SUMMARY:

Versatile, dedicated, and reliable in information security manager, access management. Identity management, provisioning and deprovisioning, identity controls, privilege access management with experience leading a cross - functional teams in an identity and access management environment Knowledge of NIST 800 and RMF. Highly trained in all aspects of IT management, including cybersecurity & incident management, operations, policy, asset accountability, customer service, and projects. Effective communicator with exceptional leadership, management, supervisory, training, intercultural understanding, and interpersonal skills. A dept in aligning operations with short and long-range organizational objectives, leveraging operational, logistical, financial, and personnel management expertise to deliver measurable performance improvements, cost-savings, and regulatory compliance. Troubleshooting, Multitasking, Quick learner, Assessing and solving problems

TECHNICAL SKILLS:

Platforms: Oracle Solaris 10, Solaris 11, CentOS, Red Hat Enterprise Linux 6, FedoraX86/X64 platforms, Windows 2003, 2008, 2011 Server, Win XP

Hardware: Sun SPARC (Sun Netra Servers, Sunfire V240, V440, V490, V880, V890, Sun SPARC Enterprise T2000, M3000), IBM (e-Server), HP (9000, ProLiant)

Languages: UNIX Shells (sh, csh, ksh, bash), Perl, PHP

Databases: Oracle, MySQL

Virtualization: Zones, KVM, LDOM, VMWare, Cloud computing

Applications: QAS (Quest Authentication Services), TPAM (Total Privilege Access (one Identity) Management). Identity and Access Manager (IAM) Ping federation(FSSO) Access management, Cosmo, IAM tool, server configuration manager (SCM) Citrix gateway. Enterprise Random password manager (ERPM ) BeyondTrust Privileged Identity, SAML, SSO, OAuth. MFA, Biometrics

PROFESSIONAL EXPERIENCE:

Confidential

Responsibilities:

• Identify issues within ERPM and solve accordingly
• Respond to access request from incident page and solve the problem as they arise
• Joining systems back to the domain
• Web application global delegation ( allows logon rights)
• Create and grant permissions to new groups and accounts
• Adding identities into ERPM
• Creating ERPM identities create a new client certificate without using an internal or a third-party certificate authority changing password in ERPM
• Create, check, delete and schedule jobs
• Setting up web application global delegation permission
• Trouble shooting ERPM connectivity/ user access/ password change jobs, vault account
• Pulling out PIM groups on ERPM
• Manage administrators password
• Defragmenting the database

Confidential

Lead Information System Security

Responsibilities:

• Responds to access requests generated from an Identity Management system and provisions access according to security policy and best practices.
• Serve as project leader to ensure timely completion of project tasks objectives.
• Define project objectives and define success measurements.
• Coordinate the transition from Project Development to Project Implementation to Project Completion.
• Creating application account for both Widows and Unix/Linux/AIX servers
• Provides technical expertise and support for access requests involving protection of UNIX / Linux and Active Directory Server based information
• Provisioning access with UNIX / Linux platforms, local server, and through Active Directory accounts.
• Understanding UNIX / Linux system administration and an understanding of groups, sudo, and SSH key management
• Prioritizing queue requests and manages customer expectations, dealing with escalations in an appropriate manner.
• Maintaining Active Directory objects
• Managing access on Windows servers and Windows workstations
• Using Incident and Change Management systems such as ServiceNow is desired.
• Troubleshooting access related issues
• Reviewing circumstances surrounding data security incidents and designing corrective actions and solutions

Confidential

Security Engineer / IAM

Responsibilities:

• Serves as an IAM subject matter expert.
• Recommends and implements Identity and Access strategies and solutions. Ensures that identity management processes and technologies are in alignment with business needs.
• Provides Identity and Access Management technical guidance to the customer in support of agency initiatives.
• Addresses business and technical issues involved in deploying, governing, and extending identity services.
• Support the installation, configuration, operation and maintenance of SailPoint IIQ
• Assist with requirements gathering and effort estimation for integrating applications with SailPoint IIQ
• Serves as a technical resource for assisting internal personnel and external entities to leverage the Identity and Access Management infrastructure.
• Develop and support IAM functionalities like Role Modeling, Role Based Access Control, Single Sign-On, and Identity Federation
• Develops, maintains and documents Identity Management standards and processes. Promotes the adoption of common identity standards, approaches and processes. Identifies areas for improvement, and escalates issues through the governance structure.
• Monitors compliance to identity requirements and policies.
• Create application documentation, drawings, how-to guides and other deliverables for both training and tool maintenance
• Coordinates relationships between providers of identity data and consumers. Ensures service levels are monitored and that issues are identified and escalated, as needed.
• Provides guidance on regulatory requirements, policies and best practices. Provides accounts management guidance and training to personnel.
• Manages IAM project implementation. Meets project deadlines. Develops and maintains documentation for the IAM project
• Actively contributes to inter-departmental and cross-functional working groups.
• Remains current and up-to-date on new developments related to security initiatives such as Homeland Security Presidential Directive 12 (HSPD12), Personal Identity Verification (PIV) cards, Common Access Cards (CAC), two factor authentication, and shared tokens.
• Define and Analyze system requirement
• Develop business case for security tools backup solution
• RPMS with Secure Telnet
• Remote Desktop Gateway solution for RDS with SSL
• Security Tools Stack implementation (develop Documentations for Backup solutions for all security tools in the environment
• Medical Device inventory/Develop business case for secure medical device on the network. Work with the Biomed to make sure all medical devices are properly networked and accounted for
• Manage File transfer for secure FTP
• Tenable Visio Subnet Verification

Confidential

Sr. Security Engineer

Responsibilities:

• Defined, designed and developed system requirements. Smart card
• Serve as project leader to ensure timely completion of project tasks objectives.
• Coordinate the transition from Project Development to Project Implementation to Project Completion.
• Organize Team Resources, including Steering Committees, Project Teams and Work Groups, as needed.
• Develop high-level project plan and achieve buy in on task responsibilities and timelines from the appropriate team members.
• Define communications, issue management and scope management strategy and achieve approval from the appropriate team members.
• Evaluate project risks and develop contingency plans, as appropriate.
• Define project objectives and define success measurements.
• Develop and communicate appropriate project documentation, including project overview, scope, team structure, status reports, issues management reports, change control reports, meeting notes, etc. as required and in a timely manner.
• Implementation plans, strategic plans, and project timeline diagrams.
• Ensure Approval of developed requirements and design.
• Develop detailed project plan.
• Coordinate both execution and monitoring/controlling phases of Project Implementation Process.
• Complete close out phases of the Project Processes.
• Ensure team consensus of project completion.
• Complete project close-out documentation, especially Lessons Learned.
• Coordinate and support steering committee, project team and work group meetings, as required.
• Support and communicate project status to team members and executive staff, including management of project website, consistent status reporting and presentations.
• Identify, document and assist with project issues and escalate, as appropriate, to achieve timely resolution.
• Ensure compliance with regulatory agencies including meeting deadlines, when applicable.
• Ensure integrity and security of institutional data.
• Demonstrate ability to multi-task effectively.
• Performs other job-related duties as assigned.
• Smart card log on authentication mechanism
• Coordinates and identify various types of system requirement utilizing best practice requirement analysis mythology
• Update application of various architecture to enable PIV authentication
• Transform complex customer requirement in to working maintainable enterprise level solution
• Evaluate vendor and subcontractor capabilities to provide required product or services
• Adapt off the shelf solutions to meet government customers need and requirements
• Work in collaborative agile team environment
• Smart card based SSO configuration with certificate or password stored on the smart card
• Integrated windows authentication and Microsoft application using Kerberos.
• Knowledge of implementing and configuring Auth server
• Work with project managers to provide status briefings to stakeholders for specified engineering projects to ensure requirements are met
• Work with business process analyst to design and develop solutions and workflows that meets business requirements.
• Active Directory/Active Directory Federation Service
• AMA + IIS for PIV authentication
• Microsoft Azure

Security Engineer/Identity and access Management

Confidential, Hagerstown, MD

Responsibilities:

• Manage Large physical and virtual servers of over 5,000 Unix distributed servers using QAS with Solaris, Linux and AIX Servers.
• Migrate AIX, Linux, and Solaris servers including LDAP servers with telechek applications. QAS
• Troubleshoot and manage users account, and active directory removing users from the password file, adding and assigning users with various locals and active directory groups in the Unix/Linux/Windows system.
• TPAM- creating and troubleshooting high level access accounts for users to use temporarily.
• TPAM Quest One Privileged Password Management automates, controls and secures the entire process of granting administrators the credentials necessary to perform their duties
• Privileged Password Manager is deployed on a secure, hardened appliance. privileged identity management and privileged access control
• Enables secure storage, release control and change control of privileged passwords across a heterogeneous deployment of systems and applications
• Enables you to issue privileged access for a specific period or session to administrators
• Manages password requests from authorized users, programs and scripts for the accounts they are entitled to access, via a secure Web browser connection with support for mobile
• Search for a user and view their Active Directory (AD) details
• Managed and troubleshoot user account login issues; also, setup access controls.
• Resolve Incident management request and ad create Change Records before any changes are to be done on a server.
• Privileged account tagging and management. Demonstrate the ability to tag accounts with various labels such as “privileged” as they are read in from target machines.
• Loading of data into the identity warehouse.
• Privilege account Tagging
• Delegate administration; with user roles and associated rights for common user personas:
• Demonstrate the ability to authorize user’s access to subsets of IIQ functions appropriate to their job function.
• Demonstrate the ability to mine for IT Roles through the identification of entitlement patterns within existing applications and return the result set that matches the mining criteria.
• Allow a role owner to modify an existing role by adding or removing applications and/or entitlements, and for those changes to be propagated to users who currently have that role.
• Demonstrate the ability of your solution to accommodate an extension to the actual role scheme itself through the addition of meta data
• Demonstrate the disabling of a role to exclude the role from being selected by users, and deactivate the role to facilitate de-provisioning of accesses granted through this role for all users that are assigned the role.
• Allow individuals from executives to administrators to have relevant data summarized on their home page
• Creating Roles
• Enabling SSO for common identity to use Pig Federate
• Configure Federated Web SSO
• Export Meta Data
• Migration from WebEx Messenger to Common Identity SSO Authentication
• Trouble Shooting for PingFederate Single Sign-On functional components to enable Data Center Operations to remediate incidents.
• Federation SSO for Outbound and Inbound
• Creating new certificates in Venafi
• Renew the certificates in Venafi.
• Revoking the certificates.
• Replace the certificates
• Managed and troubleshoot user account login issues; also setup access controls.
• Identifying expiring certs and renewing them as needed
• Configure SAML connection between identity provider and service provider.
• Set PingFederate to use LDAP login
• Create new SP connection, Setting up new SAML connection
• Adaptive authentication, OAuth Implementation, configure cluster,
• Token authorization, configure data store
• SharePoint
• Coordinate CR (Change request) for upcoming changes
• Testing, troubleshooting and implementing new technologies
• Working knowledge of Cloud computing
• Virtualization
• Working knowledge in access and identity management
• Troubleshooting users access, in both TPAM and QAS technologies
• Managing access vulnerability and mitigating risk by remediating servers to allow access to current employees only devices.
• Experience with OpsWare HP Automation Client to push installs and upgrades on servers,
• Troubleshooting network connectivity and firewall issues.
• Resolve Incident management request and ad create Change Records before any changes are to be done on a servers.
• Assign Azure AD directory roles in PIM
• Configure Azure AD directory roles setting
• Updating / or removing on existing role assignments.
• Configure Azure resources role setting in PIM
• Activate privilege roles
• Assign time bound access to resources using start and end date.
• Enable the unification of identities and directories for simplified identity and access management

Info Security Analyst /IAM

Confidential, Hagerstown, MD

Responsibilities:

• Managing large physical and virtual servers of over 5,000 UNIX distributed servers using QAS with Solaris, Linux and AIX servers.
• Mitigate risk using QAS application in analyzing and remediating
• Plan and carry out security measures to protect the company’s network and system
• Creating CR’s and I-Plans for scheduling migrations, installations and high risk report.
• Upgrading software on Solaris, Linux and AIX servers including LDAP servers with Telecheck applications.
• Trouble shooting and managing user accounts, log in issues, servers issue, removing users from password file, adding, and assigning users to various local and Active Directory groups in the UNIX/Linux environment.
• Migrating AIX, LINUX, and SOLARIS servers using QAS for Access control for integrity and confidentiality purpose.
• Software installation and upgrade.
• Explain the importance of risk related concept, e.g false positive, negative, importance of policies in reducing risk
• Support Microsoft applications like One drive, Skype for business
• Risk calculation
• Analyze and selecting the appropriate type of mitigation and deterrent techniques.
• Compare and contrast physical security and environmental controls
• Implementation of risk mitigation strategies, implement basic forensic strategies.
• Aware of the common incident respond procedures
• TPAM- creating and troubleshooting high level access accounts for users to use temporarily.
• Experience with OpsWare HP Automation Client to push installs and upgrades on servers,
• Troubleshooting network connectivity and firewall issues.
• Resolve Incident management request and ad create Change Records before any changes are to be done on a servers.
• Managed and troubleshoot user account login issues; also setup access controls.
• VPN

Systems Administrator (Sys Admin)

Confidential, Hyattsville, MD

Responsibilities:

• Responsible for installation, configuration of Solaris and Linux servers using jumpstart and interactive methods.
• Disk configuration & Managing File Systems
• Introduced new servers to the network. Maintaining and troubleshooting network connectivity.
• Experience with Solaris Zones. Configuring, Migration and resource management of Zones.
• Managing of Red Hat Linux servers in a virtualized environment.
• Performed Security Administration on UNIX systems
• Virtualization and working knowledge in Cloud Computing
• Knowledge of VMWare, Zones, LDOMS, KVM
• Installed multiple sparse and whole root zones within one physical instance of Solaris 10.
• Systems Security Administration, Role Based Access Control and Sudoers file.
• Rudimentary Bash shell Scripting.
• Setup ZFS quotas, reservation and automatic NFS-share of directories
• Installation and configuration of Apache webserver and building of LAMP stack and Apache virtual hosts.
• Password configurations, process monitoring, Boot up and Shutdown procedures.
• Monitoring System Performance of Virtual memory, Managing Swap Space, Disk utilization and CPU utilization.
• Recommended Sun OS kernel/OBP patch upgrade for production/development servers.
• Maintaining the regular backups using tar, UFS dump, UFS restore, Snap shot backup etc.
• Managing system processes and scheduling processes with the crontab utility.
• Configuring the services for sharing the resources from Unix such as remote login through TELNET, FTP,NFS, SAMBA
• Day-to-day functional administration tasks, as well as application-specific technical support
• Used vi EDITOR to edit configuration files.
• User management, Creating and managing user account, groups and access levels.
• Creating, Mount & Un-mount the File Systems.
• Controlling the System Logging services, and examining system Log Files of all system events.
• Implementing RAID levels using SVM and creating and managing LVM in Redhat Systems.
• Creating Meta Devices (mirroring, Concatenating and Raid5) in Solaris environment using Solaris volume manager.
• Managing system services using SMF
• Experience with remedy ticketing system.

Systems Administrator (Sys Admin)

Confidential, Silver Spring, MD

Responsibilities:

• Resolving software and hardware issues
• Maintaining Local area networks.
• Document customer and software configurations and develop and/or update standard operating procedures and training materials
• Assist in the research, evaluation, testing, selection, procurement, implementation and maintenance of new software/hardware/systems.
• Provide basic first level telephone support to end-user community on hardware, software and network related problems, questions, and/or issues.
• Troubleshoot problems with operating systems, applications, remote access, email, telephone, and wireless issues.
• Use Active Directory (Windows Server 2003) to create, modify, reset and delete user account, reset and modify user password
• Setup computers and printers on the network
• Monitoring TCP/IP network environment
• Experience with Internet technologies including TCP/IP and HTTP
• Hardware and software inventory.
• Scheduling backup of files.
• Performed Operating System upgrades
• Configuration and troubleshooting of mobile devices
• Familiarity with network systems such as servers, switches, firewalls and routers.
• Knowledge of Internet and networking infrastructure design.
• Troubleshoot desktop applications issues while maintaining excellent customer service.
• Updated and documented Help desk tickets with Remedy ticket system.
• Performed Computer Systems Repairs and services.
• Performed telephone systems repairs and servicing
• Virus Protection Software Installation.
• Troubleshoot network connectivity, hardware, CPU, memory, I/O, boot, DNS and other application issues. Knowledge of TCP/IP protocols to include knowledge of firewalls, load-balancers and switches.