SUMMARY

• Strategic and forward - thinking Principal Security Engineer and Team Lead wif 12+ years of experience improving technical efficiencies in Identity & Access Management and Single-Sign-On space, maximizing resources, and improving team functionality in commercial IT fields.
• Proven project life cycle experience managing and delivering mission critical systems in demanding and rapidly progressing environments. Experience includes strategic planning, requirements definition, design and implementation of Identity & Access Management, Single-Sign-On, Identity Federation, LDAP directories, Web Services, provisioning & de-provisioning, and enterprise application integration solutions in Cloud and On-premise.
• Continuously improving and automating IAM solutions dat consist of CA Siteminder, PingFederate, Sailpoin IdentityNow SSO, Sailpoint IdentityIQ, Radiant Logic VDS, LDAP directories (ODSEE 11gR1 & CA Directory) Systems. Integrated wif 2-factor autantication systems such as, RSA and SymantecVIP for added identity security.
• Involved in several API security projects for Mobile & Cloud solutions trusted by CA Mobile API Gateway (MAG), providing a central point for controlling enterprise policies dat secure and manage information assets exposed via mobile-friendly APIs. Opened opportunities for Confidential in exploring and enabling innovative business strategies and leveraging teh Internet of Things (IoT)
• Experience in deployment of SAML based highly available Identity & Service Provider solutions using Pingfederate, CA Siteminder SSO/Federation, ForgeRock OpenAM, and SimpleSAML systems.
• Experience in deployment of Sailpoint IdentityIQ and IdentityNow SSO, to simplify and improve current provisioning and de-provisioning processes, password management, roles & entitlements, reporting & auditing, and control accesses to applications and services (Saas).
• Experience in designing and deployment of ForgeRock OpenAM, OpenDJ, and OpenIDM as organizations are moving to more lightweight and versatile IAM and SSO solution.
• Perform proof-of-concepts on several technologies such as, (Xceedium) CA Privileged Access Management (PAM), CyberArk, Radiant Logic VDS, etc.
• Highly motivated and demonstrates an aptitude for learning new technologies. Expertly designed and deployed multiple complex projects while deepening technical knowledge base. Works well wif customers and leadership to help guide and define new architectures.

TECHNICAL SKILLS

CA Siteminder SSO: Secure Proxy Server (SPS) - CA Directory - CA Federation - CA/Layer7 API Gateway & MAG - CA/Xceedium Privileged Access Management (PAM) - CA Cloudminder

Pingfederate: PingOne - PingAccess - ForgeRock OpenAM - OpenIDM - OpenDJ

Sailpoint IdentityIQ: Sailpoint IdentityNow

Oracle Access Manager (OAM): Oracle Identity Federation (OIF) - Oracle virtual Directory (OVD)

LDAP Directories: ODSEE 11g - OpenLDAP - Radiant Logic Virtual Directory Server (VDS) - ForgeRock OpenDJ

RSA 2-Factor Autantication: SymantecVIP 2-Factor-Autantication

Apache: Nginx - Tomcat - Jetty - JBoss - WebLogic - Eclipse - Git

SSO protocol: SAML - OAuth - OpenID-connect - WS-Federation - Central Autantication Service (CAS) - STS

Unix / Linux: Red Hat Enterprise Linux (RHELS) - CentOS - Solaris - AIX

Cloud Platforms: Amazon Web Service (AWS) - AWS Management Console - VPC - EC2 - ELB - RDS - AMI’s - Route53 - Rackspace

Programming: Perl – Java – JSON - Shell Scripting - HTTP, HTML, XML, SOAP, WSDL, JSON, REST

Project Management & Documentation: SCRUM/Agile – Kanban – Confluence – Jira – Wiki – SharePoint

Design Tools: OmniGraffle – Visio - Lucidchart Networking, Load Balancing, and DNS (A records & NS records)

PROFESSIONAL EXPERIENCE

Confidential, Sterling VA

TEMPPrincipal Security Engineer

Responsibilities:

• Designed, deployed and supported Sailpoint IdentityIQ infrastructure.
• Configured AD, LDAP, LDIF, Linux, and Workday connectors against Sailpoint IdentityIQ
• Designed, deployed and supported CA (Layer7) Mobile API Gateway (MAG) in AWS and On-premise.
• Migrating SAML based SSO partners from Pingfederate to Sailpoint IdentityNow
• Setup Eclipse and Git for creating and deploying of user forms, work flows, rules, etc. between different IdentityIQ environments.
• Designed and deployed ForgeRock OpenAM and OpenIDM to migrate from CA Cloudminder.
• Designed transitioning strategies around Access Management systems and accordingly performed migration of application policies, risk, rules from Siteminder to ForgeRock OpenAM
• Deployed Policy Agents across different HTTP and application servers: Apache, JBoss, Jetty, Tomcat.
• Migrated SAML partnerships from Siteminder SSO to ForgeRock OpenAM acting as Identity and Service Provider.
• Involved in designing and restructuring Directory Information Tree (DIT) in LDAP and migrating external User data from ODSEE-11g to ForgeRock OpenDJ
• Involved in designing deployment of (Xceedium) CA Privileged Access Management system and transitioning strategies for internal IT organization to adopt.
• Designed, deployed and Supported highly available CA Siteminder SSO/Federation infrastructure dat is integrated wif External Facing Applications in AWS and On-premise.
• Installed configured ODSEE 11g LDAP as User and Policy Store
• Migrated Siteminder Policy Store from ODSEE 11g to CA Directory
• Installed, configured, and maintained CA Secure Proxy Servers (SPS), and enabled Web Services and REST services protected behind Siteminder
• Created siteminder policies for protecting applications and driving single-sign-on
• Installed and configured Apache webagent and Tomcat/JBoss Agents, and integrated wif Siteminder.
• Created Shell Scripts for monitoring and reporting siteminder, SPS, CA Directory, Webagent, and Tomcat services and accordingly perform failovers or Scale services.
• Deployed XAuth Radius in siteminder and integrated wif RSA & SymantecVIP systems enabling 2-factor autantication solution of protected applications
• Designed and deployed Siteminder Advanced Password service for external and internal web applications and created policies around it.
• Integrated Siteminder wif Pingfederate using Coreblox token translator to bridge teh SSO gap between applications protected on either system.
• Designed, deployed and supported highly available and scalable Pingfederate infrastructure in AWS and On-premise dat provides single-sign-on (SSO) and federation solutions for internal accesses
• Configured and supported SAML based Identity & Service Provider connections wif several Saas Partners
• Designed and deployed migration of SAML partner connections from Oracle Identity Federation & SimpleSAML systems to Pingfederate
• Deployed PingOne in Cloud and integrated wif Pingfederate on premise
• Assisted developers wif integration of Mobile Apps using OAuth/SAML in Pingfederate
• Developed shell scripts for backing up current setup and upgrading between different Pingfederate versions
• Developed shell scripts for Automating command-line utility, Config-Copy to export and import connections and other configurations tool between different Pingfederate environments in AWS and On-premise.
• Deployed several Pingfederate integration kits for Apache, Coreblox, Atlassian, Java, PHP, SymantecVIP, Agentless, IWA etc., to establish teh “first- and last-mile” implementation of a federated-identity.
• Deployed SymantecVIP Gateways wif Cloud integration, configured internal LDAP for access, and enabled self-service UI for end users to manage their credential ID’s.
• Deployed Radiant Logic VDS systems across multiple datacenters and enabled replication. Integrated wif AD, LDAP, and database directories. Designed and performed identity correlations for unifying user view and simplifying teh login.
• Designed, deployed and supported internal and external LDAP (ODSEE-11g) infrastructure dat hosts user identities and permissions.
• Installed and configured LDAP server autantication and sudo service on Red Hat Enterprise Linux 5.x/6.x and CentOS.
• Developed shell scripts for user administration by exporting and importing LDIFs, and managing LDAP directories
• Created shell scripts to manage ACLs, and User objects in LDAP (ODSEE-11g)
• Created shell scripts to perform installation and configurations of ODSEE and CA Directories.
• Deployed Radiant Logic VDS systems across multiple datacenters and enabled replication. Integrated wif on-premise AD, LDAP, and database directories. Designed and performed identity correlations for unifying directory view and simplifying teh login.
• Developed test plans, strategy, goals, and exclusions.
• Evaluated load testing tools such as Jmeter, Siege, Spirent.
• Created and managed technical documentation in Confluence, Box, and Wiki.
• Provided leadership and guidance necessary to ensure customer requirements are met and to ensure operations are consistent and f high quality. Guided staff of security engineers and contractors to keep focused on deliverables and create a cohesive team.
• Provide daily or weekly status reports of team activities against teh project plan and schedule
• Set and communicate priorities to teams.
• Ensure team members has teh resources required to do teh job
• Facilitation, implementation, and documentation of Change Requests (CRs).
• Participate in teh staffing, interviewing, and hiring.

Confidential, Reston VA

IT System Analyst / Support Engineer II

Responsibilities:

• Designed, deployed, and maintained CA/Netegrity Siteminder Policy Server 5.5/6.0/6.5 and Sun LDAP 5.2 infrastructure
• Installed, configured and maintained Siteminder Webagent 6.0 on iplanet webservers.
• Created, configured and maintained Siteminder policy stores in Sun LDAP, policy objects such as, Domain, Realms & Rules, Autantication schemes, Password Policy, and SSO between different Applications using Cookie Provider solution.
• Created shell script to monitor Apache logs, iPlanet instances, Siteminder Webagent logs, VERITAS cluster, and Weblogic JVMs.
• Installed, configured and maintained nCipher SSL Accelerator card and SSL Certificates on iPlanet web server.
• Upgraded and maintained Siteminder APS Transponder to 5.5 on iPlanet web servers.
• Added, modified and deleted LDAP entries and attributes in teh tree using a LDAP browser / editor v2.8.2 and UNIX shell scripting.
• Created shell scripts to automated password reset function, adding & removing of user from groups, searching & modifying LDIFs in LDAP, database monitoring, Unix/Solaris8/10 servers monitoring.
• Installed, configured and maintained BEA Weblogic 8.1 in UNIX environment.
• Configured, maintained and monitored Vignette Application Portal.
• Installed, configured and maintained Apache, iPlanet 6.1 on Solaris 8 & 10.
• Installed, configured and maintained Dialog 7.2, Collaboration, and VCM (Vignette Content Management).
• Performed regular application deployments to Vignette Portal, Collaboration, Ultraseek, Dialog, Interwoven, Documentum and Oracle databases.
• Installed, configured and maintained Ultraseek 5.7.8 on Solaris 10.
• Designed, created and implemented disaster recovery plan for production UNIX/Solaris environment (Consist of iPlanet Webservers, Vignette Portal, Weblogic clusters, Ultraseek Search servers, Interwoven & Vignette content management and Oracle databases) for data Replication, Tape Backup & Disk Backup procedures using VERITAS Netbackup tool
• Updated and maintained different versions of scripts/docs/procedures/IGs in PVCS & Livelink.
• Installed and configured Interwoven content management, and by using custom shell scripts created different search functions for different types of contents on Ultraseek servers.
• Migrated from Documentum to Interwoven TeamSite Portal.
• Created and modified configuration settings on HP OpenView, Mercury/BAC Topaz, BigBrother, and Sitescope-5.6/7/8 to improve daily Monitoring of Confidential production environments and related applications & tools, such as Vignette Portal, Weblogic Cluster, Websphere, iPlanet and Oracle servers, and other Network Systems.
• Installed, Configured and Maintained all monitoring tools; Mercury/BAC Topaz, BigBrother, Sitescope-5.6/7/8, and HP OVIS on HP G3, Sun Fire 280R/480R & V240/490 servers.
• Installed and configured BigBrother professional edition on Solaris.
• Created Business Process Monitoring Scripts using Vugen and deployed these scripts to BPMs in BAC.
• Created Load & Performance scripts using Vugen and Performed L&P testing in different environments.
• Setup BigBrother to monitor UNIX/Solaris & Oracle servers, disk space, CPU usage, iplanet instances, SSL, unique application processes running on Websphere, iPlanet, Weblogic, Oracle, Apache and LDAP Servers.
• Created, tested and deployed UNIX scripts to setup monitoring groups in Sitescope-5.6/7/8.
• Installed, configured and maintained Windows 2000/2003 Servers, IIS 6.0, and created NLB.
• Installed and Configured SQL 2000 cluster on Windows 2003 Server.
• Prepared and managed escalation procedures for different applications and tools.
• As part of 24x7 Teir3 prod support and development team maintaining and improving all prod and pre-prod environments dat consists of all related apps, portals, databases, search and backup components and functions are key job roles.

Confidential, Washington, DC

System Analyst / SQL Server SME

Responsibilities:

• Installed and configured Windows 2003 Server
• Upgraded Win2k to Windows 2003 server
• Installed and configured IIS 6.0
• Installed and Configured Exchange 2000/2003
• Installed and configured Network Load Balance between Win2k3 web servers
• Migrated .Net and Front page applications using IIS 6.0 Migration Tool
• Migrated and Configured Front page extensions
• Migrated IIS permissions using PFetch Tool
• Installed and configured SQL 2000 cluster Active/Active and Active/Passive
• Installed and configured SQL server Service Pack.
• Maintained daily Log Files and Event Logs
• Monitored daily clustered SQL server performance
• Tested and monitored WLBS between web servers using Network Load Balance Manager and WLBS.exe
• Backed up databases using Veritas in SQL 2000 Clustered environment
• Tracked backup and recovery job details and policy, error and media information using Veritas NetBackup and Backup Exec.
• Tested and monitored SQL server Active/Active and Active/Passive Clustered Nodes using Cluster Administration.
• Installed and Created Active Directory and DNS on Windows 2003 Server in a test environment.
• Implemented Log Shipping for specific databases to minimize downtime
• Installed and configured windows 2003 Security templates.
• Configured Windows2003 default Lock down mode.
• Configured Windows 2000 DNS and Active Directory Server.
• Installed and configured cluster services on HP DL360/380 and MS500 storage system
• Installed and configured drive RAIDs using Array Configuration Utility
• Configured and organized HP server drives into HP Blade System (SAN), HP OpenView
• Imaged and backed up drives using Symantec Image “Norton Ghost Solution”
• Backed up Web server and SQL server data using Live Vault

Confidential, Reston VA

System Engineer / Configuration Manager

Responsibilities:

• Installed, configured and maintained Weblogic server and portal 8.1.
• Installed and Configured Windows NT/2000/2003 Sever, as a Web Server, Database Server, DHCP & DNS Servers and Maintained Server status at all time for thousand + users.
• Installed, Configured and Maintained Microsoft SQL Server 6.5/7.0/2000.
• Performed Servers clustering and segregation to expand system processes.
• Installed and configured Windows 2000/XP Pro and Linux Red Hat 8/9.
• Involved in teh design process of migrating from Windows .
• Involved in various UNIX shell scripting for Extracting and Reporting Log Files errors, IP confliction errors, refresh IP’s, DNS errors wifin network and various others.
• Performed changes and Subnetting of Server IP addresses, DNS and WINS to segregate OUs.
• Installed and Configured Windows 2K Active Directory, Performed migration from SAM, and Configured Group Policies and related services.
• Maintained Internet Information Server (IIS), SMS and sixteen different Windows 2000 Servers of different processes, applications, and databases in running status.
• Migrated Web and Database Applications such as Cold Fusion, Oracle Databases, SQL, Web Logic.
• Configured and Monitored Windows Server 2000 Security Templates including Filtered Data flow, Outlook Email encryption and Spam Control, Intranet User filtration, VPN tunneling, IP Sec Filtration, Symantec Antivirus, and Intrusion Detection Firewall.
• Created user accounts, and mapped security policies on NT/UNIX environment.
• Configured Database procedures, created several UNIX shell scripts to form back up path for sales servers daily processing and Database overload, and used VERITAS back up tool for all 2000 servers.
• Configured and Maintained Visual Source Safe to Manage Web site and extensive development support.
• Configured to Visual Source Safe to share and link reuse of code and components across projects and simplify code maintenance by propagating changes across all shared and linked files whenever a file is updated.
• Monitor UNIX/Windows users Network Bandwidth and running applications, increase Quotas, and Perform Backups such as RAID Hard Drives and Tape Drives.
• Created, Configured and Assigned new Server IP addresses, DNS, and WINS.
• Created Intranet site using HTML, DHTML, XML, ASP and Access, and admin Web Servers.
• Remotely access server for changes, failure recovery and for backup using PC Anywhere, VNC, and Remote Desktop Control.
• Installed and configured HP and Compaq Servers Proliant ML 380/320/570, HP OpenView, and Dell Power Edge Servers 2400, Dell Open Manage.
• Performed database application migration, SCSI Hard Drive mirroring, and created Raids.
• Installed and configured network equipment’s, printers and managed disk quotas.