Platforms: Windows/ AD (Active Directory), Novell, UNIX (AIX, Linux, Solaris), Mainframe(RACF, z/OS, AS/400), RedHAT
Front End Tools: Visual Basic (VB), Developer 2000, PL/SQL Developer
Databases: Sybase, Oracle (10g, 11g), UDB, DB2
Database Application: Oracle Financials, PeopleSoft Financials (GL, AP, AR), PeopleSoft HRMS (Time & Labor, Payroll, Benefits), and JD Edwards
Programming Language: C++, C, Java, SQL, PL/SQL, XML, ASP, HTML, Korn, Shell, Bash.
Software: Oracle Financials 10.0, Visio 2003, SQL*Loader, Lotus Notes 6.5, SUN IDM, RBACx, Rational Clear Case, Rational Clear Quest, BMC Remedy, Office 2010 suite, Tivoli Access Manager (TAM), Oracle Confidential manager (OIM), SailPoint, CA User Activity Report Module 12.5.02, ARX Co - Sign (E-Signature), CRM MS Dynamics 2011,Oracle VM VirtualBox, CA Governance Minder 12.6, ISAM 9.0, DataPower xi52 - 7.6, IBM WebSphere
Senior System Administrator
- Experience with IBM DataPower policy configuration, application integration, deployment, and Troubleshooting for application domains.
- Experience with DataPower AAA (Authentication, authorization, and Auditing)
- Experience with SSL DataPower troubleshooting, services instrumentation, monitoring, logging, enabling probes and capturing logs
- Experience with managing and supporting IBM Tivoli Federated Confidential Manager (TFIM) and Security Access Manager (ISAM)
- Experience with Tivoli TFIM/ISAM configuration, integration, deployment, updating, administration, and Troubleshooting
Lead RBAC Engineer
- Serving as a Subject Matter Expert (SME) for Role-based Access Controls (RBAC) project to create Role Lifecycle Management across each department within QT Enterprise.
- Integrated Risk strategies into Confidential Access Management (RSA Via) control tools
- Collaborated with Technology and Confidential teams to implement risk strategies
- Manage and support role-based controls to ensure appropriate access
- Tested for Segregation of Duties (SOD) violation within roles and user entitlements.
- Responsible to create a pre-approved role and eradicate user cloning.
- Analyzed and take action to maintain application compliance
- Supported Risk Management and Support Teams with timely data analysis and out of the box reports from reporting server.
- Reviewed Windows Active Directory requests for risk compliance
- Translate roles from Confidential capabilities into technical roles sustainable in the Windows active directory repository.
- Established policies and compliance guidelines to enable maintenance (evergreen) of RBAC as Confidential /technologies change.
- Define request and approval workflows within RSA IDM tool.
- Created certification campaigns for Application Owners and Users Managers to perform periodic reviews and validated the closed-loop remediation.
Oracle Confidential Governance
- Create, manage and provide oversight of the access control policies and corresponding roles and responsibilities for Confidential application owners and provisioning parties. Provide guidance on compliance with access policies while staying informed of client efforts.
- Work with the Confidential and IT in application and enterprise role definition for low, medium or high risk applications/user entitlements incorporating security best practices such as Individual Accountability, Least Privilege and Segregation of Duties (SOD).
- Participated in the identification of SOD violations within and across low, medium, or high risk applications as well as assist with the subsequent analysis and resolution of identified violations.
- Participated in reviewing and approving changes to application and enterprise roles as part of the Role Governance Working Group.
- Assisted with the integration of high risk applications with the role and access management solution by driving requirements gathering and documentation of interface agreements for integration with the access management solution.
- Coordinate and monitor higher risk access certifications such as privileged accounts or ad hoc certifications for high risk applications. Assist in coordinating the completion of role and access certifications under access governance and monitor overall completion of access certifications.
- Assisted with the development of training for end users related to access control principles and policies.
- Assisted with ongoing enhancements to the user life cycle management process.
- Created User Access reviews (UAR) for managers and role owners.
- Application integration in CA Governance Minder 12.6
- Creating configurations for each application and integrating them together for certification campaign
- Access certification campaigns: Role certification, User Privileges, Resource Links
- Role discovery (RBAC) within the CA Governance Minder Client tool.
- Created Confidential Process Rules (BPR’s) for Segregation of Duties(SOD) violation.
- Updated the solution design and run books with the updated configuration as applicable.
- Import application raw data through CSV file connectors.
- Import Mainframe data through TSSCFILE connector to perform deep integration.
- Used Pentaho Data Integration (kettle) tool to transform and load the data in excel file to import through CSV connector.
- Defined Confidential unit roles for departments using Aveksa Confidential Role Manager module.
- Created iterative and quarterly access certification campaigns using CA Governance Minder.
- Participated in creation of user stories as a part of development effort.
- Part of Agile Software development team to Customize/Develop forms, views, and web resources for CRM2011 in .Net environment.
- Installation and Configuration of hardware expansion in VirtualBox as a part of development effort.
- Solutions created in Oracle Virtual Box and migrated to Dev and Prod environments.
- Version control performed in team Foundation Server (TFS) as developers are spread across the zone.
- Managed Identities in Active Directory for user authentication to Dynamics CRM 2011.
- Developed and managed MS Dynamics CRM 2011 user Security Roles (RBAC).
- Establishing ODBC connection to Database to retrieve data.
- Created CRM 2011 Custom Reports using Microsoft SQL Server Reporting Services (SSRS).
- Customize Ribbons using Ribbon Editor and Ribbon Workbench.
- Assisted in configuring Contact/ Call Center Desktop (CCD) Agent's hosted control, action calls, routing rules, toolbars, etc.
- Configured Sitemap xml file to display the correct entity for CRM Web application.
- Installed and updated CRM development servers.
- Managed IIS and Plugin Deployment for development servers.
- Provided documentation and assistance in all points of development to development lead, architect, and the project manager.
- Part of CA IDM implementation team for all the IAM services for a federal client.
- Installed and Configured CA IDM - ELM 12.5x
- Validating users’ authentication and authorization details from LDAP back to CA IDM Application.
- Tested Policy Enforcement Point (PEP) and Policy Decision Point (PDP) for authentication and authorization of a user access.
- Monitoring of CA IAM/IDM services: CA Site Minder, CA Directory & CA SSO Server for Single Sign On (SSOi), CA IDM for Provisioning, CA SiteMinder for Credential Service Provider (CSP), Confidential Proofing (IP), IBM Datapower X150 for Specialized Access Control (SAC), ARX Co-Sign device for E-Signature (E-Sig) and CA UARM For CAR to produce reports and generate alerts triggered by events or breach of predetermined thresholds.
- Experience on Integration and administration experience with DataPower XI50.
- Experience with SAML 2.0 web service and understanding of SAML tokens between VA and other service providers which hosts other application services for VA customer.
- Performed testing of the CA UARM COTS Application based on the Confidential requirements.
- Preformed testing of E-Signature on Level of Assurance (LOA) 1 and LOA 2 users.
- Created Confidential & Access Management reports using SAP Confidential Objects XI R3.1 SP3 for the logs stored in Oracle RAC Databases.
- Set up alerts and triggers within CA Enterprise Log Manager SIEM tool (ELM) for crossing the threshold limits.
- Establishing JDBC connection to Database to retrieve data using SQL queries.
- Drafted role based Test Scripts and User Acceptance Test Plan for Compliance Audit & Reporting (CAR) and its integrated IAM Services: Single Sign On (SSOi), Provisioning, Credential Service Provider (CSP), Confidential Proofing (IP), Specialized Access Control (SAC), E-Signature (E-Sig).
- Drafted Installation guide for CA IDM - ELM 12.5.x
- Mapped the reporting requirements to FISMA, NIST 800-53 and Confidential (VA) 6500 by validating Out of the box reports generated from Reporting server.
- Drafted Help desk and Operations Manual for CA IDM Compliance and Audit Reporting (CAR) CA User Activity Report Module 12.5.02 COT’s Application.
- Drafted Installation and configuration guide for Confidential & Access Management suite of applications: Single Sing On (SSO), Provisioning, Digital Signatures, etc.
- Participated in UAT with VA stakeholders while testing the release 1 of the CAR application.
- Preformed testing of ARX Co-Sign E-Signature (PKI) on Level of Assurance (LOA) 1 and LOA 2 users.
- Test the fine grained user entitlement level details generated with IBM datapower.
- Created IAM reports using SAP Confidential Objects XI R3.1 SP3.
- Part of Oracle IdM Implementation based on Barclays Capital IDM code.
- Analyzed the functionality of the legacy provisioning solution SUN IDM 6.x in order to inventory the features and capabilities that will need to be migrated to the new solution Oracle IDM Suite 11g.
- Involved in Data store configuration for Access Manager.
- Configuring PeopleSoft HRMS 9.0 as an authoritative (trusted) source of Confidential information for Oracle Confidential Manager (OIM).
- Requirements gathering for Oracle Entitlements Server (OES) for a real time fine-grained authorization.
- Defined SOA workflows for approvals and manual provisioning using Oracle BPEL Process Manager.
- Validating centralized RBAC roles with Oracle Confidential Analytics (OIA) module for Oracle Confidential Governance 11g.
- Reviewed Out of the box connectors for different platforms (Unix, AD) for configuration.
- Work with developers on requirements for enhancement using struts framework based on Model View Controller (MVC) architecture.
- Performed logical data modeling, analysis and cleanup
- Documented workflow processes
- Documented resource request template and Barclays Capital User Interface (UI) screen requirements and layouts
- Establishing JDBC connection to Database to retrieve data using SQL queries for reports.
- Created users/groups and manage their permissions within the web catalog.
- Assisted in Quarterly recertification for Privileged and Non-Privileged users using Sailpoint.
Information Security Access Management Specialist
- Responsible for gathering and assembling the application and database user data necessary to conduct timely access recertification based on the access remediation calendar.
- Perform Security audit on Mainframe & mainframe applications. (CICS & PPT analysis, OMVS, DB2, IMS, Profile-Acid Analysis)
- Perform application security assessments on Privileged & Non-Privileged groups and accounts associated with applications in O/S (AD, Novell, and UNIX- Linux, IBM AIX) & Databases like (Sybase, Oracle, UDB, MS SQL) platforms.
- SQL knowledge on Oracle stored procedures, functions and triggers.
- Ran Oracle SQL queries to retrieve user authorization details.
- Created and managed tree structure in Oracle Internet Directory(OID).
- Validating centralized RBAC roles with Oracle Confidential Analytics (OIA).
- Reviewed configuration details, user roles and groups defined within Oracle Weblogic 11g for access recertification.
- Periodic Active Directory security audit was performed to ensure that Active Directory is being properly managed and protected. As a part of audit here are the few things looked at: Policy & architecture, Active Directory Groups & users at Global and local level, AD schema and their associated ACL's (Access control list), and AD Administrators (Domain & Local level) to check for Privileged Users.
- Perform through analysis PeopleSoft Financials and PeopleSoft HRMS applications referring to PSOPRDEFN table
- Performed assessment on User and Role membership on IBM Tivoli Confidential Manager(TIM)
- Conducted assessment on IBM TAM (Tivoli Access Manager) for internal and external entitlement level details; TAM Along with Application source code and XML files for embedded groups.
- Participated in Enterprise Change Control Board (ECCB) meetings to review significant System/Software Configuration changes across Technology Infrastructure and Confidential applications for Change Management.
- Tested Sailpoint application for recertification effort on quarterly for Non-privileged user and monthly for Privileged user.
- Assisted on SailPoint workflow as a part of initial set-up for iterative access recertification.
- Configured iterative certification for Privileged users and quarterly recertification campaigns (user and RBAC role certification) for Non-Privileged users using Sailpoint.
RBAC (Consultant) - IAM/IDM
- Perform duties as part of a team to streamline on-boarding and provisioning process for Global Wealth Management through the development and implementation of Role Based Access Controls.
- Performing role mining of existing and available data to identify suggested Confidential roles and the develop Role Definitions to be used for efficient provisioning, user entitlement review and de-provisioning for a large percentage of GWM personnel in Single Sign On (SSO) setting.
- Requirements gathering for Oracle Entitlements Server (OES) for a real time fine-grained authorization.
- Validating centralized roles with Oracle Confidential Analytics (OIA) and migrating to Oracle Confidential Manager (OIM).
- Summarization of defined security matrices to compare actual user entitlements to the expected entitlements and provide the summarized role with exceptions to Oracle Entitlement Repository System (EERS) for effective entitlement review and provide the details of a role or profile to the reviewer.
- Role Repository Administration of the corporate tool for the storage and maintenance of role definitions for use in provisioning and user entitlement review interfacing with Confidential end-users and technical staff included in the RBAC project.
- Leveraging notification process to keep ISA Management informed of outstanding issues and potential impact items.
- Extensive use of Oracle Confidential Analytics formerly known as SUN IDM RBACx in creating roles under managers, departments for base lining of roles.
- Streamline employee and non-employee on-boarding process through standardized and automated workflow systems.
- Provide the process and capabilities to move primary compliance and security controls from the Entitlement Reporting server and Review component of the IDEM life cycle to the Provisioning component
- Data extracted using Pentaho Data Extraction tool (PDI - Kettle) from different databases and flat files and loaded in Access Database for in-depth analysis as a part of data mining. Develop tests strategies, test cases, and tests to be executed against the database and data using SQL and other tools.