SUMMARY

• Over 21 years of IT experience and 13 years of Identity & Access Management experience.
• Over 10 years of extensive experience in Software Development including architecture, analysis, design, development, deployment and testing experience in B2C, B2B, Web Portal environments.
• Over 12 years’ experience in architecting and deploying Identity Management, Access Management, LDAP Directories, Single Sign - On (SSO), Provisioning & Approval Workflows, RBAC (Role-Based Access Control), Compliance and Auditing Technologies, Identity Federation, Enterprise System Architecture, Security Infrastructure Design, Authentication and Authorization technologies, as well as custom-built security and technology frameworks.
• Good analytical & technical skills combined with good communication & inter-personal skills.
• Skilled in working as Team Lead as well as Team member.
• Proven technical leadership skills include the ability to manage teams, earn the respect of its members, led by example, and thrive in an entrepreneurial environment.
• Fast learner and able to understand unfamiliar areas independently.
• Very easily adaptable to new systems and tools.
• Can clearly express technical information and concepts to a non-technical audience and vice versa.
• Persuasive verbal and written communication skills compliment a proven ability to multi-task, maintain an organized approach, and ensure success - even when faced with high-pressure or high-risk situations.

TECHNICAL SKILLS

Identity Management: Oracle Identity Manager 9x/10g/11g/11gR2, Sun Identity Manager, Novell Identity Manager 2.x/3.x, Novell DirXML 1.1a, Thor Xellerate 8.7.x

Access Management: CA SiteMinder, Oracle Access Manager 10g/11gR1/11gR2, Sun OpenSSO Enterprise 8.0, Sun Access Manager, RSA Access Manager (Cleartrust), Web Agents, Policy Servers

Identity Federation: RSA Federated Identity Manager 2.5/3.1, Netegrity SiteMinder Option Pack, CA Federation Manager R12, Oracle Identity Federation (OIF) 11g, PingFederate 5.3/6.0, Sun Federation Manager 7.0, Sun OpenSSO Enterprise 8.0

Directory Services: Novell eDirectory, Sun ONE Directory Server 5.2, Microsoft Active Directory, Oracle Internet Directory 10g/11g (OID), Oracle Virtual Directory 10g/11g (OVD)

Security Technologies: SAML 1.1/2.0, WS-Fed, OAuth, OpenID, WS-Security, Kerberos, PKI, LDAP, General Cryptography, and Federated Identity Management

Security Testing Tools: Tenable Nessus, IBM AppScan, nmap, snort, snoop, tcpdump Web/Internet

Technologies: ASP, ASP.NET, ADO.NET, J2EE (JSP, Servlets, JDBC), XML, XSL, XSLT, XL-FO, SAX/DOM, HTML/ XHTML/DHTML, CSS, JavaScript, VBScript, C#, Perl CGI.

Web Servers: IIS4.0/5.0/6.0, Apache, Tomcat, SunOne WebServer

App Servers: Weblogic Server 5.0/6.0/8.1/9.2, Oracle Application Server, Sun Glassfish Server, IBM Websphere, JBoss, Apache Tomcat

Programming Lang.: Visual Basic 5.0/6.0, Java 1.4.2/1.5,1.6, PL/SQL, Unix Shell Scripts.

APIs: J2EE, J2SE, JDBC, JNDI, ODBC, Perl CLI for Netegrity SiteMinder, Java SDK for Netegrity SiteMinder, Novell NDK for eDirectory, Oracle Identity Manager API

Standards: HTML, CSS, XML, SOAP, XSLT, XPath, LDAP, DOM, HTTP, PDF, UML

Dev Tools/IDE: Eclipse 3.2, Microsoft Visio, Microsoft Project, Oracle JDeveloper, Microsoft Visual Studio 6.0, Microsoft Visual Studio .NET, SQL Navigator, Quest TOAD, Allaire Homesite, Macromedia Dreamweaver, Microsoft Frontpage, Softerra LDAP Browser, Microsoft ADSI Edit

Databases: Oracle 10g/9i/8i, MS SQL Server 6.5/7.0/2000, MS Access.

Control Sys: Visual SourceSafe, Rational ClearCase, Stellent ECM, SVN

O/S: Windows XP/Vista/2000/2003, Linux, Sun Solaris

PROFESSIONAL EXPERIENCE

Confidential

Environment: Ping Federate, Ping Access, Ping ID, RSA Adaptive Authentication On Premise (AAOP), Novell eDirectory, Active Directory, Apache

Solutions Architect

Responsibilities:

• Architect/Design a new SSO infrastructure for external access using the Ping Identity components.
• Develop a custom Ping adapter that calculates a risk score for authentication based on the user’s location & device details. The adapter will call RSA AAOP web services with user device details in the payload and RSA returns a risk score. Based on this risk score the user will be challenged by a second factor which will challenge them with a one-time password that will be delivered using email, phone or SMS.
• Integrate SSO/TFA for 4 critical applications at 7-Eleven

Confidential

Environment: Oracle Managed Cloud Services, Oracle Access Manager 11gR2PS3, Oracle Internet Directory 11GR1, Oracle HTTP Server 11GR1, OAM WebGate 11gR2PS3, EBS AccessGate, EBS 12.1.3, LifeRay Portal, Shibboleth, Apache

Senior Security Architect

Responsibilities:

• Architect/Build a new SSO DEV infrastructure for on Oracle Managed Cloud (OMCS).
• Worked on a POC for multi-factor integration with DUO plugin for OTP.
• Set up federation scheme to authenticate to Liferay with OAM as an IdP. The federation scheme was set up as a 2FA authentication scheme with Forms authentication + DUO OTP
• Worked together with Stanford’s to implement & test uses cases for SSO, TFA, R12, Liferay.
• Integrate a sample mobile app for native authentication with Oracle Access Manager using OAuth API.
• Integrate a sample mobile app for Social authentication with Oracle Access Manager using OAuth API
• Provided detailed documents for all integrations that were deployed on OMCS

Confidential

Environment: Oracle Access Manager 11gR2PS3, Oracle Internet Directory 11GR1, Oracle HTTP Server 11GR1, OAM WebGate 11gR2PS3, EBS AccessGate, EBS 12.1.3, Oracle Webcenter Imaging, Oracle Discoverer

Senior Security Architect

Responsibilities:

• Architect/Build a new SSO infrastructure for high availability based on Oracle recommendations.
• Built an identical clone datacenter environment for failover using Oracle’s Multi Data Center (MDC) approach.
• Set up federation scheme to authenticate with R12, WCI & Discoverer with CoreLogic’s Ping Federate instance
• Assisted the PingOne team to expose these applications on the Cloud Desktop
• Worked together CoreLogic’s NetOps team to implement & test uses cases for failover & switchback between datacenters. Put together a DR runbook for failover/switchback operations.
• Design/Implement SSO integration for R12, WCI & Discoverer
• Worked with the InfoSec to remediate security vulnerabilities reported for the SSO components as well as server related vulnerabilities
• Provided detailed documents for all integrations that were deployed on TeamForge
• Played a key role in resolving issues with the SSO integration during QA which included CoreLogic users globally
• Provided training & mentoring to CoreLogic support team members

Confidential

Environment: Oracle Access Manager 11gR2PS3, ODSEE, Oracle Internet Directory 11GR1, Oracle HTTP Server 11Gr1/12c, OAM WebGate 10g/11gR2PS3, EBS AccessGate, EBS 12.1.3, SharePoint

Senior Security Architect

Responsibilities:

• Architect/Build a new SSO infrastructure for high availability based on Oracle recommendations. This architecture was reviewed by Oracle and certified
• Built an identical clone datacenter environment for failover using Oracle’s Multi Data Center (MDC) approach.
• Helped resolve firewall/clustering issues after the stack was migrated over to a private VLAN with restricted access
• Worked together with JPL’s Network engineer to implement & test uses cases for failover & switchback between datacenters. Typical failover/switchback times were under 5 minutes
• Design/Implement SSO integration for about 9 DEA ADF apps that were hosted in a mix of 11g & 12c ADF/WebLogic environments
• Worked on multiple POCs for SSO integration with SharePoint, consuming OAM OAuth tokens for authorization, Federation SSO for Django applications using pySAML, integration with JEMS (ColdFusion) application.
• Provided detailed documents for all integrations that were deployed on the JPL wiki site
• Played a key role in resolving issues with the EBS integration
• Provided training & mentoring to DEA support team members

Confidential

Environment: Oracle Access Manager 10g/11gR2PS2, Oracle Identity Manager 11gR1/11GR2PS2, SOA 11gR1, Oracle Internet Directory 10g/11GR1, Oracle HTTP Server 11Gr1, OAM WebGate, EBS AccessGate, EBS 12.2.3

Senior Security Architect

Responsibilities:

• Architect/Build a new SSO infrastructure with stable releases for the following IDM components OAM, OID, OIM, SOA, OHS
• Draft detailed requirements specifications for SSO and Provisioning use cases based on discussions with key business stakeholders at Activision
• Migrate existing SSO infrastructure to OAM 11gR2PS2 and the provisioning system to OIM 11gR2PS2
• Provide seamless (zero signon) for EBS R12 and SalesForce (ServiceDesk) for users in the Activision/Blizzard network
• Configure DIP Sync between Activision/Blizzard AD domains to populate users in OID for SSO
• Implement SSO for EBS R12 with OAM as SP and ADFS as IdP
• Implement SSO for ServiceDesk with OAM/ADFS as IdP and SalesForce as SP
• Implement a HA architecture for the entire stack with no single-point-of-failure.
• Provide DR guidelines and document the process.
• Provide support for Cut-over and Post GoLive activities

Confidential

Environment: Oracle Access Manager 11gR2PS2, Oracle Internet Directory 11GR1, Oracle HTTP Server 11Gr1, OAM WebGate, EBS AccessGate, EBS 12.1.3, Oracle WebCenter Portal

Solutions Architect - Oracle Fusion Middleware

Responsibilities:

• Provide a security assessment of the existing infrastructure and provide recommendations with regards to architecture, design, performance and high availability
• Design, architect, implement a new infrastructure for SSO and Provisioning with the following products OAM, OIM, SOA, OVD, OID on Linux
• Provide SSO integration for the Agency & Policy Holders portal with OAM.
• Provide SSO integration with OAM for OIM user identity console
• Design/Develop provisioning workflows for target systems like AD, MS Exchange, OID

Confidential

Environment: Oracle Access Manager 11gR2, Oracle Internet Directory 11GR1, Oracle HTTP Server 11Gr1, OAM WebGate, EBS AccessGate, EBS 12.1.3

Solutions Architect - Oracle Fusion Middleware

• Install/Configure IDM suite 11.1.1.6 and IAM suite 11GR2 on Test and Prod Environments
• Configure Federation SSO between the preferred authentication provider (eAuth which uses SiteMinder) and OAM
• Integrate EBS R12 for SSO with OAM using AccessGate
• Configure high-availability for IDM components & AccessGate
• Devised a detailed DR migration plan for Production

Confidential

Environment: Oracle Access Manager 11g, Oracle Internet Directory 11g, EBS R12.1.3

Responsibilities:

• Architect & Design an SSO infrastructure OAM, OID
• SSO enable users by synching their AD accounts in OID using DipSync
• Develop custom login page for SSO based on Dreamworks templates
• Provide SSO integration for EBS R12 using AccessGate with OAM
• Implement SSO for OBIEE
• Implement SSO for other home grown applications (DevNet, LOCUpdate & OPUS) at Dreamworks by using webgate/mod wl plugins
• Design Highly Availability for SSO infrastructure

Confidential

Environment: Oracle Access Manager 10g, Oracle Identity Federation 10g, Oracle Internet Directory 10g, EBS 11i, Oracle WebCenter Portal 11g

Solutions Architect - Oracle Fusion Middleware

Responsibilities:

• Architect an SSO solution using OAM/OVD/OID
• Integration WebCenter Portal with OAM 10g for SSO
• Implementaed federation SSO for SalesForce as SP with OIF 10g/OSSO IdP

Confidential

Environment: Oracle Access Manager 10g, Oracle WebCenter Portal

Solutions Architect - Oracle Fusion Middleware

Responsibilities:

• Provided a detailed security assessment report on the existing implementation. The report mainly focused on addressing performance issues as well as common security vulnerabilities
• Integrated WebCenter Portal for SSO with OAM 10g

Confidential

Environment: EBSR12 SSO with OAM 11g, OIM 11g

Solutions Architect - Oracle Fusion Middleware

Responsibilities:

• Provided architecture design for a highly available solution for EBS R12 SSO. Implemented SSO for EBS R12.1.3 using AccessGate
• Architecture lead on Oracle Identity Manager 11g (OIM) design and implementation Helped implement connectors to common IT systems such as Active Directory, Exchange, EBS R12, OID
• Architecture lead on Oracle Identity Manager 11g (OIM) design and implementation project
• Architected a clustered OIM implementation for high availability & failover.
• Helped implement connectors to common, commercial systems such as Active Directory, Exchange, EBS R12, OID and other custom applications running on a wide variety of technologies.
• Provided training and knowledge transfer to permanent staff on OIM

Confidential

Environment: Oracle Webcenter 11g, Oracle OAM 11g

Solutions Architect - Oracle Fusion Middleware

Responsibilities:

• Architected, designed and led the implementation for SSO for Oracle Webcenter Portal
• Integrated homegrown timesheet application for SSO in OAM 11g

Confidential, Pleasanton, CA

Environment: Windows 2003/2008 Server, Oracle Access Manager 10g, Venafi Director, OAM 11g, OID/OVD 11g

Oracle Fusion Middleware Engineer

Responsibilities:

• Worked on the Simple Cert Remediation project that involved consolidation of SSO application simple certs into Venafi Director for future monitoring
• Created an automated Java tool that provides a report of WebGates/AccessGates communicating with access servers and work with application teams on the import process in Venafi
• Worked on migrating SSO infrastructure to OAM 11g

Confidential, Folsom, CA

Environment: Windows 2003/2008 Server, CA SiteMinder R12/6.x, Radiant VDS, Microsoft ADFS 2.0, Microsoft SQL Server, SiteMinder SDK, CA Federation Manager R12, CA Secure Proxy Server, Windows Identity Foundation (WIF) Applications

SSO Engineer

Responsibilities:

• Analyzed existing SSO infrastructure and provided recommendations for performance enhancements.
• Worked on a POC for Federating to WIF applications using Claims Based Authentication and SiteMinder as an Identity Provider.
• Also completed a POC to provide Claims based Trust to SharePoint 2010 with SiteMinder acting as STS.
• Automated policy migration using XPS Tools, SiteMinder Perl CLI. Created a Perl CLI application to migrate SAML Service Provider(s) & WS-Fed Resource Partners.
• Also created a Java application for automated migration of policy domain objects.
• Worked on various Federation SSO (SAML/WS-Fed) implementations with Confidential Business Partners using a variety of SP endpoints such as OpenSSO, PingFederate, CA Federation Manager, OpenSAML, Microsoft ADFS, etc.
• Developed custom assertion plugins using SiteMinder Java SDK to pull in data from proprietary CPM Web Service