PROFESSIONAL EXPERIENCE:

Confidential, Pittsburgh, PA

Sr. Ping Engineer

Responsibilities:

• Designing and implementing applications integration with PingFederate/ PingAccess /Ping ID in both Non - Production and Production. Working with application's business and technical teams to gather requirement to integrate application with PingFederate/PingAccess/Ping ID for Single Sign On.
• Design and Administer J2EE applications using single-sign-on tools CA SiteMinder, Ping Federate and LDAP across all the environments Migration of critical 200+ applications that are secured using CA SiteMinder to Ping Federate version 7.1/7.3 Providing support to internal and external teams for integration of applications with CA SiteMinder and Ping Federate
• Integration of third-party applications with various Single Sign On matrix like Open Token, Agentless and SAML based services, created both WS-Fed and SAML 2.0 protocol Service Providers endpoints using Ping Federate.
• Exporting Metadata, creating Adapters, Service Provider connections, Identity Provider connections, replicating configuration archive, importing and exporting SSL certificates using Ping Federate, Configured Ping Gateway to Authenticate the users and API’s through Ping Access and Ping Federate.
• Installation of CA Siteminder Policy Servers, CA Siteminder Web Agents and configured custom configuration like Authentication schemas for CA SiteMinder Policy Server for Authentication and Authorization, Working on integration of web applications with Siteminder and various affiliate agents.
• Working with IBM team to gather requirement to migrate Junction based application from IBM to Ping Access. Designing and implementing solution to migrate junction-based application from IBM to Ping Access.
• Worked on Ping Federate Clustering with Engine and console servers being part of cluster by maintaining multiple clusters for the high availability, Configured Ping Federation Environment for SAML Federated Authentications for users coming from partner sites by configuring ID Provider/Consumer using SAML 2.0 POST binding. Configuring Ping Access logout and sharing the URL with Application team.
• Designing and implementing solution to migrate federation-based application from IBM to Ping Access, creating various Ping Access configuration - creating site, application, Identity Mapping, Web Session etc. Configure Ping ID MFA in ping Federate for providing two factor authentications for some applications
• Involved in developing the Azure Solution and Services like IaaS and PaaS
• Troubleshooting application integration/migration issue with respect to Ping SSO. Identify security gaps through Ping; if there is any, then will develop roadmap/solutions that fit with company/customer systems architecture standards.
• Research, evaluate, design, test, recommend, and plan implementation of new and/or improved information security with a focus on SSO and MFA with consumers, caregivers, vendors and partners. Manage SSO and MFA server inventory and work with different teams to manage SSO servers, firewalls, storage, network etc.
• Demonstrate a working knowledge of identity and access standards and technology including SAML, OAuth, OpenID Connect. Integrate Ping with common identity stores like LDAP, relational databases, application servers, virtual directory servers, physical access management system.
• Used Fiddler and SAML Tracer to analyze/debug/resolve the issues. Provided the Load balancing of the clustered PingFederate servers using Cisco F5. Creating SP /IdP connections in Ping Federate using SAML2.0 protocol based on applications details or metadata.

Environment: Sailpoint IIQ 7.0, 6.4, XHTML, Layer 7,HTML, CSS, Java Script, Bean shell scripting, Apache Tomcat 7.0, SQL, UNIX, db2.

Confidential, Tyson, VA

SSO Engineer

Responsibilities:

• Designed the architecture based on technical requirements and implemented the solution with CA Identity Manager r12.5 SP8 CR2, Site Minder 12.52, Governance Minder 12.6.1 with my Experienced in installing and configuring CA Governance minder. Configuring import and export of user and privilege information.
• Implement CA Governance Minder and CA identity Suite software. Independent responsibilities included the installation, configuration, customization, and ongoing maintenance of CA Governance Software in cloud platform.
• Migrated SAML Based SSO partners from CA Single Sign-On federation to Ping Federate 7.
• Hands on CA Site Minder Primary Security Operations.
• Used Ping API to deploy and create SAML changes.
• Implemented Design Security Network on CA Single Sign On.
• Good knowledge on Docker Security
• Extensive experience in the installation and configuration of CA SiteMinder on Windows as well as on some Unix Servers (e.g CentOS, RedHat Lin
• Configured and supported SAML based Identity & Service Provider connections
• Implemented open ID and OAuth solutions using Ping Federate.
• Extremely capable at developing custom SSO integration in PHP, C#, Java, Node.js and Meteor
• Skilled at project management, documentation, communication, training and providing technical support
• Implemented JWT token instead of traditional http headers.
• Created Custom Adapter Replacing Site Minder 3.0 Ping Federate Identity Provider adapter.
• Expertise in open source and commercial SAML Identity Provider and Service Provider implementations (Shibboleth, Simple SAML php and ADFS)
• Resolve complicated IDM issues and health checks for IDM system.
• Utilized IAM protocols such as SAML, O auth, OpenID
• Support enterprise data backup (VTL) Backup Exec, Net Backup, and HP Open view, HP data protector
• Design and implement Identity Manager 3.6 with different drivers (AD, Notes, LDAP, Exchange, SOAP, JDBC, Active Directory, directory), analytics with SCP, HANA Modelling
• Performed Proof of concept for Open AM, Ping Access 3 and CA Single Sign-On R12.52.
• Supported development with integration of Mobile Apps using OAuth/SAML in Ping federate
• Developed custom Ping Agent using Ping SDK and Implemented SAML Protection with Digital Signature.
• Designed, deployed and supported highly available and scalable Ping federate infrastructure in AWS and On-premise that provides single-sign-on (SSO) and federation solutions for internal accesses.
• Performed POC for Ping Access Authentication Solutions.
• Created SP /IdP connections using Ping Federate with external partners.
• Developed shell scripts for backing up current setup and upgrading between different Ping federate versions.
• Hands on Vulnerability Assessment page injection flaw.
• Deployed several Ping federate integration kits for Apache, Core blox, Atlassian, Java, PHP, Symantec VIP, Agentless, IWA etc., to establish the “first- and last-mile” implementation of a federated-identity.
• Creating Open SSL Certificates and using the same for Federation of external Services to achieve the purpose of maintaining confidentiality, message integrity and non-repudiation.
• Implementation of fully API based SSO architecture using CA Site Minder, CA IDM, Ping Federate, and Radiant Logic Virtual Directory Server which accomplishes end applications integration with SSO easier.
• Responsible for successfully completing POC.
• Install TIM/TAM/TFIM and provide 24/7 support for TIM.

Confidential, Stamford, CT

IAM Engineer

Responsibilities:

• Performing development, customization, and administration on the CA Single-Sign-On Identity and access management application for mapping it to the existing business process. Installed new CA Single-Sign-On (SSO) R12.52 SP1 policy servers and pooled them into clusters in development, staging and production environment.
• Analyzing planning and implementing CA Single-Sign-On on multiple Cookie Domain and internet security to Enterprise level web applications using CA Single Sign On integrated with Oracle Directory Server Enterprise Edition 11g. Experienced in Single-Sign-On Test tool and Single-Sign-On policy server log files for Troubleshooting Single-Sign-On environment.
• Debugging of authentication / authorization related issues and creating Rules, Responses, Realms and Policies in CA Single-Sign-On. Monitor user activity through CA APM web view, HP Site scope and other exception reports to ensure security is being maintained.
• Assisted in executing the implementation of IAM systems and upgrade to systems as needed. Assist in updating (SailPoint IIQ) workgroups and Monitor SailPoint IIQ product functionalities. Implemented Self-service feature, Password management feature, Provisioning feature and forgot password change in SailPoint.
• Installed and configured settings for provisioning users from various AD domains. Involved in configuring Okta for user provisioning from Active Directory. Created groups for specific users to enable access for applications such as Duo Security, Service Now, and Zoom.
• Worked on de-provisioning users from few domains that are in-active and unregistered domain from Windows servers Okta AD Agent Manager, Automated various tasks by using Windows PowerShell script for extracting reports for User Registrations, PWR and Unlock accounts.
• Implemented Access Certification, Automated Provisioning and Governance aspects of IIQ. Develop complex workflows and service adapters in the SailPoint Identity IQ configuration interface. In the process of upgrading the IdentityIQ product from SailPoint 6.3 to SailPoint 7.0.
• Configured Ping Federate 6.x/12.x for SSO across multiple web based enterprise applications. Installed and configured PingFederate 7.0.1 with the existing Siteminder environment and used LDAP authentication for the admin console.
• Administrating & Configuring UNIX & Windows servers and ensure all applications are up and running on all servers. Implementation of federation Services (SAML 1.0/1.1/2.0) through CA Single-Sign-On with third party vendors for Single-Sign-On both as Service provider and Identity provider.
• Created multiple Virtual Private Clouds (VPC) within the domain. performed Installation and configuration of SailPoint 7.0. Configured Flat files and JDBC connectors in SailPoint. Assist in updating (SailPoint IIQ) workgroups. Monitor SailPoint IIQ product functionalities.
• Managed client requirements and configure SailPoint connectors. Responsible to manage Administration functionality of the SailPoint such as loading data, create roles, create policies, scheduling tasks and certifications and reports.
• Expertise in analyzing the logs (trace logs, smaccess logs) and Trouble Shooting issues in Integration of other applications using CA Single-Sign-On and Identity Management tools along with LDAP and Web-server agents.

Environment: CA SiteMinder R12 SP2, Identity Manager 6.0, Okta AD Agents, Active Directory, PxM9.5,J2EE, JDBC, XML,JBOSS 7, OKTA Microsoft Identity Manager SAML 2.0, Sailpoint 7.0,Ping Federate IIS 7.1/7.3, Solaris 8/9/10.