SUMMARY

• Security Engineer with 9+ years of experience in designing and developing applications in Identity & Access Management and SSO space.
• Continuously improving and automating IAM solutions that consist of PingFederate, Ping Access, and LDAP directories (ODSEE 12g) & Ping Directory Systems, CA SiteMinder, OKTA, Ping one Risk, Ping one Cloud.
• Upgraded PingFederate from 7.0 to 7.3; 7.3 to 8.2 and 9.1 to 10.3 both Console and Engine servers.
• Integrating 2 - factor authentication systems like RSA and Symantec VIP for added identity security.
• Worked on SailPoint development like workflows, rules, connectors, policies, Develop and deploy new IAM services in SailPoint IdentityNow platform
• Strong experience with Okta to SailPoint Integration and Microsoft AD AZURE to SailPoint Integration
• Worked on Developing API services to handle access policies, access requests and integrate with external applications.
• Worked on Design and develop workflows, forms, and reusable rules, tasks, and reports within SailPoint IdentityIQ to support a wide range of applications and functionalities.
• Integrated PingAccess with PingFederate through Open ID Connect to get authenticated by PingFederate and Authorized by PingAccess Servers.
• Integrated both IDP and SP initiated SSO using PingFederate and with external clients.
• Worked on all the PingFederate OAUTH grant types to get the access token to access the protected API.
• Supported development with integration of Mobile Apps using OAuth/SAML in PingFederate.
• Experience in designing, development, deployment, migration and implementing Security and Infrastructure solutions using SiteMinder R 12.x, OKTA, CA IDM r8/r12/r12.52.
• Experience in migrating SiteMinder to PingFederate with session and authentication management between two access management systems.
• Experience in user Directory Administration and System Administration.
• Experience in Implementing Active Directory Federation Services ADFS for single-sign- on access to the Office 365 environment.
• Experience in implementing Identity Provider (Okta) and integrated with Office 365 and Active Director.
• Experience in developing and updating systems documentation (e.g., ConOps, Operating procedures, systems architecture documents).
• Experience in debugging of authentication / authorization related issues and creating Rules, Responses, Realms and Policies in Ping Federate.
• Worked on ws-Fed federation to generate and process tokens to send SAML between two webservices across two different enterprise organizations.
• Experienced with multiple Ping Federate adapters html adapter, token, composite adapters.
• Experience in token, form-based authentication, and X.509 certificate-based authentication.
• Experience in configuration and administration of SiteMinder Policy Servers, Policy Stores and User Stores created in Sun One Directory server (LDAP).
• Expertise in configuring and troubleshooting Webservers like Apache, IIS, IHS (IBM HTTP Server).
• Good understanding of Role Based Access Control, SOD and Access Certification in Saviynt, Worked as security ForgeRock administrator.
• Collaborating with the Architects, Service Delivery Manager, Project Managers, and others relative to the SailPoint IdentityNow and/or IIQ deployment plans.

TECHNICAL SKILLS

Operating systems: Unix, RHEL, SUSE Linux, Windows Server 2012/2016.

Programming: Java, Shell, JavaScript, SQL, Python.

Directory Servers: Active Directory, Novel E-Directory and Oracle Directory Server 11g

Web Servers: MS IIS, Apache, Tomcat, JBoss, IBM WebSphere,GCP

Single Sign-On: PingFederate 7/8/9/10, Ping Access 4.0,4.2,5.0,6.0 SiteMinder R12.5, R12 SP2 Web Agent, Ping federate.

Monitoring Tool: Splunk, Wily Monitoring tool, HP OpenView, OneView Monitor, Dynatrace, Saviynt, Identity governance.

PROFESSIONAL EXPERIENCE

Confidential, Atlanta, GA

Sr. IAM Engineer

Responsibilities:

• Worked in Designs, develops, tests, debugs and implements application, software and/or operating system components, software tools, and utilities; conducts performance testing.
• Installation, Configuration, Administration, Maintenance and Upgrading to the latest version of Ping Federate, Ping Access SSO and its components.
• Working on PingOne Advanced Services PingDirectory - User and entitlement story, PingFederate - SSO and Authentication, PingOne Authorize - Authorization engine and rules store PingOne MFA - MFA (OTP, via SMS, voice, email, Authentication app (TOTP) fido2 (most secure SVB choice) PingOne Risk - Risk engine sits on top of MF PingOne DaVince - Orchestration engine.
• Worked on design and implement B2B and B2C solutions and implement security solutions for all the application access controls.
• Experienced professional in implementation of IAM solution with ForgeRock suite for medium/ large-scale customers across various industry verticals.
• Knowledgeable in all ForgeRock products (AM, IDM, DS) good with Forgerock Access Manager, ForgeRock Identity Gateway, Forgerock Identity Manager, Forgerock Openam And ForgeRock OpenIDM 3.1 Implementation.
• Working on with ForgeRock other complex COTS implementation within or outside the security area.
• Working on Direct interaction with customers, responding in a professional and efficient manner, helping them identify and resolve technical issues with ForgeRock Identity Cloud SaaS.
• Experience as an Identity and Access management implementer with ForgeRock suite
• Experience with Connectors like Active Directory, RACF, Workday and MS Exchange.
• Worked on Developing solutions within the Oracle Identity and Access Manager suite.
• Worked on architecting IAM solutions within Amazon Web Services (AWS).
• Strong knowledge of Cloud Security practices and IAM Policy/Document preparation for AWS.
• Strong knowledge of tools related to Identity Governance (IGA), Privileged Access Management (PAM), Privileged Identity Management (PIM), Single Sign On (SSO), etc.s
• Worked on SOD, access certificates and Role based Access controls in Saviynt.
• Working on the installation of PingFederate runtime and admin severs, working on PingFederate upgrades.
• Working on Azure Active Directory services administration and Microsoft Active Directory.
• Worked on Design, configure, document, and enforce centralized CIAM architecture across multiple diverse business domains and application architectures
• Worked on application architects to plan, design, develop and implement CIAM solutions for API driven cloud and cloud/hybrid-based applications
• Worked on Splunk tool for monitoring the logs and maintaining the dashboard.
• Strong knowledge in maintaining AWS secret manager for service account credential rotation as well as story secure API things.
• Worked on configuring and deploying Saviynt Connectors using different target systems.
• Integrating SAML profiles with different binding methods like POST, Redirect.
• Configured the PingID as MFA for the applications.
• Worked on Distributed file systems for file sharing across the organization.
• Worked on integrating the Ping Directory for user authentication.
• Providing expert-level technical/administration support to colleagues.
• Installation and configuration of PingID authentication and registration adapters and creation of authentication selectors.
• Implemented OAuth with the Clients to get the Access Token for both API’s and Web calls.
• Integrated Ping One Risk SDK into the Ping Federate environment. And Maintaining User MFA device on the Ping one
• Implemented Device level login limitations.
• Worked in Configuring and deploying Saviynt Connectors for various target systems.
• Using JIRA and Confluence to maintain the track record of the issues, projects and the application owner details.
• Using OGNL expression for manipulating the SAML attribute values.
• Certificate Renewal Activity for the certificates enabled in Ping Federate.
• Provide excellent customer service and delivery of technology services.
• Trouble shooting SSO issues by using SAML Tracer, Postman and by checking Ping federate and Ping access logs.
• Worked on the Custom datastore implementation.
• Worked on the Saviynt tool and Connectors for Active Directory.
• Worked on all Web Access Management tools like OKTA to sail point integration and Microsft AD Azure to sailpoint integrations.

Confidential, New Jersey

IAM Engineer

Responsibilities:

• Having Regular meetings with the onshore team on the Upgrade and integration of applications with SSO and monitoring the Go live.
• Worked on Providing billable professional consulting services to CDW’s clients on Google Cloud Platform (GCP).
• Worked on Engineer automation solutions with Kubernetes, CI/CD pipelines, etc.
• Worked on Operate as part of a team leveraging agile and scrum methodologies
• Worked Engineering and consulting services around GCP core resources, cloud networking, IAM,BigQuery, GCS, and other GCP Security protocols etc.
• Good Experience with access provisioning, configuring, managing AWS services such as VPC/SubNet/Security Group, EC2, ECS, CLI, S3, KMS, Route 53, Secrets manager, CloudWatch, Lambda, Control Tower, Organizations, Identity Center(SSO), IAM.
• Creating and integrating new applications with our Ping Federate to achieve SSO (IDP/SP) by using industry standard protocols like (SAML, OAUTH, Open ID, WS-Trust and WS-FED).
• Worked on different Saviynt connectors for systems preferably Active directory, PeopleSoft, EBS.
• Strong knowledge and experience working with Okta to SailPoint Integration.
• Worked on Integrations and good Experience with Microsoft AD AZURE to SailPoint Integration.
• Collaborating with other team members for defining workflow, process improvement and protecting applications.
• Providing expert-level technical/administration support to colleagues.
• Installation and configuration of adapters and creation of authentication selectors.
• Performing validation of unit test cases and documenting the change implementation as part of process.
• Configured Duo, Kerberos, and HTML form IDP adapter authentication.
• Used both IDP SSO and SP SSO for multi domain SSO.
• Point of contact for Application teams who want to integrate with SSO.
• Did API and Application client registration with Authorization code, Implicit, ROPC grant.
• Worked on Up front design like Application Integration, Configuration of all the component
• Build QA automation platform for Ping, Build QA automation to drive Logins for apps, App Dynamics for synthetic monitoring
• Environments clean up and maintenance.
• Worked on persistent grant to provide refresh token to API’s client with high call volume.
• Designing, implementing, and maintaining Saviynt identity and access management solutions for clients.

Confidential, Boston, MA

Web AUTH Engineer

Responsibilities:

• Deployed PingFederate, PingAccess on RHEL servers and performed performance tuning on the servers.
• Keeping up-to-date with industry trends and best practices related to identity and access management.
• Worked on using AWS CLI, CloudFormation, AWS CDK, Python, Terraform, Git, Ansible with troubleshooting experiences
• Worked on Troubleshooting and resolving technical issues related to Saviynt solutions.
• Helped on architecting the architecture for the Ping product solutions on premise for having high availability.
• Participating in the continuous improvement of Saviynt products and services.
• Configured applications onto the PingOne with PingFederate as identity bridge; user will get authenticated in PingFederate and he will get access to all the applications on the PingOne Docker.
• Configured the PingID as MFA for the applications.
• Configured the Proxy for the applications using PingAccess, protected most of the applications using PingAccess
• Did POC for AirWatch with PingFederate integration kit.
• Migrated the SAML applications from Legacy Novell IAM to the New Ping IAM platform.
• Worked on writing the OGNL expressions to meet different vendor requirements in the assertions and restricted the user access by writing OGNL expressions on the issuance criteria.
• Worked with Web Access Management services in cloud service/on prem.
• Worked as Okta administrators where i am responsible for managing the Okta environment for their organization.
• This includes setting up and configuring users, groups, applications, policies, and integrations.
• They also monitor system performance and security, and ensure compliance with relevant regulations and policies.
• Added custom response headers to PingFederate and PingAccess.
• Experience in implementing Identity Provider (Okta) and integrating with Office 365 and Active Directory.
• Experience working on all Web Access Management tools like OKTA, PingAccess etc.,
• Worked on Okta developers where i am responsible for integrating Okta with their organization's applications and services.
• This involves using Okta's APIs and SDKs to build custom authentication and authorization workflows, as well as integrating third-party applications with the Okta platform.

Confidential

IAM Consultant

Responsibilities:

• Administration and Maintenance of PingFederate.
• Using Jira and Confluence to maintain the track record of the issues, projects, and the application owner details.
• Reporting and Auditing the Ping SSO functionality by using Akamai & Logic monitor.
• Creating, Managing, troubleshooting instances in AWS Cloud EC2, VPC, Route 53, Glacier, S3, and ELB environment.
• Worked on cloud solutions such as AWS, Azure & Google cloud platform.
• Defined process workflow for AWS IAM as Primary contact in the current project.
• Creation of users and federate SSO roles supported for both AWS & Azure IAM.
• Provided application support for cloud hosted applications using built in monitoring tools such as Microsoft application insights, Tanium and troubleshooting tools such as kudu.
• Using Service Now as the Incident and Change management tool and maintaining SLA as for the tickets.
• Provide support for SOA-JML, Web Portal Infrastructure focusing on Security utilizing Identity Manager, Directory Server, Active directory and Web logic.
• Did performance testing on all the individual engine servers.
• Responsible for Identity Management, Directory Services, Access Governance and Privileged Account/Password Management services Road map and Operations.
• Defined process workflow for AWS IAM as Primary contact in the current project.
• Creation of users and federate SSO roles supported for both AWS & Azure IAM.
• Provided application support for cloud hosted applications using built in monitoring tools such as Microsoft application insights, Tanium and troubleshooting tools such as kudu.
• Security groups, Network ACL for security purposes.
• Comfortable with PowerShell to automate tasks.
• Implemented Cloud watch dashboard and Cloud Trail for monitoring purposes.
• Monitoring IDAM application datacenter for High Availability and Data Recovery.
• Worked on Active directory, SQL DB, Quick connect and Active roles server.
• Able to work under pressure and fast learning environments.
• Configured Amazon Scaling service: ELB, Auto Scaling and Launch Configuration
• Conducted Disaster Recovery tests.
• Responsible for managing servers, troubleshooting, monitoring and coordinating with vendors to resolve problems.
• Responsible for Identity Management, Directory Services, Access Governance and Privileged Account/Password Management services Road map and Operations.