SUMMARY

• Over 6 years of experience in architecting, designing, implementing Identity and Access suite like CA Site Minder, CA Layer 7 API Gateway, Ping Federation, and Ping Identity and Access Management suite of products.
• Implementation of Security Management tools in enterprise wide Applications to achieve Authentication, Authorization and Accountability.
• Strong working experience with Directories, SSO, Federation, Delegated administration, API gateways (Layer 7).
• Experience in deploying SAML based highly available solutions using Ping Federate and other security products.
• Extensive experience in client interaction and support maintenance engagement in security.
• Designed and implemented Ping Identity Solution for Web Access Authentication using Ping Access and Ping Federate.
• Administering DHCP Server creation of reservation and configuration of server options.
• Prepare a plan for user communication to switch from ADFS to Okta SSO. Created a detailed implementation and migration guide for Office 365 Okta SSO integration.
• Document detailed technical steps to be executed by administrators to accomplish federation configuration switch from ADFS to Okta. Active member of PAM Team responsible for the deployment of CyberArk Security Initiatives.
• Migrated Web Authentication solutions from CA Single Sign - On (SiteMinder) to Ping Access 3.
• Delivered strategic and tactical service and feature enhancements to end users, including Ping Federate SAML & OAUTH SSO for over 25 connections and a services integration layer.
• Hands on working experience on LDAP products like Oracle ODSEE, CA Direction.
• Successfully upgraded Ping Federation Services from 6 to 7 and 7 to 8.
• Experience working with API Gateway solutions like: CA API Gateway (Layer 7), API Gateway.
• Working experience with CA Technologies API Gateway (Layer 7) and policy design.
• Experience in configuring the multiple Docker images and creating Docker container to provide end to end automation of CA API Gateways.
• Designed Custom reports for CA API Gateway, enabled client by providing trainings on CA API Gateway.
• Worked on Integrating CA API Gateway with Ping Federate for Single Sign On.
• Requirements Gathering, Analysis, Designing, developing, testing, deployment and application support of Identity and Access Management solutions.
• Experienced in all aspects of Identity and Access Management including, eDirectory, Access Control, Audit, Single Sign-On, Privileged Access Management, Policy Designing, PKI, Firewalls and load balancers.
• Implemented OAuth and OpenID for mobile and non-browser solutions using PingFederate.
• Experience working on all the PingFederate OAUTH grant types to get the access token for accessing the protected API.
• Resolved user support tickets for all systems (Access Manager, Ping Federate, Adaptive Authentication) Participated in meetings and discussions regarding the rebuild of the current IAM infrastructure.
• Successfully implemented Web Access Management Solutions using Ping Access 3 and other security products like CA Single Sign-On (CA Site Minder), migrated Web Authentication solutions from CA Single Sign-On (Site Minder) to Ping Access 3.
• Experience in working on PingFederate 5.1, 6.1, 7.1, 7.3, SAML 2.0, SAML 1.1, SAML 1.0, Oauth 2.0 and OpenID/Connect (OIDC).
• Prepare a plan for user communication to switch from ADFS to Okta SSO. Created a detailed implementation and migration guide for Office 365 Okta SSO integration.
• Demonstrated POCs for API security like integration with Open AM, Site Minder, OAuth 2.0, JWT token and certificate authentication.
• Created the Federation service between Site Minder federated web services to PingFederate for classic migration of applications that are SAML and WS-FED based applications.
• Experience on Single Sign On (SSO) Integration project using CA Site Minder (Netegrity Policy Server version R6.0 and R12 & Site Minder Agent versions 5qmr 7, 6qmr5, R12 and R12.52).
• Protected Restful API's using OAuth in PingFederate so that it can be accessed only with Access Tokens.
• IT Risk/ Identity & Access Management project management, providing web-based applications security.
• Experience in CA Identity Manager in Web Security Administration SSO/Site Minder, Agents for SharePoint, Secure Proxy Servers, Sun ONE LDAP Directory Server, Active Directory Server.
• Add new Symantec VIP token types: VIP Access and Yubico Yubikey.
• Worked on Web Servers: Apache; IIS; and on Windows based & UNIX based OS.
• Involved in installation, configuration, deployment, troubleshooting and implementation of Sun Identity Manager (IDM).

TECHNICAL SKILLS

Primary Skills: CyberArk8.x,9.x,10.x, 11.x, 12.2 PACLI, AIM.

Programming: Java, C, PowerShell, Shell Scripting

Directory Services: Active Directory, LDAP

Database: SQL, Oracle 12c/11g/10g, DB2

Other Tools: Putty, PuttyGen, PL/SQL, SQL Server Management Studio, Toad, VNC, Basic Shell scripting, JBoss, WebSphere, Apache Tomcat, Glassfish, Servlet Executive, IIS Web Server, Apache Web Server, Microsoft Azure MFA, Microsoft Authenticator

Operating System: Windows 2012 R 2/2008/2005/2003/2000 , Linux/UNIX, Solaris, IBM AIX, HP-UX

Integration Technologies: Service Now, SailPoint, Radius, LDAP, SAML

PROFESSIONAL EXPERIENCE

Confidential - Mclean VA

Sr. CyberArk Engineer

Responsibilities:

• Experience of Implementing and upgrade of CyberArk and CyberArk components like Digital Vault, PVWA, CPM, PSM, PSMP etc. And troubleshoot if any services breaks.
• Worked with credential management team to manage then CyberArk infrastructure.
• Implemented and Installed the CyberArk V12.2 PAS Suite (Vault, CPM, PVWA and PSM) in the customer Environment.
• Knowledge of onboarding account and application via pvwa.
• Worked on EPV servers using Private Ark to administer the Acceptance and Production Vaults.
• Experience installing IIS, RDS and other perquisites in windows servers.
• Worked with CyberArk components such as vaults, CPMs, accounts, policies, safes, usages, PACLI, and providers.
• Experience of managing Platforms and password policies in CyberArk as well as managing accounts in CyberArk safe.
• Responsible for making solid implementation plan do DR exercise for vault services failover and failback
• Experience of creating and implement SSL certificate for ILO and VMs
• Experience of opening firewall request via orchestration Portal.
• Follow-up with new builds and check the specs to satisfy components prerequisites
• Create and maintain the reports/inventory of load balancers, vlans and CyberArk servers.
• Worked on remediating and closing the audit issues of CyberArk application.
• Provide L3/SME support for Privilege Access Service toolset (CyberArk) which will include on call support.
• Worked closely with Splunk team to ingest CyberArk data to Splunk.
• Performed SNMP monitoring with CyberArk, the SIEM integration with the vault to validate the logs from the CyberArk.
• Build a different Query for PSM, CPM, and PVWA component in the Splunk.
• Setup alert in Splunk for CyberArk services.
• Provided L3/SME support CyberArk AIM component and applications on-boarded to use the AIM integration for privileged account management.
• Responsible for Privilege user account administration of various windows and Unix accounts using CyberArk components.
• Integrated various platforms with CyberArk such as LDAP, windows, UNIX, databases, and networking devices.
• Worked on CyberArk cloud and on premise.
• Worked with CyberArk RestAPI, PowerShell and utilized bulk upload utility tool to onboard the account in bulk.

Environment: CyberArkPAS Suite V11.2, V12.2

Confidential, Pittsburgh, PA

Sr. CyberArk Engineer

Responsibilities:

• Primary responsibilities include Installation and configuration of CyberArk Vault, CPM, CyberArk PVWA, AIM, OPM CyberArk PSM and PSM SSH proxy Architecture and design.
• Upgrading Cyber Ark suite of products from 7.x to 9.x. (CPM, PSM, EPV, PVWA & AIM).
• Worked on Privileged Account Management with CyberArk PIM suite Administration.
• Built two new datacenters with Policy Servers and SunOne LDAP Servers on East Coast to reduce the network latency for Confidential applications Migrated SAML infrastructure including SAML Policy Servers, Web and Application Servers from Windows2003 to Solaris platform.
• Configured and supported SAML based Identity & Service Provider connections.
• Administration experience of CyberArk vault with Safe creation, integration with LDAP and other authentication methods.
• Mitigation of the risks using CyberArk, Aveksa and policy changes on servers.
• Worked with different teams to implement single sign on using SAML 2.0, OAuth 2.0.
• Identified different SAML 2.0 issues and fixed the issue in NetIQ Access Manager 3.2.
• Coordinated with the Service providers and identity providers during the SAML Certificate upgrade and architectural changes.
• On boarding applications and configuration of privileged accounts in CyberArk.
• Produced policies, realms, rules, and responses to implement the single and dual factor authentication using RSA Secure ID Token based on the business requirements.
• Applied Single Sign-on using SAML2.0 for Federation Applications.
• Resolved CyberArk issue's in CPM to communicate with a host to accommodate credentials.
• Executed password policies for all the applications using SiteMinder Policy Server. Configured APS, FPS, Rules, and Help Desk Functionality Replacement.
• Strong familiarity on UNIX administration, and networking concepts.
• Installed and configured CA Wily Monitoring Tool and created dashboards and metrics to monitor Siteminder and LDAP Infrastructure.
• Understanding on Soap/Rest calls and tested the APIS's with Soap UI tool.
• In charge for Netegrity/CA SiteMinder infrastructure maintenance, support and deployment in development, test and production environments on 24/7 basis.

Environment: CyberArk Enterprise Password Vault version 7.x, 8.x,9.x, CA Identity Manager 12.5.x/12.6.x, JDK 1.6/1.7, J2EE, JDBC, XML, SAML 2.0, CA SiteMinder 5.X/6.X,12.X, Federation, Sun ONE Directory Server, Ping Federate 5.x/6.x, Microsoft Active Directory, Azure AD, ADFS, Tomcat 5.5, Apache 2.0, Solaris 8/9/10, Windows 2000/2003, Oracle 10g/11g, SQL Server 2005, DB2 8.X. CISSP, Security+, CIAM, CAMS, CCNA, CCNP

Confidential, Tyson, VA

PAM/CyberArk Engineer

Responsibilities:

• Played a key role in requirements gathering with business users like Investment Accounting, Front office, TAX and Operations etc.
• Acted asSME for PAM for InvestmentSystem to provide guidance on out of the box functionality and to provide recommendations on vendor product enhancements.
• Architect and design the solution for reporting needs that requires custom development using PAM Business objects (SDK), InfoStream ODBC, Export Modules, and by manipulating Data Tables.
• Develop the Extracts from PAM to data warehouse includes Security Master, Accounting Portfolios, Security Transactions, Security Positions, and Income Earned etc.
• Develop and implemented solutions likeUnrealized Gain loss, weighted average Book value, Security Location information etc.to support Investment Accounting management decisions.
• Analyze and develop assets Cash information like Manager Cash, Cash Contributions/Withdrawal, Bank Cash positions to support Operations and Portfolio manager’s decisions.
• Architected and Implementing Windows 2003 Active Directory Migration Prototype with both AD integrated DDNS and Centralized UNIX DNS for 2000+ user site.
• Develop Security positions Extracts for international business users calculate positions on JSTAT, JGAAP, JTAX accounting basis through XNET Accounting System.
• TAX Deferred Gain/Loss:Process designed to calculate Deferred Gain/Loss positionsforinterportfolio transferorwash sale loss deferraltransactions to supportTAX reporting.
• It also calculate the positions in case of Spin offs, Conversions and tax-free exchanges transactions.
• Book Value Reconciliation for Consolidated GAAP and TAX basis:This Processroll forwardthe prior period book value to the current period ending book value.
• It subtotals acquisitions, dispositions, amortization realized gains/losses and adjustments. Process output used to verify theSI Schedules 2, 4, 24 B, 26
• Multi-Basis Holdings: The holdings report calculates and display the end of period units, cost, book value, market value and accrued interest.
• It used to reviewSI Schedules 2, 2A, 2.2, 2.3, 4.1, and 50. It supports multiple accounting basis likeConsolidated GAAP, Statutory (STAT), Fourth(Standalone), TAX, Management and IFRS etc.
• Confidentialalso supports Multi Currencies for data warehouse reporting including portfolio, Security or other reporting currencies as USD etc.

Environment: C#, .Net 2.0/3.5/4.0/4.5 , Visual studio 2010/2013/2015 , SQL Server 2005/2008, Oracle, VB 6.0, Autosys, PAM Business objects SDK, LINQ, Microsoft Project, TFS, Visio, NuGet packages, Entity Framework

Confidential, Stamford, CT

IAM Engineer

Responsibilities:

• Performing development, customization, and administration on the CA Single-Sign-On Identity and access management application for mapping it to the existing business process.
• Installed new CA Single-Sign-On (SSO) R12.52 SP1 policy servers and pooled them into clusters in development, staging and production environment.
• Analyzing planning and implementing CA Single-Sign-On on multiple Cookie Domain and internet security to Enterprise level web applications using CA Single Sign On integrated with Oracle Directory Server Enterprise Edition 11g. Experienced in Single-Sign-On Test tool and Single-Sign-On policy server log files for Troubleshooting Single-Sign-On environment.
• Debugging of authentication / authorization related issues and creating Rules, Responses, Realms and Policies in CA Single-Sign-On. Monitor user activity through CA APM web view, HP Site scope and other exception reports to ensure security is being maintained.
• Assisted in executing the implementation of IAM systems and upgrade to systems as needed. Assist in updating (SailPoint IIQ) workgroups and Monitor SailPoint IIQ product functionalities. Implemented Self-service feature, Password management feature, Provisioning feature and forgot password change in SailPoint.
• Installed and configured settings for provisioning users from various AD domains. Involved in configuring Okta for user provisioning from Active Directory. Created groups for specific users to enable access for applications such as Duo Security, Service Now, and Zoom.
• Worked on de-provisioning users from few domains that are in-active and unregistered domain from Windows servers Okta AD Agent Manager, Automated various tasks by using Windows PowerShell script for extracting reports for User Registrations, PWR and Unlock accounts.
• Practiced using languages Java and Python and automation combining Python, Regex, and Bash Scripting
• Implemented Access Certification, Automated Provisioning and Governance aspects of IIQ. Develop complex workflows and service adapters in the SailPoint Identity IQ configuration interface. In the process of upgrading the IdentityIQ product from SailPoint 6.3 to SailPoint 7.0.
• Configured Ping Federate 6.x/12.x for SSO across multiple web-based enterprise applications. Installed and configured PingFederate 7.0.1 with the existing Siteminder environment and used LDAP authentication for the admin console.
• Administrating & Configuring UNIX & Windows servers and ensure all applications are up and running on all servers. Implementation of federation Services (SAML 1.0/1.1/2.0) through CA Single-Sign-On with third party vendors for Single-Sign-On both as Service provider and Identity provider.
• Performed Installation and configuration of SailPoint 7.0. Configured Flat files and JDBC connectors in SailPoint. Assist in updating (SailPoint IIQ) workgroups. Monitor SailPoint IIQ product functionalities.
• Managed client requirements and configure SailPoint connectors. Responsible to manage Administration functionality of the SailPoint such as loading data, create roles, create policies, scheduling tasks and certifications and reports.
• Expertise in analyzing the logs (trace logs, smaccess logs) and Trouble Shooting issues in Integration of other applications using CA Single-Sign-On and Identity Management tools along with LDAP and Web-server agents.

Environment: CA SiteMinder R12 SP2, Identity Manager 6.0, Okta AD Agents, Active Directory, PxM9.5, J2EE, JDBC, XML, JBOSS 7, OKTA Microsoft Identity Manager SAML 2.0, SailPoint 7.0, Ping Federate IIS 7.1/7.3, Solaris 8/9/10.