- He has over 18 years of experience in delivering enterprise solutions to clients.
- He has extensive hands on experience with large scale Identity Manage Manager, Access Manager, Federal Manager, Role Manager, Directory, Cryptography, J2EE Architecture, Web Services, and Performance tuning.
- He has track of record of leading large enterprise projects to conclusion on time and within budget.
Security: Access/Identity/Federation/Role Manager, PKI, SAML, Liberty, JAAS, JCE, JSSE, Policy Design, Web Services Security, XML Encryption/Decryption and Signature.
J2EE: EJB, Servlet, JSP, XML, JMS, RMI, JDBC, JNI, JAAS, JSSE, JCA, JAX - WS, SAAJ, JAXB, SWING, IDL, JTS, JTA, Struts, Ant, Log4J. Junit, performance tuning
Methodology: RUP, SunTone, XP and Design Patterns (GOF, J2EE, Architecture)
Server: Sun Java Application Server, Access Manager, Identity Manager, Federation Manager. Weblogic, Websphere, Directory, Portal Server, Apache, Tomcat, Oracle, Vitra.
- Invented online payment method using instance credit card to improve online payment simplicity and security.
- Created communication protocol specification for automatic online payment using instance credit card.
- Designed and Implemented iPaySafe System using Servlet, Web, Database technologies, XML Encryption/Decryption, XML Signature technologies.
- Presented the technologies to multi bank credit card departments.
- Designed and implemented iPaysafe Security System using OpenSSO
- Designed and implemented Role Based Access Control System using Role Manager
- Delivered Security Architecture documentation for securing 40 B2B Web Applications using CA SiteMinder, Sun Directory and RSA PassMark.
- Resolved Security Framework Memory Leak issue in production.
- Resolved Directory Replication issue in production.
- Delivered Web Service Security POC based on JAX-WS 2.1 and WSIT for .Net and J2EE platform integration.
- Designed and Implemented Application Security Architecture for protecting Internet Applications.
- Designed Identity Management Solutions for managing application user profiles across Oracle Database, Directory Server using Sun Identity Manager
- Delivered Application Security Architecture Design Document.
- Worked with Infrastructure Team on Network Penetration Testing, and proposal the fixes.
- Worked with Application Team on Application Penetration Testing, and proposal the fixes.
- Designed Directory Schema, Managed Directory Data, Implemented Directory Replication, load balancing, and Data migration.
- Created Sun IDM Authentication plug-in to integrate Sun Access Manager SSO.
Lead Application Security Architect/Consultant
- Contributed to SSO specification based on SAML technologies for RouteoneOne, GMAC, Ford, DCX, and Toyota.
- Created SAML SSO Architecture Documentation based on Sun Access Manager, Sun Directory, DataPower, and Weblogic platforms.
- Lead the design and implementation of security solutions using J2EE Container based J2EE Application Security Architecture on Sun Access Manager, IBM Websphere platform.
- Planed, Designed, and implemented SAML SSO solution on multi-vendors such as Sun Access Manager, Home Grown SAML component, Oblix, and SiteMinder etc.
- Conducted Application Code Review bi-weekly to ensure the Application Security.
- Conducted Security Penetration testing on Confidential Applications.
- Integrated Sun Access Manager, WebLogic, and DataPower for XML Encryption/Decryption, Signature.