SUMMARY

• Over 8 years of Experience in Identity & Access Management(IAM) and working on IAM technologies including CA SiteMinder, Identity Manager(IDM), Auth Minder, Risk Minder, Ping Federation, Ping Access Manager with providing SSO, Federation and User Access Management Solutions to multiple clients.
• Hands on experience in Design, Installation, Configuration, Administration and Maintenance of CA SiteMinder Components like the Policy Server, Web Agent, Policy Store, User Store and Key Store on Windows, UNIX and Linux platforms.
• Worked on migration project of SiteMinder Policy Server, Policy Store, Admin UI, Web Agents from 12.5r2 to 12.6r1 on Redhat Linux 7.1 clustered servers.
• Experience on OAM (Oracle Access Management), SSO (Single Sign on), ForgeRockOpenAM, OpenIDM&OpenDJ.
• Experienced in LDAP based directories like CA Directory Server, ODSEE, Active Directory & IBM Tivoli Directory Server, Unbound Id directory server.
• Ability to understand and fulfill business requirements for achieving Single Sign On in Portal integrations.
• Good understanding of LDAP protocol, designing of schema secure for system architecture, planning the directory data according to the enterprise needs.
• Sound knowledge in LDAP v3 commands/ search strings to manage and troubleshooting user issues.
• Worked on upgrading Ping Federate from Version 7.0 to 8.0.
• Configuring and troubleshooting Webservers like Apache, IHS, OHS, IIS, iPlanet, and Application servers like JBoss, WebSphere and WebLogic.
• Extensive experience in designing and configuring Federations Access for the Partner Applications using SAML, setting up Identity Provider and Service Providers in SiteMinder Policy Server.
• Good Knowledge with Install, Deploy, Configure Oracle products, servers and domains related to Oracle Identity Management (OIM) such as the Web Logic server, RCU, SOA, OIM, OAM, OID, OIF and ODSEE.
• Configured CA SiteMinder System objects like Agents, Agent Conf Objects, Host Conf Objects, User Directories, Domains, Administrators and Schemas.
• Privileged Access Management (PAM) project which includes implementing CyberArk Password Experience with performance tuning of policy servers and associated components and generating performance reports using customized crystal reports.
• Experience in deploying CyberArk's Privileged Account Security Solution involving Enterprise Password Vault, Session Manager, and Application Identity Manager.
• Used SiteMinder tools like smobjexport, smobjimport to export and import Policy Stores respectively, smreg to change the SiteMinder super user password.
• Worked on creating the Identity access to the employees and managing the certifications and provisioning accordingly with the Sailpoint Identity IIQ.
• Experience in developing applications using Java, J2ee and using databases oracle 10g.
• Experience in Sailpoint tool customization, Report Generation, Integration with end/target Systems, SailPoint APIs application development directory server 11g.

TECHNICAL SKILLS

Operating System: Linux, Unix, Windows

Programming languages: Java, HTML, JavaScript, .Net

Directory Server: Active Directory, Novel eDirectory, Oracle Directory Server 11g. Databases Oracle 10g/11g, MySQL and MS SQL Server 2008.

Single Sign - On: Ping Federate, Ping Access 4.0, 4.2, SiteMinder, R6, Web Agent, CA secure proxy Server

Servers: WebSphere, SunOne/iPlanet Web Server, BEA WebLogic, JBoss, SunOne application server

PROFESSIONAL EXPERIENCE

Confidential - Minneapolis, MN

Sr. IAM Consultant

Responsibilities:

• Design and Implemented One-Many and One-One in Federated networks using SAML 2.0 as Service Provider and Identity Provider.
• Automated full deployment using SSOADM in combination with Ansible and Puppet.
• Implemented contextual authentication to assess risk, invoking stronger authentication mechanisms only when necessary by evaluating who the user is and what their context.
• Incorporated SAML2 federation into authentication chains, enabling the use of federated identities in stronger multi-factor authentication scenarios.
• Provided Single Sign-On (SSO) services for multiple resources on one domain, across domains, or even across organizations, allowing the use of just a single authentication credential to access all resources.
• Worked on All major federation protocols: SAML 1.x, SAML 2.0 (SP, IdP), WSF Federation (asserting, relying party).
• Maintain theproductroadmap for new features and enhancements based on customer feedback and feature requests. Lead dedicated agileproductteam during development cycles.
• Managed interactions between Development,Product, QA and Operational Incentives teams to maintain and improve the quality and timeliness of data provided to customers.
• Experience in automating day-to-day activities by using Windows Power Shell.
• Ability to create scripts using Azure Power shellduring for automation and build process.
• Excellent ability to describe systems, design flow charts, & budgets for costing and reporting.
• Implemented high availability using Portal, Power shellon Azure Resource Manager deployment models.
• Implemented OATH and HOTP standards that allow a mobile phone or other device to be used as a second factor authentication using google authenticator and ForgeRock authenticator.
• Experience with Django and Flask a high-level PythonWeb framework.
• Working with backend python automation, CI pipelines, Docker and cloud provisioning/automation.
• DevelopedRACFRole based security to provision entitlements by group for CICS applications; and eliminated excessive and inappropriate access.
• Responsible for identifyingRACFsecurity settings and implementing new features as required.
• UsingRACF-DSMON, IRRDBU00 RACFICE, SMF and Vanguard tools, I developed reports to monitor and report on the activities of users, functions, incident and the use of data.
• Developed aRACFRBAC solution for provisioningRACFgroup entitlements to Oracle Identity Manager.
• UsingForgeRockIAM product openAM/openIDM/openDJ as the foundation for enterprise security platform and integration.
• Working on customer IAM project usingForgeRockopenAM and openDJ, build up internal and external IAM solutions, using Java, Postman,ForgeRockcustomer authentication module.
• Experience in developing web services (WSDL, SOAP and REST) and consuming web services with Pythonprogramming language.
• Automated Export and import of policies via XACML.
• Used AngularJS Dependency Injection (DI) to injectAngularServices and Custom Services, as well as built custom Directives to provide reusable component.
• Adopted JavaScript and jQuery 1.1.0 to manipulate DOM, basic logic and event handlers.
• Used Node.js1.0.1 and Express.js4.10.1 to develop the relevant back end RESTful API.
• Implemented Password Policies on OpenAM and OpenDJ that Includes a wide variety of password encryption schemes and customizable rules for password strength enforcement to ensure no app can store insecure passwords.
• Configured Monitoring and Alerts to inform administrators about specific directory service events, such as password expiration, access controls disablement, and backend database corruption.
• Configured Backup and Restore functions such as automated, compressed, signed, and encrypted backups to improve data reliability and security.
• Tuned system for Performance & Scalability with sub-millisecond read/write response times and low latency throughput, up to hundreds of thousands of operations per second, and Scalable to internet sized workloads, whilst simultaneously meeting the most rigorous SLA requirements.
• Created Custom Authentication schemes, Active expressions, active rules to fulfill business requirement.
• Designing and implementing Delegated User Administration solutions.
• Serve as the Subject Matter Expert for all security issues related to the framework.
• Participate in system Penetration testing and provide fixes for security findings.
• Automated the deployment process using build forge deployment process to higher environment seamlessly.
• Analyze and optimize the product including logging, tuning, and memory and process management.
• Write documentation about solution/framework directed toward various audiences.
• Work in an agile fashion across multiple Scrum teams.

Environment: SiteMinder policy server R12 to latest, CA Directory, Secure Proxy Server, RiskMinder, AuthMinder, Jboss, RACF, Angular js, Tomcat 6x, Red Hat 5/6, Build Forge, Artifactory, splunk, Jenkins, SVN, perl, python, shell scripting

Confidential - Philadelphia, PA

IAM Consultant

Responsibilities:

• Provided solutions for complex application using SiteMinder and Federation.
• Experience in SAML based authentication 1.1 and 2.0 using SiteMinder and integrate with SiteMinder authentication and other adapter.
• Migrated SAML Based SSO partners from CA Single Sign-On federation to Ping Federate 7.
• Used Ping API to deploy and create SAML changes.
• Configured both Ping Access Proxy Gateway to decode the JWT tokens and also installed the agent on application server to communicate with ping federate server.
• Customizations in Oracle Identity Management (OIM) UI like adding new UDF's, task flow implementation using custom beans and adding/modifying features of OIM UI.
• Worked on configuring Identity Provider 'IDP' and Service Provider 'SP' on Tivoli Federated Identity manager (TFIM) and configured SSO using SAML 2.0.
• Configuration and Administration of ISIM that include Importing Profiles, Creating Services, create provisioning, password policies, testing, Workflows.
• Have effectively handled IDM administrative tasks including password policies, bulk account actions, creating, defining and editing IDM objects and IDM approval.
• Worked closely with the production team for daily monitoring and stabilizing of production issue related to Oracle Identity Management (OIM) 11.1.2.2, AD, ED, RAS and RACF.
• Worked on Open ID Connect for the user Authentication using Ping Access.
• Configured and supported SAML based Identity & Service Provider connections
• Created Custom Adapter replacing SiteMinder 3.0 to Ping Federate Identity Provider adapter.
• Working as an applicationdeveloperexperienced with controllers, views and models in Django.
• Implemented Business logic, worked on data exchange, processed XML and HTML usingpython2.7 and its familiar framework Django.
• Coordinated Cars.comproductteams and OEM advertising compliance agencies to followmanufacturers' ad guidelines as closely as possible.
• Restful web services usingPythonREST API Framework.
• Installation and Customization of ISIM 6.0, ISAM 8.0 and TFIM 6.2.
• Written custom active responses to extend the capabilities of SiteMinder and to support the client requirement.
• Developing, customizing, and maintaining IBM Tivoli Identity Manager, TAM, and Tivoli Directory Server, LDAP, TFIM, ISAM, ISIM, WS-Federation, and WebSphere with a UDB DB2.
• Implementation of identity policies and password policies.
• Designed transitioning strategies around Access Management systems and accordingly performed migration of application policies, risk, rules from Siteminder.
• Configured the scale up and scale down VM sizes, created virtual machine scale sets, configured the modify the VM scale set capacity withPowerShellscript.
• Created and implemented ARM templates from a deployment, deployed the template using the portal,PowerShell, and using Azure quick start templates.
• Setup a custom data feed using IBM security directory integrator to load Wal-mart employees into ISIM 6.0.
• Participated in deploying an IBM Security Identity Manager (ISIM) and IBM security access manager (ISAM) for single sign on solutions.
• Customization and configuration of OpenAM and OpenIDM.
• Customized ISIM workflows, identity policies using java scripting.
• Solutions supported 24\7 are User account provisioning/de-provisioning, Enterprise Directory Services, Single Sign-On (web and desktop), Password Management, Role-Based access control (RBAC), and Access management
• Upgraded SiteMinder from R6 to R12.52, R12 To R12.52.
• Migrated Web Authentication solutions from CA Single Sign-On (SiteMinder) to Ping Access 3.
• Involved and implementation of CA Identity Manager(IDM) Solution and CA Governance Minder for provisioning, delegated administration, workflow implementation and generating audit reports to be compliant with the security regulations.
• Implementation of identity management products like OpenAM, OpenDJ and OpenIDM.
• Configured application agents on PeopleSoft, WebSphere, WebLogic and OBIEE.
• Experience in setting up, configuring and administering CA Governance Minder connector.
• Worked on CyberArk Enterprise Password Vault and PVWA.
• Resolved CyberArkissue's in CPM communicate with host to reconcile credentials.
• Generated reports of the account and devices inventories in the CyberArk.
• Created scripts to monitor Apps, dashboards, backup LDIF and generated reports.

Environment: Windows Server 2003/2008, SiteMinder R12.5X/R12SP3/R6SP6, PingFederate 6/7, OpenIDM, OpenAM CA Directory 11, CA Governance minder 12.6.1, Oracle Directory Service 11g, Splunk, CA Wily Enterprise Monitor, WebLogic 8/10, JBoss 5, Apache 2.x, IIS 6,7,7.5.

Confidential - Louisville, KY

Siteminder Consultant

Responsibilities:

• Supporting SiteMinder agents on over 4000 applications.
• Configured and wrote scripts to upgrade SiteMinder environment.
• Involved in resolving technical issues and technical assistance to teams by analysis of the log files from the Policy Server and Web Agent.
• Expertise in integrating and protecting web applications and other resources with SiteMinder Policy Server and its components.
• Defining the Realms, Rules, Responses, setting up response attributes as Cookie variables or HTTP variables, Defining User directories, Policies, configure them to the given set of user DNs.
• Can design and document the first level support to be given to help desk team to improve efficiency.
• Provided support for the maintenance of SiteMinder infrastructure/architecture and security framework, API and application integration for authentication, authorization/entitlement and data encryption.
• Install configured & Supported Siteminder Federation security services on Jboss and Tomcat servers and configured application in various platforms.
• Implemented SAML 1.0 & 2.0 using Siteminder federation services in various environments.
• Installed & configured Directory Server Console Center (DSCC) on various platforms in various environments.
• Involved in writing the scripts like backup, replication monitoring and configuration statistics in directory server 6.x.
• Performed hands on tasks such as planning Sun Directory Proxy troubleshoot, installs, patch upgrades, and Sun LDAP tuning, maintenance, patches and other daily administrative tasks on the test environments.
• Designed and implemented the migration plan for the sun one directory server from 5.x to 6.x.
• Configure applications with ADFS &SiteMinder to achieve desktop SSO
• Involved in team for migrating directive server from 5.1 to 6.3
• Troubleshooting day-to-day issues on LDAP servers and monitoring replication problems.
• Troubleshooting Siteminder issues and worked with CA to resolve them.

Environment: SiteMinder policy server 6.0/R12, Siteminder Web agent R12/6x, Sun ONE Directory Server 5.x/6.x, ADFS 2.0, Jboss 4.x, Tomcat 6x, windows 2003/2008, IIS 6.0/IIS 7.0 Web servers, Web Sphere 6.1/7.0, Red Hat 4/5, AIX 6.1

Confidential

SiteMinder and LDAP Consultant

Responsibilities:

• Upgraded the SiteMinder Policy Server from R6 SP1 to R6 SP6, R6 SP5 to R6 SP6.
• Installed Policy Server R12 SP2 against Novell eDirectory user store. And created POC for R6SP6 to R12 SP2 upgrade.
• Configured policies on CA SOA Security Gateway Server R12 against R12 SP2 Policy Server.
• Configured CA Wily Enterprise Monitoring tool against Apache webserver, WebLogic Server and Policy Servers.
• Involved in upgrade of Novell eDirectory server from 8.8.1 to 8.8.5 SP5.
• Installed Option pack for Policy server and Web agent for configuring the Federated Security Services and User Identity between partner sites.
• Experience in SAML federation using CA SiteMinder R12 Federation Security Services SAML 2.0 Affiliate Agents.
• Provide 24/7 support and maintenance for the SiteMinder environment including the Sun One Directory Server.
• Assigned and unassigned "roles" for new employees and external customers though the Identity Minder Interface.
• Migrated SiteMinder protected environment from Unix Solaris 10 to Linux SUSE 10.
• Implemented SSO across multiple domains, and created two level of authentication for additional security.
• Migrated large amount of LDAP data across the environment to create a identical production environment to support load testing.
• Integrated and configured web agents to protect and manage resources with SiteMinder Policy Server and assisted applications teams.
• Performed dib clone operations to recover the LDAP data, and added servers into replication tree and created new tree into the environment.
• Modified schema by creating custom object classes and custom attributes according to requirement.
• Implemented new techniques to support priority syncing for replication of important object.
• Supported production environment for resolving the high severity tickets without missing any SLA's and supported environment 24 X 7.
• Executing Backups and Recovery strategies for directory data (DIF), resolving backup and recovery issues in a High availability environment.

Environment: Windows Server 2003/2008, SiteMinder R6 SP1/SP5/SP6, R12 SP2/SP3 iPlanet Web Server 6.0, Novell eDirectory server 8.8.1/8.8.5, CA SOA Server R12 SP2, CA Wily Enterprise Monitor, WebLogic 8/10, JBoss 5, Apache 1.x/2.x, IIS 6, JDK 1.6, J2EE, EJB, JSP, Oracle 11g.