SUMMARY

• Around 8+ years of experience in IT field including Installation, Configuration, Development, Deployment, Administration, Trouble Shooting and network security, database systems, and Enterprise Document Management in large scale organizations.
• Experienced in IAM/PAM tools with deployment, configuration, integration and troubleshooting CyberArk Privileged Account Security product suite - Enterprise Password Vault, Password Vault Web Access, Central Policy Manager, Privileged Session Manager, Application Identity Manager, and Privileged Threat Analytics
• Experience in handling various modules of CyberArk, mainly Enterprise Password vault (EPV), Application Identity management (AIM), Central Policy Manager (CPM), Privileged Session management (PSM), Event Notification Engine (ENE). Upgrading CyberArk suite of products from 7.x to 9.x. (CPM, PSM, EPV and PVWA)
• Experience as a security professional in installing, managing and monitoring of CyberArk Privileged account security tool modules.
• Part of Privileged Access Management (PAM) Remediation and Engineering team whose role is to secure Web Based applications on user access and authorization.
• Performing daily operations support and maintenance of all security technologies centric to Privileged Access related information security solutions.
• Hands on experience with IIS, IBM IHS, Apache, Sun One Web servers and WebLogic and WebSphere Application servers in Identity and access management environment.
• Worked with Active Directory, LDAP/UNIX groups, Networks, Human Resource systems for Identity and Access Management.
• Designed SailPoint deployment activities - connector configuration, custom rule development, workflow configuration, and development and third-party system integration.
• Experience with Implementation and Administration of Sail Point for large population of users
• Experience in SailPoint tool customization, Report Generation, Integration with end/target systems, SailPoint API's and Application Development.
• Experience with Installation and configuration of CyberArk Vault, CPM, CyberArk PVWA, OPM CyberArk PSM, AIM, and PSM SSH proxy Architecture and design.
• Extensive experience on boarding Windows, UNIX, Database servers, RACF and Network device into CyberArk
• Installed and configured Ping Access servers, Gateways and Agent to protect teh resources. Including in teh new infrastructure were teh installation of PingFederate and PingAccess
• Worked on Ping Access Integration with Ping federate to Protect teh applications using Ping Access Tokens.
• Worked on OAM to Ping Access Migration with session management and authentication management using ping federate.
• Expertise in configuring and troubleshooting Webservers like Apache, IIS, IHS (IBM HTTP Server).
• Worked on OAM installation and configuration to protect teh applications and allow users single sign on.
• Experience as a configuration administrator to protect web applications using CA Single Sign On.
• Implemented a secure identity and access management infrastructure design, authentication, authorization and business application integration, custom-built solutions and technology frameworks.
• Excellent noledge and experience in implementing user provisioning credential management, workflows, forms, application integration, connectors, reports and roles.
• Provided use cases and business processes for support groups on role, entitlement, provisioning and de - provisioning.
• Worked on teh scrum team responsible for UI components in Identity Now, a cloud-based identitymanagement and governance solution.
• Implemented web-tier MVC module using teh Struts framework and various technologies such as JSP, JavaScript, and Servlets.
• Established standards, designs and implementation of appropriate identity and access management processes and controls which halp improve operations and lower risk.
• Performed data analytics to ensure data is accurate prior to staging and activating certifications.
• Served as liaison between platform, technical and business teams for end to end business process.
• Provisioning and access governance experience with and understanding of security on systems such as AD, LDAP/Unix, Oracle and manual provisioned applications.
• Direct provisioning using direct connectors for integration of target applications.

PROFESSIONAL EXPERIENCE

Confidential, New York

IAM Consultant

Responsibilities:

• Design, implemented a solution which manage teh Identity lifecycle of almost all applications with teh enterprise, without directly controlling teh identity store within teh application.
• Development of identity federation connectors from SailPoint to target systems, along with subsequent access control by SecureAuth.
• Ensure requirements gathered, processes defined, and use cases documented follow out of teh box configuration vs. customization as much as possible
• Develop SailPoint deployment and solution architectures
• Participate in all SailPoint deployment activities - connector configuration, custom rule development, workflow configuration and development, third party system integration.
• Involved in creating custom reports, certifications to cater various data feeds.
• Achieved SOX and PCI compliance by building a flexible and scalable framework to provide authentication and authorization services while supporting rules/roles/languages requirements for various International countries.
• Design and Implement data import of various types of data files from internal and external target sources for validating access levels.
• Created a Registry for important information on all applications.
• Participate in and/or User Acceptance Testing and bug-related reengineering efforts
• Perform Installation and configuration of SailPointIdentityIQ
• Develop custom SailPointBuildMap Rules and Workflows as per teh business needs.
• Setup applications Active Directory, LDAP, Oracle and Flat Files.
• Designed teh architecture based on technical requirements and implemented teh solution with CA Identity Manager r12.5 SP8 CR2, Site Minder 12.52, Governance Minder 12.6.1 with my Experienced in installing and configuring CA Governance minder. Configuring import and export of user and privilege information.
• Implement CA Governance Minder and CA identity Suite software. Independent responsibilities included teh installation, configuration, customization, and ongoing maintenance of CA Governance Software in cloud platform.
• Migrated SAML Based SSO partners from CA Single Sign-On federation to Ping Federate 7.
• Hands on CA Site Minder Primary Security Operations.
• Used Ping API to deploy and create SAML changes.
• Implemented Design Security Network on CA Single Sign On.
• Good noledge on Docker Security.
• Configured and supported SAML based Identity & Service Provider connections
• Implemented open ID and OAuth solutions using Ping Federate.
• Extremely capable at developing custom SSO integration in PHP, C#, Java, Node.js and Meteor
• Skilled at project management, documentation, communication, training and providing technical support
• Implemented JWT token instead of traditional http headers.
• Primary responsibilities include Installation and configuration of CyberArk Vault, CPM, CyberArk PVWA, AIM, OPM CyberArk PSM and PSM SSH proxy Architecture and design.
• Upgrading Cyber Ark suite of products from 7.x to 9.x. (CPM, PSM, EPV, PVWA & AIM).
• Worked on Privileged Account Management with CyberArk PIM suite Administration.
• Built two new datacenters with Policy Servers and SunOne LDAP Servers on East Coast to reduce teh network latency for Wachovia applications Migrated SAML infrastructure including SAML Policy Servers, Web and Application Servers from Windows2003 to Solaris platform.
• Configured and supported SAML based Identity & Service Provider connections.
• Administration experience of CyberArk vault with Safe creation, integration with LDAP and other authentication methods. Mitigation of teh risks using CyberArk, Aveksa and policy changes on servers.
• Worked with different teams to implement single sign on using SAML 2.0, OAuth 2.0.
• Identified different SAML 2.0 issues and fixed teh issue in NetIQ Access Manager 3.2.
• Coordinated with teh Service providers and identity providers during teh SAML Certificate upgrade and architectural changes.
• On boarding applications and configuration of privileged accounts in CyberArk.

Confidential, Atlanta,GA

IAM Consultant

Responsibilities:

• Involved in CyberArk significant updates from 8x to 9x versions for domestic and worldwide clients.
• Good comprehension of policies in CyberArk Central Policy Manager (CPM) and (PSM).
• Resolved CyberArk issue's in CPM to communicate with a host to accommodate credentials.
• On-boarded Privileged Accounts and Super User IDs in teh CyberArk Safes utilizing Bulk upload utility.
• Part of Privileged Access Management (PAM) Remediation and Engineering team whose role is to secure Web Based applications on user access and authorization.
• Implementation and create of web policies, password policies. Vault Back-up Management process, AD Configuration (User to connect AD & Branches). Load Balancer architecture, Application Identity Manager Design, On-Demand Privileges Manager Design.
• Break Glass Access Management Process, Integration with other Systems (email configuration). Change Management Process Plan (OS, patch updates). Responsible for Create New User, Activate, enable user, group and OU account in Active Directory.
• Configured AD pass-through authentication for Identity Access Manager (IAM). Installed and configured teh LDAP Sun ONE Directory Server. Configured teh multi master. Workflows and Integration of various target system privilege account integration.
• Application involves intranet and internet usage of users, running on different platforms Linux, Unix, Windows, etc.
• Involved in troubleshooting issue work requests on day-to-day basis for teh applications integrated with CyberArk in QA and Production Environment.
• Hands on experience with CyberArk implementation and configuration of Vault, CPM, PVWA, AIM.
• Created Custom Adapter Replacing Site Minder 3.0 Ping Federate Identity Provider adapter.
• Expertise inopensource and commercial SAML Identity Provider and Service Provider implementations (Shibboleth, Simple SAML php and ADFS)
• Resolve complicatedIDMissues and health checks forIDMsystem.
• Utilized IAM protocols such as SAML, O auth, OpenID
• Support enterprise data backup (VTL) Backup Exec, Net Backup, and HPOpenview, HP data protector
• Design and implement Identity Manager 3.6 with different drivers (AD, Notes, LDAP, Exchange, SOAP, JDBC, Active Directory, directory)
• Performed Proof of concept for Open AM, Ping Access 3 and CA Single Sign-On R12.52.
• Supported development with integration of Mobile Apps using OAuth/SAML in Ping federate
• Developed custom Ping Agent using Ping SDK and Implemented SAML Protection with Digital Signature.
• Designed, deployed and supported highly available and scalable Ping federate infrastructure in AWS and On-premise dat provides single-sign-on (SSO) and federation solutions for internal accesses.
• Performed POC for Ping Access Authentication Solutions.
• Created SP /IdP connections using Ping Federate with external partners.
• Developed shell scripts for backing up current setup and upgrading between different Ping federate versions.
• Hands on Vulnerability Assessment page injection flaw.
• Deployed several Ping federate integration kits for Apache, Core blox, Atlassian, Java, PHP, Symantec VIP, Agentless, IWA etc., to establish teh “first- and last-mile” implementation of a federated-identity.
• Creating Open SSL Certificates and using teh same for Federation of external Services to achieve teh purpose of maintaining confidentiality, message integrity and non-repudiation.
• Implementation of fully API based SSO architecture using CA Site Minder, CA IDM, Ping Federate, and Radiant Logic Virtual Directory Server which accomplishes end applications integration with SSO easier.
• Responsible for successfully completing POC.
• Install TIM/TAM/TFIM and provide 24/7 support for TIM.

Confidential, Pittsburgh,PA

IAM Consultant

Responsibilities:

• Highly dynamic environment with sprint teams using agile methodology.
• Involved in teh development of Solution Design Overview document and technical document.
• Development of identity federation connectors from SailPoint to target systems.
• Created Custom tasks, Custom Objects to update teh entities in teh system which are scheduled every week.
• Built Joiner, Mover and Leaver workflows to maintain user accounts
• Involved in creating custom reports, certifications to cater various data feeds.
• Participated in all SailPoint deployment activities - connector configuration, custom rule development, workflow configuration and development, third party system integration.
• Analysis of teh specifications provided by teh client and halp Project Manager to estimate teh effort required
• Developed Rules like Build Map, Correlation, Exclusion, Policy Violation, Policy Formatting etc., as part of connector development.
• Performed two upgrade cycles of entire Identity IQ installation (versions 5.1p10->6.1 and 6.1->6.1p4)
• On boarded different applications into SailPoint IDM. Integrated SailPoint with IBM Tivoli IDM for importing roles into SailPoint System.
• Managed client requirements and configured SailPoint IIQ connectors.
• Configuring teh Applications (Authoritative and Non-Authoritative) using AD, Flat file, JDBC and LDAP connectors to load teh Identity Cubes.
• Performed Access re-certification, automatic manual remediation for applications managed by SailPoint for Employees and Contractors. Created numerous application definitions and associated rules to allow Identity IQ (IIQ) to retrieve access data. Main development was done in Bean Shell with occasional work in Java.
• Connectors types used included: JDBC, AD/LDAP, Windows, Unix/Linux, Delimited File, SAP, Logical
• Provide Sailpoint application consulting and development support to consumer applications as required.
• Successfully upgraded Ping Federation Services from 6 to 7.
• Implemented Ping Federate solution with Services like AWS, Service-Now, Salesforce, Oracle Fusion.
• Integrated Siteminder with Ping federate using Core blox token translator to bridge teh SSO gap between applications protected on either system.
• Involved in Requirements gathering, development if required, integrating and testing for enabling SSO for teh application.
• Integrated internal Applications, SAAS based applications using SAML 2.0, SAML 1.1, WSFED and OAuth 2.0.
• Experienced in using IAM/PAM tools for deployment, configuration, integration and troubleshooting of CyberArk Privileged Account Security product suite - Enterprise Password Vault, Password Vault Web Access, Central Policy Manager, Privileged Session Manager, Application Identity Manager, and Privileged Threat Analytics.
• Worked with other platform teams and external suppliers to consistently deliver on physical access objectives or requirements.
• Excellent communication and interpersonal skills and a very good team player with teh ability to work independently.
• Daily administration of CyberArk Enterprise vault Management includes. Safe Management, Master Policy Management, Platform Management and Access Management.

Confidential, New York

IAM Consultant

Responsibilities:

• Set up Confidential policy server on 4 environments (Dev, QA, UAT & Production)
• Developed build map rule, creation rule and customization rule to create Employee and Contractor user accounts into SailPoint from their current application’s exported feed file.
• Developed a custom form in teh SailPoint UI so dat various admins can create Employee/Contractor user accounts manually through UI and provision users
• Manage client requirements and configure connectors for 50+ applications
• Created and ran teh aggregation task to bulk load authoritative source data from Active Directory, Exchange and LDAP
• Developed a creation rule to run update, terminate and rehire transactions on specified Employee and Contractor user accounts based on teh feed file data.
• Developed a scheduler using Java dat will periodically run to terminate contractors on their specified contract end date
• Developed a code dat will send expiration notification to Contractors
• Developed a scheduler dat would periodically check for Name change requests in teh feed file data and will change teh name of respective Employee account
• Developed a java code dat will consolidate role details of user accounts into a CSV file and send to HR or Application Admin. Teh admin can then act upon teh access of users accordingly.
• Primary responsibilities include Installation and configuration of CyberArk Vault, Vault Client, Active CPM, Network load balancedCyberArk PVWA, Clustered CyberArk PSM and PSM SSH proxy Architecture and design.
• Implementation and create of web policies, password policies. Vault Back-up
• Load balancer architecture, Application Identity Manager Design, On-Demand Privileges Manager Design.
• Primary responsibilities include Installation and configuration of CyberArk Vault, Vault Client, Active CPM, Network load balanced CyberArk PVWA, Clustered CyberArk PSM and PSM SSH proxy Architecture and design
• Change Management Process Plan (OS, patch updates). Responsible for Create New User, Activate, enable user, group and OU account in Active Directory.
• Installed and configured teh LDAP Sun ONE Directory Server. Configured teh multi master. Workflows and Integration of various target system privilege account integration.
• Experience with teh implementation of RSA two factor authentication tokens for teh integrated web service security in a SSO environment for teh service provider applications in both environments.
• Managing User Accounts, Server Space & other Log files on servers and Maintaining Mail Accounts in Microsoft Office Outlook & Backup of Emails. Helping organization target architecture for infrastructure privileged access and teh high-level requirements for teh privileged access management solution.
• Implementing teh strategy for infrastructure privileged access control in organization, and teh drivers in terms of risk and regulatory control. Cyber-Ark as a platform for managing privileged access to infrastructure. An initial project is focusing on managing networking devices accounts. In parallel, analysis is ongoing.