SUMMARY:

• Experience in Identity and Access Management, Privileged Access Management using Microsoft Identity Manager, Exchange Online, Azure Active Directory, Visual Studio .Net, SSIS as a FIM Consultant/Lead Developer, Forge Rock Consultant, Confidential, Hitachi PAM and NETIQ.
• Advance level with SQL Server Database concepts, designs, and project implementations
• Involved in designing and developing Web Based applications using technologies like .net, Visual Basic, ADO, HTML, JavaScript, DHTML, CSS.
• Involved in designing SSIS package for transferring data from excel to SQL database
• Advance experience in project scope definition based on gathered Business Requirements including documentation of constraints, assumptions, business impacts, project risks and scope exclusions
• Worked on Hitachi Password Manager to implement Self Service Password Management Tool across the Organization
• Developed PowerShell scripts to automate Group Management activities using FIM/MIM
• Developed distributed applications using .Net and Web Services.
• Worked with Product Managers to evolve understanding of product needs and translate into product specifications, and then translating specifications into working systems components
• Designed and Developed n - tier (including business and data tier) applications. Well versed with Back end, Middle tier, Front end and GUI.
• Advance knowledge of FIM, Office 365, Azure Active Directory, Exchange Online and databases like SQL Server
• Advanced knowledge in CSS3, HTML5 technologies
• Interacting with Architects, Developers, Project managers and reports to Director for Identity and access management.
• Working on different products from CA, IBM, Microsoft, SecureAuth, Okta, Onelogin, Amazon PingFederate, NetIQ, Centrify, CyberArk and BeyondTrust.
• Implementing SailPoint Identity IQ solutions for RBAC, Role composition certification, performed business role mining and IT role mining for entitlements.
• Recent experience in using NetIQ access manager and identity manager for IDM provisioning through drivers and access manager for SAML/OAuth/OpenID integrations.
• Used Access Gateways for identity injection for traditional apps.
• Recent implementation of complete Ping Suite including PingOne, Pingfederate, PingAccess, PingID for apps that are dependent on OIDC/OAuth model.
• Built a central hub for Apigee and Ping for using PingAccess as a gateway model and protected apps that are rest api's layered behind pingaccess.
• Automation process for application promotion using Rest API and documented API's using swagger for publishing documentation to API for both public and internal user.
• Ping Infrastructure automation process in AWS using Ansible for continuos delivery model and continuous integration model.
• Implemented SCIM for user provisioning for Rest API end points reducing the dependency on use of connectors for simple apps that are migrated from SOAP based architecture to REST API based architecture.
• Implemented strong session management for tight scalable access to the applications for both API and web applications-based model.
• Experience in setting up CyberArk for multiple client bases using cold/hot topology models.
• Experience in using Password Vault, PVWA,PSM, CPM, conjur, DNA tool, on boarding and managing different applications.
• Experience in setting up Beyondtrust platform use of Powerbroker for windows/unix/Mac, Beyondinsight, retina scanner, DART tool, use of smart rules and on boarding different application portfolios.
• Excellent Communication skills, hardworking, highly enthusiastic and good problem-solving abilities Ability to learn and implement different languages and complete projects in the given timeframe with quality
• Proficient in developing and executing Test cases, test plans, performing functional, usability, stress testing and UAT
• Worked on integration of applications with Ping Federation for implementing SSO and Federated identities
• Worked with the Onsite and Offshore leads to establish a collaborative environment between technology and the other disciplines
• Responsible for mentorship and guidance to (offshore) technical team members
• Identification of new opportunities and ideas for the project - as a proposal to client for future enhancements
• Assisting Business Development and project teams in scoping and estimating project work for medium to small sized projects

PROFESSIONAL EXPERIENCE:

Confidential

IDAM/PAM Lead Engineer

Responsibilities:

• Create multiple MA's for data flow between source and destinations.
• Implement multiple Rules Extensions to in corporate custom login in data flows.
• Customize Group Management Portal for the ease of access and to in corporate client requirements.
• Create Sets, Workflows and MPRs to implement critical business logic.
• Customize and created new Search Scopes for ease of user access.
• Create/Upgrade PowerShell MA's for interaction with Exchange Online for creation of mailboxes in the cloud.
• Create SSIS package to transfer data from excel to SQL tables.
• Create Web Service to update Groups in Group Manager Portal from an external application
• Track the lifecycle (creation, update, inactive status and deletion) of Group and User resources across the directories.
• Administer the Group and User Management portal.
• Identify priorities within ongoing projects in consultation with the client and modify project delivery schedules accordingly.
• Identify, plan and report value additions in different areas of the project.
• Interact with the Business Teams to define/validate requirements, ensure that the requirements are documented and the corresponding development tasks are assigned to the team for fulfillment of the requirements.
• Analyze the various risks associated with the project, conduct an impact analysis of the risks on the project in terms of cost, budget and timelines and develop mitigation strategies for the same.
• Conduct weekly meetings with IT leads and re-define priorities of various activities as per the current needs of the project. Proactively communicate status of key project activities, risks, and issues to IT leadership

Confidential

Subject Matter Expert

Responsibilities:

• Experience in installing, configuring and maintaining Confidential r12.6 SP4, CA Siteminder Policy Server R12.51sp1, Web agents, Transaction Minder, Active Directory server, Oracle Directory Server (LDAP) and various Web servers (plug-in files), Application servers on environments like Web sphere 8.5, JBOSS 6.4EAP and various platforms.
• Work on implementing and supporting SAML-based Federation technologies like OAUTH 2.0, Active Directory Federated and governance minder 12.6.1
• Installed, configured and administered Confidential, CA SiteMinder Policy Server, Web agents, CA Directory and Oracle Directory Server (LDAP) on various platforms for a clustered and HA environment on WebSphere 8.5, JBOSS and various Platform
• Integrated IDM with CA SSO, Providing Authentication and Authorization to IDM
• Used CA Wily Introscope monitoring tool to generate performance reports of SiteMinder policy servers and other LDAP servers
• Configured System objects like Agents, Agent Conf Objects, Host Conf Objects, User Directories, Domains, Administrators and Schemas
• Work on implementing and supporting SAML-based Federation technologies and Active Directory Federated
• Experience in implementing CA Siteminder policy server, framing Rules and Policies, Policy Server maintenance, SSO call clearance, Web Agent & Application agent installations, troubleshooting production problems
• Migrated of data from Confidential from R .6 SP4
• Responsible for provisioning users across endpoints like Active Directory, LDAP, Unix, and RACF/Mainframe along with explore and correlating users from various endpoint.
• Installing and configuring Policy servers from 12 to 12.52.105.2112
• Worked on different types of integration projects like SPS integration (Secure Proxy Server), MS ID integration for all various types of applications.
• Meeting the application team's and explaining them about how Siteminder helping their applications with Single Sign On and working on all the environments in their application.
• Pulling the data from OneView Monitor to get the server list details such as: Host name, Version info, IP address and many others based on requirement.
• Working with CA Support for various issues in the applications caused by CA to fix the issue.
• Worked completely on Reporting Server Config, this application from CA helps us to get most of the information from the servers related to Siteminder based on our search.
• Created Domains, Realms, Rules, Responses, Agents, Agent Configuration Objects, Auth Schemes.
• Installed Siteminder webagents and configured for new webservers.
• Created new used and gave them administrators access to single environment or all the required environments.

Cyberark Consultant

Confidential

Responsibilities:

• Perform as the subject matter expert for information security technology, processes and practices internally to the plan provided by the client. Providing access to shared drives and administrating the inactivity of the internal users through Active Directory.
• Privileged Access Management (PAM) project which includes implementing CyberArk Password Vault, Web Access, Central Password Manager and Privileged Session Management.
• Generating Inactive users report from Stealth Audit for further auditing and maintaining the data for Active Directory.
• Worked on EPM tools for improved operational efficiencies through an automated workflow approval and provisioning engine that integrates authorization and authentication.
• Experience in CyberArk Privileged Account Security product suite - Enterprise, Password Vault, Password Vault Web Access, Central Policy Manager, Privileged.
• Manage the day to day operations of CyberArk solutions including adding and deleting accts.
• Managing policies and platforms.
• Creating and assigning Safes, reconciling accounts, rotating passwords.
• Create AD users and groups for safe delegation and updates.
• Conduct workshops with application and infrastructure teams about on-boarding privileged accounts.
• Assist application teams with CyberArk application Identity Manager integrations and linked accounts.
• On-board privileged accounts and application ids with CyberArk upload utility or PVWA
• Ensure ongoing CyberArk system Maintenance is scheduled and completed on time.
• Creating a new application on board is documented and implemented.
• Works with Unix / Directory Support and Network team
• Perform application and Job designs with the existing and current requirements.
• Design build and support processes on Windows Servers and Cyber Ark Security Platform. Providing support to Server owners on the security Servers.
• Coordinate with CyberArk support teams for escalation and resolution issues
• Ensure that all Identity and access management services are secure, available, efficient and meet defined corporate services levels
• Co-ordination with the offshore support teams to address technical or business requirements related queries.
• Involved in both Sever System analyze and Security support on CyberArk as well as Support on Security on Windows servers.
• Monitoring logs, analyzing logs and Troubleshooting issues with the server and the environment.
• Documenting the patterns for new configurations.
• Working on customer IAM project using ForgeRock openAM, openIDM and openDJ, build up customer authentication REST services layer for a client of 27 million users.
• Used Java, Postman, ForgeRock customer authentication module, OTP, Post Authentication Module, openDJ password plugin module.
• Use ForgeRock OpenAM, OpenDJ to do SSO for internal and external applications (SAML, OAuth/OpenID Connect, Kerberos etc).
• Use OpenIDM to develop user accounts lifecycle management (provisioning, deprovisioning etc)
• Customize UI REST API developing & testing IAM system architect (F5 load balancer, SSL, 2 factors, MySQL RDS..etc)
• Use Splunk create panels/dashboard to monitor Authentication and LDAP
• Create internal documentation in Confluence and manage tickets in JIRA.
• Primary responsibilities include Installation and configuration of multiple instances of ITIM, Web Sphere, LDAP - IBM Directory Server and IDI
• Configuration of ITIM agents for multiple end points (AD, Sun One LDAP and TAM/GSO,)
• Developed custom Adapters to provide user information to vendor Applications (using SOAP and REST CALL)
• Configuration and Administration of ITIM
• Developing Assembly Lines(AL's) in TDI/ISDI
• Design org tree structure
• Create provisioning policies
• Implementation of identity policies and password policies
• Reconciliation
• Recertification Workflows
• Service definition for Endpoint Agents
• Developing and modification of different Workflows
• Password Synchronization
• Created web seal junctions for backend applications.
• Created ACL, POPs for applications.
• Trouble shooting day to day incidents by priority for user access
• Used IDI scripts for Batch and real time attribute sync
• Used IDI script to notify users of password expiration date
• Developed IDI scripts, Provisioning Policies, Organization roles, Oracle database objects, ITIM groups, ACIs, Work Flows, Sub forms, Life Cycle rules
• Resolved Ad Initial load problem
• Created groups for corporate LDAP using ITIM and IDI.
• Created add, delete, and modify person using ITIM APIs for other Applications (Real-time changes).
• Implementation of SSO using SAML Authentication.
• Performing day-to-day administration and maintenance of LDAP/TIM/TAM/TDI.
• Performed daily health checks which involves disk space checking, TAM check, DB status etc.
• Generated reports for TAM and Related applications.
• Provided trouble-shooting for ITIM, FIM and WAS.
• Worked on creating stories and defects as per requirements and co-ordinate with PMT, developing and testing team.
• Played a key role in release management team for planning and on boarding new changes in production.
• Worked on problem tickets (PMRs) with IBM to find effective solutions to various problems and performance issues in Test and production environments.
• Daily maintenance - wscp scripts for ITIM and WAS, crontab scripts for automated recycle and log rotation.