using Jenkins, Chef/Puppet.
• Configured web servers (HAPROXY, Nginx)
• Deployment of Docker containers for development
• Implementation of Docker, and various Docker orchestration tools such as docker-compose, docker swarm.

Confidential

Cloud Identity/Access Management

Responsibilities:

• Install, configure, administer and troubleshoot ISIM 6, ISAM 8 and ISAM 9 and TFIM.
• Troubleshoot issues and resolve incidents as assigned.

Confidential

ISIM 6.0/ISAM 8.0/TFIM 6.2.2.70/AWS expert

Responsibilities:

• Install, configure, administer and troubleshoot ISIM, ISAM and TFIM. Integrate proprietary Healthcare software with ISIM/TFIM and ISAM such as EP Authenticate (AAM product), EP Catcher/Picher. Configure SAML SSO with EP Financial, EP Enrollment and Curam. Configure SSO using LTPA to Cognos and FileNet. Integrate TFIM with Webseal as POC and use Oauth protocol as a proof of concept.
• Strong focus on AWS security (AWS IAM). AWS Federation using AWS Directory service and on premise corporate directory(AD/ADFS). Deployed ISAM into AWS EC2. Created AWS Multi-Factor Authentication (MFA).
• Managed multiple AWS accounts with multiple VPC's for both production and non-prod
• Maintaining the security groups in EC2, EC2 VPC and controlling the inbound and outbound traffic that can reach the instances
• Configured web servers (HAPROXY, Nginx)

Confidential

Tivoli Identity manager admin/ISAM

Responsibilities:

• Administer ITIM 5.1 and provide day to day support such as on boarding Winlocal, Mssql db, Oracle db, DB2, Linux, Solaris and AIX services.
• Configured nightly reconciliation to synchronize ITIM user information with accounts on managed resources.
• Setup Recon and analyzing Recon Failure.
• Monitoring ITIM activities such as pending, HR Feed and Recon. Monitoring LDAP and ITIMDB.
• Perform tuning on ITIMDB and WAS.
• Perform backup/restore on LDAP DB, WAS and ITIM. Configure Services with the RMI adapter.
• Troubleshoot WAS, LDAP, DB2 and ITIM.

Confidential

Tivoli Federated Identity Manager Expert

Responsibilities:

• Designed and implemented highly-available and scalable security solutions involving TFIM 6.2.2.7.
• Installed and configured Tivoli Federated Identity Manager V6.2.2.7, Runtime and Management Services, Management Console and Web Services Security Management Client. Applied Fix pack 7 that include the new feature of TFIM (RBA, USC, and OTP).
• Created and deployed Domains in FIM. Configured global security for WebSphere Application Server 7 using AD as repository.
• Created JDBC Providers, data sources, and JAAS authentication aliases to provide connectivity to DB2 database for the RBA.
• Configure TFIM to use WGA (ISAM V7). Configured TFIM Risk Base Access (RBA) for authorization decisions (PDP) and Policy enforcement (PEP).
• Configure One-time-password (OTP) for strong authentication using email or SMS for the password generation. Configure User Self-care (USC).
• Documented installation and configuration process and delivered Operations Runbook to client.
• Designed, installed, configured and implemented WAS V8 and TFIM 6.2.2.x in various environments. Configured FSSO using SAML 2.0 Federations with numerous businesses partner using Tivoli Federated Identity Manager. Customized TFIM identity mappings to pass required attributes in assertions. Documented the installation and configuration process and delivered Operations Runbook to client.
• Provide technical expertise in designed and migration of ISAM 7 from ITAM 61. 1.. x. Installed, configured and administered ISAM 7.x for e-business components such as policy server, Authorization, and Tivoli directory server on windows platforms. Used Parallel method to Migrate ITAM 6.1.1 Webseal instances to ISAM 7 Appliance. Migrated user registry to ITDS 6.3. Migrated Policy Server to ISAM 7 and provided Policy server fail over as active, standby.
• Configured Web Application Firewall (PAM module), Front End Load balancer and provided HA for the Front-End Load Balancer.
• Configured peer to peer LDAP and LDAP replicas.
• Manage the environment using various methods such as LMI, Cli, WPM, and pdadmin.
• Applying firmware updates as needed. Provided backup, restore for LDAP, ISAM7 and Policy server.

Confidential

Identity Manager

Responsibilities:

• Configured TFIM in HA env. Configured Federations with the business partners to enable single sign on using SAML 2.0. Configured TFIM 6.2.2.x for Token exchanged (STS).
• Deployed IBM Tivoli Identity Manager (ISIM 6) in HA Env. Installed and configured various targets such as Linux, AIX, Solaris, Lotus Notes, Active Directory, RACF, ITAM, and IBM Directory Server. Automated account provisioning and password synchronization for all platforms. Performed database tuning and LDAP tuning for performance enhancement. Created and administered Tivoli Access Manager Accounts created by Tivoli Identity Manager. Provided single sign-on to Tivoli Identity Manager (ISIM) using Tivoli Access Manager. Design org tree structure, create provisioning policies, implement identity policies, password policies, ACL, reconciliation, service definition etc.
• Installed, configured and administered Tivoli Access Manager 6.1.1.x for e-business on RHEL v6.3 X-86 32bit/64bit. Extensive experience in installation, configuration and customization of TAM components such as Policy server and Authorization Server. Implemented failover methodologies for Tivoli components such as Policy server and Authorization server and implemented multiple WebSEALs. Created secured, authenticated junctions using TAI++ to backend servers such as IBM/Apache HTTP Servers and WebSphere Application Servers. Installed and configured Web Portal Manager to administer TAM component. Used Global Security Kit (GSKit) to create and maintained key database and key stores. Generated self-signed certificates for SSL communications among Tivoli products in secured zone. Installed and configured TAM component Session Management Server (SMS) to maintain user sessions. Applied Fix packs and patches as needed. Implemented Backup and Restore strategies for TAM components.
• Installed, configured maintained and troubleshoot TSPM in HA ENV. Deployed TSPM 7.1, RTSS in a cluster ENV. Deployed TIP/Console on its own dedicated machine. Configured RTSS server, RTSS local and RTSS Remote. Setup WSRR V7.5 and configured it to integrate with TSPM. Defined security policy point (PIP) (Oracle DB and ITDS).

Confidential

Tivoli security expert

Responsibilities:

• Installed, configured and administered IBM Tivoli Access Manager 6.1.1.x for e-business components such as policy server, Authorization server, WebSEALs and TDS on RHEL v6.3 X-86 32bit/64bit and windows platforms. Implemented Backup and restore procedures for backing up TAM/TDS.
• Installed and configured WebSphere Application Server 6.0/7.0. Created horizontal and vertical clusters on WebSphere Application Server 6.0/7/0.
• Applied cumulative WebSphere/Java fix packs on WAS versions 6.0/7, IBM Http Server and WebSphere plug-in.
• Integrated TAM and WebSEAL as point of contact with TFIM.
• Established WS Federation for both Identity Provider and Service Provider using SAML2.0 specification.
• Created and Manage domains for TFIM. Configured and attached TAM policies such as ACLs as part of TFIM setup.
• Provided high availability and failover for TFIM and WebSEAL.

Tivoli Security expert

Responsibilities:

• Responsible for the migration of TAM 5.1.x to TAM 6.0.x.
• Planning, designed, installed, implemented, and administered of TAM 5.x migration to TAM 6.0. Installed, configured and administered Tivoli Directory Server as a LDAP registry to TAM and Web Based applications on AIX and RHEL x-86 Linux platforms.
• Installed Enterprise DB2 database and created LDAP instances, configured with DB2, developed LDAP schema as per requirement.
• Imported Production LDAP data to DR and Test environment using ldif files. Implemented Backup and restore procedures and developed scripts for backing up TAM/TDS etc.
• Installed and configured Tivoli Directory Server (LDAP), Set up Failover Technique using peer-to-peer replication in Production.
• Responsible for deploying and support complex LDAP infrastructure in a large Enterprise environment. Taken care of all the Test, DR LDAP servers are cryptographically in sync to Production server. Setup failover methodologies and load balancing using peer-to-peer replication and resolving data conflicts on LDAP servers.
• Installed and configured various TAM components such as Policy Server, Authorization Server and WebSEALs. Secured communication between TAM, IHS and WebSphere components using SSL.
• Created self-signed certificates where possible using ikeyman utility. Configured Single Sign-On for client’s using TAM and TAI++ to Secured enterprise applications hosted on WebSphere Application Servers.
• Used various junctions’ methods such as Transparent Path junctions, and standard.
• Performed maintenance tasks using both Web Portal Manager and pdadmin commands

Confidential

WebSphere/WebSphere Portal/ITAM 5.1 /ITIM 4.6 Administrator

Responsibilities:

• Provided technical guidance and expertise in ITAM 5.1, ITIM 4.6. Integrated Applications within the SSO Infrastructure.
• Installed, configured, maintained ITIM 4.6, ITAM 5.1, LDAP 6, WebSphere Portal 5.1. Applied patches and E-Fixes for ITIM, ITAM, LDAP, WAS and WAS Portal. Configured WAS/ITIM to SSO to WAS/WPS and enable global security. Integrated ITAM with WebSphere Portal. Configured Portal Vault credentials and TAM GSO for Portal SSO. Configured multiple instances of ITIM in WAS cluster. Installed and configured ITIM adapters (TAM Adapter, TAM GSO Adapters). Configured SSL between LDAP servers, LDAP and ITIM, ITIM and ITIM Adapters. Configured ITIM Services, Provisioning polices Password Policies, Identity Policies, and Entitlements. Configured directory replication for one Master, a Peer Master, and two Replicas. Installed and configured master/slave Policy Server model in HACMP. Design org tree structure.