SUMMARY

• Experience in CyberArk, implementing, managing, and monitoring of CyberArk privileged account security tool modules.
• Hands - on experience with understanding of policies in CyberArk Components like CPM, PVWA, PSM, OPM, EPM and experience in implementing and/or administrating.
• Good knowledge on EPM Product and how to create policies.
• Knowledge on implementation and monitoring of the EPM product.
• Installation and configuration of CyberArk Vault, Password Vault Web Access (PVWA), Central Password Manager (CPM) and Privileged Session Manager (PSM) in Prod.
• Troubleshooting and maintenance of the Password Vault, Central Password Manager (CPM), Privileged Session Manager (PSM), Application Identity Manager (AIM), DR Vault in DR Server.
• Worked on Disaster Recovery Vault (DR) and CyberArk Enterprise vault.
• Good at understanding and communicate CyberArk', s role in the privileged account security space.
• Developed and implemented processes and procedures for onboarding users and Privilege Accounts to CyberArk.
• Knowledge on Amazon EC2 Virtual machines. Experience in handling operations and maintenance support for AWS cloud resources including launching, maintaining, and troubleshooting EC2 instances, S3 buckets, Virtual Private Clouds (VPC), Elastic Load Balancers (ELB) and RDS.
• Hands on experience of Build and Deployment phase and usage of Continuous Integration and Continuous Deployment (CI/CD) tools, build configuration, change history for releases.
• Extensive experience in implementation and deployment of Privileged Account Security solution for Windows, UNIX, Database servers, Security, Networks and Websites.
• Integration of Event Notification Engine (ENE) & Service now ticketing system to CyberArk in PVWA.
• On-boarding of Privilege Accounts to Cyber-Ark, Configured Cyber-ark to MySQL, Oracle databases.
• Well experienced in CyberArk Administration and troubleshooting
• Good knowledge in Active Directory and managing Users, Groups, Computers, Organizational Units.
• Have good knowledge of network switches, routers, firewalls of market leading vendors and have in-depth knowledge of network protocols.
• Experience in Linux and Windows systems to provision new ids and find the RCA in system level and troubleshooting. Good knowledge on Shell script and Windows PowerShell.
• Good analytical and communication skills and ability to work independently with minimal supervision and perform as part of a team.

TECHNICAL SKILLS

Primary skill: CyberArk 8.x,9.x,10.x, 11.x, Conjur

Programming: HTML, CCS, Java, C#, PowerShell, Shell Scripting.

Operating System: Windows, Unix, Linux. Directory Active Directory, LDAP

Database: Oracle, SQL, DB2

PROFESSIONAL EXPERIENCE

Confidential, Dallas, TX

Sr. CyberArk Security Engineer

Responsibilities:

• On-board privileged accounts and application ids with CyberArk Password upload utility.
• Worked on different kinds of CyberArk installation and implementation.
• Handling of Master Key and Operator Key (CD) Process and Manage All Server Passwords.
• Experienced in the Discovery process to discover local accounts in AD and manage passwords through Vault.
• Worked on installing an EPM server and deployed the required agent.
• Been a part of Thycotic deployment as a secondary engineer.
• Secondary Engineer for Thycotic implementation.
• Worked on creating and changing the group policy of EPM server.
• Experienced in day-to-day operational support in adding and deleting accounts, applying policies, assigning safes, synchronizing failed accounts, Password rotations.
• Ensured CPM is running, and LDAP integration is always configured.
• Creation of policies and reports in PVWA.
• Scripted reports and management tools in PowerShell.
• Assisted in Active Directory cleanup efforts.
• Onboard new use cases to the organization requirements with management tools.
• Creating the Safes Manually and assigned required members to the Safes.
• Administration experience of CyberArk vault with Safe creation, integration with LDAP and other authentication methods.
• Used Rest API calls to retrieve credentials via Central Credential Provider (CCP).
• Eradicated embedded hard coded credentials in the application config files, scheduler jobs, scripts etc. using Rest API calls.
• Troubleshooting and maintenance of the Password Vault, Central Password Manager (CPM),
• Privileged Session Manager (PSM), Application Identity Manager (AIM), DR Vault in DR Server.
• Troubleshooting applications and scripts by accessing and analyzing logs on Windows servers.
• Good Experience with PVWA servers Managing Applications Credentials, Auto upload and User Access Policy Management.
• Wrote CloudFormation template to deploy applications on AWS (mainly EC2, ECS, S3, CloudFront)
• Working with AWS Cloud platform and its various services, which include IAM, EC2, S3, ECS, EBS, CLI, SNS, and RDS, Redshift and CloudFormation etc.
• Experience with Application Identity Manager (AIM) which provides the solution to eliminate the need of hard-coded credentials from application, scripts, or configuration files.

Confidential, Austin, TX

CyberArk engineer

Responsibilities:

• Deployment and Implementation of Privileged Identity Management (PIM), LDAP directories,
• Privileged Access Management (PAM).
• Resolved CyberArk issue in CPM to communicate with a host to accommodate credentials.
• Troubleshooting and maintenance of the Password Vault, Central Password Manager (CPM),
• Privileged Session Manager (PSM), Application Identity Manager (AIM), DR Vault in DR Server.
• Experienced in day-to-day operational support in adding and deleting accounts, applying policies, assigning safes, synchronizing failed accounts, Password rotations.
• Administration experience of Cyber Ark vault with Safe creation, integration with LDAP and other authentication methods.
• Worked on multi factor authentications in CyberArk using LDAP, PKI, RSA SecurID, RADIUS, and Oracle SSO.
• Experience with Application Identity Manager (AIM) which provides the solution to eliminate the need of hard-coded credentials from application, scripts, or configuration files.
• Coordinated LDAP combination with AD and system security group to open firewall ports.
• On-board privileged accounts and application ids with CyberArk Password upload utility or PVWA.
• Good experience in ticketing systems like Service Now, SMTP, SIEM, NTP integration.
• Experience in performing Privileged Account Management with fair understanding of the underlying business processes.
• Onboarding windows and Linux accounts.

Confidential, Dallas, TX

CyberArk Engineer

Responsibilities:

• Worked on Privileged Account Management with CyberArk PIM suite Implementation.
• Installation and configuration of the EPV components (Central Policy Manager, Password Vault Web Access
• High Availability Vault Cluster, Secure Zone Access, SAN storage, SSL certificates and Load Balancing.
• Configured platforms, master policies, created Safes & On-Boarded 1000' s of Privileged Accounts
• Connection components, transparent components, access control through AD Group Nesting’s
• Assisted in service account management on Thycotic.
• Assisted in installing and operating Delinea’ s Secret Server and Privilege Manager
• Daily administration and maintenance of company’s E-Directory
• Creation of policies and reports in PVWA.
• Administration experience of CyberArk vault with Safe creation, integration with LDAP and other authentication methods.
• Integrated with Active Directory (LDAP), 2 Factor Authentication (RADIUS).
• Defined, developed, and documented IDAM services including Single Sign-on,
• Self-Service registration, workflows, user management, management dashboard
• Role Based Access Control (RBAC), Attribute Based Access Control (ABAC), resource and business layers Provisioning, credentialing, federation, and auditing.
• Involved in application-to-application credential management.
• Defined user account settings through Active Directory and used Active Directory to create, modify, and manage user, computers, and group accounts.
• Experience in performing Privileged Account Management with fair understanding of the underlying business processes.
• Responsible for determining the target Privileged Session Management (PSM) audience.
• Determine what infrastructure and systems PSM will target (servers, virtual servers, database)
• Performed internal configuration of PSM to the vault itself.
• Installed, configured disaster recovery Vaults and DR services.
• Maintain development, testing, and production systems. Coordinate maintenance with support teams.
• Perform Penetration testing and vulnerability assessment to improve application security.
• Utilization of F5 LTM & GTM for the Privilege Users Single-Sign-On

Confidential, Austin, TX

System Engineer

Responsibilities:

• Implemented the application of standard operating procedures and systems security in support of the organization’s IT architecture and business needs.
• Configured, managed & maintained Windows, Linux systems (Windows 2008, RHEL, Centos), Active Directory, LDA.
• Analyzed and mitigated security related threats. Monitored and assessed traffic &, running reports.
• Provided post-implementation Network management, maintenance, and support services, specifically on Cisco Switches and Routers.
• Planned and documented the process and the New Servers Builds in the environment.
• Provided 24x7 System Administration support for Red Hat Linux 3.x, 4.x servers and resolved trouble tickets on shift rotation basis.
• Provide the support of building the server, patching, user administration tasks, deployment, software installation, performance tuning and troubleshooting.
• Monitoring system performance, tune-up kernel parameters, adding /removing Administering hosts, users, disks on DNS / NIS domain.
• Configuration of Hardware and Software RAID on Digital & Sun Servers
• Installed and Configured Send Mail Utility on UNIX Servers. Administering NFS Mounts.
• Analyzed technologies, recommended vendors to address specific threat vectors such as Disk and
• Data encryption against physical theft and improper access, anti-malware to protect against malicious software and providing deep network control.
• Evaluated and recommended the implementation of and dissemination of IT security tools, procedures and practices to protect information assets.
• Responsible for setting up Web Application Firewalls (WAF) like SQL injection, http conversation.
• Configured VLAN, spanning tree, VSTP, SNMP on Juniper EX series switches, checkpoint firewall layers securing existing Data Center infrastructure.
• Responsible for the Windows environment, including backup, disaster recovery and network Security.