- Around 8+ years of experience in Information Technology, which Involves in Design, Implementation and Hand on experience on All Lightweight Directory Access Protocol (LDAP), Identity &Access Management and Single Sign - on products, worked on Sailpoint Upgrade from 6.0 to 7.0 and 7.0 to 8.3.
- Experienced in IAM/PAM tools with deployment, configuration, integration and troubleshooting CyberArk Privileged Account Security product suite - Enterprise Password Vault, Password Vault Web Access, Central Policy Manager, Privileged Session Manager, Application Identity Manager, and Privileged Threat Analytics.
- Performed Manage, Resume, Release Privileged Credential using Cyber Ark Privileged Management vault Administration, configuration, troubleshooting and installation of Windows 2003, 2008, 2008 R2 and 2012/R2.
- Hands-On experience in integrating and troubleshooting platforms with CyberArk Privileged Account Security, such as Windows / UNIX servers, VMware ESXi, Network Devices, Middleware and Databases.
- Worked on Configurations including AD integration and Management of Cyber Ark Enterprise Password vault and Managed Safes and Server/ host addresses in Enterprise Password vault. Good experience in Implementation and Installation on Cyber Ark 7.0 and latest Implementation on Cyber-Ark 8.1.0.and CyberArk 9.2.1 Privileged Identity Management (PIM) Suite.
- Extensive experience in beanshell development, workflows, rules, access s, forms and policies within SailPoint IdentityIQ, Deployed & Configured SailPoint IdentityIQ Connectors for different target systems, Installed SailPoint IIQ Identity Manager and Access Manager prerequisite software's in WebSphere, WebLogic, JBoss Application Server, Web Seal, DB2, SailPoint IIQ, SailPoint IIQ Directory Server, Adapter development tool.
- Strong experience in SailPoint IdentityIQ product with a good deal of experience in Access Management, Workflow, LCM,, Rules, Policy, Setting up SailPoint IIQ policy server on 4 environments (Dev, QA, UAT & Production).
- Work as the part of Identity Access Management, improving and automating IAM solution for Ping Federate, Ping Access, CA Siteminder, Radiant Logic VDS, LDAP and CA Directory Systems. Ping Federate, ADFS, Ping Access. Worked as Load Balancing Engineer where I was part of load balancing team providing extensive support for various banking applications which are desktop and mobile.
- Worked in successful implementation of Single Sign On and Federation Solutions on Prod, QA and Dev environments. Worked on Single Sign on (SSO) to implement security polices and handle LDAP, Siteminder and Webserver on Solaris environment. Also in has scope for maintenance of RSA SecurID.
- Experience in providing Single Sign-On across enterprise application using Ping Federate, improving technical efficiencies in Identity & Access Management and Single-Sign-On space, involved in designing and implementation of end-to-end security solutions.
- Migrate Siteminder and ADFS protected apps to Okta. Implementing Self Service password capabilities enterprise wide with Okta Multi factor Authentication. Involved in migration and implementing Security and Infrastructure solutions using Netegrity SiteMinder 5.x to 6.0, 6.0 to 12.x and Sun ONE Directory Server (LDAP) 5.x/6.x.
- Worked on OAuth Grant types to get Access Token to access Protected API's, Configuration with the Clients to get the Access Token to access the web API's. Integrated OAuth with ping Access to protect rest full API's. Worked on Unbound User directory to replace the Existing Oracle Directory Server ODSEE.
- Worked on ID Token to get the user information from user info endpoint and send to OAuth client in the form of scope. Experience in doing Web service federation (WS) between two web services' using SAML and by creating connection between the two soap Service clients.
- Performed Installation and configuration of SailPoint 7.1. Configured Flat files and JDBC connectors in SailPoint. Preparing Audit reports for monitoring. Adding the LDAP s through iKeyman. Installed, integrated and deployed SailPoint IdentityIQ.
- Provided Single Sign on for the internal applications with the multiple Domains using Cookie Provider in Siteminder. Expertise in Installation, configuration, deployment and maintenance of the Siteminder components the Policy Server, Web Agent, Policy Store and Key Store store.
- Experience in creating Siteminder Custom Authentication Schema and in creating Custom Responses using Siteminder API and SmWalker. Worked on SunOne LDAP, Site Minder administering tasks such as back-ups, recovery, and replications.
IDE/ Tools: Eclipse, Net Beans, Edit Plus, Macromedia Dreamweaver, XML SPY, JBuilder, RAD 7.0/6.0, WSAD, ITCAM, Tivoli, UML (Rational Rose, RUP), VSS, CVS, Okta SSO.
Security Tools: Confidential Identity Management and p6, CyberArk Privileged Account security 9.7.2, Confidential Tivoli Access Manager 6.1.1, Tivoli Federated Identity Manager 6.2.2.
Core Java Concepts: Collections, Generics, Multithreading, Serialization, Exception Handling, RMI, File I/O and Reflection, API.
J2EE: Java 1.6/1.7, JSP, Servlet, EJB-Session Beans, Entity Beans, JMS, JDBC, JNDI
Operating Systems: SUSE Linux 9/10/11, Windows Server 2000/2003/2008 , Unix
Languages: SQL, PL/SQL,J2EE, HTML, JAVA Script, Shell Scripting
Databases: ORACLE 8i/9i, MSQL, MS Access, MySQL
Web Servers: Sun One 4.1/5.1/6.1, Apache 2.0/2.2.4, IIS 5.0/6.0/6.5,Tomcat 4/5
Directory Services (LDAP): Novel eDirectory 8.7.x/ 8.8.1/8.8.5 , Sun One/iPlanet DS 5.x/6.x., eDirectory 8.X, Active directory (ADLDS), Tivoli Identity Management, Forefront Identity Manager
SSO and Identity: Novell/NetIQ Access Manager, Ping Federate 6/7/8, SiteMinder R12 SP2, SP3 / R6 SP1, SAML 2.0. HP Service Manager, Confidential Vantive, BMC Remedy, Service Now
Confidential, Atlanta, GA
Sr. IAM CyberArk Engineer
- Implemented CyberArk Privileged Identity management suite and session management suite for version 9.7. Prime in providing problem resolution to authentication issues to PVWA and directory sync problems. Worked on Cyber Ark Enterprise Password Vault and PVWA.
- Responsible for system maintenance and adherence to compliance rules and also check the user level accesses via SailPoint. Privileged User Management working experience on CA PIM/PAM, CyberArk.
- Involved in gathering technical requirements and establish clear definition of clients CyberArk’s responsibilities and Maintenance. Experience in Implementation, installation and maintenance of CyberArk 9.5 PIM Suite. Primary point of contact for CyberArk Operational and Maintenance Tasks.
- Providing technical assistance and support ongoing CyberArk’s maintenance. Monitor reports on daily/weekly basis for audit and compliance. Respond to failed password synchronization alerts and work with system account owners to resolve issues.
- Involved in gathering AOR PAM (Advisory Obstruction AL Requirements) for implementing CyberArk solution to control and audit access to privileged, local and shared accounts such as local admin, Unix root, Oracle database accounts (SYS, SYSTEM).
- Strong experience in onboarding & integrating various applications into SailPoint IdentityIQ including Active Directory, Delimited files, LDAP, ServiceNOW & JDBC applications. Running access s for key SOX applications with SailPoint IIQ, Configured SailPoint built in tasks like schedule tasks, correlation, aggregation and ID refresh.
- Experienced in configuring various platform policies in PVWA such as for privileged accounts, service accounts, UNIX (AIX, RHEL, LINUX) and Oracle DB platforms. Creating personal safes for users and adding them to vault for privileged access to various servers. Integrated with LDAP, CyberArk and RADIUS Authentication to enforce security for PVWA authentication.
- Very good experience in working all three modules of IIQ which is Governance, Compliance, LCM, also worked on, Integration with end/target systems and SailPoint IdentityIQ APIs, REST APIs, Custom Connector, Version Upgrade, and various Patch upgrade.
- Designed and deployed Identity & Access Management solution to improve user experience, meet compliance, and reduce costs. Installed and configure PingFederate on windows and configure Ping access and ping one for new POC based applications for cloud SASS apps.
- Hands-on experience in configuring multiple privileged accounts across the organization. Integration of various Windows, Unix, database, endpoint security network devices and migrating user accounts into password vault.
- Experience in CyberArk PAS suite which includes Enterprise Password Vault, Password Vault Web Access, Central Policy Manager, Privileged Session Manager, Proxy and PACLI. Managed CyberArk Security that offers wide range of services and support including implementation, consulting,, maintenance, online support and vault.
- Hands on experience with configuring IDP initiated and SP initiated SAML profiles with different bindings like POST, Artifact, and Redirect as per the custom business and security requirements. Worked in SiteMinder environment using SiteMinder test tool and SiteMinder policy server log files and agent log files.
- Ability to install, configure and support identity and access management related tools such CA SiteMinder, CA Identity Manager (IDM), and Oracle Internet Directory (OID). Created the Federation service between SiteMinder federated web services to Ping federate for classic migration of applications that are SAML and WS-FED based applications.
- Created IDP and SP connections for SharePoint apps, Java frame work, API based applications, jive-based applications, and ADFS enabled apps, O365 integration and lot of third-party applications. Interacted with various business users to gather requirements to integrate various applications into CyberArk for automatic password management.
- Prepare a plan for user communication to switch from ADFS to OKTA SSO. Created a detailed implementation and migration guide for Office 365 OKTA SSO integration. Document detailed technical steps to be executed by administrators to accomplish federation configuration switch from ADFS to OKTA. Active member of PAM Team responsible for the deployment of CyberArk Security Initiatives.
- Experience with Installation and Configuration of CyberArk security components EPV, CPM, PVWA, AIM, PSM, PACLI, Private Ark client. Involved in Up gradation and installation of CyberArk version from 9.9.6 to 10.4 in test, prod and DR environments.
- Installed, configured, and integrated Web servers (plug-in file), SiteMinder agents and LDAP user directory with Web Logic Server V10. Experienced in installing and configuring SiteMinder Policy Server and Web Agents on Solaris, Red Hat Linux and Windows environment.
- Enabling services and applications with ADFS and SAML using CA API Gateway. Design, Implement and troubleshoot Layer 7 application API Gateways for Company wide application services. Gathering technical requirements and worked as primary point of contact for clients CyberArk Operations and Maintenance Tasks.
Environment: CyberArk PAS versions 9.9.5, 10.4, Enterprise Password Vault (EPV), AIM, CPM, PSM, Stealth bits, SailPoint, Radiant Logic, PACLI, PowerShell, Password Upload Utility, UNIX, Oracle DB, AD, LDAP, HP iLO, Novel eDirectory 8.7.x/ 8.8.1/8.8.5 , Sun One/iPlanet DS 5.x/6.x., eDirectory 8.X, Active directory (ADLDS).
Confidential, Seattle, WA
Sr. IAM Engineer.
- Designed Technical solutions and processes for the ongoing implementation and support of T. Mobilee multifactor authentication architecture. Leading design workshops and map business requirements to technical solutions. Installed and Configured Okta AD and Okta LDAP agents On Premise and provisioned all the identities from Active Directory and VDS to Okta.
- Installed and Configured Okta Integrated Windows authentication (IWA) to access T. Mobilee applications without password. Installed and Configured Okta Radius Agents on Premise to Protect T. Mobilee’s Cisco Any Connect (VPN), Citrix VDI and Amazon Work spaces (AWS) with Okta Multifactor Authentication (MFA)
- Implemented SSO by Integrating 500 plus On Perm applications with Okta Infrastructure using SAML, Open ID Connect (OIDC) and OAuth 2.0 service, Created different Okta Sign On policies and Okta MFA enrollment policies based on requirement for application ids and different user types.
- Enforced MFA for key and critical applications which has sensitive data and also to meet OCC requirements for financial applications.
- Used Site Minder for authenticating the user passwords for the web application. Worked with SiteMinder administration for user directories, agents, logs and cache management, agent configuration objects. Worked on Configuring the Domains, User directories, Rules, Realms and Policies.
- Worked on Load balancing the SiteMinder for high performance. Involved in the upgrade project of SiteMinder Policy Servers from version 12.5 to 12.52, Implement Federation SAML services to SSO into third party vendors.
- Mentor development and support teams involved in problem identification and solving. Worked on Fine tuning of Web agent and policy servers for optimized performance, Implemented password policies for all the applications using SiteMinder. Configured custom alerts and e-mail notifications based on the business needs.
- Enabled self-service password reset feature to reduce help desk calls for end users using Okta MFA. Designed and managed processes for hardware distribution token yubikey as one of the Multifactor, Provisioned users to On Perm Directories using Okta’s SCIM Connector.
- Removed Custom credential stores for E- Commerce applications and migrated the users to Okta tenant and made Okta as super credential store for all the user types. Assisting application teams on the code changes to convert their application to support SAML or OIDC by using spring security extension.
- Lead technical POC’s for Spring Security, Spring BOOT, mod-Auth-melon and mod-Auth-oidc frameworks to support SAML and OIDC to integrate the applications with Okta, Lead troubleshooting activities and problem resolution for Okta protected applications.
- Configured different password policies for each user type based on requirement. Configured Authorization server for each domain and created custom scopes and claims for application teams based on requirement.
- Work with Okta support/ Vendors to fix Okta bugs and issues not related to Deere Infrastructure, Worked with different application teams or third party SaaS vendors to renew the SAML s which are about to expire.
- Configured SAML assertion attributes using regular expression for application team based on requirement and created SAML apps using Okta API’s. Blacklisted the IPs which are declared or identified and are used for brute force attacks.
- Integrated 70 plus SaaS based apps like Box, Adobe creative cloud, Agile Central Rally and Confluence etc to automate provisioning and De-Provisioning of users using one click. Worked on Service requests like Problem Management, Incident and Change Management via HP Service Manager and also have experience on Service Now tool.
Environment: JDK 1.4/1.5, J2EE, JDBC, XML, SAML 2.0, Open ID Connect, OAuth2.0, CA SiteMinder R12/12.52, Sun ONE Directory Server 6.X, Apache 2.x, Solaris 8/9/10, Redhat Linux, Windows 2008/2010/2012 , WAS 6.1/7.0, Tomcat Server, IIS 7.5/8.5, SQL Server 2008.
Confidential, Saint Louis, MO
- Installed, configured and maintained Netegrity/CA SiteMinder Policy Server 6.X/12.X, CA IDM r12.x and Sun ONE Directory Server 5.2 on distributed platforms. Installed, configured Web agents, Netegrity Transaction Minder, Sun One Directory server (LDAP) with various Web & Application servers.
- Involved in Designing infrastructure, documenting Identity manager requirements for migration to 12.5 from 8.0. Installed and configured PingFederate 7.0.1 with the existing Siteminder environment and used LDAP authentication for the admin console.
- Involved in the architecture and implementation of CA Identity Manager Solution for provisioning, delegated administration, workflow implementation and generating audit reports to be compliant with the security regulations.
- Installation configuration and maintenance of RSA authentication manager 6.x for enabling token based authentication along with the form based authentication as a part of the security solution. Hands on experience with configuring IDP initiated and SP initiated SAML profiles with different bindings like POST, Artifact, and Redirect as per the custom business and security requirements.
- Used custom attributes properties to track the information about the recipients of the application site. Created and updated the provisioning policies as per the change in the business environment using Policy Xpress. Implementing custom agents on Siteminder admin console for PingFederate connections.
- Configured CA SiteMinder policy server, framing Rules and Policies, Policy Server maintenance, SSO call clearance, Web Agent & Application agent installations, trouble shouted production problems.
- Configured user impersonation feature to enable Customer service department to provide a better service to the business clients. Experienced in assisting Web Administrators, LDAP Administrators to determine what the best values for SiteMinder parameters and tune the system to boost SiteMinder performance in the Web Tier, the Application Tier, and the Data Tier.
- Configured SSO Integration Adapters for session cleanup as part of Single Logout (SLO) in the SSO implementation. Creating OpenSSL s and using the same for Federation of external Services to achieve the purpose of maintaining confidentiality, message integrity and bilateral Authentication.
- Involved in Migration ofSiteMinder6.x to 12.x for advanced Load balancing, failover configurations and for facilitation of user impersonation. Installed, configured and integrated Web servers (plug-in file), SiteMinder agents and LDAP user directory with Weblogic Server V10.
- Experience with using Wily and One view monitor for performance monitoring of identity management servers and components. Experience with performance tuning of policy servers and associated components and generating performance reports using customized crystal reports. 24x7 production support.
- Updated Corporate User store with the expanded user base as a result of new business acquisitions by directory acquisition and Correlation schemas using custom attributes. Extensively used web services variables to facilitate federation of web services.
- Installed SiteMinder Policy Server Optional Pack and Web Agent Optional Pack for Federation web services. Configured SiteMinder web agents, Affiliate agents and RADIUS agents to provide federation of web services in the SSO environment.
- Worked on new Directory Server Schema's as per the needs of the business. Worked with existing user stores and new external LDAP stores. Integrated Active Directory & Sun One directory servers as user stores & SQL Server as Policy store. Experience in trouble-shooting the issues by analyzing the trace and TAI logs.
Environment: JDK 1.4/1.5, J2EE, JDBC, XML, SAML 2.0,CA SiteMinder 5.X/6.X/12.x, Sun ONE Directory Server 5.X/6.X, CA Identity Manager r8/r12, Tomcat 5.5, Apache 2.0, Wily Introscope 7.0/7.2, Solaris 8/10, Windows 2000/2003, Oracle 10g/11g,SQL Server 2005, DB2 8.X.
Confidential, Chandler, AZ
LDAP and IDM Admin
- Installed Configured and Maintained SiteMinder, Policy Servers, Sun One Directory Server and configured multi master replication in Directory servers, configured and administered BEA Web Logic Server 8.1 in Solaris and AIX enviro Installation and trouble shoot in implementation of SiteMinder Trust Authentication Interceptor (TAI) for Confidential Websphere 6.0.
- Responsible for Support and reliable maintenance of the applications on different platforms for on-going application development and implemented LDAP security models and Carried out performance testing and troubleshooting using Resource Analyzer and Log Analyzer.
- Helped troubleshoot issues involving security by analyzing logs for policy server and web server using SiteMinder and Websphere and maintained key store, token data and session server and carried out performance testing of LDAP and Policy Server.
- Good Working knowledge of Importing and Exporting LDIF data and Installation and configuration of Sun ONE Directory Server 5.2 and SiteMinder SP 5.0. Installation and trouble shoot in implementation of SiteMinder Trust Authentication Interceptor (TAI) for Confidential Websphere 6.0.
- Installation of Siteminder Policy Server Optional Pack and Web Agent Optional Pack for Federation, Installation of Servlet Exec 5.0 for affwebservices of CA Siteminder Optional Pack, Analysis and identifying the components of the CA siteminder 6.0 to integrate with Confidential WebSphere Portal.
- Responsible for installation of various components Experience in the setup of a standalone security setup using LDAP and SiteMinder. Performed ongoing SiteMinder infrastructure load testing, tuning to support business growth and installation of eTrust SiteMinder Agent r6.0 for Confidential WebSphere.
- Designed logical security application architecture integrating WebSphere Application Server, SunOne Web Server, iPlanet LDAP Directory Server, SAP, Netegrity/CA SiteMinder and implemented Single Sign-On security.
- Designed logical security application architecture integrating WebSphere Application Server, SunOne Web Server, iPlanet LDAP Directory Server, Netegrity/CA Siteminder and implemented Single Sign-On security.
- Experience in the Implementation of enterprise SSO security infrastructure using SiteMinder 6.0 and Sun ONE Directory Server 5.2 on multiple OS environment.
Environment: Netegrity/CA SiteMinder 5.x/6.x, Sun Identity Manager 7.x, Web agents 5.x/6x, Websphere 5.x/6.x, Apache 2.x, IIS 5.0/6.0, Sun ONE Directory Server 5.2/6.1, SAML, XML, LDAP, LDOM 1.1, Solaris (10), Unix, Linux, Sun Iplanet6.0/6.1, IIS 5.0/6.0, ANT, JACL, Unix shell scripts, Python, Struts, Hibernate, Java/J2SE 1.4, J2EE 1.3, Eclipse, SOAP, UDDI, Confidential Rational Clear Case.
- Contributed to J2EE development by writing Servlets, JSP, participated in navigation and functionality testing and validating using java script.
- Developed UI by using Applets Installed, configured, and maintained Web Logic Application Server 7.1.Well versed with Shell Scripts for Unix System backups monthly, yearly and annual.
- Implemented creation of server groups and clusters in Web Sphere Application Server. Implemented standard backup procedures for applications Database. Backup of configuration files.
- Involved in applying patches and fixes for Web Logic Application Server. Installed and configured the iPlanet Web Server. Worked closely with software developers on feature specifications and design.
- Designed and executed thorough test plans from developer feature specifications. Correlated with programmers to identify, resolve, and verify the resolution of software bugs.
- Contributed to J2EE development by writing Servlets, JSP, participated in navigation and functionality testing and validating using java script. Developed UI by using Applets. Developed Custom tag Libraries, which will pass the data to the JSP pages.
- Developed user personalized dashboard, which facilitates the user to save his/her interested report pages along with related notes. Worked on cached graph and data refreshing and optimized by using threads. Tested and developed server side helper classes and Servlets.
Environment: Web Logic Server 7.x, Web Logic Portal 4.0, Java, J2EE, Oracle 8i, JUnit, Ant, Together/J.