SUMMARY:

• Solutions Architect with 12+ years of progressively responsible experience in software development, web, and mobile application security. Nearly 7 years of experience in designing, developing, and implementing a broad range of IAM products but not limited to CA SSO, IDM, CA Risk and Strong Authentication (MFA), CA API gateway, and cloud IDaaS OKTA. Successful in creating strategies, long - term, and short-term IAM roadmaps, implementing end to end IAM products and maintaining them. Excellent experience in designing API security using API gateways as well as open source tools. Flexible and quick in adopting recent technologies like cloud, IoT, Mobile etc. Demonstrated mastery in evaluating requirements for business application integration and service activation. Proven mentor and training with expertise in communicating across organizational levels and with cross-functional teams to drive the shared vision and foster the culture of excellence.

TECHNICAL SKILLS:

Operating systems: Windows 95, NT, 98, 2000, 2003, 2008, 2012, XP, UNIX, AIX, LinuxLanguages: C, C++, Java 2.0, Perl

IAM Tools CA SSO (Siteminder 6.5, R12, 12.51, 12.56, Web Agents, SPS) CA Advanced Authentication (RiskMinder, AuthMinder), CA API Gateway, Mobile API Gateway (MAG), CA Access Gateway (SPS), ISIM, ISAMOAAM, CA IDM, TFIM,: Shibboleth, CSA, RAS, YubiKey

Cloud IDaaS OKTA, Azure premium, O365, AWS, PaaS, IaaS, SaaS, Dell Boomi

RDBMS: Oracle v7x, 8x,9i,10g, 11g, DB2, UDB, Teradata Database, Sybase, MS Access

Internet Technologies JavaScript: 1.3, J2EE, JDBC, JNDI, Servlets 2.0, JSP 1.2, EJB 2.0, XML, XPath, JSON, jQuery, Node.js

IDE Tools: JBuilder 9.0, Net Beans 3.6, SQL Navigator 4.2, TOAD 7.5, WSAD 5.0, Teradata SQL Assistant 7.1, RAD 6.0, IRAD 6.0, UML, Visio

Frameworks Jakarta Struts, Web Services (WSDL, SOAP), JSF, Spring, ORM, FIDO, FIDO2

Application Servers WebLogic: 5.1, 6.1, 7.0, 8.1, 9.0 WebSphere 4.0, 4.5, 5.0, JBoss 3.2.3

Testing Tools Win Runner 6.0, Test Director 5.0, Load Runner 7.6, JMeter, JUnit, PEN Test, Veracode, Fortify, AppScan

PROFESSIONAL EXPERIENCE:

Solutions Architect

Confidential, CA

• Analyzed end to end client requirements and created the requirement document.
• Based on the requirements and cloud initiation analyzed few cloud IAM tools.
• OKTA has be finalized after the analysis for SSO the implementation.
• Created project detailed implementation plan and high-level architecture.
• Involved in initial POC with Okta to evaluate the new MFA and Risk features.
• Created the Okta high available deployment document
• Deployed Okta Agents on both LJ and FL locations.
• Implemented Okta IWA for all internal Users.
• Installed and Configured the AD and IWA Agents on all the locations.
• Involved in configuring SSO for all applications in Okta.
• Worked extensively with 3rd party vendors to integrate service providers with Okta.
• Involved in configuring all the SAML apps from Dev to Prod Okta Tenant.
• Implemented the O365 and integrated it with Okta.
• Created and Configured the complex MFA rules for all regions.
• Implemented and integrated the Dropbox, G Suite and many other applications with Okta.
• Heavily involved in configuring more than 50 SAML, OpenID Connect, SWA, IWA and RADIUS applications on all Okta tenants.

Environment: /Tools: Windows 2008/2012, OKTA, Power shell scripting, Windows 7, Okta APIs, Okta AD Agent, Okta IWA agent, Okta MFA, Okta Risk rules, Okta RADIUS Agent, O365, Dropbox, G Suite.

Solutions Architect

Confidential, CA

• Involved in creating the requirement document by Analyzed On-Prem SecureAuth architecture.
• Created project detailed Okta implementation plan based on the requirements.
• Involved in creating project High level and detail designs.
• Created the Okta high available deployment document
• Deployed Okta Agents on all Kingston Global locations.
• Implemented the Okta IWA for all internal Kingston Users.
• Installed and Configured the AD and IWA Agents on all Kingston locations.
• Involved in migrating all applications from SecureAuth to Okta.
• Integrated all RADIUS applications using Okta RADIUS Agent.
• Involved in configuring all the SAML apps from Dev to Prod Okta Tenant.
• Implemented the O365 and integrated it with Okta.
• Created and Configured the complex MFA rules for all global regions.
• Implemented and integrated the BeyondTrust with Okta.
• Extensively involved in integrating NetScaler, StoreFront, and XenApp as Service Provider with Okta.
• Heavily involved in configuring more than 30 SAML, OpenID Connect, Okta IWA and RADIUS applications on all Okta tenants.

Environment: /Tools: SecureAuth, ADFS, Zscaler, Windows 2008/2012, NetScaler XenApp, StoreFront, OKTA, Power shell scripting, Windows 7, Okta APIs, Okta AD Agent, Okta IWA agent, Okta RADIUS Agent, O365, BeyondTrust, CheckPoint.

Solutions Architect

Confidential, MN

• Involved in analyzing the end to end WAM requirements.
• Converted these requirements into proper Use-cases.
• Based on the project objectives and the requirements selected the CA Security tools as a single vendor to meet one of the project objectives.
• Some of the high-level requirements involved in implementing the Multifactor Authentication, Mobile Application security, API security, Cloud security, User provisioning and Session management.
• Involved in creating the comparison document for selecting the API Gateway.
• Created various decision documents from selecting the products to finalizing the designs where the crucial decisions are needed.
• Involved in getting together all teams to finalize the decisions to eliminate the roadblocks.
• Involved in designing and POC of Azure and Azure AD implementation.
• Created Reference Architectures (RAs) for API security, Web application security and Identity Management.
• Extensively involved in data center design and created the Active-Passive datacenter blueprint.
• Worked on the creating the data center security and implemented the network security patterns.
• Involved in end to end project Governance as per the Confidential enterprise architecture roadmap.
• Created all servers Technical Placement Diagrams (TPD) and overall project Technical Impact Assessment (TIA) documents.
• Designed and implemented Role Based Access Controls (RBAC)
• Based on the requirements and the use cases created the high-level design documents.
• Involved in creating the data center design to achieve high availability.
• Involved in designing and architecting the Active Directory.
• Evaluated Active-Active, Active-Passive, and triple Active data center designs and came up with optimal and sub-optimal data center designs to achieve current and future needs.
• Involved in creating the Role based Access Controls (RBAC).
• Implemented the RSA Identity Governance for RBAC.
• Created high-level designs for web, mobile and cloud application security.
• Used all the CA tools CA SSO, CA Access Gateway (SPS), CA Advanced Auth (Strong Auth and Risk Auth), CA IDM, CA Directory, and CA API gateway and Mobile API gateway.
• Created the API security designs using CA API gateway.
• Created the design to utilize APIs of CA AA, CA SSO, CA IDM TEWS calls and created the use-case flows at API gateway to give a single interface for Web and Mobile applications to use.
• Created the migration strategy from existing components like IBM ISIM to CA IDM and OAAM to CA AA.
• Created the designs for Co-existence of Legacy and New WAM environments.
• Involved in deploying the IDM, CA IPI gateway, CA SSO on all the environments Dev to PROD.
• Created the custom Help-Desk portal instead of the CA Portal using the CA IDM TEWS SOAP services converted to REST services using API gateway.
• Reasonable experience in connector Xpress and Policy Xpress.
• Designed the user migration from Oracle Enterprise Directory to CA directory.
• Involved in creating the Application migration roadmap from Legacy to New WAM.
• Involved in creating component-wise Low-Level Designs to solve the MFA, SSO, new user registration, user self-service, mobile security use-cases.
• Involved in executing POC with all the CA components mainly with CA Advanced Auth and CA API gateway.

Environment: /Tools: CA Siteminder 12.52/12.6, CA SPS, CA API Gateway and Mobile API Gateway, CA IDM, CA Advanced Authentication (CA Strong Auth and CA Risk Auth) Apache, OAAM, Tomcat 6, Web Agent 12.52 CR01, MS Azure, ADFS, Red Hat Linux, Windows 2003/2008/2012 , F5 load balancing server, F5 APM module, Java/JDK 1.6, J2EE, JSP, shell scripting, Windows 7, Eclipse, log4j.

IAM Security Architect

Confidential, Franklin, WI

• Involved in APMT from requirement analysis to Architecting and Implementing the project.
• Created project high-level designs and converted high-level designs to detail designs.
• Involved in vendor evaluations for Multi-Factor Authentication (MFA).
• Executed the AuthMinder, Okta and Azure MFA POC for mobile and web users.
• Involved in designing migrating the all internal applications to Azure.
• Created user migration design from On-Prem AD to Azure AD.
• Involved in implementing the O365 and migrating the exchange server to cloud.
• Created the NM cloud roadmap where all NM applications have to go to NM private cloud by 2018.
• Implementing Auth-minder and Risk minder for some use cases and Okta IDaaS for Cloud users.
• Extensively worked on Multi-Factor Authentication (MFA) using AuthMinder.
• Implemented trusted devise functionality and risk Analysis using RiskMinder.
• Integrated AuthMinder and RiskMinder with Siteminder using SHIM adaptor.
• Extensively worked on creating AuthMinder flows based on the use cases.
• Integrated the CRM Dynamics using ADFS since CRM dynamics need WS-Trust for Federation SSO.
• Worked on Salesforce and Workday integration.
• Designed and Architected the AD to deploy into different data centers and for different countries users.
• Involved in designing the RBAC for all AD users.
• Implemented RBAC using CA GovernanceMinder.
• Integrated GOOD Dynamics mobile platform with Siteminder using Kerberos authentication.
• Executed a POC to integrate Siteminder and AuthMinder MFA OTP for mobile users using

Environment: /Tools: CA Siteminder R12/12.52, CA SPS, CA Layer7, Apache, Tomcat 6, Web Agent 12.52 CR01, AuthMinder, RiskMinder, ADFS, Cloud Okta IDaaS, Azure Cloud, Red Hat Linux, Windows 2003/2008/2012 , F5 load balancing server, F5 APM module, Java/JDK 1.6, J2EE, JSP, JavaScript, jQuery, Core Java, Servlets, JDBC, SQL Server, Shell Scripting, Windows 7, Eclipse, log4j,

Security Architect

Confidential, Overland Park, KS

• Lead the entire effort of ROL 2.0 Security re-architecture and working towards protecting all applications using Siteminder 12.51.
• Analyzed the Old ROL applications and made suggestions to improve the security and performance.
• We implemented the strong agile methodology.
• Created the architectural documents for the security re-architecture.
• As part of the re-architecture we have upgraded the Siteminder infrastructure.
• Created the Siteminder upgrade planning documents and involved in client meetings.
• Upgraded Siteminder 6.5 version to 12.51 and exported the policies from 6.5 to 12.51.
• Installed 12.51 on all the servers from Dev to production and created the installation documents.
• Extensively worked on Multi-Factor Authentication (MFA) using Arcot WebFort.
• Created Policy and session stores on the UDB.
• Involved in creating the Apache web and App agents on Linux servers.
• Solved all the upgrade issues and stabilized the 12.51 environment.
• Involved in layer7 application demo of protecting APIs using OAuth.
• Involved in a POC to protect APIs with OAuth using CXF framework.
• Configured Oneview Monitor to monitor all the Policy servers and Web Agents.
• Configured the SNMP logs to send the alerts when the errors occurred on Prod. Servers.
• Created Domains, Realms, Policies, Rules and responses to protect the sites.
• Involved in clients inbound (SP) and outbound (IdP) on-boarding for SSO.
• Created SAML 2.0 Auth schemes for inbound clients and federation partners for outbound clients.
• Extensively used the WAM UI and FSS admin UI for Siteminder Administration.
• Involved in the Policy server performance tuning.
• Configured DB2 User directories and SQL schemes for user authentications.
• Created the FCC files and added custom variables to FCC.

Environment: /Tools: CA Siteminder 6.5/12.51, Apache, Tomcat 6, Java/JDK 1.6, J2EE, JSP, JavaScript, jQuery, Core Java, Servlets, JDBC, SQL Server, shell scripting, Spring 3.0 Framework, Windows 7, Eclipse, log4j, Web Agent 12.51, Arcot RiskFort, ADFS, Red Hat Linux, OpenSAML, Windows 2003/2008, F5 load balancing server, DB visualize, DB2/UDB.

Project Ilearn and Parent Management

Sr. Security Architect (CA Siteminder WAM)

Confidential, New York City, NY

• Worked closely with Project Manager and Services Providers to finalize the requirements, work schedules and deadlines for the implementations.
• Architect and Created the Staging and Production CA Siteminder R12 sp2 federation environment.
• Involved in system/infrastructure architecture of Staging and production.
• Involved in end to end implementation of Siteminder R12 WAM.
• Created the implementation and architectural documents.
• Used the MS Visio to create entire system architecture for staging and production environments.
• Created the Siteminder R12 installation and configuration documents.
• Created the Identity and Access Management environment for all the SPs.
• I have installed and configured the CA Siteminder IDP (Identity Provider) and Web Agent on all the servers including production servers.
• Involved in upgrading the Siteminder R12 SP2 to SP3
• Configured the policy server for using external LDAP policy store and Key store using the Management console.
• Extensively worked on Siteminder Federation and SAML 2.0 authentication.
• Installed and configured the Administrative UI on all the servers and created the initial Web Agent which is used to login to Siteminder Policy server.
• Created agents, Agent Configuration and Host Configuration Objects and User Directories using FSS Administrative UI.
• Installed and configured the Web Agent on all the servers.
• Created the trusted host and other configuration settings using Web Agent Configuration wizard.
• Created the Policy Domains and Affiliate Domains.
• Created the Realms and Policies under the Domains.
• Installed the Web Agent optional package for FSS.
• Created the Federation Web Services Domain to use SAML 2.0 requests.
• Created and configured the SAML service Providers under the Federation Partners.
• We have used simpleSAML and Shibboleth as service providers to interact with IDP.
• Configured the SSO (Single sign-on) and SLO (Single Log-off) for all the service providers.
• Configured the signed AuthNRequests for all the SSO.
• Installed and configured the Shibboleth and simpleSAML as SP.
• Created custom FCC login page and configured in the Authentication Schemes.
• Installed Default and client specific certificates on to policy services using smkeytool.
• Involved in clustering all the policy servers to give maximum server uptime.
• Involved in load balancing all of our Web Agents using reverse proxy server F5.
• Involved in designing and development of Parent Management Application (PMA).
• PMA is developed in J2EE and used spring 3.0 frameworks.
• Extensively involved in development of PMA module using advanced Spring modules like spring MVC and Spring Security.

Environment: /Tools: CA Siteminder WAM R12 SP2, SP3, WebSphere 5.1, Java/JDK 1.5, J2EE, JSP, JavaScript, jQuery, Core java, Servlets, JDBC, SQL Server, shell scripting, Spring 3.0 Framework, Windows XP, PVCS, Eclipse, log4j, Web Agent R12, Shibboleth, CSA, Ping Identity, OpenSAML, Windows 2003, F5 load balancing server, SQL Server Enterprise Manager, Tivoli LDAP Server, iTIM.