Summary

Professional IT consultant with over 16 years technical IT Industry experience, including most-recent 8 years of security experience on Identity/Access Management customization Sun IDM, CA SiteMinder, and Microsoft Forefront Identity Manager FIM , and system integration with LDAP, Relational Database, Identity Federation SAML and web services Demonstrated talent for quick learning, problem solving, and system design/administration/support/development Java and C .

Technical Skills

• 16 years technical IT industry experience, with 8 years of security related experience
• 8 Years Identity/Access Management customization of COTS products like Sun IDM v7/8, CA SiteMinder r12.x, and Microsoft FIM Forefront Identity Manager 2010
• Extensive experience/knowledge of security infrastructure/system setup, maintenance, and customization, especially in Cryptography, PKI, multi-factor authentication, etc.
• Expertise in Federation customization, using COTS products like CA SiteMinder, and NSN Nokia Siemens Networks , using SAML 1.0/1.1/2.0
• 8 years of OS installation, configuration, and management experience, on Windows 2008 , Linux, and Solaris 9, 10 servers
• 13 years of DB installation, configuration, maintenance and development experience, in Oracle and SQL-Server
• Extensive experience with LDAP Sun DS, OpenDS , AD Active Directory
• Extensive XML experience including XSLT, DTD, XML schema etc.
• 16 years' programming experience in Java and C
• Certification
• Certified Information Systems Security Professional CISSP
• Certified CA SiteMinder r12.5 Administrator
• Sun Certified Java Programmer
• Oracle Certified Database Administrator

Experience

Confidential

SiteMinder and Security Consultant

As an independent contractor for government agencies and private companies, provide consultation and recommendation on SiteMinder architecture/implementation, Server virtualization and hosting on x86 64 and Mainframe platforms, Oracle 12c setup/configuration/migration on different platforms.

Confidential

Senior Security Representative

• With major focus on Information Security, the primary responsibilities include: Analyze existing SiteMinder r12 connection/performance issues Coordinate with web teams on agent re-configuration and common ACO testing Setup/configure/tune the new SiteMinder r12.51 Test/Prod environments with optimized policies and SSO functionalities Setup/configure SiteMinder federation components to support SAML-based federation with business partners Coordinate with DBA and Network teams for DB tuning, Reverse Proxy/SSL configuration, and Load Balance setup Plan/Architecture/oversee security perspective of new technologies like Mobile and Cloud authentication/authorization Recommend new proposals and solutions.
• Completed CA SiteMinder r12.5 Administration 200 training and passed CAT-160 exam
• Resolved existing SiteMinder r12 issues like connections max-out, handshake errors, etc.
• Identified existing SiteMinder r12 performance bottlenecks with OneView monitor, etc.
• Designed SQL-Server Database architectures for policy store, key store, audit store
• Installed/configured policy servers in clustered mode for new SiteMinder r12.51
• Web agent installation/configuration on web servers mainly IIS 6.5/7.0 and Apache 2 to point to new SiteMinder r12.51
• Setup Apache Reverse Proxy to be used with SiteMinder to eliminate individual web server agent setup/configuration
• Analyzed/rewrote/optimized 15 external-facing web-site policies being protected by SiteMinder r12.51
• Configured partner federation in Admin UI to federate with United Healthcare
• Customized SAML 2.0 assertion using SiteMinder SDK, by developing Java Assertion Generator Plugins AGP
• Completed Forefront Identity Manager FIM 2010 training
• Configured Active Directory Federation Services ADFS for business partners SSO

Confidential

Identity Management Consultant

• Work for FDIC Identity Access Management System IAMS project, to participate in the full life cycle development of Change Requests CRs in releases to provide troubleshooting, diagnosis and maintenance services for the applications, emergent performance problems and high-priority business requirements. In the meantime, work closely with FDIC security department to discover, mitigate, and address vulnerabilities/breaches create/refine corporate polices enforce periodic security training/awareness for new and existing employees/contractors provide suggestions/solutions to security findings from penetration testing, or government compliance testing recommend security-sound design and implementations for future framework, which aims to take care of security-related jobs authentication, authorization, access control, etc. at the corporate infrastructure level.
• The system is built to automatically provision the new employee/contractor in Corporate Active Directory, LDAP, and other resources Identity life cycle management
• The system serves as a central place to submit/approve user access requests, with auditing, delegation, workflow management capability.
• Apply the best security practices to corporate infrastructure implementation. Application development has been made easy by concentrating on the business logic securities can be simply handled via API/SOA interface provided by the infrastructure
• Realize centralized management/enforcement for corporate policies, baselines, guidelines
• Help client comply with government mandates and regulations

Confidential

Identity Management Engineer development and integration

• Worked for Individuals Authorized Access to the CMS Computer Services IACS and IACS Partner and Customer Communities Component IPC for Center of Medicare and Medicaid Services CMS . Main responsibilities include SDLC of Change Requests CRs from CMS setup and supported LAB and DEV IDM environment on Sun boxes identified system vulnerabilities and performance bottleneck, then provided solutions played a key role in Identity/Access Management product upgrade 8.1.1 .
• Installed and configured Oracle 10g on Solaris, as the repository for IDM
• Installed and customized Sun DS 5.2, Open DS, to store users data
• Installed Glassfish 2.1.1, setup connection pool, JNDI resources to be used with LDAP
• Setup and configured Sun IDM 7.1.1, and performed upgrade to 8.1.1
• Setup and configured IBM WAS 5 and 6, IBM MQ 6 for IPC
• Setup Eclipse, netbeans, for development of IDM user forms, work flows, rules, etc.
• Developed Java custom code for LDAP access via JNDI custom resource
• Supported systems using Java/J2EE, Spring MVC, XMLBeans, XML

Confidential

Identity Management Developer

• Worked for Internal IDM applications, Security Access Request SAR and New Employee On-boarding NEO , to allow employees/contractors submit access request and the request will go through different resource owners for approval. Active Directory resource adapter has been configured for pass-through authentication, reconciliation, and interaction. Sun Identity Manager 7.1 is customized by updating existing JSPs, system configurations, and adding new workflows, user forms, configuration, email templates, and customized Java class libraries.
• Finalized requirements by discussing with the product owner, and the departments
• Designed the front-end GUI, as well as backend Java support classes
• Directed and coded the IDM workflows, user forms, etc. using Express language
• Conducted uni-testing, QA testing, and deployment to Integration, Stage and Production
• Supported Oracle 11g as the IDM repository, including tablespace and index tuning
• Supported Windows Active Directory, corporate LDAP
• Supported Solaris 10, and WebLogic 9.2 for successful deployment
• Supported HR iVantage system data insert for new employees

Confidential

Telecom Design Engineer Identity Federation Services

• Worked for Sprint 4G/WiMax XOHM Network IDM project, which provides identity federation services to trusted partners, like Digital Locker. Security Assertion Markup Language SAML v2.0 is employed as the protocol for authentication/authorization information exchange between Network IDM and the trusted partners.
• Coordinated with 4G/WiMax business partners, like Sprint IT and Digital Locker
• Finalized Subscriber Federation System design document including identity federation use cases and physical architecture
• Finalized Interface Specification document including browser-based SAML 2.0 exchange with Sprint IT, and SOAP-based SAML 2.0 exchange with Digital Locker
• Implemented SAML 2.0 message digital singing, partial encryption, and SSL using Sprint internal CA signed cert
• Understood and resolved connectivity issues within Sprint Link network
• Worked with the vendor, Nokia Siemens Networks, to read/write subscriber information, from/to the 4G Subscriber Provisioning System

Confidential

Consultant for CMS IACS project

• Worked as a system administrator and developer, in Individual Authorized Access to the CMS Computer Services IACS project, to customize Sun's Identity suite including Sun Identity Manager, Access Manager, and Directory Server, to integrate with other CMS systems and applications.
• Design LDAP schemas to provide directory service for IACS and other applications
• Installed and configured Sun Application Server 8.1, Web Server 6.1, Directory Server 5.2, Identity Manager 6.0, Access manager 6.2, Oracle 10g, on Solaris 9
• Designed and coded workflows, user forms, rules, etc. in XPRESS language, for identity provisioning in Sun Identity Manager
• Designed and created access policies for access management in Sun Access Manager
• Responsible for Social Security Administration SSA validation sub system, which includes IBM WebSphere Application Server 6.1 and WebSphere MQ 5.3 installation on Solaris 9 Local and remote queue manager creation and configuration Java coding using JMS and MQ API XML generation and validation XSLT parsing overall integration testing and debugging with IACS
• Performed stress/load testing for IACS project, using QuickTest Pro and LoadRunner software. The tuning operations include: Oracle DB tuning Sun Directory Server partition and replication Java Virtual Machine settings like heap size, permanent size, ratio of young and tenure generation, etc.
• Solaris zones OS level virtualization creation, configuration on Solaris hardware

Confidential

Consultant Healthcare and Security - NHIN

• Worked on site at IBM, for National Health Information Network NHIN project, to integrate and configure various IBM healthcare and security products, to implement a prototype for the Office of National Coordinator Healthcare Information Technology ONCHIT under the Department of Health Human Services.
• Defined and documented System configuration requirements hardware and software
• Defined and documented System security architecture and network topology
• Defined and documented System deployment plan
• Installed, configured IBM WebSphere Application Server WAS Network Deployment 6.0, WebSphere MQ 6.0, DB2 Enterprise 8.2, Rational ClearCase/ClearQuest CC/CQ , Tivoli Directory Server TDS 6.0, Tivoli Access Manager TAM 6.0, Tivoli Federated Identity Manager TFIM 6.1
• Worked on INITIATE Identity Hub product for federated query across communities

Confidential

E-Authentication Consultant

• Worked on site at General Services Administration GSA , to evaluate different products implementing Security Assertion Markup Language SAML , to provide professional consultation for web SSO and Identity Management, to develop product-specific plug-ins, as well as access management middleware for relying party applications.
• Understood SAML 1.0, 1.1, and 2.0 OASIS standard set
• Installed, configured and evaluated PingFederate 3.0 beta SAML 2.0 , from Ping Identity
• Installed and configured Federated Identity Manager FIM 2.5, from RSA Security
• Implemented both Browser/Artifact Profile BAP and Browser/Post Profile BPP
• Created and configured key store, certificate for mutual SSL
• Developed Plug-ins subject, ticket, attribute for both AP and RP sides Java
• Developed portal and other necessary web pages for web SSO
• Programmed with Java, JSP, Servlet and EJB under Apache2, Tomcat5, and BEA WebLogic8.1
• Programmed to access LDAP Microsoft Active Directory , Oracle 10g, and SQL-Server 2000

Confidential

Senior Developer DBA

• Designed and implemented the highly-automated GuideStar system, which is capable of converting 25,000 tax forms every month, to pipe-delimited files for database loading.
• Through OCR or manual key-in, source tax form images were recognized as characters, and converted to intermediate XML format. XML files were manipulated spell/format check, etc. , validated against schema, and then finally transformed to pipe-delimited files using XSLT. Every step during data Collection, Conversion, Validation and Delivery was recorded in SQL-Server database.
• Gathered requests, designed the data model, and created tables and indexes
• Wrote stored procedures, functions, views with T-SQL language to implement business logic
• Scheduled database backup, implemented restore and recovery when database failed
• Programmed in VB.NET, C for data conversion
• XML was used as the intermediate conversion format and XSD for validation
• XSLT and regular expression were used heavily for conversion
• ASP.NET was used for generating web-based tools

Confidential

Java Developer

• Designed and implemented Electronic Data Interchange EDI Availability Tracking tool, which was used to evaluate the node availability by percentage and 6-sigma value of EDI service at GE/GXS. It is a 4-tier J2EE application, with major functionalities like node-related info maintenance, outage storage and retrieval, and report generation an applet graph for decision support. An applet graph will be triggered to show the EDI node availability for a certain period.
• Gathered application requirements and advice from technical and sales groups
• Wrote Requirement Definition Document RDD and Functional Specification Document FSD
• Constructed Oracle database environment on Solaris and Linux
• Created table spaces, tables, and indexes for node availability evaluation
• Created Linux shell and PL/SQL packages for data loading and database transaction
• Designed and implemented entity beans and session beans
• Programmed with J2EE, Applet, HTML, and JavaScript

Confidential

Software Engineer

• Designed and constructed XML-format EDI System between Fuji-Xerox Japan and GE Capital Leasing GECL Japan. This system served as a virtual EDI system over Internet by using XML for data interchange and SSL for data confidentiality and integrity. Smooth and efficient lease business existing contract inquiry, contract validation, contract settlement, etc. were achieved.
• Conducted feasibility investigation, reviewed DTD with Fuji-Xerox on a monthly basis
• Installed Oracle8.1.6 on Solaris, allocated table space and create users
• Designed and created tables based on GECL existing database and FUJI-XEROX DTD format
• Programmed on XML parsing and database transaction with Java Servlet
• Created UNIX shell and PL/SQL procedures to resolve business logic
• Performed database tuning parallel SQL and index rebuilding for adequate SQL response time

Confidential

Software Programmer

• Built a web-based system where Object Repository was used for quick information exchange and efficient management of NTT COMWARE branches throughout Japan.
• Programmed with Java Servlet, JSP and JavaScript
• Open source Apache was used as the web server and Jserv as the Servlet engine
• Enabler for Java by Softlab was used as an OODB Object-Oriented Database