SUMMARY:

• Total 6+ years of experience in Information Technology, Experience as architecture in Installation, configuration, design, development, testing and implementing architecture of enterprise - wide security applications using CA IDM, CA SiteMinder, PingFederate, PingAccess, Involved in the upgrade of PingFederate 6.0 to 8.0 and 8.0 to 9.0/10, PingAccess 4.0 to 5.0 and 6.0.
• Experienced in installing, configuring SiteMinder policy servers, Web agents, Web Agent Option Packs, Secure Proxy servers, PingFederate, PingAccess, ODSEE 11g server (LDAP) and various Web & Application servers on Multiple platforms like windows.
• Experienced in installation and configuration of PingAccess Policy Servers and PingAccess Agents.
• Involved in vendor evaluations for Multi Factor Authentication (MFA).
• Worked on all the PingFederate OAUTH grant types to get the access token to access the protected API. Supported development with integration of Mobile Apps using OAuth/SAML in PingFederate.
• Experienced in implementing the SiteMinder solution to support Tokenized ID’s
• Research, evaluate, design, test, recommend, and plan implementation of new and/or improved information security with a focus on SSO and MFA with consumers, caregivers, vendors and partners.
• Experience in designing Agents, SLA, Correspondence, HTML and Validation rules.
• Solid understanding of Identity Access Management architecture and exposure to entire features of CA SiteMinder, PingFederate and Azure.
• Experienced in PingAccess Integration with PingFederate to protect the applications using PingAccess Tokens.
• Support Single Sign-On using Active Directory Federation Services with Multifactor Authentication
• Experienced in architecture implementing OAuth & OpenID Solutions using PingFederate. Worked on PingFederate to allow users to perform single sign - on with other third-party applications.
• Experience with Flow Actions, Agents, SLA, Correspondence, PRPC Security, Reports, Listeners (File, MQ), Connectors and Services.
• Collaborated with Application Control Assessment (IAM), Vendor Risk Management, Infrastructure Control Assessment (KPI), Privacy Assessment, Cyber Security (Burp Suite), and Business Logic Assessment.
• Experienced in implementing OAuth & OpenID Solutions using PingFederate.
• Worked on PingFederate to allow users to perform single sign - on with other third-party applications.
• Deployed PingFederate as both Engine and Console servers.
• Experienced in performance testing the Ping Engine servers depending on the min and max threads, depending on that we used to scale the number of engine servers per cluster.
• Active Directory Federation Services (ADFS), SAML, web Single Sign-on (SSO), related authentication technologies.
• Experienced on application configuration with PingAccess and defining PingAccess Sites, Site Authenticators, Virtual hosts, Policies and Rules.
• Experience in Active Directory assist in design and changes to Group Policy. Also familiar with Active Directory Federation Services (ADFS).
• Experienced in configuration of PingAccess both as Proxy Gateway to decode the JWT tokens, and also by installing the agent on application server to communicate with PingFederate server.
• Experienced in SAML based authentication 1.1 and 2.0 using PingFederate, SiteMinder Federation and integrate with SiteMinder authentication and another adapter.
• Protected Restful API’s using OAuth in PingFederate so that it can be accessed only with Access Tokens.
• Experienced in installing PingFederate on both Linux and Windows Platform
• Created SP/IdP connections using PingFederate with external partners.

TECHNICAL SKILLS:

Single SignOn: Ping Access 3.0/4.0, PingFederate 7.0/8.0/9.0/10, SiteMinder R12 SP2, SP3 / R6 SP1, SP2, SP4, SP5, SP6 /5.5 Webagent 4.x,5.x,6.x,12.x, APS 4.0,Okta, MFA, SAP Agents 5.6/12 and Session Linker r12

Directory Server: Netscape Directory Servers 4.x, SunOne/iPlanet server 5.x,6.x MS Active Directory, Oracle Directory Server 11g, OUD 11g and I Planet meta Directory Server 5.x., ADFS

Servers: IBM WebSphere, SunOne/iPlanet Webserver, BEA WebLogic, JBoss, SunOne application server, IIS, Apache and Apache tomcat

Databases: Oracle, SQL, MySQL and MS SQL Server

PROFESSIONAL EXPERIENCE:

IAM Engineer

Confidential

Responsibilities:

• Participated extensively in designing application alongside developers which involves setting up Access groups, Access Roles, Operators, Application ID, Work groups, Work basket and SLA rules.
• Involved in working on PingFederate, configuration of Identity Provider and Service Provider and troubleshooting various issues regarding Authentication Request, SAML token and provided solutions for complex application using SiteMinder and PingFederate.
• Protected multiple applications both web based, and API based using PingAccess and PingFederate.
• Creating and managing application integrations for identify and access management. Having Experience of Creating conditional Access policies Multifactor authentication (MFA), Resetting MFA and Resolving the MFA issues.
• Worked on ping central to create standardized OAuth, OIDC, and SAML SP templates based on best-practice configurations.
• Worked on moving around 50 applications from OAM to PingAccess 4.0 to 5.0 and 6.0. Implemented lot of other custom features with SecureAuth like Post authentication for custom attributes and also implementing geo-location.
• Implementation architecting Access control, MFA, PingFederate. Creating Active directory (cloud) for app services in azure management portal using RBAC other protocols.
• Worked on OAuth Integration using PingFederate and PingAccess and implementing Federation SAML services to SSO into third-party vendors.
• Customizing and branding of SailPoint solution.
• Designed and Developed SLA (Service level Agreements) as per Business requirements.
• Worked on Token Generator and Token Processor to establish a connection between two web services from different Enterprises and PingAccess and JWT tokens to authenticate the user using PingFederate.
• Installation and configuration of PingAccess.
• Experience in doing Web service federation (WS-Fed) between two web services’ using SAML and by creating connection between the two soap Service clients.
• Designed KPI monitoring & reporting framework to measure service providers’ quality, adherence to company processes & value-ad.
• Migrated around 100 applications to use the new solution which offers the users with Kerberos Authentication internally and the Forms based authentication externally using PingFederate 9.2.
• Integrated Ping Access with PingFederate servers to authenticate using custom Adapters.
• Provides guidance on the development of metrics, KPI s, and reports needed to measure the health and status of services.
• Setup Daily, Weekly, Monthly Backups and check failovers.
• Integrated OAuth with PingFederate to protect RESTful API's.
• Developed custom PingAgent using Ping SDK and Implemented SAML Protection with Digital Signature and configured PingFederate clusters and configured PingOne desktop for cloud based SSO.
• Worked on moving around 50 applications from OAM to PingAccess.
• Implemented OAuth to access the protected API with Access Token by using Different OAuth Grant types.
• Integrated PingAccess with PingFederate System to get authenticated by PingFederate and Authorized by PingAccess Servers using the Access Control Lists.
• Met with SSO/MFA service providers (CyberArk, IdenityX, SecurAuth, and Okta. PingOne, etc.) security teams discussing cloud/on-premise solution, security requirement, authentication options, application installation, and integration points.
• Assisted developers with integration of Mobile Apps using OAuth/SAML in PingFederate.
• Created Linux/Windows virtual environments installing POC applications, LDAP directory services, databases (Oracle/SQL, MySQL), and Web Services (IIS, Apache). AWS (IaaS, PaaS, SaaS) infrastructure design.
• Worked on PingFederate Clustering so that we can have multiple Engine servers to serve the requests in parallel and single admin server for a cluster.
• Installed and configured SiteMinder policy servers and policy stores to utilize MS SQL Database as policy store and ADLDS as the user store.
• Worked on Custom Authentication Schemes in PingFederate based on Business needs.
• Designed, deployed, and supported highly available and scalable PingFederate infrastructure in on premise that provides single-sign-on (SSO) and federation solutions for internal/external access.
• Executed platform upgrades for PingFederate.
• Deliver provision for login issues, check log files, work with client and SAML Level 3 to find Root Cause Analysis of SSO problems, gather accurate useful information from end user for SSO/MFA issues
• Manage SSO and MFA server inventory and work with different teams to manage SSO servers, firewalls, storage, network etc.

Environment: Windows 2012 R2, RHEL 7.0, Ping Central, PingFederate 8.4,8.0,9.0,10 PingAccess 4.1, AD (LDAP) as User Store, SAML, MAF, OAuth, Oracle Database as Policy store, Apache Web Server, IBM Http Web Server., Azure, SSO

IAM Engineer

Confidential - San Francisco, CA

Responsibilities:

• Provided solutions for complex application using Site Minder and Ping federate.
• Worked on OAuth Integration using PingFederate and PingAccess and implementing Federation SAML services to SSO into third-party vendors.
• Hands-on configuration of SP MFA rules/policies, PingFederate SSO Connections, Private Clouds, and LDAP browsers.
• Experience in protected as architecture in all multiple applications both web based and API based using Ping Access and Ping Federate. Migrated login pages from Site Minder to ping and involved in building custom adapters for ping to analyze risk based transactions. Worked on OAuth Integration using PingFederate and PingAccess and implementing Federation SAML services to SSO into third-party vendors.
• Designed common framework for Single Sign-On implementation for partners using Ping Federate.
• Developed and customized configurations, Email templates, rules in SailPointIdentityIQ.
• Hands on experience with Apache, SunOne Web servers and WebLogic and WebSphere Application servers in Identity and access management environment
• Hands on experience on Ping federate, CA Single Sign-ON, CA Advance Authentication, and CA Secure Proxy Server.
• Installed and configured SiteMinder policy servers and policy stores to utilize MS SQL Database as policy store and ADLDS as the user store.
• Engagement with service owners and business owners and explain them about SAML and Multifactor authentication to protect their applications, and migrate all the users to MFA group to get MFA challenge from Azure AD.
• Implement REST classes using SailPoint Rest Application.
• Developed custom PingFederate adapters and PingFederate custom data source drivers using PingFederate Java SDK (IdpAuthenticationAdapterV2 / Custom Data Source Driver /Password Credential Validator).
• Use of rules for complex authorization scenarios and custom built adapters to handle complex authentication scenarios.
• Installed and Configured PingAccess to authenticate and authorize the users using Ping federation as token provider.
• Hands on experience in designing, deployment, implementation and architecture with Ping Access and PingFederate.
• Experiencing in Architecture Integrated SAAS applications, service now, and tableau, KLT with Azure production servers and AWS in Non-production. Experience with Ping Federate, SecureAuth and OAM Federation with SAML 2.0
• Creating as architect in Ping Federate with external partners. Implemented Single sign-on using the unbound id component to interact with the Customer LDAP. Provided solutions for complex application using SiteMinder and Ping federate.
• Used Ping API to deploy and create SAML changes. Architecture and implementation of Identity and Access Management (IAM) solution using Ping Federate, Risk-based 2-Factor Authentication (using RSA Adaptive Authentication) and OAuth 2.0.
• Experience with application configuration with Ping Access and defining Ping Access Sites, Site Authenticators, Rules, Virtual hosts, Policies and Rules
• Integrated BMC Remedy into sail point.
• Built a new IT Governance Team responsible for IT Audit, Service Management, KPI’s & DR / BCP planning, coordination and testing.
• Hands on experience in IAM requirement analysis, implementation of Access Gateways and SAML, OAuth, WSFed and OpenID based integrations using PingFederate.
• Architecture and implementation of Identity and Access Management (IAM) solution using Ping Federate, Risk-based 2-Factor Authentication (using RSA Adaptive Authentication) and OAuth 2.0.
• Enabled LDAP authentication for PingFederate Admin console and enabled SSO for Ping access admin console.
• Expertise in implementing SAML as both Identity Provider and Service Provider across multiple platforms Using PingFederate.
• Experience in SAML based authentication 1.1 and 2.0 using Ping Federation, SiteMinder Federation and integrate with SiteMinder authentication and adapter.
• Ping Federate Performance tuning for supporting heavy traffic.
• Implemented and Customized Manage Access and Manage Identity modules as per customer requirements in SailPoint IIQ.
• Creating SP/IdP connections using Ping Federate with external partners.
• Implemented Single sign-on using the unbound id component to interact with the Customer LDAP.
• Migrated SAML Based SSO partners from CA Single Sign-On federation to Ping Federate.
• Used Ping API to deploy and create SAML changes.
• Setup and maintain distributed IT systems including computational resources, servers, storage and net Involved in creating architecture patterns for SiteMinder to ping applications using SAML, OAUTH, Openid connect and ws-federation.
• Configured Network policy server (NPS) in Prod and Non Prod, and NPS extension with Azure tenant for MFA.
• Successfully established and tested Azure AD tenant for production. Provided technical direction to allow Active Directory on-Prem group to populate users.
• Active Directory Federation Services (ADFS),SAML, web Single Sign-on (SSO), related authentication technologies.
• Protected multiple applications both web based and API based using Ping Access and Ping Federate.
• Migrated login pages from SiteMinder to ping and involved in building custom adapters for ping to analyze risk based transactions.

Environment: Ping Federate 8.3, Ping Access 3.2, Novell Access Manager 4.2,4.3, SAML 2.0, SAML1.1, WS-FED, MFA, SAML, oAuth, SSO, OAuth2.0, MS SQL 2005/2008, Active Directory, Java, C#, PowerShell.

IAM Engineer

Confidential - New Jersey

Responsibilities:

• Installed and configured the LDAP Sun ONE Directory Server. Configured the multi master. Worked on Fine-tuning of Web agents and policy servers for optimized performance. Actively involved in the Requirement gathering for the enhancements to the existing project.
• Analysis and Implementation of the EJB code and making enhancements to the existing code. Installed, Configured and Maintained Policy Servers, Sun ONE Directory Server, Configured and maintained Policy Store, User stores and key stores in Sun ONE Directory Server.
• Created, Maintained Policy server objects Agents, Domains, Rules, Realms, Policies, and Responses. Intercept access requests for protected resources and work with the Policy Server to determine whether or not a user should have access.
• Integrated CA SiteMinder with CA Identity Manager12.5.Performed business logic tasks using BLTH and LAH API’s Experience in configuring SSO withPingAccessusing out of the box and custom developed authentication schemes.
• Installed and Configured CA SiteMinder 12.0, CA Identity Manager r12/12.5, Sun ONE LDAP Directory server 5.2/6.3, in Development, Break-fix, QA and Production environments on UNIX and Windows Platforms,
• Technical liaison with new business partners in the Federation protocol space - working with Ping Identity and Trustgenix. Implemented SAML server with Ping ID libs, (java & eclipse). Configured One View Monitor to monitor CA/Netegrity SiteMinder components like Policy Servers and Web Agents in both Production and Non-Production.
• Automated identity management tasks such as user provisioning and application access based on each user's relationship with and role within our organization using CA Identity Manager in both Production and Non-Production environments.
• Deployed Applications of various formats like WAR, JAR and EAR on Web Sphere Servers in both Production and Non-Production environments. Migrated SiteMinder Policy Server from version 6.0 to 12.0, Integrated CA SiteMinder with CA Identity Manager
• Implementing Access and Identity management for similar client on OAM/OIM using OUD as AD.
• Lead SQL DBA for IDM, Accounting, and Reporting (OBIEE/BIP) platform
• Installed and configured WebSphere Application Server 6.0 and deployed various applications on it. Responsible for troubleshooting various production issues and providing root cause analysis.