SUMMARY

• Over 7 years of work experience in the design, development, testing and implementation of enterprise wide security applications using NetegritySiteMinder, Sun One LDAP Directory, Active Directory and other Sun/Netscape/iPlanet/IBM products on Windows, Unix and Linux.
• Have good experience in debugging of authentication / authorization related issues and creating Rules, Responses, Realms and Policies inSiteMinder.
• Successfully completed version upgrades. Involved in the upgrades ofSiteMinder version 4.x to 5.5 and 5.5 to 6.0. Also, involved in the Sun One directory server upgrades from version 4.x to 5.1 and 5.1 to 5.2.
• Experienced in configuration and administration ofSiteMinderPolicy Servers, Policy Stores and User Stores created in Sun One Directory server (LDAP).
• Experience in analyzing the logs (trace logs, logs) and Trouble Shooting issues in Integration of other applications usingCA SiteMinder (Access Management) and Identity Management tools along with LDAP and Web - server agents andSiteMinder federation services.
• Experience with Multi Master LDAP configuration in distributed environment and performance tuning for high availability and optimized response time.
• Experience in integrating WebLogic Portal Application Server driven Portal withCA SiteMinder as Identity Provider and External third Party services as Service Providers.
• Experinced 2 years with Identity & Access Management (IAM) Solutions.
• Strong understanding of directories, LDAPv3, LDAP Schema, and LDAP Replication.
• Strong understanding of PKI, encryption, certificate management.
• Good knowledge in integrating Web Logic Portal Application Server driven Portal withCA SiteMinder as Identity Provider and External third Party services as Service Providers.
• ConfiguredCA SiteMinder System objects like Agents, Agent Conf Objects, Host Conf Objects, User Directories, Domains, Administrators and Schemas.
• Excellent experience in administering LDAP based directory servers like iPlanet/Sun ONE Directory Server and Microsoft Active Directory in both Production and Non-production environments.
• Experience with LDAP Architecture includes DIT and Replication Mapping between replica hub/consumer, Multi-Master/Single-Master in Sun One Directory server.
• Fine tuned and set up High availability with LDAP andSiteMinder. Tested and implemented back up recovery.
• Experience with AWS services, such as AWS Lambda, Aurora, Azure, SQS, Elastic Beanstalk, CloudWatch. Familiar with Google Cloud, IBM or other cloud technology.
• Strong understanding of MySQL database design, implementation and performance tuning. Good understanding of data analytics and NoSQL databases.
• Worked on Enterprise Users Single Sign On through browser and through services with third party application hosted in enterprise or cloud using Ping Federate, Ping One.
• Integrated Ping Access with Ping Federate System to get authenticated by Ping Federate and Authorized by Ping Access Servers using the Access Control Lists. Installed and Configured Ping Access to Authenticate and Authorize the users using Ping federation Session.
• Experienced with Failover, Load Balancing and other Administration tasks.
• Installed and configured web agents on IIS, Apache, and Sun Java System/iPlanet web servers on Multiple Platforms.
• Installed, configured and managed theVirtualDirectoryService (VDS) usingRadiantLogic. Performed migration from a legacy instance of ActiveDirectoryApplication Mode (ADAM) toRadiantLogicVirtualDirectory.
• Great experience in using Unix/Linux utilities for analyzing logs, and trouble-shooting the applications with Application servers and Security/Identity management servers.
• Experience in Java, JSP, Servlet, HTML, Shell scripting, Perl scripting, ODBC, SQL Server, Oracle in both Production and Non-production environments.
• Disciplined and self-motivated team player with good verbal and written communication skills.
• Keen interest in learning new technologies.
• Experinced in database servers SQL, and Authentication(OAuth).
• Worked on all the Ping FederateOAUTHgrant types to get the access token in order to access the protected API. Supported development with integration of Mobile Apps usingOAuth/SAML in Ping Federate.
• Worked on ID Token to get the user information from user info end point and send toOAUTHclient in the form of scope.
• Designed a Web Servlet Filter (OpenAMAgent) to communicate with theOpenAM Infrastructure.
• Configured and deployed the enterprise application security usingOpenAM.
• Designed the architecture based on technical requirements and implemented the solution withCA Identity Manager r12.6 SP4, SiteMinder 12.51, Governance Minder 12.6.1 with my primary focus onIdentity Manager and SiteMinder
• Installed, configured and administeredCA IDM, CA SiteMinder Policy Server, Web agents,CA Directory and Oracle Directory Server (LDAP) on various platforms for a clustered and HA environment on WebSphere 8.5, JBOSS 6.4EAP and various Platform.
• Integrated IDM withCA SSO, Providing Authentication and Authorization to IDMUsed CA Wily Introscope monitoring tool to generate performance reports of SiteMinder policy servers and other LDAP servers.
• Configured System objects like Agents, Agent Conf Objects, Host Conf Objects, User Directories, Domains, Administrators and Schemas.
• Work on implementing and supporting SAML-based Federation technologies and Active Directory Federated.

PROFESSIONAL EXPERIENCE

Confidential, MA

CA Identity Manager

Responsibilities:

• Installed and configured Ping federate.
• Developed and architected Ping Federate Solution using SAML 2.0, Open Token and WS fed.
• Installed and configured Ping Federate 8.x.
• Involved in Upgrading Ping.
• Performance tuning for Site Minder to provide better response time, high availability and maximum throughput.
• Configured Ping Federate for SAML Federated Authentications by configuring ID Provider/Consumer using SAML 2.0 POST binding.
• Involved in developing Rest web services.
• Configured load balancer for federation
• Configured load balancing between Web servers and Policy servers.
• Generated Certificate Signing Request (CSR) using X.509 for issuing authority.
• Worked on Automating Authentication Domain Creation/Modification using SiteMinder SDK.
• Worked with OWASP and OASIS, Experience with SAML2, OAuth 2.0, and OpenID Connect.
• Installed, ConfiguredCApassword synchronization agent in all Active Directory Domain Controllers.
• Worked extensively on Enterprise wide integration and Provisioning and Deprovisioning of employees and contractors usingCAIdentityManager.
• Worked on provisionmanagerfor account template modifications and assigning provisioning roles to individual global user accounts.
• Effective handling of IDM Administrative tasks including Password policies, Bulk Account actions, creating, defining and editing IDM objects and IDM approvals.
• Experience on creating and modifying on Email Template in IDM.
• Installed maintained and configured Spacewalk andOpenAMservers.
• Issue and configuration tracking daily viaOpenAM, Shibboleth, Jira, Confluence, Splunk, and ServiceNow.
• Recognize code, process and standard inefficiencies and make suggestions for improvement, if applicable.
• Provide operations and maintenance support for the VDS infrastructure. Assists with consolidation of Active Directory with VDS.
• Configured Single Sign-On (SSO) web application access leveraging Siteminder and Radiant LogicVirtual Directory.
• Installed, configured and upgradedCAIdentityMinder from 12 to 12.5.
• Implemented Role Based Access Control (RBAC) by determining user roles and responsibilities, classifying like users into groups to ease maintenance and rule implementations
• Involved in configuring multiple legacy, partnership federations with Siteminder.
• Involved in creating Federation connections using Active Directory Federation Service (ADFS) and SiteMinder
• Configuring the Trace logs in policy server and webagent to keep the track of user activities.
• Installed, configured and upgradedCAGovernance minder from 12.5 to 12.6.
• Created campaigns and configured Business Process Rules inCAGovernance Minder (RCM).
• Provided architectural guidance for the evaluation of network capabilities in Microsoft Azure cloud, with tools like EMC data protection suite and Azure cloud backup.
• Assisted development teams in roll-out and deployment/migration of new or existing applications and services from on-premise systems to AWS cloud.
• Created AWS cloud formation templates for total end to end architectural deployments.
• Assisted in coordinating the completion of role and access certifications and monitor overall completion of access certifications.
• Involved in developing a POC to integrateCAGovernance minder withCAIdentity minder.

Environment: PingFederate,CASiteMinder 12.5x,CAIdentity Minder 12.x,CAGovernance Minder 12.5.x, Windows 2012R2, Red Hat 6.x, Oracle Directory Server, IIS 7.x/8.x, Apache 2.2.x, Websphere 7.0. OpenAm. Radiant logic virtual directory, AWS Cloud, VDS.

Confidential

CA Siteminder / IDAM Senior Consultant

Responsibilities:

• Designed and architecture IDM and SSO solution for the client. Involved in the capacity planning and infra setup for the security solution.
• Installed, configured and maintainedCASite-Minder Policy Server 12.0/12.5,CAIDM r12 and Sun ONE Directory Server 5.2 on Solaris, Windows platforms.
• Experience in installing, configuring Site-Minder policy server, Web agents, Netegrity Transaction Minder, Active Directory server (LDAP) and various Web & Application servers.
• Implemented security policies as code for the organization and evaluated configuration changes to AWS resources against these policies using AWS Config Rules for compliance with CIS AWS Foundations Benchmark.
• Prepared AWS environments for vRealize Automation Management deployment and assisted in the configuration for vRA in AWS. Implemented and administered Active Directory Domain Services in AWS Cloud.
• ImplementedCAIdentity Manager Solution for provisioning, delegated administration, workflow implementation and generating audit reports to be compliant with the security regulations.
• Updated Corporate User store with the expanded user base as a result of new business acquisitions by directory acquisition and Correlation schemas using custom attributes. Extensively used web services variables to facilitate federation of web services.
• Implemented custom attributes properties to track the information about the recipients of the application site.
• Worked on Installing SPS and configuring it to use for Office 365 integration. This was not in a live environment but in our Staging environment.
• Used IDP initiated Partnership model for the O365 integration.
• Created a WSFED Identity and partnership to create a trusted SAML integration betweenSiteminderand Microsoft Office 365.
• Configured custom alerts and e-mail notifications based on the business needs.
• Created and updated the provisioning policies as per the change in the business environment using Policy Xpress.
• Worked extensively on creating Custom Password policies and Authentication schemes as per the requirement.
• Experience in ConfiguringCASite-Minder policy server, framing Rules and Policies, Policy Server maintenance, SSO call clearance, Web Agent & Application agent installations, trouble shooting production problems.
• Installed, configured and integrated Web servers (plug-in file), Site-Minder agents and LDAP user directory with Web-logic Server V10.
• Installation of Site-Minder Policy Server Optional Pack and Web Agent Optional Pack for Federation web services.
• Configured Site-Minder web agents, Affiliate agents and RADIUS agents to provide federation of web services in the SSO environment.
• Configured user impersonation feature to enable Customer service department to provide a better service to the business clients.
• Experienced in assisting Web Administrators, LDAP Administrators to determine what the best values for Site-Minder parameters and tune the system to boost Site-Minder performance in the Web Tier, the Application Tier, and the Data Tier.
• Configured Ping Federate 5.x/6.x for SSO across multiple web based enterprise applications.
• Performed user provisioning in Identity Provider, site Service Provider(SP) site using SAML for SSO
• Experience with using Integration Kits and Token Translators for integrating identity enabled web services into SSO environment.
• Hands on experience with configuring IDP initiated and SP initiated SAML profiles with different bindings like POST, Artifact, Re-direct as per the custom business and security requirements.
• Configured SSO Integration Adapters for session cleanup as part of Single Logout (SLO) in the SSO implementation.
• Creating Open SSL Certificates and using the same for Federation of external Services to achieve the purpose of maintaining confidentiality, message integrity and bilateral Authentication.
• Worked on new Directory Server Schema's as per the needs of the business.
• Worked with existing user stores and new external LDAP stores. Integrated Active Directory, Sun One directory servers as user stores &SQL Server as Policy store.
• Experience in trouble-shooting the issues by analyzing the trace logs
• Experience with using Wily and One view monitor for performance monitoring of identity management servers and components.
• Experience with performance tuning of policy servers and associated components and generating performance reports using customized crystal reports.
• 24x7 production support.

Environment: JDK 1.4/1.5, J2EE, JDBC, XML, SAML 1.0/2.0,CASiteMinder12.x, Sun ONE Directory Server 5.X/6.X, Apache 2.x, Solaris 8/9/10, Ping Federate 5.x/6.x, Windows 2000/2003/2008 , WAS 6.1/7.0, IIS 6.0/7.5, Lotus Domino 8.0. openAm, AWS Cloud.

Confidential

Site Minder, IDM & LDAP Security Specialist

Responsibilities:

• Involved in providing security to applications and application servers and setting up SSO in WebSphere environment
• Installed and ConfiguredCASiteMinder6.0,CAIdentity Manager r12, Sun ONE LDAP Directory server 5.2/6.3, in Development and Production environments on Unix and Windows Platforms
• Automated identity management tasks such as user provisioning and application access based on each user's relationship with and role within our organization usingCAIdentity Manager
• Installed, Configured, Administered and Monitored Sun Java Identity Manager 7.0/8.0 on various windows and UNIX platforms
• Responsible for managing and deploying a Sun Java System Identity Manager 7.x full lifecycle implementation
• Installed and configured multipleSiteMinderPolicy Servers and Web Agents
• Deployed Applications of various formats like WAR, JAR and EAR on WebSphere Servers
• Clustered Policy Servers for failover and high availability solutions
• Configured One View Monitor to monitorSiteMindercomponents like Policy Servers and Web Agents
• Configured databases for Policy Stores, Key Stores, Audit Logs and Token Data
• Worked with Sun ONE Directory Servers to configured Directory Server instances as User Stores and Policy Stores forSiteMinderPolicy Servers
• Involved in planning and accessing directory data, designing schemas, directory trees, directory topologies and replication process
• Involved in setting up Multi-Master Replication for User Stores and integrated Policy Store with LDAP to use LDAP user repository
• Exported LDAP databases to LDIF files and imported databases from LDIF files using Admin Console and command line utilities
• Involved in Log files analysis to troubleshoot and resolve issues related toSiteMinder, Sun ONE Directory Server and WebSphere Server
• Created and managed custom policies and generated reports based on corporate policy statement
• Work closely with Unix/NT/DB administrators for routine operations such as upgrades and backup
• Worked extensively with BMC remedy tool in supporting the third tier for SUN Identity Manager
• Involvement with the customer care and deployment teams in trouble shooting and fixing day-to-day problems of the applications in production on 24/7 schedule
• Provided on call Production Support

Environment: JDK 1.4/1.5, J2EE, JSP, Servlets, EJB, JDBC, XML, DB2 8.X,CASiteMinder5.X/6.X, LDAP, Sun ONE Directory Server 5.X/6.X, Sun Identity Manager 7.0/8.0, Sun ONE 7.0/6.1, Tomcat 5.5, Apache 2.0, WebSphere MQ, Wily IntroScope 7.0/7.2, Ant, WLST, AIX, Solaris 8/10, Windows 2000/2003.