SUMMARY

• Experienced in PAM tools with deployment, configuration, integration and troubleshooting CyberArk Privileged Account Security product suite - Enterprise Password Vault, Password Vault Web Access, Central Policy Manager, Privileged Session Manager, Application Identity Manager, and Privileged Threat Analytics
• Implementing CyberArk core PAS Solution Vault, PVWA, CPM, PSM, PSMP from 7.0 and most recent implementation of Cyber Ark 8.1.0., 9.2.1, 10.8, 11.1, 11.3, 11.6 in both AWS and On-Premises.
• Experience in handling various modules of CyberArk, mainly Enterprise Password vault (EPV), Application Identity management (AIM), Central Policy Manager (CPM), Privileged Session management (PSM), Event Notification Engine (ENE).Upgrading CyberArk suite of products from 7.x to 10.x. (CPM, PSM, EPV and PVWA)
• Experience as a security professional in installing, managing, and monitoring of CyberArk Privileged account security tool modules. Part of Privileged Access Management (PAM) Remediation and Engineering team whose role is to secure Web Based applications on user access and authorization.
• Hands-On experience with customization of ForgeRock, Connector development, writing scripts and building of ForgeRock workflows..
• Hands on experience with IIS, IBM IHS, Apache, Sun One Web servers and WebLogic and WebSphere Application servers in Identity and access management environment. Worked with Active Directory, LDAP/UNIX groups, Networks, Human Resource systems for Identity and Access Management.
• Designed SailPoint deployment activities - connector configuration, custom rule development, workflow configuration, and development and third-party system integration. Experience with Implementation and Administration of Sail Point for large population of users
• Experience in managing applications access in Okta and Active Directory. Exposure in design and architecture of PIM using Cyber-Ark. Account management me.e. adding /deleting accounts /group management.
• Managing policies and platforms. Creating and assigning Safes, reconciling accounts, rotating passwords. Create AD users and groups for safe delegation and updates. Conduct workshops with application and infrastructure teams about on-boarding privileged accounts.
• Assist application teams with CyberArk application Identity Manager Integrations and linked accounts. Generating various reports in IIQ like Identity Reports, Orphan Account reports, Account Discrepancy reports, Role composition report and Application attribute reports etc.
• Worked on onboarding to critical applications identified by client using already implemented Beyond Trust Password Safe.
• Developing Application instances and entitlements and Integrating New Application (Connected and disconnected) with OIM. Has good noledge in troubleshooting various issues related to CyberArk.
• Good noledge in Active Directory and Involved in AD integration and adding user to with their privileges. Identified and tested vulnerabilities and conducted research in teh areas of information system and network security.

TECHNICAL SKILLS

Security tools: CyberArk 7.x,8.x,9.x,10.x,11.x CA Identity Manager 12.5.x/12.6.x, CA SiteMinder 6.x/12.x, Oracle Identity Manager 10g/11g R1/R2 PS1/PS2/PS3 and Access Manager 10g/11g E1/R2 PS1/PS2/PS3, ADFS and UAG, Microsoft Active Directory

Web & J2EE Technologies: XML, HTML, DHTML, JDBC, CA Identity Manager, CyberArk, OPM (On-demand Privileged Manager), CPM (Central Policy Manager), PAM (Privileged Access Management).

Operating Systems: Linux, Windows, UNIX AIX/HP-UX/

Network Protocols: TCP/IP, HTTP, FTP, SNMP, and SMTP

Web/App Servers: Tomcat, Apache Web Server, WebSphere, WebLogic

Databases: Oracle, Microsoft SQL Server, MS Access, MySQL

PROFESSIONAL EXPERIENCE

Confidential, NY

Sr.Security Engineer

Responsibilities:

• Installation, Configuration, Deploying, Troubleshooting of Applications for CyberArk Enterprise Password Vault version 9.7 to 10.10 and 11.x through automation process of components PVWA, CPM, PSM, PSMP, Private Ark. Worked with users to troubleshoot issues with teh PSMP module.
• As part of automatic installation process used PowerShell scripts in three environments LAB, CIT (Customer Integration Testing) and Production environment to ensure consistency of configuration between environments.
• Administered and supported privileged access management (e.g., BeyondTrust Password Safe), two- factor autantication (e.g., Duo Security, Azure), and smart card (e.g., Yubikieys, Certificate etc.) technologies
• Worked in Hashi Corp Enterprise Vault products terraform, Vault, Consul, and Packer. Ability to write Terraform code and Vault/Terraform policies.
• Password vaulting of 100,000+ objects (Windows, Unix, Switches, Storage devices).Integrate LDAP/S, Active Directory, Radius, SSO autantication methods using CyberArk.Documentation of materials for adding new CyberArk plug-ins to teh platform.
• Configured and enabled/disabled functions on teh pre-existing platform to align with teh needs.
• Advocate and support improvements to Vault APIs and core to improve development and integration of tools and plugins Work on issues and improvements critical to teh success of Hashi Corp customers and teh broader community
• Worked on PVWA testing in all three environments coordinating with database and operating system teams creating Safes, defining Access Control, Policies, User Provisioning and entitlements,
• Worked on CPM testing in all three environments by verifying, reconciling every test account on each server. Worked on PSM testing in all three environments by connect each user account to make sure teh connection is established when left idle.
• Tested failover scenarios of each DR related component server for efficient functionality. Integrating various platforms with CyberArk, such as different LDAP providers, Windows servers, UNIX servers, Databases.Worked with development teams for CyberArk vault integration with Conjur to expand teh PAS to DevOps environment and CyberArk Conjur like Secure CI/CD Pipelines, Secure & autanticate containers, etc.
• Utilized BeyondTrust Privileged Remote Access (PRA). This solution empowers security professionals to control, monitor, and manage privileged users' access to critical systems
• Developed and created current tools for on-boarding automation with in BeyondTrust Password Safe. Also, developed tools dat kept user accounts up to date.
• Install and Implement CyberArk's AAM Credential Provider (CP), Central Credential Provider (CCP), and Application Server Credential Provider (ASCP) solutions according to CyberArk's published implementation procedures. Install and Implement CyberArk's AAM Credential Provider (CP), Central Credential Provider (CCP), and Application Server Credential Provider (ASCP) solutions according to CyberArk's published implementation procedures
• Onboarding of various privileged accounts on CyberArk and automating teh process by running password upload utility scripts. Implementing Application Identity Manager in teh environment to onboard all teh APP IDs for password rotation.
• Experienced with Microsoft Internet Information Services (IIS) and Active Directory (AD). Worked on PSMP installation and guiding users on how to use teh tool for session monitoring and recording purpose.
• Installation of PSMP servers in certify environment and creating local user for maintenance of teh server. Created custom connector for PSM Super Putty for users to login to multiple Unix/Linux servers from CyberArk UI.Day-to-day activities include working with customer teams and supporting current tasks and activities. Worked closely with customer's network and operations team to resolve issues or security concerns of tools/services.

Environment: CyberArk Enterprise Password Vault version 10.x,11.x Hashi Corp Enterprise Vault (terraform, Vault, Consul, and Packer), CyberArk EPV 9.7 (Legacy), Conjur, AAM, Microsoft Active Directory, Windows Server 2008/2016, Oracle 10g/11g/12g, MS SQL, Heidi, Toad, Windows PowerShell, Putty V0.72.

Confidential - Chicago, IL

Sr. CyberArk Engineer

Responsibilities:

• Installation and configuration of CyberArk Vault, Vault Client, Active CPM, Network load balanced CyberArk PVWA, Clustered CyberArk PSM and PSM SSH proxy Architecture and design.
• Configuration of multiple Privilege accounts across teh organization and Administration of CyberArk. integration of window accounts, Unix accounts, Database, Network and Security Device.
• Experienced in day to day operational support in adding and deleting accounts, applying policies, assigning safes, synchronizing failed accounts, Password rotations.
• Installation and Troubleshooting of Windows Server 2003, 2008 and 2012 R2.
• IT security Governance in teh field of Identity and access management.
• Handling of Master and Operator Key (CD) Process and Manage All Server Passwords.
• Implementation and create of web policies, password policies.
• Vault Back-up Management process, AD Configuration (User to connect AD)& Branches).
• Load Balancer architecture, Application Identity Manager Design, On-Demand Privileges Manager Design.
• Break Glass access Management Process, Integration with other Systems (email configuration).
• Responsible for Create New User, Activate, enable user, group and OU account in Active Directory.
• Prepare Delay user Activity Report.
• Managing User Accounts, Server Space & other Log files on servers and Maintaining Mail Accounts in Microsoft Office Outlook & Backup of Emails

Environment: CyberArk EPV .9, Sun One Directory Server, Microsoft Active Directory, Windows Server 2008/2012, Oracle 10g/11g/12g, Oracle Unified Directory (OUD), Windows PowerShell, Putty V0.72.

Confidential, Dallas,TX

PAM Consultant

Responsibilities:

• Responsible for onboarding and configuring for over 643+ UNIX and Windows servers, securing over 2,486 privileged and non-privileged accounts within CA PAM.
• Perform CA PAM activities and controls to assure consistent provisioning/deprovisioning of account access on Windows and UNIX servers.
• Resolve CA PAM user access problems related to security controls to minimize business impact and risk exposure.
• Perform daily CyberArk Vault Health checks
• Perform weekly CyberArk DNA scanning
• Perform monthly Disaster Recovery testing.
• CyberArk safe creation based on AD Groups and access levels.
• Troubleshoot CyberArk security concerns like password expiration, access, or group privileges.
• Ensure dat all privileged accounts are in compliance with standards and policies in CyberArk.
• CyberArk test validation changes and patching made to DEV, TEST and PROD systems.
• Produce and manage CyberArk user activity, inventory, and compliance reports for auditors.

Environment: CyberArk PAM 9.7.2, CA SiteMinder Policy Server v 6.0/12.51, CyberArk 9.6 & 9.8 Web Agent QMR7, Apache Web Server 2, CA Identity Minder 12.6.x, WebSphere 8.4, OKTA, RSA, Oracle RDMS, Korn shell scripting, Perl, XML, UNIX, Windows Active Directory.

Confidential, Wayne, PA

CyberArk PAM Consultant

Responsibilities:

• Expertise in Installation, Configuration, Deploying, Troubleshooting of Applications for CyberArk Enterprise Password Vault version 7.x, 8.x,9.x, CA SiteMinder 5.x/6.x/12.x, ADFS 2.x/3.x and Active Directory Server on Windows, Linux, AIX and Solaris environments.
• Expert in Upgrading of CyberArk Enterprise Password Vault version 7.x to 9.x. Built, Deployed, and managed Active Directory network encompassing 100+ domain controllers. Directed upgrade of Active Directory from Windows 2008 R2 to Windows 2012 and SharePoint, UAG, and ADFS to Windows 2008 R2.
• Monitor CyberArk reports and respond to failed password verification alerts and work with system account owners to resolve failure alerts. Configurations including AD integration and Management of Cyber Ark Enterprise Password vault.
• Managing CyberArk Password Vault Web Access (PVWA). Strong experience in migrating CA Identity manager 12.5.x to 12.6.x. Hands on experience migrating CA SiteMinder 12.0.x to 12.51.X for advanced Load balancing, failover configurations and for facilitation of user impersonation.
• Performed PAM Operational tasks such as Creating Safes, Defining Access Control, Policies, User Provisioning and entitlements, Managing Applications Credentials and User Access Policy Management in both production and non-production environment.
• Worked on Active Directory Concepts including Users, groups, and Policies. As part of CyberArk implementation installed and configured Vault, CPM, PVWA, PSM, OPM, PSMP. Worked on Autantication and Authorization of privilege user working with CyberArk and Access Management in both production and non-production environment.
• Expert in installing, configuring SiteMinder policy server, Web Agents, Netegrity Transaction Minder, Active Directory server and various Web Servers and Application servers in both Production and Non-Production environments.
• Implemented proof of concepts on site with CA Identity Manager, Virtual Directory Server and packaged custom autantication schemes, worked developing and installing and support teh provider agents, pacli commands and custom scripts to automate teh distribution and account passwords by CyberArk.

Environment: CyberArk Enterprise Password Vault version 7.x, 8.x,9.x, CA Identity Manager 12.5.x/12.6.x, JDK 1.6/1.7, J2EE, JDBC, XML, SAML 2.0, CA SiteMinder 5.X/6.X,12.X, Federation, Sun ONE Directory Server, Ping Federate 5.x/6.x, Microsoft Active Directory, Azure AD, ADFS, Tomcat 5.5, Apache 2.0, Solaris 8/9/10, Windows 2000/2003, Oracle 10g/11g, SQL Server 2005, DB2 8.X.

Confidential, Richmond, VA

CyberArk Engineer

Responsibilities:

• Involved in CyberArk significant updates from 8x to 9x versions for domestic and worldwide clients. Good comprehension of policies in CyberArk Central Policy Manager (CPM) and (PSM). Resolved CyberArk issue's in CPM to communicate with a host to accommodate credentials.
• On-boarded Privileged Accounts and Super User IDs in teh CyberArk Safes utilizing Bulk Upload Utility. Part of Privileged Access Management (PAM) Remediation and Engineering team whose role is to secure Web Based applications on user access and authorization.
• Implementation and create of web policies, password policies.Vault Back-up Management process, AD Configuration (User to connect AD & Branches).Load Balancer architecture, Application Identity Manager Design, On-Demand Privileges Manager Design.
• Configured AD pass-through autantication for Identity Access Manager (IAM). Installed and configured teh LDAP Sun ONE Directory Server. Configured teh multi master. Workflows and Integration of various target system privilege account integration.
• Worked on OktaAccess Gateway andOktaIWA design, installation, configuration, and operation.
• Worked on providing operational assistance and guidance for IDM,OKTAproducts including monitoring, management, disaster recovery, security compliance, networking, storage et
• Application involves intranet and internet usage of users, running on different platforms Linux, Unix, Windows, etc. Involved in troubleshooting issue work requests on day-to-day basis for teh applications integrated with CyberArk in QA and Production Environment.
• Hands on experience with CyberArk implementation and configuration of Vault, CPM, PVWA, AIM. Experience in trouble shooting various issues, checking, and maintaining health of UNIX environment. Experience in Providing technical guidance to teh team to ensure successful service for physical access deliverables for teh enterprise
• Experienced in using IAM/PAM tools for deployment, configuration, integration and troubleshooting of CyberArk Privileged Account Security product suite - Enterprise Password Vault, Password Vault Web Access, Central Policy Manager, Privileged Session Manager, Application Identity Manager, and Privileged Threat Analytics.