SUMMARY

• 7 years of experience in IT Engineering and Information Security Engineer, in deploying Identity Access Management (IAM) |Privileged Access Management (PAM)| Cyber Security Management Strategic Planning and Implementations | Regulatory Compliance | Azure Cloud administration, analysis, design, support | Public Cloud (AWS) | Threat and Vulnerability Management | Risk Management |Security Architecture| Project Management | Design Process Improvement | Change Management | Software Development Life Cycle Management Deployments and Migrations | Security Implementation Administration |Web Penetration Testing | Integration and Delivery.
• Provide subject matter expertise in the CyberArk Platform and best practice on privileged account management.
• Support the Project and engage with relevant stakeholders to ensure CyberArk is successfully implemented into the operational teams.
• Work as part of the project team, working closely with technical peers within the project and provide regular updates to the Project Manager.
• Support in the configuration of the platform, utilizing SME knowledge to ensure robust, secure and hardened CyberArk environment is established
• Document and contribute to process, design and configuration documentation that will be developed by the Project for transfer into BAU
• Ability to define the governance of a CyberArk solution Including password policies
• Ability to design the CyberArk Solutions for Privileged account management for different technologies platforms Experience Experienced in implementing CyberArk and deep technical knowledge on the platform
• Experience in working as CyberArk operational team
• Strong background in CyberArk administration and implementation. (e.g. EPV, PSM, PSMP, CPM, PVWA, HA, AIM, PTA, EPM)
• Experienced in all security tools related to vaulting services and approving workflows for provisioning.
• Experience in vaulting of 4K + accounts.
• Prior experience in technical support of CyberArk service (BAU Operations, Change implementation: Infrastructure configuration across CPM/PSM and PSMP modules)
• Onboarding Privileged accounts (Windows/UNIX/LINUX/SAAS/AD etc) into CyberArk (CyberArk Safe design solution, On - Boarding documentation update)
• Designing and implementing CyberArk PAM solutions including the development of CPM plugins and PSM universal Connector components
• Good understanding of the key components of a Windows Domain, and the Privileged accounts
• Experience in Active Directory AD/Networking.
• Moderate scripting skills in PowerShell to automate processes such as Connection Components. Basically, make a REST API calls to CyberArk Application.

TECHNICAL SKILLS

IDE/ Tools: Eclipse, Net Beans, Edit Plus, Macromedia Dreamweaver, XML SPY, JBuilder, RAD 7.0/6.0, WSAD, ITCAM, Tivoli, UML (Rational Rose, RUP), VSS, CVS.

RDBMS: Microsoft SQL Server 2008/2012, ORACLE 10g/11g

Platforms and Misc.: Microsoft Visual Studio 2008/2010/2012 , Windows: XP /Vista / 7 / Server 2003/2008, Linux, HP Quality Centre, Active Directory, ADCS, ADFS, SCCM.

Security Tools: IBM Identity Management and p6, CyberArk Privileged Account security 9.7.2,IBM Tivoli Access Manager 6.1.1,, Tivoli Federated Identity Manager 6.2.2.

Core Java Concepts: Collections, Generics, Multithreading, Serialization, Exception Handling, RMI, File I/O and Reflection, API.

J2EE: Java 1.6/1.7, JSP, Servlet, EJB-Session Beans, Entity Beans, JMS, JDBC, JNDI

Operating Systems: SUSE Linux 9/10/11, Windows Server 2000/2003/2008 , Unix

Languages: SQL, PL/SQL, J2EE, HTML, JAVA Script, Shell Scripting

Databases: ORACLE 8i/9i, MSQL, MS Access, MySQL

Web Servers: Sun One 4.1/5.1/6.1, Apache 2.0/2.2.4, IIS 5.0/6.0/6.5,Tomcat 4/5

Directory Services (LDAP): Novel eDirectory 8.7.x/ 8.8.1/8.8.5 , Sun One/iPlanet DS 5.x/6.x., eDirectory 8.X, Active directory (ADLDS), Tivoli Identity Management, Forefront Identity Manager

SSO and Identity: Novell/NetIQ Access Manager, Ping Federate 6/7/8, SiteMinder R12 SP2, SP3 / R6 SP1, SAML 2.0. HP Service Manager, IBM Vantive, BMC Remedy, Service Now

PROFESSIONAL EXPERIENCE

Confidential, TX

Sr. Cyber Security Engineer

Responsibilities:

• Responsible for implementing, and managing Identity Directory and Identity Governance, including IAM architecture and integrations, Azure Cloud, AWS Cloud, and GCP migrations, utilizing scripting tools, two-step verification systems, and deploying IAM protocols such as SSO/SAML, OAuth/OIDC, and SCIM for Bytedance’ enterprise architecture, including Project Portfolio Management (PPM), integrating SAML server with Ping ID and Okta libs, (java & eclipse), VPN, SIEM, SOAR.
• Lead in planning, implementation, and auditing of NIST, HIPAA, and PCI. Cloud engineering and architectural implementation with Azure, Office 365, Azure Protect, and other IaaS, PaaS, and SaaS solutions.
• Establish and maintain an information security governance framework to guide activities that support the information security strategy.
• Integrated information security governance into corporate governance to ensure that organizational goals and objectives are supported by the information security program.
• Implemented rule-based identity and access management framework including user provisioning, rolebased and attribute-based access control (RBAC/ABAC), and single sign-on, including integration across cloud-based services including Microsoft Azure/Office 365/Exchange Online Workday and Salesforce.
• Implemented Application Security program (DAST and SAST) at the enterprise level to identify, report and remediate security vulnerabilities from applications deployed in DEV, PRE-PROD and PROD environments.
• Performed Dynamic Application Security Testing and Exploitation (UI and Web Services) on web applications using IBM App-Scan Enterprise Premium 9.0, Burp Suite Pro, HP Fortify SCA 4.0 and Net sparker utilizing OWASP and WAHH Testing Methodology.
• Requirement Gathering, mapping to Azure services and Market place appliances to meet customers’ needs in security, operations, and compliance (HIPAA, PCI DSS, Data Protections, BASEL.
• Build migration strategies for moving workloads and data from on-premises to Azure Cloud using Azure site recovery, Azure import\Export services.
• Assisted with architecting Security in Azure using Azure Security Center, Encryption (Bit locker, TDE, AES 256, SSE), Storage Access and ACLs, Reporting and Auditing, Resource Groups, Role Based Access Control Model (RBAC), Monitoring using Operations Management Suite, Azure Extensions for AV, Network Security Groups, and Web Application Firewall.
• Analyzed, investigated, and responded to security events and incidents from IDS/IPS, SIEM, Firewall, Splunk, Log Analysis, Confidential, Malware analysis and Forensics tools (FireEye, Bit9, McAfee, Symantec AV, NAC, Fidelis XPS and Wireshark).
• Configured Network Hierarchy and Back up Retention configuration in QRadar SIEM and extracting customized Property value using the Regex for devices which are not properly parsed by QRadar DSM.
• Implemented IBM QRadar Vulnerability manager and Threat Manager (QVM and QTM) tuning configurations, False Positive Reduction, Custom Log Source Extension development.
• Integration of different devices/applications/databases/ operating systems with QRadar SIEM v7.2 Administration with SIEM EPS tuning, distributed deployment architectures.
• Implemented High-Availability, URL filtering, SSL Decryption, Global Protect for VPN clients, layers 4-7 policies, User-ID using LDAP, App-ID, Threat Prevention, Autofocus with Mine Meld integration, Zone Protection, DNS Sinkhole, Wildfire configurations, and leveraged multiple VSYS for traffic separation.
• Conducted System Security Assessments using Cyber Security Assessment and Management CSAM . Conduct web application testing in search of security flaws such as XSS, CSRF, authentication bypass, parameter manipulation, application logic bypass, SQL injection, Cookie Manipulation, Buffer Overflow.
• Implemented ITIL based IT Service Management framework for capacity planning, incident response, and business contingency planning, processes, and procedures, including a hybrid configuration management and change management framework to support an Agile Infrastructure for continuous incremental improvement through risk mitigated change policies.

Confidential

Sr. Cyber Security Specialist

Responsibilities:

• Responsible for designing, implementing, and managing Identity Directory and Identity Governance, including IAM architecture and integrations, Azure Cloud, AWS Cloud, and GCP migrations, utilizing scripting tools, two-step verification systems, and deploying IAM protocols such as SSO/SAML, OAuth/OIDC, and SCIM for Alyeska Pipeline’s security architecture
• Proficient in Cloud Administration; including, configuration for the Traffic Manager, Data factory, Event hub, function apps, V-net integration, HCM, Application gateway, App Insights, Active Directory, Azure Key Vault, Encryption and Security on Azure using ARM templates and PowerShell scripting.
• Expertise in Cyber security & Information Assurance with deep Knowledge of Identity and Access Management security, Sail point Identity IQ, Access Control issues related to cyber systems and networks, AWS Cloud, Penetration testing methodology, malware detection techniques.
• PKI Group Policy Objects.
• Recover, download, and install escrowed certificates for all users and systems requiring access to data encrypted with previous certificates Perform all network and system non-PIV Certificate issuance tasks for Public Trust, Common Policy, and Certificate Authority issued certificates.
• Performed assessment and remediation on design and implementation of PKIs to mitigate risk, while integrating TLS inspection, IoT devices, PKI Group Policy Object settings and mobile device management (MDM) solutions.
• Assisted in the implementation of a PKI for user and devices in Microsoft and Symantec PKI environment using SafeNet-Gemalto hardware security modules (HSM)’s.
• Responsible for upgrading, testing, and installation of end user PKI software Entrust Desktop Solutions to Entrust Security Provider along with biometric card readers for authentication on an Active Directory domain.
• Implemented security controls such as multifactor authentication capabilities (one time passcode OTP, mobile in-app push authentication, and soft tokens TOTP), risk-based challenge orchestration, closure of critical vulnerabilities, new controls to prevent credential harvesting / credential stuffing, support for open standards (OAuth2/OIDC), and new API services.
• Responsible for PAM Operational tasks defining access control, user entitlements, user access policy management, application credentials and session management related to Privileged Access Management for applications, credentials, and user access policy management.
• Provided guidance in addition, removal, change and lifecycle of Privileged ID Management (PIM) to provide the highest quality levels of security.
• Experience in CyberArk Enterprise Password Vault, Password Vault Web Access, Central Policy Manager, Privileged Session Manager & Proxy (SSH), Application Access Manager (CCP, CP), HTML5, PTA (Privileged Threat Analytics), PACLI, PUU, Rest APIs.
• Performed Integrations in the Target State Architecture, and designing solutions for Provisioning / Deprovision, Authentication and Authorization (ABAC and RBAC) using security patterns for SSO (Single Sign On).
• Experienced with operations of cloud services PaaS/SaaS/IaaS in designing and automate the infrastructures and deploying in cloud platforms such as Azure, AWS, GCP.
• Configured DSC configurations to deploy Web Servers to Azure VMs. Configured Azure Automation DSC configuration management to assign permissions through RBAC, assign nodes to proper automation accounts and DSC configurations, to get alerted on any changes made to nodes and their configuration.
• Configured ForgeRockDirectories services integration for Azure Cloud platform configurations, Azure AD Clustering, and Site reliability reporting.
• Developed and integrated an unprotected website to fully functional access management solution using ForgeRock Open AM.
• Implemented basic user Self-Service feature, account lockout after multiple attempts, second factor authentication such as HOTP and push notification.
• Very Strong experience in creating policies to refine the access so that only some users can reach specific areas as per requirements on Open AM.
• Installed ForgeRock Amster tool which is used for importing and exporting configuration from one AM instance to another AM instance, and Integrated ForgeRock IG as a proxy server for authentication enforcement.
• Responsible for deploying and implementing ForgeRock6/7.0 configuring, Core Token Service, Base Docker images, and Cloud Deployment models, including, Connector development, writing scripts and building ofForgeRockworkflows
• Implemented data sync between Active Directory and LDAP using ForgeRock OpenID. Migration of the
• ForgeRock Open AM, OpenID and OpenJDK from hosted datacenter to Amazon Cloud (AWS).
• Configured Azure Multi-Factor Authentication as a part of Azure AD Premium to securely authenticate users.
• Deployed the initial Azure components like Azure Virtual Networks, Azure Application Gateway, Azure Storage and Affinity groups.
• Managing Identity Access management of Azure Subscriptions, Azure AD, Azure AD Application Proxy, Azure AD Connect, Azure AD Pass Through Authentication.
• Creating and managing application integrations for identify and access management. Having Experience of Creating conditional Access policies Multifactor authentication (MFA), Resetting MFA and Resolving the MFA issues.
• Implemented Password hash Sync (PHS)from Active Directory Federation Service (ADFS) using Azure AD Connect for Single Sign-On (SSO) for complete organization using staged rollout feature.
• Implemented Entitlement Management and Privileged Identity Management (PIM) for Identity Governance with Zero trust maturity model with Risk exposure and conditional access with logs with token flow for authentication.
• Moved the organization configuration to Azure Intune device management with a hybrid domain controller with AD Connect for hybrid environment and managed Azure resources for over 1000 devices.
• Managing Microsoft Identity Management products (Active Directory, Active Directory Federation Services, and Azure, AD Connect, Office 365) serving as an enterprise-wide directory containing 400k Objects.
• Responsible for deploying Azure AD Connect, configuring ADFS authentication flow, ADFS installation using Azure AD Connect, Azure IaaS virtual machines (VMs) and Cloud services (PaaS role instances) into secure VNets and subnets.
• Expertise in Azure infrastructure management (Azure Web Roles, Worker Roles, SQL Azure, Azure Storage, Azure AD Licenses, Office365). Virtual Machine Backup and Recover from a Recovery Services Vault using Azure PowerShell and Portal.
• Managed Clusters with various Servers in Azure Cloud Resource groups. Implemented various services in Azure like Data Lake to store and analyze the data. Managed to orchestrate the data to and from Data Lake Store using Azure Data factory.
• Configured VMs availability sets using Azure portal to provide resiliency for IAAS based solution and scale sets using Azure Resource Manager to manage network traffic. Created and managed Azure AD tenants and configured applications with it and integrated on-premises Windows AD with Azure AD.
• Assisted in the designed, configuring, and managing public, private cloud infrastructures utilizing AWS including EC2, Auto-Scaling in launching EC2 instances, Elastic Load Balancer, Elastic Beanstalk, S3, Glacier, Cloud Front, RDS, VPC, Direct Connect, Route53, Cloud Watch, Cloud Formation, IAM, SNS.
• Worked on Terraform to create stacks in AWS from the scratch and updated the Terraform as per the organization’s requirement on a regular basis and also used in AWS Virtual Private Cloud to automatically setup and modify settings by interfacing with control layer.
• Managed Cloud Services using AWS Cloud Formation templates, which helped developers and businesses create an easy way to create a collection of related AWS resources provision them in orderly and predictable fashion.
• Automatically remediated Trusted Advisor findings using Amazon CloudWatch Events and AWS Lambda Configured CloudWatch alarm rules for operational and performance metrics for AWS resources and applications.
• Assisted in developing Security Pattern sand controls For AWS to Enforce (Automate) Security on the AWS Services that Enterprise Uses. This Security Patterns are compliance of NIST, CIS Benchmarks (Center for Internet Security) and Confidential Custom Standards and AWS Best practices.
• Configuration & customization of Business Processes/Workflows for Provisioning and de-provisioning accounts across various internal and external systems in SailPoint Identity IQ and Identity Now.
• Identity Now in Managing access to information in today’s dynamic, user-driven business environment using cloud-based services and providing identity and access management (IAM) using Identity Now.
• Responsible for defining and analyzing customer requirements for enterprise wide Identity and Access Management Solution implementation for Sailpoint Identity IQ for Compliance Manager (CM).
• Responsible for End to End integration of SailPoint Identity IQ and SailPoint Identity Now migration from 6.3 to 7.0, and implementation and configuration of out-of-the-box (“OOTB”) connectors between Identity IQ and in-scope applications.
• Implemented Access Certification, Automated Provisioning and Governance aspects of IIQ, while developing complex workflows and service adapters in the SailPoint Identity IQ configuration interface.
• Participated in all SailPoint deployment activities - connector configuration, custom rule development, workflow configuration and development, third party system integration, including designing custom connector.
• Implementation of Self-Service feature, Password features (PTA, Forgot- password, Change Password), provisioning feature, configuring various roles and policies on SailPoint IIQ policy server on 4 environments (Dev, QA, UAT & Production.
• Developing and testing of Content (Correlation rules, Reports, Dashboards and Asset modelling) and integration and testing of multiple feeds like databases, Applications and network and Security devices logs to SIEM tools for threat detection.
• Assisted in implementing the production of Splunk Ecosystem (Splunk Core, Splunk Enterprise Security), developing dashboards, forms, SPL searches, reports and views, administration, upgrading, alert scheduling, KPIs, Visualization Add - Ons and Splunk infrastructure.
• Engineered and deployed global Splunk SIEM solution and deployed global Carbon Black Response EDR solution Engineered and having good experience SAST and DAST applications using tools using Burp Suit and Check Marx.
• Used Splunk SIEM threat analyst in a managed service security operation center (SOC), triaging cyber threats utilizing Splunk and various Cloud security tools.
• Involved in standardizing Splunk Phantom SOAR POV deployment, configuration and maintenance across UNIX and Windows platforms.
• Automated the centralized detection of security vulnerabilities with scripts for Vulnerability assessment tools like Qualys guard and Splunk.
• Performed Corporate-Wide implementation of Single Sign On configuring OKTA SSO including AD agents and IWA agents, attribute mapping from AD- Okta, and importing the necessary user’s and groups on multiple Active Directory Domains (2003/2008 win. Server) - Production Environment.
• Responsible for creating and managing OKTA policies, managing OKTA application/user provisioning, SaaS Solution implementations, SAML, SWA applications, and configuring OKTA API tokens for Office 365 and Salesforce, Access Management authoritative policies, reverse proxy, connecting the applications to the trusted users within the Symantec Secure Access Cloud tool.
• Installation of IWA agent to configure Desktop Single Sign-On with OKTA and Beyond Trust. Implemented OKTA
• SSO and MFA solution, designed, drafted, documented, and supported activities involving Disaster Recovery procedures for all SSO, OIDC, Beyond Trust, Password Resets, Provisioning and Federation related transactions.
• Designed and Implemented Okta integration with several Confidential applications including JIRA, SharePoint,
• Salesforce, CA Project Portfolio Management (PPM) and Identity-as-a-Service.
• Responsible for creating and managing OKTA policies, managing OKTA application/user provisioning, SaaS
• Solution implementations, SAML, SWA applications, and configuring OKTA API tokens for Office 365 and
• Salesforce.
• Deployment of IAM/PAM tools with deployment, configuration, integration and troubleshooting CyberArk Privileged Account Security product suite - Enterprise Password Vault, Password Vault Web Access, Central Policy Manager, Privileged Session Manager, Application Identity Manager, and Privileged Threat Analytics.
• Performed, Manage, Resume, Release Privileged Credential using CyberArk Privileged Management Vault Administration, configuration, troubleshooting and installation of Windows 2003, 2008, 2008 R2 and 2012/R2.
• Maintained and updated the CyberArk servers configuring EPG’s (End-Point Groups), Domain GPOs, Windows server Local Policies, and RedHat Linux version 7.5 for AppLocker policies, and ACLs, RDP health check for Privileged Session Manager (PSM), Privilege Session Management Proxy.
• Developed the vulnerability assessment reports for the vulnerabilities and non-compliance issues running penetration test & analysis, using NESSUS Tenable software to detect vulnerabilities and improve on security.
• Conducted Vulnerability Assessment using Qualys/Rapid 9 to evaluate attack vectors, identify system vulnerabilities and develop remediation plans and security procedures.
• Created and implemented the cyber security framework including policies, standards, procedures, and controls to minimize cybersecurity risk and threats. Drove detection, response, and recovery for cyber security incidents.
• Performed White and Black Box penetration testing, security analysis, and identifying possible vulnerabilities in the key derivation function, create Vulnerability Assessment reports detailing exposures that were identified, rate the severity of the system & suggestions to mitigate any exposures & testing known vulnerabilities.
• Involved in implementing and validating the security principles of minimum attack surface area, least privilege, secure defaults, avoiding security by obscurity, keep security simple, fixing security issues correctly.
• Installation, configuration, administration, tuning and troubleshooting of IBM Security Access Manager (ISAM), IBM Security Identity Manager (ISIM), IBM Security Identity Governance & Intelligence (IGI).
• Responsible for Installation of IBM Security Access Manager7.0/9.0 component, Configured Web SEAL instance and authentication protocols for REST API Call for ISAM virtual Appliance monitoring and maintenance, while performing modify, provision, de-provision & listing existing user accounts using ISIM LDAP adapters.

Confidential

Network Security Engineer

Responsibilities:

• Implemented CyberArk Privileged Identity management suite and session management suite for version 9.7. Prime in providing problem resolution to authentication issues to PVWA and directory sync problems.
• Experienced in day-to-day operational support in adding and deleting accounts, applying policies, assigning safes, synchronizing failed accounts, Password rotations. Managing, monitoring and Supporting systems hardware, software, and applications. Resolved CyberArk issues in CPM communicate with host to reconcile credentials
• Experience in Implementation, installation and maintenance of CyberArk 9.6 & 9.8 PIM Suite, Experience in implementing application account management by CyberArk on Windows, Data bases and Linux servers using AIM module.
• Integrated SIEM event monitoring systems like Splunk and Arcsight with Cyberark and BeyondTrust for event monitoring for automatic alerting of systems under suspicious attacks.
• Administration experience of Cyber Ark vault with Safe creation, integration with LDAP and other authentication methods. Installed, managed and troubleshot DNS in multiple zone environments. Troubleshot DNS integration with Active Directory. Installed, configured and administered WINS, DHCP, IIS and WSFTP, File and Print servers
• Ability to install, configure and support identity and access management related tools such CA SiteMinder, CA Identity Manager (IDM), and Oracle Internet Directory (OID). Created the Federation service between SiteMinder federated web services to Ping federate for classic migration of applications that are SAML and WS-FED based applications.
• Performed IAM conversion from CA IAM Manager over to a new Okta implementation.
• Managed implementation and configuration of the Okta solutions and integrations into their new applications integrating the applications intoOktaand getting new acquisitions access to Teams and emails.
• Experienced with cloud ID services, Okta / DUO and other MFA/SSO providers.
• Daily supported IT operations for Okta Support, production change control, performance & monitoring.
• Assisted in implementing Okta for Identity and Access Management with more than 15K users.
• Implemented Several complex network based and conditional multi factor authentications using Okta.
• Contributed towards execution of an IAM roadmap that meets security requirements, including but not limited to security for, a complex Active Directory (AD) environment, hybrid cloud deployment, mobile computing, fine grained access control, policy driven security, SSO, user provisioning/deprovisioning, and focusing on multiple protocols (SAML, OpenID, Oauth) Implementing, integrating and supporting Okta's cloud technologies into IAM environment.
• Migrated applications from current IAM system to Okta Cloud solution Contribute to solution scoping and effort sizing with cross-functional teams.
• Migrated applications between identity systems and implementing them using authentication standards such as SAML, OIDC, OAuth Strong experience with Identity Lifecycle Management (provisioning, de-provisioning, JML flows) Experience configuring LDAP, SSO, SAML.
• Created and manage policies and rules to determine who can access your API resources.
• Experienced with network architecture design, AWS cloud security design, encryption, investigations, forensics, and incident management response.
• Designed, developed, and monitored security audits using tools as Sumo Logic, AWS Security Hub, Okta and Qualys PCI Scans.
• Installed and configured Beyond Insight management console on windows 2012 R2, configured cloud connector Beyond Insight 2.0. Configured password safe to access all the assets (RDP and SSH)
• Patching & Monitoring Vault, Central Password Manager, Two-factor authentication, Privileged Session Manager, Password Vault Web Access servers and services. Design build and support processes on Windows Servers andCyberArkSecurity Platform. Providing support to Server owners on the security Servers.
• Involved in gathering technical requirements and establish clear definition of clients CyberArk’s responsibilities and Maintenance. Experience in Implementation, installation and maintenance of CyberArk 9.5 PIM Suite. Primary point of contact for CyberArk Operational and Maintenance Tasks.

Environment: CyberArk 9.6 & 9.8 Web Agent QMR, Apache Web Server 2, CA Identity Minder 12.6.x, WebSphere 8.4, OKTA, RSA, Oracle RDMS, Korn shell scripting, Perl, XML, UNIX, Windows Active Directory.

Confidential

Security Engineer

Responsibilities:

• Privileged Access Management (PAM) project which includes implementing CyberArk Password Vault, Web Access, Central Password Manager and Privileged Session Management. Monitored Applications and WAS performance through Tivoli Performance Viewer and tuned the system caching, queuing, JVM parameters, DB Connection Pooling. Manage the day-to-day operations of CyberArk solutions including adding and deleting accts.
• Configured SiteMinder for SAML Federated Authentications by configuring ID Provider/Consumer using SAML 2.0 POST binding.
• Successfully upgraded Cyber ark PIM suite from v8 to v8.6, Worked with Cyber ark utilities like password upload, PAR explicate, PACLI and PAR client. Installed and Configured IBM Web Sphere Application Server 5.0 on Solaris. Installed, configured and administered Tivoli Access and Identity Manager. Automated Identity Management tasks such as user provisioning and application access based on each user's role within our organization using Tivoli Identity Manager. Managing policies and platforms. Creating and assigning Safes, reconciling accounts, rotating passwords.
• Taking backups, managing all the components of CyberArk (Prod+DR) which includes CPM, PVWA, Vault, PSM.
• Support the implementation of a data risk and oversight function as a key component of the defense strategy; and engage with key stakeholders to complete deep dive assessments and achieve widows MRA compliance.
• Troubleshoot all the CyberArk components. Set up check-in/out access on specific platform.
• Managed service accounts and its dependencies + rotate its credentials.
• Conducted DR Drill and document all the required steps for the support team. Implemented AAM in prod/dev, update license capacity.
• Integrated WSUS with CyberArk. Automated Microsoft Patch to Digital Vault (Prod/DR).
• Set up automatic Failover + replicate Prod data/metadata to DR solution.
• Set up back solution using PAreplicator on stand-alone server and from there to third party backup solution. Used PArestore utility to back up a file.
• Integrated Azure MFA for authentication. Integrated Tenable, Automation Anywhere to work with CCP.
• Working collaboratively with the team responsible for Active Directory administration to ensure effective implementation of security standards for privileged accounts.
• Periodic review and assessment of the Windows Operational support of Information Security Systems to ensure compliance with policies, industry standards, client contractual obligations, and regulatory compliance requirements and assist in the creation of remediation plans when risks or gaps are identified.
• Patching remediation plans and non-compliance acceptances where Information Security standards compliance are lacking.
• A password vault is one way for organizations to minimize the risk of password-based cyberattacks.
• Drafted all kinds of Runbooks & SOPs for future references. Delivered progress report to InfoSec Manager.
• Generated user activity report, License capacity report and entitlement report every month and forward it to InfoSec Manager with appropriate recommendations.
• Integrated Linux directory and created AD bridge, end users having connected through PSMP, rotating SSH keys and assigning PSM-SSH Connection component configured to connect to target server.
• Performed upgrade (9.10, 10.5, 11.2)
• Ran scripts for automating things like backup schedule tasks, create firewall rule, open port, close port, delete firewall rule, etc.
• Experience in vaulting of 4K + accounts.
• Used PUU or REST API for bulk account onboarding.
• Used GitHub rep to automate processes using PowerShell script such as PSSO to Azure portal, AWS portal, VMWare-vSphere-Web client, SSMS, SAP, SQL database.

Environment: CyberArk, Tivoli Identity Management Active Directory, Web agents 5.x/6x, IBM WebSphere Application Server 5.x/6.x/7.x/8.x, CA Wily 8.x, J2EE, JDBC, XML, JBOSS 7, SAML 2.0, Sun ONE Directory Server 5.X/6.X, CA Identity Manager r8/r12, Apache 2.x, Ping Federate IIS 5.0/6.0, Solaris 8/9/10, Red hat Linux 5.x, Oracle 10g/11g, SQL Server 2005, DB2 8.X.