We provide IT Staff Augmentation Services!

Sr. Applications Security Architect Resume Profile

Rockville, MD

Professional Profile:

  • PMI ITILCertified Technical Project Manager Solutions Architect, with 16 years of experience in project planning, IT Security Management, Agile Scrum Project Management, Strategy Management, RFP Contractsmanagement, Budgeting, Scheduling, Resource Allocation, Earned Value Management EVM .
  • Expert in N-Tier enterprise application architecture integration IBM Websphere Application server, Tomcat, Apache, SAP, Salesforce, JBoss, JBRMS, JBPMS, Pegasystem Workflow, MQ, MB, Marklogic, Alfresco, Documentum CMS, Oracle Database , requirements management, system design, data modeling, software development using enterprise technologies Enterprise Java, JMS, SOA, EJB, Web services, XML, Spring, Hibernate, Ajax, Scripting, ESB, data analytics BI languages: math works, SAS scripting .
  • Experience in Platform as a service PAAS design implementation using Oracle, Websphere, Redhat JBoss, Fuse Source,cloud computing based Middleware.Public, private and hybrid cloud Redhat Hypervisor, Linux, Unix, VMware implementation based on Infrastructure as a service IAAS Software as a service implementation SAAS implementation models, COTS and OSS products expert.
  • My domain experience includes Financial and Regulatory Sector, Insurance Sector, Technology Sector, Public Sector and Health-Care sector.
  • Highly experienced in writing organization wide technology and business Policies, Procedures, Standards, Guidelines, Operations Manuals, Training manuals, Reports, Executive Client Presentations, various industry and technology specific communications.
  • Expert in end-to-end IT security, IV V Independent verification validation , Quality Configuration management programs implementation, from conception phase to maturity level Operations Management .Experience includesApplication network security, build-security-in principles Security integration with development and Quality control technologies , overall IT security management and implementationbased on NIST 800 series standards and FISMA.
  • Experienced in Quality Assurance and Quality Control implementation and complete expert level set-up, including: Rational Jazz solution, Rational test workbench, integration tester, functional tester, performance tester, load runner, HP Quality center, test scripting and automation. Expert in SDLC design development, Change Management Rational Clearquest Remedy , Configuration management Rational Clearcase, OSS and overall corporate wide program management for the integration of Requirements management business technical , Change Management, configuration management, Quality control and testing management.
  • I am highly experienced in managing small, medium and large teams, of employees and contractors. Experience includes, team building, resources procurement, team leading, conflict resolution, training, professional development and performance appraisals.

TechnicalSkillset:

Requirements, Design, Architecture, OOAD, Data Modeling, SOA

UML Language and Notations, Rational Rose, J2EE Design Patterns, Rational Unified Processing, Requisite Pro, Erwin data modeler.

Business Analytics, Business Workflow, Content Management Systems, Asset management, CRM, HRMS

Marklogic, SAS, Mathworks and Big Data, PeopleSoft, People tools, SalesForce, SAP, Documentum, Alfresco, Pegasystem, JBoss BRMS, JBPMS, Vignette CMS.

Programming Languages, IDE, Web services Frameworks

C , Java, Spring, Hibernate, J2EE, GWT, Eclipse, Developer studio, Cold fusion, CORBA, EJB Session, Entity, Rest, Message Driven , JMS, Servlets, JDBC, JMX, JNDI, JSP,JSF, AJAX, DoJo, JTA, RMI, Java Networking, JAAS, XCBL3.0 Product Catalog Ordering , Xerces2.0.0, Jdom, SAX, DOM, XSD Schema, XML Spy, ebXML, SOAP, JAXM, JAXP, XML-RPC, Perl, .Net, C , Web services development using WSAD/Tomcat, Apache SOAP 2.2/SOAP/ WSDL/ UDDI,

Internet Security / Single Sign on Tools

NetegritySiteminder 4.1/5.1/5.5 , RSA ClearTrust 5.0/ 6.0

Enterprise Application Servers / Middlewares, Webservers, Messaging Systems, Brokers

IBM Websphere Commerce Server, IBM Websphere Application Server, Iplanet Application Server 4.2, BEA Weblogic Server, JBoss, Glassfish, Apache 1.3.XX, Tomcat 6.x, Netscape Enterprise Server4.5, Jrun 2.3/3.0/3.1/4.0, IBM HTTP Server, IBM MQSeries, IBM Message Broker

IT distributed systems design and architecture

Service Oriented Architectures, Web Services Architectures, message-oriented middleware, Common Object Request Broker Architecture CORBA , Active Directory Architecture

Project Management Tools Software

Microsoft Access, MS Excel Advanced , MS Word, Visio, MS Project, Project Wiki, financial worksheets.

Network Interface / Devices

Ethernet and token ring, Network Print file storage, Virtual server, Active Directory Forrest Tree set-up, One-way two way trust set up, certification authority design implementation, Generating Self signed certificates

Security Tools

Wireshark, Metasploit Framework 2.6, Password Cracking Tools: John the Ripper, Cain and Abel, Vulnerability Scanning: Nessus, Nmap 4.11, Netcat, arpwatch, Ethercap, Intrusion Detection Tools: Snort, OSSEC Networking Protocols: TCP, UDP, HTTP, HTTPS, FTP Web penetration testing Tools: WebScarab, Ratproxy, WebInspect, Proxmon, Appscan Source code analysis: Findbugs, Fortify, FxCop, Ounce labs.

Quality Control, Change Management, Configuration management, Testing Requirements Management

HP LoadRunner 11i, Rational Jazz, HP Quality center, Rational Test Workbench, Rational Quality Manager, Rational Integration Tester, Rational Functional Tester, Rational Performance Tester, Requisite Pro, Requirements composer, Rational Clearquest, Rational Clearcase.

Project / Program Management specific skills:

  • Project Management: Expertise in applying project management practices based on PMI and non-PMI based approaches, to real world projects. IT management activities include Program management, subproject implementation, working with PMO Project management office , working with project life cycles, managing standards and regulations, implementing project integration management, managing project scope, project time management, project cost management, project quality management, Human Resources management, communication management, project risk management, project procurement management, strategic planning, capital planning and investment control, workforce planning, policy and standards development, resource management, knowledge management, architecture and infrastructure planning and management, auditing, and information security management. Plan, develop, and implement systems and IT policy and standard changes. I have managed projects in which systematic approaches Using requirements management software like Borland Starteam, Microsoft SharePoint, Status reporting Tracker SRT , Rational Requisite Pro were employed to eliciting, specifying and tracking requirements throughout the life cycle of a project, such as establishing and versioning baselines, ensuring customer approval, and facilitating traceability from inception through design, testing and deployment. I have extensive experience in researching and authoring risk management plans, which enhanced my knowledge to strategically and systematically develop risk management plans that coordinate business Risk Impact , plan and schedule development, resource requirement estimation, milestones and deliverable definition, activity monitoring, and accomplishment evaluation and reporting, financial Cost of mitigating risk vs. fixing risk , IT Controls and Procedures , and other risk areas focusing on business metrics such as enterprise program delivery As per security requirements , appropriations / revenue / savings / profit In terms of overall risk management of known, mitigated, unknown and residual risks , brand management analyzing risks which can directly impact overall corporate brand and/or which can impact speed of delivery especially Denial of Service, Cross site scripting, SQL injection and HTML tag injection based attacks .
  • My experience includes following PMI based practices for overall project life cycle management:Project Initiating experience includes: Select project manager, collect processes, procedures and historical information, divide large project into phases, identify stakeholders, develop project charter project scope statement.Project planning experience includes: Create WBS, activity list, Network diagram, resources requirements, Estimate cost and time, develop schedule budget, determine communication requirements, Risk identification analysis, prepare procurement document, develop PM plan and performance measurement baselines, gain approvals and hold kickoff meetings. Project executing experience includes: Acquire final teams, execute PM plan, complete project scope, and follow processes.Monitoring Controlling: Measure against performance measurement baseline, scope verification, configuration management, quality control, risk audits, use issue logs, administer contracts.Closing: Develop closure procedure, final performance reporting, index and archive records.
  • Major PM Responsibilities in all my projects include:1. Strategic and Tactical Planning 2. Financial Management 3. Strategic Communications 4. Performance Management 5. Program/Portfolio/Project Management 6. Intake/Task Management 7. Knowledge Management 8. Capital Investment Planning 9. Procurement and Logistics Coordination.

Professional Experience:

Confidential

  • Managing overall USPTO platform services branch. I am responsible for overall PAAS design, Architecture, system platform integration, R D, Project Portfolio Management of Patent, trademark, corporate and financial middleware projects.
  • I am responsible for Oracle Database middleware design and infrastructure, COTS IBM Websphere Application Server, IBM Websphere MQ, IBM Websphere Message Broker, Documentum, IBM Websphere Portal server, JBoss Portal Server, Alfresco, Pegasystem, Marklogic, Tivoli and OSS Open Source Software: JBoss, Tomcat, SOAPlatform, JBRMS, JBPMS, Apache, Fuse Source end-to-end integration and deployments in various environments including SIT, FQT, PVT and Production.
  • I am responsible for managing overall systems Security, Enterprise Architecture, SDLC, Change Management, Configuration Management, Middleware Project portfolio management, Budgeting, QA, Functional Testing, Integration testing, performance Testing and various performance benchmarks for existing and new Applications supported by enterprise platform. Complete SOA and ESB design and implementation.
  • I manage a team of 5 Employees and 27 contractors that provides 24 X 7 Middleware Platform support for 56 critical enterprise Applications.I am responsible for supporting all USPTO next generation applications by building state of the art robust, highly scalable and highly available middleware platform. Successfully leaded and implemented big database migration effort of 20 TB data from legacy Oracle 8i database to Oracle 11g R2 database.
  • I represent my team, in Change Control Board and various other Architectural and project management boards and meetings. Based on my initiative of consolidating and building collaborative infrastructure, I was able to bring annual software cost down by 2 million. I am responsible for managing overall annual budget of 35 million.
  • I received Special Acts Award, in recognition, for my Managerial and Technical services.
  • I am responsible for Write technical standards and guidelines for the technical functions that support system development, such as middleware system internals, performance and tuning, prototyping and target architecture. I serve as a key advisor to the USPTO executive management on mission critical IT programs initiatives.
  • I Develop and implement policies, procedures, and technical standards for the key process areas of the office to ensure timely, reliable, innovative, and cost effective access to USPTO information technology services and products.

Confidential

Sr. Applications Security Architect

  • Responsible for Architecting and building J2EE-JBoss based FinancialApplications as part of the shared services infrastructure and complete single sign on solution for more than 59 market and member regulation financial applications.
  • RSA Cleartrust Access manager, Peoplesoft SAP, Single sign on, Documentum, Oracle Middleware, JBoss, Oracle 11i R2, based clustered Middleware Enterprise Web shared services Architecture, Design, Development and Management for deployment of more than 59 internal and external high volume applications, with customer base of more than 100,000 users.
  • Overall J2EE systems Architecture, Design, Development, Integration, Testing, Maintenance, in High Availability, Scalable clustered complex environment based on Agile and SCRUM SDLC model.
  • Advanced project management methodologies to manage multiple projects, implementation and integration with legacy applications, capacity planning, requirements analysis, and budgeting, implementation and operations phases.

Confidential

  • ASCAP Application Security Certification Accreditation Program : Managed and implemented overall Application Security Program at FINRA. I developed this program based on widely accepted industry standards including NIST 800-53 Recommended Security Controls for Federal Information Systems and Organizations , 800-59 Guideline for Identifying an Information System as a National Security System based on based on DoD, NSA, FISMA guidelines guidelines for identifying systems with confidential PII information, 800-123 Server Security , SP 800-113 SSL VPNs , SP 800-94 Intrusion Detection and Prevention Systems , SP 800-86 Integrating Forensic Techniques into Incident Response , SP 800-83 Malware Incident Prevention and Handling , SP 800-57 Recommendation for Key Management Public-private key management . Information Security compliance experience includes SEC Securities and Exchange Commission compliance, SOX Sarbanes Oxley Compliance, FISMA Federal Information Security Management Act compliance, Managed interface with various Internal and External third party security auditors, with security audit practices based on ISC2, GAO FISCAM and Inspector General IG . Specific federal government enterprise architecture knowledgebase includes Knowledge of the Federal Enterprise Architecture FEA and the DoD Enterprise Architecture framework SIPR, NIPR and Joint Worldwide Intelligence Communications Systems JWICS networks , and the IT rules and regulatory authorities to develop and implement policies and planning concepts, and project management methods.
  • CISP NISP Corporate Network Information Security Programs : Corporate wide security program portfolio management with the key objective of Safeguarding the confidentiality, integrity, and availability of information systems, networks, and data including planning for Application Security Plan and policy development, Security training program development For e.g. security training Coding best practices, application security Assessment methodologies, OWASP top 10 vulnerabilities and Risk assessment portal and Handling third party software component vulnerabilities , Security Certification accreditation of all FINRA applications, security auditing, scheduling and implementing security certification tasks, training program for the development teams on various secure coding practices, supervise subordinate IT staff, direct, train mentor various teams on security programs. Strategic planning with senior management for benefit of the overall project portfolio ASP, EWS, NSP, Shared services and CIS programs . I am heavily involved with communication management including Ability to communicate orally and in writing as demonstrated by technical analysis of complex computing and/or network issues, writing technical reports, writing security plans and other security documentation, producing project briefings independently, providing inter-department presentations on various security policies, procedures, guidelines and standards. Program wide financial planning to keep the project costs on track and making sure adequate funding was available for the year around tasks in order to meet the departmental / technology goals. I Managed and directed overall network security program, Protected assured compliance of all FINRA Networks Information systems, Active Directory security infrastructure implementation, SFTP, SSH, SSL, VPN security architecture risk review, remediation suggestions and implementation, provided expert guidance on corporate wide Blackberry infrastructure implementation and security policies development, Encryption technologies implementation at various levels: application level source code encryption based on JASYPT APIs, network layer encryption using PGP, LAN crypt, database encryption and confidential information obfuscation using Voltage product. Implement programs to protect core high risk Applications from malicious users Internal external via making use of state-of-art tools technologies Nessus scans, wireshark, RSA Web application firewall, Bindview compliance, Fortify Source code scanner, WebInspect Appscan penetration testing solution etc. . My Major responsibilities also included developing information security policies and standards based on NIST and FISMA guideline to fulfill all compliance security requirements, QA / QC reviews of all network infrastructure implementations LAN / WAN, wireless, video, conferencing systems, routers, hubs, firewalls . Laying out security requirements based on Data sensitivity and User domain of applications. Complete systems / application security assessments based on: Threat Modeling analysis, abuse case analysis, Data sensitivity analysis, database security assessment, source code analysis, web penetration testing, Network Architecture assessment, Firewall network assessment, Operating systems compliance assessment, Webservers and application servers Apache, Tomcat, IBM Websphere, Weblogic, JBoss, SunOne hardening based on industry best practices standards. I am also leading information security incident response committee at FINRA, where I am responsible for complete incident response process planning and implementation based on NIST SP 800-86 standards FS-ISAC standards. I have recently handled Secure FTP and SQL Injection based incidents, where I presented complete risk and exploit summary using information flow diagrams showing all layers of network / data flow Internet, ISN Firewall, DMZ firewall, load balancer, SFTP server, Network access storage and file permissions, along with proposed solution and helped application team implement the proposed solution to safeguard confidential data from unauthorized access from certain third parties.

Confidential

Partner

  • Responsible for Architecting and building J2EE based Health Care Enterprise Application as part of new electronic health records legislation.
  • Maintain and further develop a core part of the Global Acute Clinical software called medManage. Worked as part of a small and agile team to design and develop early clinical informatics development efforts, by establishing business requirements, service and knowledge oriented architectures with execution of rapid prototypes.
  • Complete J2EE based Application Development.
  • XML integration with Java, Websphere Application Server, Message Queue and Message broker for XML transformation.

Confidential

Sr. Enterprise Solutions Architect

  • Complete J2EE- Websphere based portal development product with AP engine deploys on top of Websphere. British Telecom already had Siteminder based Single Sign On SSO process, my major responsibilities included complete platformArchitecture for Websphere SAP with NetegritySiteminder in dual mode with Oracle9i and LDAP.
  • Perform requirements analysis, create Functional Design specs, and manage Websphere Siteminder 5.1 Infrastructure integration Architecture. Major tasks include setting up of various Commerce server components as per BT's requirements which include Member subsystem, Catalog subsystem, Trading subsystem, Order subsystem, Marketing subsystem, Inventory subsystem, Payment subsystem, Messaging subsystem integration MQSeries .
  • Complete J2EE- CORBA-based product with AP engine deploys on top of Websphere Application server Websphere Integrate. Product enables providers Biotech, financial, insurance to quickly enable their fulfillment, ordering and catalog processes by use of complex infrastructure containing Versata business workflows, SAP, Vignette story server, EJBs, J2EE framework, Oracle 9i.
  • Complete J2EE design patterns based product design and development. Based on company objectives.
  • Set up procedures for data acquisition from various data sources to System specific XML schema, Configuration of Server Manager Trigger tasks.
  • Managed a team of programmers for each projected completed full life cycle from pre-design studies to turnkey delivery and production support.

Environment: Websphere, JBoss, Tomcat, J2EE, Oracle,Siteminder, Versata, Pegasystem,Unix, Solaris, LDAP.

Confidential

Sr. Enterprise Solutions Architect KPMG Management Consultant

  • Complete security and enterprise infrastructure set-up.
  • Portal design development for Nike's E-commerce and B2B reseller portal using Vignette Epicentric Portal Server.
  • Design Integration of Websphere Application server using advanced NSAPI plugins with Nike's legacy database.
  • Vignette's mixed mode installation with oracle and LDAP and single sign on with session management by Siteminder.
  • Application development included reseller personalization and product catalog management components for online JSP, EJB and offline JFC-Swing, EJB modes, Content management system by Vignette story server.
  • Complete application design and infrastructure set-up for various enterprise wide components like Siteminder, Vignette, Websphere portal server, Websphere Application Server, Oracle Netscape web server.

Environment: Websphere, Siteminder5.0, EJB, Websphere Portal, Sun Solaris, Active DirectoryLDAP.

Confidential

  • Complete Reseller Portal design development for IngramMicro's business partners and sub resellers using IBM Websphere Portal Server.
  • Complete Reseller Portal design development for IngramMicro's business partners and sub resellers using IBM Websphere Portal Server.
  • Websphere Portal clustering set-up on Solaris/Unix environment.
  • Technical Lead of custom component development team for all the major modules.
  • Complete XML parsing design using SAX and DOM parsing, XPath, XLink and XSLT transformations using Apache Xerces, Xalan API's.
  • Design and Development of variouscontent managementmodules including Catalog pricing, Registration, Online ordering and buying, Pre-order and Post-order Management, Order status, End-user registration and Comparison of prices, reseller Maps etc using Vignette Story Server 5.0. Development of Vignette templates using TCL/TK.

Environment: Websphere, Siteminder5.0, EJB, Epicentric Portal server, Solaris, NT.

Confidential

Sr. Software Engineer Solutions Consultant

  • Misys's Screentrade product offers competitive quotes from various insurers, compares features of various products from different insurers and presents best quote available for Home, Auto and Travel Insurance. System was completely based on J2EE architecture on Websphere infrastructure.
  • Being Technical Lead, my job responsibilities included, Design and Development of Home and Travel Insurance modules, Developing EJBs JSPs for Home and Travel Insurance Module. Installation and Configuration of Websphere,Jrun 2.3, Struts framework on Solaris and windows NT. Implemented Payment Gateway interface Designed and developed Insurance Quote Engine.

Confidential

  • Developed E-Commerce modules for http://www.eniit.com, a virtual store and an e-commerce site based at NIIT USA, aims at selling NIIT's CBT products to the global market through the web.
  • Responsible for the complete EJB's, Java component's deployment over Websphere Application server
  • Development ofshopping cart, Product Catalog and Order Handling modules using Struts technology.
  • Responsible for doing impact analysis on the site for changes in design of site and incorporating the changes required.

Confidential

  • This project for Financial Times involved Content management system integration with individual databases. Centralized individual customer account management system, personalization, and portfolio summary and portfolio management. My major responsibilities also included day to day interactions with financial customers and corporate clients, giving me major exposure to overall customer satisfaction and customer relationship management.
  • Being System integrator and Sr. Java developer my role involved design and analysis of all the financial modules, Writing servlets, Jsps and various java components for the overall integration of this financial website.

Confidential

Java Programmer

  • Design and Development of complete internal organizational intranet for Hero Honda Motors Limited. User interface development using JSP, Servlet. Desktop application development using JFC-Swing.
  • Responsible for design development of following Modules Employee Login, Employee data and Conference room scheduling.

Hire Now