Pki Security Engineer Resume
5.00/5 (Submit Your Rating)
Minneapolis, Mn
SUMMARY
- Proven record of performance and result in deadline driven Business and IT Environments
- Highly effective in identifying business needs and implementing solutions using information technology processes
- In - depth knowledge of implementing and managing various IT security Solutions and controls
- Exceptional troubleshooting skills
- Positive and resourceful contributor to any giving team
- Application Integration & Implementation
- Application Provisioning
- Directory Services
- Technical Documentation
- Technical Control Metrics
- Role base access control (RBAC)
- Identity and Access Management
- Public Key Infrastructure (PKI)
- System Configuration
- Infrastructure Security
TECHNICAL SKILLS
- TDS
- TDI
- IBM Web-sphere
- JBOSS
- ISS Webserver
- Microsoft Server 2003
- Microsoft Server 2008 Apache ldap studio
- Active directory
- Putty
- WinScp
- TLS/SSL
- IBM IKEYMAN
- Varonis
- Tufin web services
- API
- HTTP soap
- REST
- JavaScript
- IBM JavaScript Extensions
- LDAP v3
- ITIM
- TAM
- Oracle SQL
- BMC IAM
- BMC WAM
- Aveksa
- Linux/Unix
- Entrust
- Cyber Ark
- Basic Authentication Active Directory
- SAML
- SSO. Open SSL
- Java Key tool
- Exchange,0365,Lync
- Oracle SQL developer
- Subversion
- Lotus Notes
- Same time
- Service Now
- BMC Remedy
- HP open View
PROFESSIONAL EXPERIENCE
Confidential, Minneapolis, MN.
PKI Security Engineer
Responsibilities:
- Primary responsibilities involve providing Project and engineering support to Confidential Public Key Infrastructure
- Symantec Managed Public Key Infrastructure, Microsoft CA, Enterprise Auto Enrollment Servers (2008 and 2012), Hardware Security Module, SCEP Server, Air Watch MDM and Cisco ISE
- Managed administration, operation and support of Confidential PKI Infrastructure (Internal and Public CA)
- Provided consulting to all lines of business on security related topics pertaining to encryption and certificates authentication (Mutual and basic authentication)
- Defined, and developed strategic plans for PKI and certificates Lifecycle Management, certificates service configuration (OCSP, CRLS)
- Issued, revoke, and renew CA, EV, Code Signing, wild card, and S/mime certificates
- Developed strategy and collaborated with the vulnerability team to deprecate all SHA-1 certificates and SSHv1
- Updated, patch and maintain Hardware Security Module and the Enterprise gateway servers
- Collaborated with Active directory, Client, and Security Engineers to implement Microsoft certificate authority as an internal CA for Confidential
- Lead, designed and engineered the Symantec MPKI integration with Air watch MDM and Cisco ISE for Android and IOS device certificates (Certificates profiles, RA certificates, certificate templates and payloads)
- Lead, designed and engineered the Symantec MPKI integration with Auto enrollment servers and Active Directory for Synchrony Users and Laptop/Desktop certificates (Certificates profile, RA certificates GPOs, and certificates templates)
- Configured Public CA certificates for IP phones
- Configured and developed implementation plans for Blue coat server proxy SSL intercept
- Collaborated with the Middleware engineers to implement Mutual authentication
- Troubleshoot all certificates chain issues (LI/L2/L3)
- Developed PKI knowledge base for end user in Service-Now
- Review Firewall rules (PKI ACLS)
- Ensure 24x7 uptime and monitoring of PKI services
- Work with the vendor to remediate Technical issues
- Act as the PKI functional SME
Confidential, Eagan, MN
Security Engineer
Responsibilities:
- Primary responsibilities involve providing Project and engineering support to Tivoli Identity Manager (ITIM), Aveksa, Entrust PKI solution, Varonis Data Advantage, and Tufin firewall rule governance.
- IBM Tivoli Identity Manager 5.1, Tivoli Directory Integrator server, Tivoli Access Manager, and Tivoli Federated Identity Manager
- Troubleshoot all system failures, identify root causes, fix any issues and provide availability and integrity of the identity management products
- Collaborated with various IT functions to integrate business application integrations with ITIM
- Collaborated with IT security access management to develop auto provisioning and de-provisioning of user applications using Aveksa and ITIM
- Managed, and maintained health and wellness of Tivoli directory server 6.1(Window sever 2003) and 7.1(Window Server 2008)
- Provided assistance to the Access management team with creation of provisioning entitlements and provisioning policies and assure data are updated in ITIM through Aveksa
- Built various work-flow scripts, and account default scripts to enhance the IAM tool
- Co-developed and configured IDI data feeds in TDI
- Co-developed, load, configured and test custom adapters and assembly lines using TDI 7.1 development tool kit
- Collaborated with Middle Ware Engineers to implement various web application i.e Salesforce
- Consult with all line of business for application integration with ITIM, TAM and TFIM
- Collaborated with other Security Engineers and Professional services to upgrade ITIM 5.1 to ISIM 6.0
- Collaborated with IBM support to resolve complex issues beyond our control
- Aveksa Role Governance
- The Aveksa appliance serves as the driver behind Role base access control with built in custom attributes and metadata that feeds into Tivoli identity manager
- Managed the Aveksa physical appliance which include Aveksa OS 5.5.1, stacked on Jboss application server, hosted on a Linux platform with an Oracle database back-end
- Collaborated with IT security assess management team on RBAC processes
- Provided guidance and consulting to the business functions on role base access controls, entitlements and Provisioning Policies.
- Collaborated with IT security assess management team on RBAC processes
- Upgrade and install patches provided by the vendor
- Collaborated with the vendor to resolve application issues
- Monitor the health and wellness of the IAM tool
- Entrust PKI Solution
- Responsible for Confidential Entrust Public key infrastructure as a cloud based commercial brand and internal certificate authority (CA)
- Reconfigured Prime internal root CA(Entrust) with windows clients certificate enrolment (WCCE)
- Managed three Auto-enrollment servers, and ISS application servers dedicated to user certificates, Machine certificates and Window server certificates
- Generated all SSL certificates and code signing certificates
- Assisted end-users with SSL/TLS implementations on various OS platforms
- Assisted with defining the usage of X.509 certificate for mutual authentication, encryption and identity authentication for inbound and outbound calls
- Configured online certified status protocol (OCSCP), and certificate revocation list (CRL)
- Collaborated with Security Architects to develop Mutual authentication processes
- Build server certificates requests process into Service Now
- Researched and implement new use cases
- Use Java Key tool and OpenSSL to generate various certificate formats
- Document all process and make changes to IT security policies regarding PKI
- Developed a strategy to move from SHA-1 certificates to SHA 256 certificates types
- Collaborated with the vendor to resolve complex issues
Confidential, Saint Paul, MN
Associate Security Engineer
Responsibilities:
- Primary responsibilities involve providing engineering support to Tivoli identity manager, Tivoli Access Manager and Active directory/Active Directory PKI services
- Tivoli Identity Manager Administrator, Tivoli Access Manager Support.
- Responsible for maintenance and patching of the identity and access management tool
- Provided assistance with application/services integrations with the IAM tool
- Troubleshoot and configure all applications and services issues within the IAM tool
- Work with application/service owners to resolve all issues within the IAM tool
- Developed auto provisioning and de-provisioning of user application access
- Collaborated with the Business and Security Analysts to build roles and provisioning policies.
- Provided guidance and consulting to the business functions on role base access controls, entitlements and Provisioning Policies.
- Developed and present technical control metrics to the business leaders and IT security leaders
- Assisted with configuration of single sign on implementations
- Created and managed all TAM groups for RBAC processes.
- Active Directory/PKI Services with server 2008
- Assisted with applications integration and implementations projects
- Configured and managed group policies
- Assisted with Active directory server upgrades, and patches
- Supported global user accounts across twelve Business Units
- Developed strategy for Active Directory certificates services implementation. The implementation was done to get rid of self signed certificates internally
- Co-managed and reconfigured the Active directory certificates services
- Issued and generated certificates to various OS platforms
- Assisted with managing x.509 certificates usage
- Built various certificates templates and profiles
- Managed and troubleshoot all Active Directory certificates services, events and errors
- Develop knowledge of Active Directory structures.
Confidential, Minneapolis, MN
IT consultant
Responsibilities:
- Responsible for reviewing analysis on event logs, and traffic flows to identify malicious activity using Symantec Security information and event management (SIEM)
- Performed real time monitoring and resolution of security events
- Partnered with Senior Security Analyst and Engineers with remediation of security events
- Research and develop various techniques, and process improvements to support related security events
- Maintained the log management and threat analysis solutions
- Developed understanding of IDS and IPS technologies.
- Ensure compliance with Confidential & Confidential SOP and Policies
Confidential, Minneapolis, MN
Information Technology Specialist
Responsibilities:
- Assisted the combat brigade ensuring the security of Military personnel information
- Installed and configured WinNT, Win2k, and Win2k3
- Managed and maintained Active Directory users account and groups permission and group policies
- Assisted with the installation, configuration of desktop and laptop computers, peripheral equipment and software
- Performed data recovery and restore on Windows operating systems
- Assisted with monitoring and investigating security alerts on various software applications and operating systems
- Developed Knowledge of storage Area Network (SAN), network attached Storage (NAS), local area network, (LAN), and wide area network (WAN)
- Assisted with several database application security access
- Ensured compliance with required regulation