SUMMARY

• 07+ Years of IT professional exposure in Identity and Access Management (IAM) and diverse range of skills in Information Security Domain and having a very good record of implementation, administration, maintenance & support on IAM products.
• To play a key role as a collaborator looking for further knowledge in becoming an Identity & Access Management (IAM) in Web Application Security (SSO) and help set the performance standards for the company allowing my professional growth.
• Well versed with all phases of the software development lifecycle (SDLC) such as Analysis, Planning, Developing, Testing, and implementing and post - production analysis of the projects and methodologies such as Agile, SCRUM, and Waterfall.
• Performed access reviews on the applications with guest user access.
• Experienced in configuring Microsoft office365 with Ping Federate.
• Experienced in creating various adapters like Kerberos, composite, Reference ID, HTML, PingID for MFA
• Provided 24/7 customer support for both Microsoft internal and external employees throughout the world.
• Supporting overall Company IAM Infrastructure which includes various IAM technologies, listed below
• Active Directory, Active Directory Federation Server, Azure AD, Azure AD Connect.
• Good experience on configuring NPS extension.
• Hands on experience in IAM requirement analysis, implementation of Access Gateways and SAML, OAuth, RBAC, Open ID based integrations and web access management (WAM)
• Implemented more than 50+ applications for multi-factor authentication using Azure AD and writing conditional policies.
• Azure Active Directory (AAD) configuration and management, policies and provisioning, Azure AD Connect, Azure AD, Multi-Factor Authentication, ADFS, AD DS, AD CS.
• Troubleshooting issues related to SSO, authentication and authorization, as well as troubleshooting LDAP issues.
• Experienced in setting up SAML and OAuth/OIDC applications using Ping Federate.
• Provided L-3 support to resolve the tickets raised by Application teams or clients on various.
• Experienced in using Postman client for OAuth troubleshooting purposes.
• Experience in working multiple monitoring systems to understand and analyze various logs and reports to provide a more reliable and efficient support for SSO and IDM infrastructure.
• Configuring SSPR self-service password reset policy and FIDO key.
• Troubleshooting BSOD (Blue Screen of Death) and OS failure issues.
• Created and managed Kubernetes Pods, Services, Deployments
• Experience with bug tracking tools like JIRA, Bugzilla, Confluence, and ServiceNow.
• Maintained and administered the GIT Source Code tool.
• Created branches, labels, and performed merges in stash and GIT.
• Basic knowledge of Python scripting language.
• Provided close support to Identity management teams.
• Fast learner, team player, able to multitask, strong communication skills and work ethic.

TECHNICAL SKILLS

Cloud Platform: Microsoft Azure, AWS

Operating System: Windows Server 2003/2008/2012/2016/ R2, Ubuntu, UNIX

Web/Application Servers: Apache Tomcat, Web logic 8.1, WAS 6.1 SOA

Directory Servers: AD, CA Directory, Ping Directory, OKTA

Databases: DB2, Oracle, SQL Server

Troubleshooting tools: Azure Support Centre, Fiddler, Logs miner, App insights, Azure Monitor, NGC, Kusto

Multi-Factor: CA Advanced Authentication, PingID and Duo

Federation: Ping Federate 8.x -10.x, CA Site Minder Federation Services, Ping One, ADFS.

Access Management: SiteMinder 12.x - 12.8x, CA Access Gateway/Secure Proxy, CA SiteMinder Web Agents, Ping Access

PROFESSIONAL EXPERIENCE

Confidential, San Bruno

Azure Cloud Infra Engineer

Responsibilities:

• Working as a Microsoft Azure Cloud Administrator, involved in migrating on-premises applications to Azure Cloud using Azure app services, configuring storage account, resource groups, and virtual machines. Remotely login to Virtual Machines to troubleshoot, monitor, and deploy applications.
• Configured Shared Access Signatures (SAS) tokens.
• Providing updates to business partners in a timely manner and documenting technical and programming specifications.
• Worked on both agent and proxy-based integrations for applications that do not support SAML or OAUTH protocols.
• Server and SOA Suite for deployment of the identity management stack.
• Created application proxy for the on-premises web-based applications to provide single sign-on.
• Installed and configured SOA to enable workflow capabilities to the Identity Management Software
• Excellent troubleshooting skills verifying web agent and SiteMinder logs and monitoring the environment.
• Generating reports of Active Directory using Netwrix Auditor & troubleshooting SSO issues using Fiddler and SAML Tracer.
• Participated in projects and initiatives in support of regulatory, audit and IDM directives
• Performed tuning on the database hosting OID, OAM, SOA, and OIM schemas.
• Supported patching activities performed by Windows team, to provide continuous support to applications using SSO.
• Worked on supporting and debugging issues with and implementing SSO solutions with Business Partners using PING Identity solutions.
• Provided Architectural design and implemented enterprise-wide Identity and Access Management (IAM) solutions Ping Federate and PingID.
• Updating IDP Signing certificates before the expiry.
• Implemented PingID MFA with Ping Federate.
• Provide IAM solutions along with PingFederate, AZURE AD and OKTA.
• Worked on all the PingFederate OAUTH grant types to get the access token to access the protected API.
• Supported development with integration of Mobile Apps using OAuth/SAML in PingFederate.
• Checking the application performance logs in Azure App insights and debug errors depending on requests, custom events, and dependencies.
• Creating change requests for production deployments and documenting the issues and root causes.
• Creating the alert rules in Azure Monitor using portal and CLI to track the errors based on scope or occurrence.

Environment: Azure, Azure Storage accounts, SOA, JIRA, Service NOW, Azure App insights, Azure MonitorGIT, OKTA Verify, Google Authenticator, PingID and Duo.

Confidential, Irving, TX

Sr IAM Engineer

Responsibilities:

• Implemented many OAuth and OpenID connections based on the client requirements.
• Configured multiple grants types such as Authorization code, implicit, client credentials and resource owner.
• Provided Architectural design and implemented enterprise-wide Identity and Access Management (IAM) solutions using Ping Federate and PingID.
• Worked on supporting multiple applications internal and external to provide SSO services using PingFederate.
• Upgraded PingFederate from 10.0 to 10.3
• Worked on Agent-less Integration using reference ID adapter, SAML and OAuth with various legacy and new applications.
• Worked on both agent and proxy-based integrations for the applications that doesn’t support SAML or OAUTH protocols.
• Supported patching activities performed by Windows team, to provide continuous support to applications using SSO.
• Updated IDP Signing certificates before the expiry.
• Responsible for coordinating IAM team members, consultants, partners during project planning, execution, Installed, configured, and upgraded PingFederate and PingID for MFA.
• Configured MFA with Citrix and CyberArk via PingID using Radius Authentication.
• Integrated Ping Federate with Office 365 to enable MFA.
• Integrated many applications using SAML 2.0 protocol.
• Configured applications by enabling Kerberos and used composite adapters to accommodate user authentications from multiple domains.
• Worked on a POC in integrating enterprise applications using SAML in azure AD
• Created conditional access to apply business policies as per the requirement in Azure AD.
• Configured external identities to support B2B communication for the guest users.
• Created application proxy for the on-premise web-based applications to provide single sign-on.
• Worked on access reviews and self-service signup for guest users.

Environment: Azure, Azure Storage accounts, OAUTH, SOA, JIRA, Service NOW, and Azure App insights, Azure Monitor, GIT, OKTA Verify, Google Authenticator, PingID and Duo.

Confidential

Azure IAM Engineer

Responsibilities:

• Knowledge in different Azure services such as Azure Storage, Azure Pipeline and Azure Application deployment. Azure Active Directory B2B and B2C environment.
• Manage Identity Access management of Azure Subscriptions, Azure AD, Azure AD Application Proxy connectors, Azure AD Connect, Azure AD Pass through Authentication, ADFS, and ADCS.
• Resolved Azure AD issues relating to Office 365, Active Directory to Azure AD, resolving the Sync issue Microsoft Managed Services Service Provisioning Provider (MMSSPP).
• Worked with multiple clients and handled the escalation calls with good customer feedback.
• Experience in doing Web service federation (WS) between two web services using SAML and by creating connection between the two SOAP service clients.
• Experience on Azure Multi-factor authentication using NPS extension.
• Design and develop solutions on Token Generator and Token Processor to establish a connection between two web services from different Enterprises, JWT tokens to authenticate the end users, with federation services.
• Tracking the change & incident tickets using the ServiceNow, Jira ticketing tools.
• Ability to identify, analyze, and address problems to resolve issues in a way that minimizes negative impact and risk to the organization.
• Strong knowledge and experience with Single Single-on and authentication protocols (SAML, OAuth, OpenID, Kerberos, LDAP, etc.)
• Configured multiple grants types such as Authorization code, implicit, client credentials and resource owner.
• Validating and granting API permissions for applications based on types.
• Helping client to manage OKTA service, OKTA life cycle management with Active Directory, LDAP, and SSO, auto provisioning and automating different infrastructures.
• Performing OKTA integration while adhering to change management policies and procedures.
• Configured conditional access policies and did analysis using what if feature in Azure AD.
• Configured B2B applications is Azure AD using external identities and created self-service signup policies for the guest users
• Hands-on knowledge on Azure security technologies and associated components and variations, Azure Security Centre, Azure Monitor, Log Analytics.
• Analyzing sign-in, audit logs and user provisioning if any user gets blocked and restricting users from specific devices or location.
• Converting devices into Azure AD join/Register/Hybrid azure AD join.
• Collecting NGC logs for complex device issues and troubleshooting after reading logs based on events.
• Documenting all the troubleshooting steps and sharing them across all the team members.
• Having knowledge of Azure VM configuration.

Environment: Azure portal, App registration, MFA, SAML2.0, OAUTH, ADFS, ASC (Azure Secure Centre), Log miner, Postman, Kusto.

Confidential

Windows System Administrator

Responsibilities:

• Resolving MSFT VPN connectivity issues.
• Connecting end users over remote and resolved the BSOD (Blue Screen of Death) and OS issues.
• Analyzed Device logs and fixing Azure AD and Hybrid join issues.
• Working with SCCM (System Centre Config Manager) and installing the updated OS patches manually in case of any issues with SCCM.
• Upgrading OS using ISO image for testing upcoming OS builds.
• Adding mobile devices with Company portal (Intune) and enabling Authenticator app for two-step verification.
• Worked on BYOD device connections and SCCM issues.
• Worked on Bit locker issues and enabling Bit locker for additional security.
• Analyzing MDM and NGC logs and finding the root cause.
• Good experience in reading the network logs and analyzing the issues.
• Enabling and fixing the issues related to Windows Hello for Business (WHFB)
• Active Directory and Group Policy Management.
• Taking end-to-end ownership of customer issues, including initial troubleshooting, identification of root cause and issue resolution.
• Meet or exceed customer expectations on response quality, timeliness of responses and overall customer experience.
• Serving as an internal and external point of contact on customer matters and ensuring customer issues are resolved as expediently as possible.
• Experience in complex implementation integration in production tenants.
• Windows System Centre Configuration Management Server.
• Experience in Mobile Device Management (MDM), Autopilot, Windows Hello, Window defender, and MAM.
• Develop positive relationships with internal/external business partners, seeking opportunities to increase customer satisfaction and deepen customer relationships.
• Testing mobile devices cloud-based solution, (BYOD) third party access and participated in mobile security projects.
• Offered 24/7 on call support and resolved operator requests regarding system OS, VPN, device connection issues.

Environment: Company portal, SCCM, Service NOW, and Wireshark logs, NGC, event viewer logs, etc.