SUMMARY:

• Experienced Infrastructure Architect with 20+ years of proven track record of consistently delivering cutting edge innovative solutions spanning several disciplines like Windows, Virtualization, SSO, Storage, Security and Automation technologies that are foundational to Cloud and SDDC. Created, managed, and maintained strategy, global standards, roadmaps, and new technologies. Successfully lead and delivered several large Enterprise scale projects, designed and supported one of the largest and complex Infrastructures in the world at Confidential with 300K employees. IAM, Security & Windows Platform expert, with expert level working knowledge of SSO, Okta, SAML, Windows, Active Directory, Security, Group Policies, DNS and Windows performance monitoring and trend analysis. Strong working knowledge of Virtualization Technologies (VMware Hypervisor & Microsoft Hyper - V) MSPKI, Two-Factor Authentication (2FA), CISCO ACS (TACACS+/RADIUS Authentication), Solarwinds, SumoLogic, PaloAlto (trained). Expert level working knowledge with Integrating Directory Enabled Applications through Kerberos & LDAP optimization.
• Automated application certification process from DEV/UAT & Prod environments, Strong Working knowledge of OS automation (Server Builds), Application deployments and OS Patch deployments. Working knowledge of Windows PowerShell. Expert level Troubleshooting Skills. Ability to use Packet Sniffers and Firewall logs for troubleshooting.
• Seasoned Architect with proven ability to successfully analyze an organization's critical technology related requirements, identify deficiencies, potential opportunities, and develop innovative solutions for increased reliability, production efficiency & enhanced Time to Market.
• Self-driven, self-motivated team player with strong inter personal relationships that foster team work and collaboration.

PROFESSIONAL EXPERIENCE:

Confidential

Sr. Infrastructure/Security Engineer

Responsibilities:

• Global Lead for Identity and Access Management (IAM), Active Directory, Windows Platform and Information Security
• Designed and implemented Okta SSO and Okta MDM from ground up with 150+ SAML applications. Worked with more than 40 different groups to integrate their applications to SSO.
• Streamlined and Automated the New Hire Onboarding and Off Boarding Process via Workday/Okta/AD, it was popularly known as ‘One Click On-Boarding/Off-Boarding’. The framework also included Provisioning/Deprovisioning of SaaS base applications. Prior to the Automation it took 29 manual touch points to On board one Employee, this new framework not only streamlines and Automate the process but it resulted in cost efficiencies and saved the Company and Operations 10% of the headcount and minimized the Audit risks.
• Researched the latest market trends and presented them to the CTO and other Senior Technology Leaders. Secured Active directory by implementing the “Least Privileges Required” model for any given group, re-configured and optimized the AD replications which spanned across eight sites globally, implemented various GPOs, Fine-Grained Password Policies and Managed Service Accounts, cleaned up the AD DNS configurations and made it consistent across all the DNS servers, implemented DNS debug logging.
• Worked on Three mergers/acquisitions and helped with onboarding users and integrating their apps with SSO and Active Directory. Helped business units integrate their LDAP applications, assisted with PKI related issues and implemented MS PKI in the dev environment, production MS PKI planned for 2018.
• Utilized SEIM technology (Sumologic) to centralize all the Active Directory and File Server event logs to a central location in the cloud, this enabled forensic analysis and alerting for any potential breaches.
• Actively participated and played a key role in Medidata Network Architecture, design, configuration and troubleshooting. Managed Cisco ACS (RADIUS/TACACS), Cisco ASA VPN and helped troubleshooting Wireless issues. Assisted Network team with building networks at new office locations and tearing down old equipment, assisted as an SME in troubleshooting AD connectivity issues with Site-to-Site VPNs.
• Implemented Windows Servers, Domain Controllers and Windows 10 Security and Antivirus Policies. Worked with various business units and retired more than 100+ Windows 2003 servers, Upgraded end of life servers to VMs and newer OS, setup location based printing. Ran Windows performance analysis where needed to identify resource bottlenecks.
• Implemented two-factor authentication for various applications/device access and VPN Access
• Upgraded Dell Hardware to Cisco UCS Mini and ESX Hosts from 4.x to 5.x
• Worked with Solarwinds, Panorama, PaloAlto User-ID, InfoBlox, Powershell, WebEx, Office 365, Google Apps. Installed Solarwinds Agents on Windows Servers for monitoring
• Responsible for enforcing security and governance settings throughout the Enterprise for regulatory compliance. Heavily involved with Security / Audit related forensics and investigations. Currently looking at CASB (Cloud Access Security Broker)
• Documented core technologies and Operational procedures and provided training for team members and Operations personal.

Confidential, Warren, NJ

Architect/Project Lead/Sr. Engineer

• Proactively engaged Microsoft and provided product enhancement recommendations for Vnext & threshold.
• Liaised directly with the development teams at VMware to come up with a solution for VmGen ID which is a critical component for Virtualization of Domain Controllers using VMware
• Test, certify and document new AD features released in Windows 2008/2012/2012 R2.
• Responsible for enforcing security and governance settings throughout the Enterprise for regulatory compliance
• Engineered solutions for features introduced in newer OS like SYSVOL DFSR Migration, DC Upgrades, Virtual DCs, DC cloning, Fine Grained Password Policies, (Group)Managed Service Accounts, Secure Service Accounts, Auditing User logons, Performance Monitoring. Document operational procedures and hand-off to operations.
• Identified the need and Tested, Certified a Virtual Directory/Proxy Solution from Radiant Logic.
• Provide third level operational support, recommend / engineer solutions to address any issues discovered, Support for Group Policies (Using NetIQ GPA/ Quest GPOADmin).
• Test and implement Security templates for Active Directory Domain Controllers
• Evaluate, certify and documents third party products that enhance AD functionality. Review and provide feedback/recommendations to various internal teams products that leverage AD.
• Create Business Requirements documents for AD Management tools that are developed internally. Work with the developers to build the product.
• Certify Apps for AD Integration by working with a number of application owners at Citi and third party vendors and ensure that the apps are interacting with AD properly with little or no impact on DCs.
• SME for MS PKI and worked with Confidential Engineering team to implement Microsoft Certificate Services from POC to Production. Good working knowledge of PKI in general and MSPKI in particular.
• Certified, tested and documented Smart Cards and Biometric devices for Windows Logon.
• Review, test and recommend Windows OS and AD Security and Audit standards by working closely with Citi Host Security Engineering team.
• Represented Citi as one of the lead engineer in round table discussions with MS related to future OS and AD enhancements.
• Maintain LAB AD infrastructure and servers that mimic the production.

Confidential, Fair Lawn, NJ

Architect/Project Lead/Sr. Engineer

• Lead Architect and Support Engineer for all aspects of Active directory, Windows Server OS Automated Builds, and Microsoft PKI. Acted as Active Directory and Windows Server OS SME for SMS, Messaging and Citrix teams and worked closely with those teams during their product implementations and also provided level 3 support for AD and OS related issues. Provided guidance and best practice guidelines for applications that interact with Active Directory using LDAP and RADIUS/TACACS+ using Cisco Secure.
• Designed and implemented Windows OS Hardening and AD Security and Group Policies, File Server and MS SQL Clusters with SAN connectivity and HP hardware. Worked extensively in upgrading Server infrastructures in the Data Centers across the country. Coordinate and build server infrastructure for various applications and provided OS patch deployment solutions using HFNetcheck/SMS.
• Provided direction to other team members. Provide solutions to field engineers to simplify their day to day tasks.
• Worked as a lead architect for Identity Management, Active Directory and Windows related projects during mergers.

Confidential, New York, NY

Sr. Systems Engineer

• Worked on a Windows XP Workstation Build Project.

Confidential, NYC

Architect/Project Lead/Sr. Engineer

• Designed, Implemented and supported various Active Directory Domains. Windows Domains and Server Upgrades and consolidations; Automated Windows Server builds on Compaq/HP Servers; SAN Connectivity; Developed and implemented Security templates for hardening of Windows Severs; Implemented Windows Server Infrastructure as an ASP. Develop contingency solutions for clients. Implemented a number of Microsoft Clustering solutions on Windows and MS SQL; Novell eDirectory, LDAP connectivity and scripts to import bulk users; Open SSH, Remote Control solutions for Monitoring; Management of Servers using MRTG, Big Brother, IBM Director; Supported and maintained various Cirtix Server Farms; Designed and implemented hands-free Antivirus Solutions for a number of CSC clients. Worked closely with Network and Firewall teams in securing Server and Active Directory communications. Designed and implemented RADIUS/TACACS+ and RSA SecureID authentication for Checkpoint firewalls, Cisco Router and Microsoft Windows servers.
• Developed Security Templates for Windows 2000 Server for Confidential on behalf of CSC.

Confidential, New York, NY

Sr.Systems Integration Engineer

• Setup Confidential Internet Advertising Systems running on Windows Servers in the lab to duplicate production environment. Perform load and stress testing using LoadRunner, Automate Confidential Application Servers deployment using Winbatch. Wise, Ghost and Windows unattended scripts; Installed, configured, and maintained RAID storage and NAS servers that are part of Network Advertising Systems
• Provided automation tool to stop excessive damage by Viruses and received an award from the CTO for providing a solution quickly within a short notice.

Confidential, New York, NY

Architect/Project Lead/Sr. Systems Engineer

• Chief Architect for automated Windows Server and Workstation builds and Upgrades
• Evaluated, tested and documented implementation procedures for a number of 3rd party products like software distribution, helpdesk, remote control software, and Anti-Virus solutions for global implementation; Evaluated, certified and documented Server clustering software for Microsoft SQL Servers, disaster recovery procedures for mission critical applications running on Windows Servers; Provided level 3 support for Windows Servers; Certified Compaq/Dell Hardware for Windows Servers and Workstations.
• Installed Windows Servers for various mission critical applications, Netware and Windows Server upgrades, consolidations and migrations, relocation, performance and failover, Anti-virus solutions for Servers, Server backup and management solutions, provided level 2 support, evaluated DNS and DHCP.
• Directed a team of seven people in various projects and trained them in Windows and Netware Servers.

Confidential, New York, NY

Architect/Sr. Systems Engineer

• One of the lead Architect in designing Confidential infrastructure and chief architect for Windows Workstation automated builds for corporate.
• Corporate wide deployment of Netware File Server’s, Server consolidations, Automated day-to-day tasks related to File Servers, third level support, involved in troubleshooting LAN/WAN related issues, on-site and off-site contingency systems for some critical business groups, provided training in OS, LANs and Applications for 1st and 2nd level support personnel to help troubleshoot problems to providing better client support; Provided level 1 and level 2 support for desktops and servers.