We provide IT Staff Augmentation Services!

Pki Security Engineer Resume

5.00/5 (Submit Your Rating)

Minneapolis, Mn

SUMMARY

  • Proven record of performance and result in deadline driven Business and IT Environments
  • Highly effective in identifying business needs and implementing solutions using information technology processes
  • In - depth knowledge of implementing and managing various IT security Solutions and controls
  • Exceptional troubleshooting skills
  • Positive and resourceful contributor to any giving team
AREAS OF EXPERTISE
  • Application Integration & Implementation
  • Application Provisioning
  • Directory Services
  • Technical Documentation
  • Technical Control Metrics
  • Role base access control (RBAC)
  • Identity and Access Management
  • Public Key Infrastructure (PKI)
  • System Configuration
  • Infrastructure Security

TECHNICAL SKILLS

  • TDS
  • TDI
  • IBM Web-sphere
  • JBOSS
  • ISS Webserver
  • Microsoft Server 2003
  • Microsoft Server 2008 Apache ldap studio
  • Active directory
  • Putty
  • WinScp
  • TLS/SSL
  • IBM IKEYMAN
  • Varonis
  • Tufin web services
  • API
  • HTTP soap
  • REST
  • JavaScript
  • IBM JavaScript Extensions
  • LDAP v3
  • ITIM
  • TAM
  • Oracle SQL
  • BMC IAM
  • BMC WAM
  • Aveksa
  • Linux/Unix
  • Entrust
  • Cyber Ark
  • Basic Authentication Active Directory
  • SAML
  • SSO. Open SSL
  • Java Key tool
  • Exchange,0365,Lync
  • Oracle SQL developer
  • Subversion
  • Lotus Notes
  • Same time
  • Service Now
  • BMC Remedy
  • HP open View

PROFESSIONAL EXPERIENCE

Confidential, Minneapolis, MN.

PKI Security Engineer

Responsibilities:

  • Primary responsibilities involve providing Project and engineering support to Confidential Public Key Infrastructure
  • Symantec Managed Public Key Infrastructure, Microsoft CA, Enterprise Auto Enrollment Servers (2008 and 2012), Hardware Security Module, SCEP Server, Air Watch MDM and Cisco ISE
  • Managed administration, operation and support of Confidential PKI Infrastructure (Internal and Public CA)
  • Provided consulting to all lines of business on security related topics pertaining to encryption and certificates authentication (Mutual and basic authentication)
  • Defined, and developed strategic plans for PKI and certificates Lifecycle Management, certificates service configuration (OCSP, CRLS)
  • Issued, revoke, and renew CA, EV, Code Signing, wild card, and S/mime certificates
  • Developed strategy and collaborated with the vulnerability team to deprecate all SHA-1 certificates and SSHv1
  • Updated, patch and maintain Hardware Security Module and the Enterprise gateway servers
  • Collaborated with Active directory, Client, and Security Engineers to implement Microsoft certificate authority as an internal CA for Confidential
  • Lead, designed and engineered the Symantec MPKI integration with Air watch MDM and Cisco ISE for Android and IOS device certificates (Certificates profiles, RA certificates, certificate templates and payloads)
  • Lead, designed and engineered the Symantec MPKI integration with Auto enrollment servers and Active Directory for Synchrony Users and Laptop/Desktop certificates (Certificates profile, RA certificates GPOs, and certificates templates)
  • Configured Public CA certificates for IP phones
  • Configured and developed implementation plans for Blue coat server proxy SSL intercept
  • Collaborated with the Middleware engineers to implement Mutual authentication
  • Troubleshoot all certificates chain issues (LI/L2/L3)
  • Developed PKI knowledge base for end user in Service-Now
  • Review Firewall rules (PKI ACLS)
  • Ensure 24x7 uptime and monitoring of PKI services
  • Work with the vendor to remediate Technical issues
  • Act as the PKI functional SME

Confidential, Eagan, MN

Security Engineer

Responsibilities:

  • Primary responsibilities involve providing Project and engineering support to Tivoli Identity Manager (ITIM), Aveksa, Entrust PKI solution, Varonis Data Advantage, and Tufin firewall rule governance.
  • IBM Tivoli Identity Manager 5.1, Tivoli Directory Integrator server, Tivoli Access Manager, and Tivoli Federated Identity Manager
  • Troubleshoot all system failures, identify root causes, fix any issues and provide availability and integrity of the identity management products
  • Collaborated with various IT functions to integrate business application integrations with ITIM
  • Collaborated with IT security access management to develop auto provisioning and de-provisioning of user applications using Aveksa and ITIM
  • Managed, and maintained health and wellness of Tivoli directory server 6.1(Window sever 2003) and 7.1(Window Server 2008)
  • Provided assistance to the Access management team with creation of provisioning entitlements and provisioning policies and assure data are updated in ITIM through Aveksa
  • Built various work-flow scripts, and account default scripts to enhance the IAM tool
  • Co-developed and configured IDI data feeds in TDI
  • Co-developed, load, configured and test custom adapters and assembly lines using TDI 7.1 development tool kit
  • Collaborated with Middle Ware Engineers to implement various web application i.e Salesforce
  • Consult with all line of business for application integration with ITIM, TAM and TFIM
  • Collaborated with other Security Engineers and Professional services to upgrade ITIM 5.1 to ISIM 6.0
  • Collaborated with IBM support to resolve complex issues beyond our control
  • Aveksa Role Governance
  • The Aveksa appliance serves as the driver behind Role base access control with built in custom attributes and metadata that feeds into Tivoli identity manager
  • Managed the Aveksa physical appliance which include Aveksa OS 5.5.1, stacked on Jboss application server, hosted on a Linux platform with an Oracle database back-end
  • Collaborated with IT security assess management team on RBAC processes
  • Provided guidance and consulting to the business functions on role base access controls, entitlements and Provisioning Policies.
  • Collaborated with IT security assess management team on RBAC processes
  • Upgrade and install patches provided by the vendor
  • Collaborated with the vendor to resolve application issues
  • Monitor the health and wellness of the IAM tool
  • Entrust PKI Solution
  • Responsible for Confidential Entrust Public key infrastructure as a cloud based commercial brand and internal certificate authority (CA)
  • Reconfigured Prime internal root CA(Entrust) with windows clients certificate enrolment (WCCE)
  • Managed three Auto-enrollment servers, and ISS application servers dedicated to user certificates, Machine certificates and Window server certificates
  • Generated all SSL certificates and code signing certificates
  • Assisted end-users with SSL/TLS implementations on various OS platforms
  • Assisted with defining the usage of X.509 certificate for mutual authentication, encryption and identity authentication for inbound and outbound calls
  • Configured online certified status protocol (OCSCP), and certificate revocation list (CRL)
  • Collaborated with Security Architects to develop Mutual authentication processes
  • Build server certificates requests process into Service Now
  • Researched and implement new use cases
  • Use Java Key tool and OpenSSL to generate various certificate formats
  • Document all process and make changes to IT security policies regarding PKI
  • Developed a strategy to move from SHA-1 certificates to SHA 256 certificates types
  • Collaborated with the vendor to resolve complex issues

Confidential, Saint Paul, MN

Associate Security Engineer

Responsibilities:

  • Primary responsibilities involve providing engineering support to Tivoli identity manager, Tivoli Access Manager and Active directory/Active Directory PKI services
  • Tivoli Identity Manager Administrator, Tivoli Access Manager Support.
  • Responsible for maintenance and patching of the identity and access management tool
  • Provided assistance with application/services integrations with the IAM tool
  • Troubleshoot and configure all applications and services issues within the IAM tool
  • Work with application/service owners to resolve all issues within the IAM tool
  • Developed auto provisioning and de-provisioning of user application access
  • Collaborated with the Business and Security Analysts to build roles and provisioning policies.
  • Provided guidance and consulting to the business functions on role base access controls, entitlements and Provisioning Policies.
  • Developed and present technical control metrics to the business leaders and IT security leaders
  • Assisted with configuration of single sign on implementations
  • Created and managed all TAM groups for RBAC processes.
  • Active Directory/PKI Services with server 2008
  • Assisted with applications integration and implementations projects
  • Configured and managed group policies
  • Assisted with Active directory server upgrades, and patches
  • Supported global user accounts across twelve Business Units
  • Developed strategy for Active Directory certificates services implementation. The implementation was done to get rid of self signed certificates internally
  • Co-managed and reconfigured the Active directory certificates services
  • Issued and generated certificates to various OS platforms
  • Assisted with managing x.509 certificates usage
  • Built various certificates templates and profiles
  • Managed and troubleshoot all Active Directory certificates services, events and errors
  • Develop knowledge of Active Directory structures.

Confidential, Minneapolis, MN

IT consultant

Responsibilities:

  • Responsible for reviewing analysis on event logs, and traffic flows to identify malicious activity using Symantec Security information and event management (SIEM)
  • Performed real time monitoring and resolution of security events
  • Partnered with Senior Security Analyst and Engineers with remediation of security events
  • Research and develop various techniques, and process improvements to support related security events
  • Maintained the log management and threat analysis solutions
  • Developed understanding of IDS and IPS technologies.
  • Ensure compliance with Confidential & Confidential SOP and Policies

Confidential, Minneapolis, MN

Information Technology Specialist

Responsibilities:

  • Assisted the combat brigade ensuring the security of Military personnel information
  • Installed and configured WinNT, Win2k, and Win2k3
  • Managed and maintained Active Directory users account and groups permission and group policies
  • Assisted with the installation, configuration of desktop and laptop computers, peripheral equipment and software
  • Performed data recovery and restore on Windows operating systems
  • Assisted with monitoring and investigating security alerts on various software applications and operating systems
  • Developed Knowledge of storage Area Network (SAN), network attached Storage (NAS), local area network, (LAN), and wide area network (WAN)
  • Assisted with several database application security access
  • Ensured compliance with required regulation

We'd love your feedback!