SUMMARY:

• 8+ Years of experience in building & supporting both Windows and Linux servers/environment.
• 8+ years of experience on VMware, ESX/ESXi, vSphere, vCenter Server, VMware View, High Availability (HA), Distributed Resource Scheduler (DRS), VMotion, P2V, V2V, VMware Update Manager, VMware Workstation.
• Experience in Middleware Security Product Administration. This includes extensive work in Installation, Configuration, Deployment, Administration, Trouble Shooting and Migrating of CA Site - Minder, Sun One Directory Server, Web security, network security, database systems, and Enterprise Document Management.
• Infrastructure (Server, Storage, and Database) discovery, design, build, and migration experience
• Advanced Knowledge in Microsoft 2008/2012 server, VMware Enterprise vSphere 6 or higher, Firewalls, ACL's, DMZ zones & TCP/IP networks
• Performed Requirements Gathering for a Proof of Concept to be implemented into their environment in development for CA IDM, CA Site-Minder and Microsoft Active Directory server.
• Experience in Replication, Chaining, Load Balancing and other Administration tasks involving Netegrity/CA Site-Minder Policy Server in both Production and Non-Production environments.
• Expertise in Developing, Configuration, Deployment, Troubleshooting and Management of Enterprise Applications for CA IDM, CA Site-Minder and CA e-trust Directory server.
• Solid understanding of Identity Access Management architecture and exposure to entire features of CA Site-Minder (Policy Servers & Web Agents), Ping-Federate 7.1.2 and later versions, Oracle Access Manager, ADFS.
• Implemented a single sign on authentication from Ping Federate Server and AD server .Users are generated on the fly using LDAP import with their corresponding role based access.
• Plays a leadership role for implementing infrastructure of new enterprise applications using technologies such as WebSphere, JBOSS, WebLogic or Tomcat (J2EE) app servers.
• Troubleshooting issues related to SSO, authentication and authorization, as well as troubleshooting LDAP issues.
• Ping Federate, ADFS, Ping Access.
• Worked as Load Balancing Engineer where I was part of load balancing team providing extensive support for various banking applications which are desktop and mobile.
• Worked in successful implementation of Single Sign On and Federation Solutions on Prod, QA and Dev environments.
• Worked on Single Sign On (SSO) to implement security polices and handle LDAP, Site-minder and Webserver on Solaris environment. Also in has scope for maintenance of RSA Secure ID.
• Worked on load balancing methods, SSL certs, persistence profiles, SNAT IPs, client/server profiles while configuring VIPs and customizing them as per the applications needs.

TECHNICAL SKILLS:

Operating Systems: x64/x86 RHEL 7.x/6/5, CentOS, Microsoft Windows 2012/ 2008 R2, Microsoft Windows 8.1, 7, and Windows XP

Office & Support Tools: MS Office 2000, 2003, 2007, 2010 & 2013. Open Office 3.0, Share Point Server Lync 2010, IIS 6.0 & 7.5, WSUS, SCOM, V-Motion, OCS Inventory, Power shell, Power cli scripting and Kayako Helpdesk Ticketing. Nimsoft Monitoring and Solar Winds, ASP.NET

LDA Directories: CA Directory 8 /12, Microsoft Active Directory and Sun One Directory Server, and Oracle Virtual Directory (OVD)

Identity Management: CA/Netegrity Site-Minder, CA/ Netegrity Identity Minder

J2EE App servers: JBoss 7, WildFly 9.x, WebSphere 8.x, WebLogic, Tomcat

Web Servers: Apache 2.x, ngnix, IIS, Confidential HTTP server, .Net framework

Backup Tools: Veaam Backup Manager5.0, Verities Net backup and Norton Ghost, SoapUI 5.0, CA Wily Introscope 8.2, Softerra LDAP.

DB Servers: Oracle 11g/12c, MS SQL server 2016/2012/2008 R2, PostgreSQL & MySQL

Virtual Environment: VMware vSphere ESXi Server 5.1, ESX 4.1, vFabric, VMware VCenter Server 5.5, Citrix Studio 7.5, Citrix receiver and MS Hyper-V

Remote Administration: Remote Desktop Connection, Microsoft Terminal Services, VNC, Telnet, Putty, LogMeIn and Team Viewer

Network & Security: TCP/IP, NetApps, DNS, WINS, NFS, NIS, DHCP, Symantec Endpoint Protection 12, McAfee, Kaspersky, Microsoft Security

Mail Server: MS Exchange 2013/2010/2007 & MS Outlook 2013/2010/2007 and 2003

Hardware: All Intel based Desktops & Laptops, Servers, Unified Computing System (UCS), Confidential ProLiant DL360 G7, BMC Blade, servers, Confidential HS-22 server, Confidential Scanners, CD/DVD Writers, Hubs, Switches, Bridges, CAT 5e cabling, Printers, Confidential PC and Compatibles

PROFESSIONAL EXPERIENCE:

Confidential, NJ

SAM Engineer

Responsibilities:

• Working on Firstnet Project, providing SSO and security to the application, Migrated application from ISAM7 to ISAM 9.
• Worked with SAML 2.0, OAuth and OpenID Connect.
• Configure WebSEAL/Reverse Proxy to use the Distributed Session Cache.
• Investigate and Resolve Confidential Security Access Manager ( ISAM ) v9 migration issues.
• Proficient in security enhancement like authentication and authorization using LDAP, ISAM Proxy, SAML, OAuth configuration.
• Solve issues with SSL junctions, Resolve incident tickets.
• Responsible for maintaining the health check for reverse proxy server on daily basis.
• Responsible for monitoring the logs for Confidential Security Access Manager on regular basis.
• Applying ISAM9 and LDAP fix packs.
• Created two types of SP/IDP instances for Token Gen Appliances and App Appliances.
• Configured Federation services as an Identity Provider and Service Provider for SSO.
• Provide support to ISAM functionalities such as fixes to custom code, maintaining Junctions, groups.
• Supported single sign-on authentication for our intranet and extranet applications.
• Responsible for maintaining the Open ID-Connect and Relying party which was running in a clustered environment.
• Created Polices based on the LDAP groups for Authorization purpose.
• Participate in team meetings along with technical lead to collect the requirements and decide the flow of the SSO.

Environment: Confidential Securtiy Access Manager (ISAM9), Open ID-Connect, Oauth, LDAP, DB2, SAML, TCP/SSL/HTTP.

IAM Engineer

Responsibilities:

• Web Access Management Re-platform ( Identity and Access management Modernization) project is multimillion dollar project initiated with a modernize Ameriprise identity and access management platform to support web, mobile and cloud applications. This project has 7-8 objectives where 99.99999% availability, reduce the product customization, and SOA architecture are the main objectives.
• Involved in analyzing the end to end WAM requirements.
• Converted these requirements into proper Use-cases.
• Based on the project objectives and the requirements selected the CA Security tools as single vendor to meet one of the project objective. Integrated multiple external vendor applications to ADFS 2.0 in order to enable seamless SSO capabilities
• Some of high-level requirements involved in implementing the Multifactor Authentication, Mobile Application security, API security, Cloud security, User provisioning and Session management.
• Integrated multiple external vendor applications to ADFS 2.0 in order to enable seamless SSO capabilities .
• Created various decision documents from selecting the products to finalizing the designs where the crucial decisions are needed.
• Involved in getting together all teams to finalize the decisions to eliminate the roadblocks.
• Created Reference Architectures (RAs) for API security, Web application security and Identity Management.
• Extensively involved in datacenter design and created the Active-Passive datacenter blueprint.
• Worked on the creating the datacenter security and implemented the network security patterns.
• Created all servers Technical Placement Diagrams (TPD) and overall project Technical Impact Assessment (TIA) documents.
• Based on the requirements and the use cases created the high-level design documents
• Involved in creating the datacenter design to achieve high availability.
• Evaluated Active-Active, Active-Passive, and triple Active datacenter designs and came up with optimal and sub-optimal datacenter designs to achieve current and future needs.
• Created high-level designs for web, mobile and cloud application security.
• Used all the CA tools CA SSO, CA Access Gateway (SPS), CA Advanced Auth (Strong Auth and Risk Auth), CA IDM, CA Directory, and CA API gateway and Mobile API gateway.
• Created the API security designs using CA API gateway.
• Created the design to utilize APIs of CA AA, CA SSO, CA IDM TEWS calls and created the use-case flows at API gateway to give single interface for Web and Mobile applications to use.
• Created the migration strategy from existing components like Confidential ISIM to CA IDM and OAAM to CA AA.
• Created the designs for Co-existence of Legacy and New WAM environments.
• Involved in deploying the IDM, CA IPI gateway, CA SSO on all the environments Dev to PROD.
• Created the custom Help-Desk portal instead of the CA Portal using the CA IDM TEWS SOAP services converted to REST services using API gateway.
• Deploy Active Directory 2016 domain controllers and connect to Azur. Manage Active Directory users, groups, access, GPO and Organizational Units.
• Designed the user migration from Oracle Enterprise Directory to CA directory.
• Involved in creating the Application migration road map from Legacy to New WAM.
• Involved in creating component wise Low level designs to solve the MFA, SSO, new user registration, user self-services, mobile security use-cases.
• Involved in executing POC with all the CA components mainly with CA Advanced Auth and CA API gateway.

Environment: /Tools: CA siteminder 12.52/12.6, CA SPS, CA API Gateway and Mobile API Gateway, CA IDM, CA Advanced Authentication ( CA Strong Auth and CA Risk Auth) Apache, OAAM, Tomcat 6, Web agent 12.52 CR01, ADFS, Red Hat Linux, Windows 2003/2008/2012, F5 load balancing server, F5 APM module, Java/JDK 1.6, J2EE, JSP, shell scripting, Windows 7, Eclipse, log4j. IdentityPing one.

Ping federate

Responsibilities:

• Integrated Site minder and Pingfederate using Coreblox token translator to bridge the SSO gap between applications protected on either system.
• Implemented OAuth & OpenID Solutions using PingFederate .
• Involved in migrating Siteminder to Pingfederate.
• Configured and supported SAML based Identity & Service Provider connections with several SaaS Partners.
• Performed POC for Ping Access Authentication Solutions.
• Created SP/IDP connections using Ping Federate with external partners.
• Implemented SAML Protection with Digital Signature.
• Deployed Ping One in Cloud and integrated with Ping federate on premise.
• Assisted developers with integration of Mobile Apps using OAuth/WS-Trust in Pingfederate.
• Developed shell scripts for backing up current setup and upgrading between different Pingfederate versions.
• Developed custom Ping Agent using Ping SDK.
• Worked on Single Sign On (SSO) to implement security polices and handle LDAP, Siteminder and Webserver on Solaris environment. Also in has scope for maintenance of RSA SecurID.
• Worked on load balancing methods, SSL certs, persistence profiles, SNAT IPs, client/server profiles while configuring VIPs and customizing them as per the applications needs.
• Deployed Policy Agents across different HTTP and application servers: Apache, JBoss, Jetty, Tomcat.
• Acts as lead liaison between IAM development group and core business units to design, develop, configure and implement new systems and enhancements of existing systems for Identity and AccessManagement implementation team
• Formulates and defines systems scope and objectives based on both stakeholder needs and a thorough understanding of business systems and industry requirements

Environment: Ping-federate 7.x,PingFederate 8.x, SAML 2.0, SAML1.1, WS-FED, OAuth2.0, Active Directory, Java, C#, Power-Shell, Oracle DSEE 11g, Web Agents, Oracle LDAP Directory Server 11.0g, Confidential Web-Sphere, SQL Server, HTML, SQL, MS Visual.

Site-Minder / Identity Minder Engineer

Responsibilities:

• Windows 2008 R2 & Cent OS servers, configuration and Hardening checklist.
• Maintain full Identity Management systems
• Responsible for all development and implementation of CA-IDM, CA-Site Minder, e-Trust Directory.
• Performed reconciliation across 3 tiers (SAP HR - IDM - AD)
• Created Self Service and Bulk Load Tasks.
• Implemented SAML 1.1 based SSO using Web logic Server as the Identity Provider and a Ping Federate as the Service Provider.
• Workforce and Client identity management system
• Created Domains, Realms, Rules, Responses and Policies.
• Created ACO, HCO, User Directory for LDAP and AD.
• Installed and configured Web Agents on Linux and Windows.
• Executed platform upgrades for Ping Federate.
• Installation and configuration of Ping Access.
• Integrated Ping (both Ping Federate and Ping Access)
• Installation and configuration of Agent and Agent less plug-in in Ping Federate on different Web servers.
• Automating J2EE application deployments in Dev, QA, Pre-prod and Prod environments using build tools like ant, Maven & continuous integration tools like Hudson/Jenkins and Nexus repo.
• VM Ware administration of ESX servers, Configuration of VM Servers
• Creation of OS and application VM templates for deployment. And also finalizing ESX deployment specs (Network, Storage, and Security), ESX deployment documentation, Virtual Center deployment documentation and Farm Distribution.
• Worked on load balancing methods, SSL certs, persistence profiles, SNAT IPs, client/server profiles while configuring VIPs and customizing them as per the applications needs.
• Provided complete L3 support for VMware virtual infrastructures.
• Provide testing direction and support for System’s applications and environments.
• Enterprise Systems Domain administration and providing second and third level support for Domain users.
• Creating deployment documents (Runbooks) for different server types and Tier 3 products.

Environment: Windows 2008/2003/XP, Red Hat Linux, LDAP, PingFederate 7.x, Microsoft IIS Webserver, ColdFusion, .Net Framework 1.1, 2.0 and 3.0, F5 Load balancer, Big IP, Microsoft Clustering, ISAPI filters, Microsoft SharePoint server, Active directory services, SQL 2008/2005, Oracle 11g/10g, TCP/IP, VMware ESX 2.x and 3.x, Confidential Insight Manager, Microsoft Operations Manager 2005, Site core Content Management server, SAN, NAS, CRM, Confidential, Compaq and Dell Servers, Confidential Virtual Connect Module.

Web/ Security Consultant

Responsibilities:

• Worked for VMS project.
• Created and maintenance of VM Server
• VM Ware 4.1 and V-Sphere 5.1
• Server2003, Server2008 R2 and Server 2012.
• Hyper- V configuration and support.
• Hyper- V client configuration and support.
• Migration of the servers on Hyper- V.
• Analyze current network layout, services and resources to determine required access.
• Determine user roles and responsibilities, classifying like users into groups to ease maintenance and rule implementations controlling access to resources appropriate to user and group classifications.
• Troubleshooting Web Agent and Site-Minder Policy Server issues.
• Created Domains, Realms, Rules, Responses and Policies.
• Created ACO, HCO, User Directory for LDAP and AD.
• Successfully executed P2V Project involving virtual environment of over 50 physical machines; it solved space and power capacity constraint at Data Centre Provided complete L3 support for VMware virtual infrastructures.
• Provisioning new servers, imaging; handling other daily routines; leading new deployments from systems perspective by coordinating internal resources; performing systems backups and restore procedures.
• Handling the complete installation, configuration & maintenance of Microsoft Windows Servers; designing the Backup Strategy for sites and ensuring scheduled/unscheduled Backups as per backup plan and restoration; managing Server, Domain, AD, User Rights, etc…
• Active Directory and Group Policy Management.
• Configuration of IIS 7.0
• Installations of Web Applications on IIS servers
• Security, health, management and performance features.
• Windows System Center Configuration Management Server
• Microsoft System Center Operations Manager

Environment: Windows 2012/2008/2000/ win7/XP, Red Hat Enterprise Linux 6/5, VMware VSphere, AWS, LDAP, Active Directory, Routing, Switching, Ethernet to Gigabit Ethernet, Cisco ASA5200 Firewall, EMC SAN, NAS, J2EE Application Servers ( Confidential Web-Sphere, JBOSS, Web-Logic server, Oracle Application Server, Net-Weaver Application Server and Apache Tomcat server), Database (Oracle, SQL 2012/2008/2005, Confidential DB2 9.x, MySQL). Applications (JDK 1.x, J2EE apps), Web Server ( MS IIS, Apache, ColdFusion and Confidential http server) Data Junction, Confidential Rational Application Developer IDE, Confidential Congo’s 10.x/8, Kettle, Load runner, Confidential Rational Software Architect, Subversion., VMware.

Security Consultant/Engineer

Responsibilities:

• Involved in the Analysis, Design, development, Installations, Configurations, upgrades and deployment
• Site-Minder was setup to protect multiple web and application servers of different flavors.
• Analyzing Site-Minder server logs and identifying problems with authentication and authorization.
• Identity Minder was configured to work with multiple authoritative sources and provision users to various end-systems across six different sub-organizations. This included a multi-domain Active Directory infrastructure.
• Installed, configured and administer Sun One LDAP Directory and Site-Minder Policy Servers.
• Involved in the project to implement the Single Sign-On starting from development phase till production go live. Work with responsible team to understand the requirements of a new SSO project then design and implement the same.
• Setup of New SSO environment.
• Created Realms, Rules, Policies and Responses for protecting applications to work under single sign on environment. Implemented password policies for all the applications using Site-Minder.
• Upgraded Netegrity Site-Minder from 5.0 to 6.0 Installed and configured Site-Minder Policy Servers.
• Created Site-Minder Agents for Federated Authentication and Authorization with partner sites.
• Responds to direct questions from IT and business Management on the effects of emerging technologies on product development and business directions.
• Assisted load-testing team by Monitoring Policy Servers during load tests. Provide application support for the Netegrity Site-Minder.
• Work with team on the daily problem resolutions and on the escalated issues for user administration.
• Documented, designed and implemented the Wellness Check URL’s to verify the application code on Pre Deployment basis with SSO.
• Responsible for Site-Minder, Web Servers and Application Server Production Support and Trouble Shooting.