- Confidential has diversified IT experience as an Information Security leader and architect and an InfoSec specialist experienced in Identity, Credential and Access Management (ICAM), Single Sign On (SSO), Federation Services(FS), Role Based Access Control (RBAC), Multifactor Authentication (MFA), Privileged Account Management (PAM) and various security controls, operations and procedures.
- Specialties: Software development Management and Architecture, Managing product roadmaps, SDLC, Technology Leadership in application security, Oracle Identity and Access Management, Information Technology Engineering & Operations, Application Security, Digital Security, Application Security, Web Services, Cryptography and PKI, Fusion Middleware, Consulting, People Management, Program Management, Relationship Management, Client Engagement, Team Building, Mentoring & Leadership, New Technology Adoption, Multi - Factor Authentication.
Security IAM tools: Oracle Identity Manager/Xellerate, Sun Directory Server/iPlanet, MS Active Directory, Oracle HTTP Server (OHS), Directory Services - Oracle Internet Directory (OID), Oracle Unified Directory (OUD), Oracle Virtual Directory (OVD) 10g and 11g, Oracle Directory Services Enterprise Edition (ODSEE)
SSO tools: Oracle Access Manager/Oblix CoreID, Oracle Identity Federation (OIF), Active Directory Federation Services, Azure AD, CA SiteMinder / CA Single Sign On
Identity Federation protocols: SAML, Fedlet, OAuth, Open ID
MFA: SafeNet / Gemalto
RBAC: Sailpoint Identity IQ
PAM: CyberArk, BeyondTrust
Security Principles: PKI, PKCS, OCSP
Cloud Services & architecture: AWS (Amazon Web Services), CLC (CenturyLink), SaaS, PaaS, IaaS
Operating Systems: Solaris, Linux/UNIX/Ubuntu, Windows 2012/2008/2003/2000, AIX, CentOS
Application Servers: Weblogic Application Server 11g and 10g, Oracle Application Server 10.1.3.3, JBoss, Web sphere Application Server, Tomcat
Development Tools: Oracle Forms and Reports 11g/10g/9i/6i
Other tools: Java Server Pages, Visual Basic 5.0/6.0, J2EE, Rational Rose, Service Now
RDBMS: Oracle 11g/10g/9i/8i, MS SQL Server, MySQL
Confidential, North Carolina
Senior Identity and Access Management Architect
- Was ranked “Exceptional” (top 5%) in FY16 performance period with significantly exceeding expectations within one year of my employment at NetApp
- Lead a team of 12 people worldwide across identity and access management space to manage complex, multi-disciplinary projects (both technical and business) with an emphasis towards defect free, on- time, on budget, and in-scope completion thereby driving coherence from chaos
- Continue to lead new innovations in security and cloud space, including process improvements, best practice sharing, measuring and driving metrics and overall change management efforts
- Planned and executed vendor selection & analysis for Roles project (Sailpoint, Oracle Identity Governance, Courion & ForgeRock) and for Multifactor Authentication project (Safenet, SecureAuth, Duo Security) for around 20,000+ internal users within 10 weeks with detailed design and implementation analysis’ use case
- Led the complete execution of Safenet’s MFA roll out by leading and managing a team of 20+ people worldwide to make the project successful for Cisco ASA(VPN) and Juniper SSL VPN(SA) for all of NetApp’s internal users i.e. 20,000+ users including employees, contractors and partners
- Provided technical direction and leadership for existing and future Identity and cloud infrastructure while collaborating with the enterprise architect, operations teams along with strategic vendor partners while defining the target technology state, thereby building a business proposal and strategic roadmap of execution
- Completed acquisition integration (M&A) and other confidential projects while keeping company security and integrity at the forefront
- Lead IAM Operations and Engineering team and initiatives from analysis phase to actual implementation phase during different release cycles
- Mentor and lead professional development of multiple team members across US and India to improve their ability to support the “Keep the Light On” functionality. Helped strategize, define and build the complete Command Center processes for escalated issues and concerns in the organization related to various different work streams and not just limited to IAM and Security.
- Only point of contact and lead on IAM initiatives for all the engineering services
- Initiate, define, lead and coordinate different POC initiatives for various application teams/vendors providing guidance to engineering and operations team for actual implementation
- Architect, design and demonstrate to Steering committee member’s new workflows, techniques, new developments on latest IAM products
- Generate monthly and weekly performance reports to be presented to upper management (Director and above) encapsulating different initiatives within engineering and operations team
- Define future roadmap for IAM related services and functions
- Understanding and working knowledge of effective integration of "Cloud Architectures" (SaaS, PaaS, IaaS) with IAM solutions considering the unique security considerations of secure Cloud computing
- Identify threats and risks, prioritize, design and implement security controls by partnering with stakeholders in IT and the business
- Implemented effective IT processes (i.e., ITIL) including incident, problem, defect, change and release management across IT wide systems and processes
- Understanding & ability to develop and articulate a vision for security domain and understanding of short-term and Long-term ("big picture") vision
- Act as a liaison across various technical and business teams to coordinate processes and procedures for optimal change control and privilege assignment
Senior IAM Architect
- Lead pre-sales activities of RFP creation, Project Management, POC design/presentation and client engagement initiation
- Assist various client projects for requirements consideration, architecture, design, implementation and support purposes as needed
- Perform vendor security assessments Risk assessments on new projects, identify and reduce risk
- Define IT security requirements, roadmap for budgeting and lifecycle management dictated by business operations
- Planned and developed security roadmap and new security requirements dictated by business operations
- Security infrastructure design, configurations reviews, providing comprehensive IT security implementations
- Developed a data protection strategy to prevent sensitive data leaks
- Configure Oracle IDM products and / or other IDM tools namely CA SiteMinder, MS Azure to suit client needs per industry security standards, practices and recommendations
- Installation, Configuration and thorough documentation of OAM, OIM, OHS - Web Tier, Webgate, OUD 11gR2 and OVD 11gR1 in HA environment
- Successfully configured and documented SSO between OAM 11gR2 and OBIEE 11gR1, Peoplesoft HRMS, FSCM, ELM, Enterprise portal, e-Supplier portal, other 3rd party vendor J2EE, .NET based applications
- Assisted application administrators in day to day support and maintenance activities of all the IAM suite of products and integrated applications
- Provided client application administrators with daily automated scripts to evaluate whether the system is up and running
- Conducted training sessions, provided guidance and performed knowledge transfer of all the implementation conducted of Oracle IAM toolset products
- Single point of contact with client personnel on a day to day basis throughout the engagement
- Implemented and documented performance improvement techniques for all the IAM tools - OAM, OIM, OUD, OVD, OHS and Oracle RAC database
- Assisted in maintaining a Disaster Recovery location across two data centers by modifying the existing design and architecture of the client applications to still meet existing client needs
- Provided guidelines and documented the process of successfully upgrading Oracle IAM set of products in future without hampering existing operations of integrated client side applications
- Provided guidance to the client on future Oracle IAM tools which can be utilized to prevent security threats and vulnerabilities of existing integrated applications
- Defined processes for system maintenance and provided guidance on overall IAM lifecycle management along with necessary hands-on knowledge transfer
- Experienced in IAM 11g System Evaluation and Assessment Audit for state government clients
- Provided subject matter expertise level feedback on clients existing and to-be situation of the already in place IAM system to meet SICAM standards
- Evaluated current architecture, design, documents, processes and personnel profiles in order to meet client IAM system goals
- Solely conducted interviews of different client personnel’s ranging from PMO to system support
- Recommended different alternatives and options for the complete IAM business, IT and support processes after thoroughly understanding client environment and management needs
- Work with sales team on pre-sales and post-sales customer security evaluations
- Facilitated security audit.
- Perform company-wide risk assessment
Environment: Oracle IAM 10g and 11g suite of productsConfidential, New York
- Lead the work stream to on-board different types of applications to Identity IQ by engaging with various business operations lead, business analysts and development teams
- Developed and Improved business processes in order to reduce toxic combinations of user roles and entitlements
- Developed time, resource and budget estimates for various work streams to depict progress to Business Leads
- Co-ordinated all the 3 work stream efforts by engaging closely with client business in an onshore, offshore team model
- Managed team of 2-3 personnel in order to make sure the client work is delivered on a timely basis and in an orderly manner
- Configuring User Access Certification, System testing and co-coordinating the efforts with different clientele for desired result set in IIQ. Providing the needed deliverables on a strict timeline for recertification cycle
- Extensive experience with Oracle Identity Manager (OIM), Oracle Internet Directory (OID), Oracle Virtual Directory (OVD), Oracle Access Manager (OAM) - both 10g and 11g, Oracle Adaptive Access Manager (OAAM), Oracle Enterprise SSO (OeSSO), Oracle Unified Directory (OUD), SailPoint Identity IQ and CA SiteMinder.
- Database Auditing, SPML, Web Services, Single Sign on, RBAC (Role Based Access Control) Auditing, Attestation & Report Generation.
- Relevant experience with configuration, provisioning and reconciliation to/from various resources/applications namely MS Active Directory, MS Exchange, Oracle Database, MySQL and other database based systems, SAP systems, Sun Directory Server/iPlanet and other custom applications.
- Experience in LDAP technologies - schema, password policies and configuration changes; Provisioning with Approval Workflows, Delegated Administration, Attestation, Database Designing, PL/SQL programming, and JAVA/JSP programming.
- Expertise with architecture and deployment of enterprise Security Solutions comprising Firewall’s, VPN’s and high available security products.
- Experience in configuring, provisioning Custom Adapters, Web Services.
- Good Understanding of methodologies such as Object Oriented Analysis, Design, and Development (OOAD), Unified Modeling Language (UML).
- Experience in Weblogic application server installation, configuration and performance tuning.
- Experience with Bulk Loading of User Accounts into LDAP directories and OIM.
- Provided and supported Test Case scenarios and successfully did knowledge transfer to the customer application owners.
- Lead Developer and Architect of OIM to integrate with custom applications along with AD, OID and MySQL database. Configuring PIV card based SSO between OAM and OIM 10g
- OeSSO based single sign on to applications like Lotus Notes and other internal websites by authenticating against Active Directory
- Hands on knowledge of configuration of OAM 11g with different identity stores OUD/OID/OVD
- Conceptual level design recommendations for satisfying the functional requirements
- Analyze and documented the Functional Specification Document (FSD), Business Requirement Document (BRD) and Change Control Requests (CCR)
- Design pre-populate adapters, rules, access policies according to the business roles, responsibilities and groups
- Configuring approval based workflow for different custom resource objects
- Created test plans and test schedules to outline the scope, priority and the timelines with the release schedule
Environment: OIM 220.127.116.11, OAM 10.1.4.3, OHS, ODSM 11g, OVD 11g, OID 11g, OUD 11g, Oracle RAC Database 11g, OID Connector Pack 90411, MS Active Directory Connector pack, Solaris, MySQL database, SailPoint Identity IQ.Confidential, Edison, NJ
Oracle IDM Architect and Developer
- Production/Go-Live - 10 million users - at least 1000 hits each day
- Effectively handled Government and user critical information like Social Security Numbers, PIN’s and Weekly Benefit Amounts (WBA)
- Configured secured communication between all the components across all the tiers - application, web, directory and external - internal DMZ zone
- Documented the whole OIM process and trained onsite officials doing knowledge transfer of Identity Manager functionalities/capabilities
- Perform Gap Analysis between existing Legacy System environment and Oracle IDM product functionalities
- Provided guidance with the 11g Rel1 architecture having PeopleSoft, AD, Exchange and other custom target resources
- Provided recommendations on system architecture for Phase I and Phase II - OAM, OIM, SSO, OVD, OID, and AD - Load Balanced/Failover/Clustered environment, DMZ zones/Firewalls.
- Brainstormed on the overall data flow starting from web services layer to application layer to directory services layer to database layer
- Underlying main objective was to keep OID and AD in sync with latest information - provided guidance on the needed DIT structure
- Proposed the technical recommendations/functionalities that needs to be in place to meet the existing system’s functional requirements with respect to each IDM product
- Designed and proposed a Project Plan for the needed functionality to Go-Live
- Conceptual level design recommendations for providing the functional requirements
- Configure Direct provisioning from OIM to OID and e-Business application (iStore)
- Design pre-populate adapters, rules, access policies according to the business roles, responsibilities and groups
- Configure OAM policies to redirect to different Web-Center portal pages depending upon the requested protected resource
- Configure OIM server to accept modify user, enable user account, disable user account SPML requests
- Configure the sample HttpClient to send these requests to OIM server
- Configure SSO between OIM and OAM
Environment: Oracle Identity Manager 18.104.22.168/22.214.171.124/126.96.36.199, Oracle Access Manager 10g(10.1.4.2, 10.1.4.3) and 11g, Adaptive Access Manager 10g, Oracle Internet Directory 10g and 11g, Oracle Virtual Directory 10g and 11g, Oracle Directory Services Manager 11g, Oracle Database 10g and RAC Database 11g, Oracle HTTP Server, OIM Database Connector Pack 188.8.131.52, Oracle Internet Directory Connector Pack 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, SAP employee Reconciliation Connector Pack 9.0.4, OIM MS AD Connector, Exchange Connector, PeopleSoft Connector, AD Password Sync Connector, E-Business User Management and TCA Connector Pack 9103, Remote Manager, Active Directory, RedHat Linux, Solaris, Microsoft Windows Server 2003/2008, Oracle Application Server 10.1.3.3, Weblogic 10.3 and 10.3.1 (11g), IBM Websphere application servers, Tivoli directory, JNDI, Oracle JDeveloper 10g, SAP-HCM, SAP CUA, iStore 12.0.6, Web-Center Portal 11g.Confidential, Dallas, Texas
Business Process Analyst Intern
- Maintained and updated task critical information of all the projects coming under Information Technology Program Management Office (IT - PMO) Portfolio.
- Designed Functional and Divisional Dashboards for monthly “IT PMO Review Meetings”.
- Interactive, functional and leadership based job.
- Suggested major improvements in the business process.
- Performed Project Scheduling and Budget Management for variety of projects.
Environment: MS Rational Rose, MS Project, RFP’s, SOW’s, MS SharePoint, MS Visual Studio.Confidential
Software Project Trainee
- Worked on IVR technology – SIP servers and open source telephony software – Asterisk.
- Successfully interacted between the Asterisk Server and RFID sensors API’s.
- Designed Voice XML pages and their logic for voice interaction with end-user
- The location of the RFID card is provided to the end-user by the application using a toll-free host number
Environment: Asterisk PBX Engine, SQL Server, VXML, RFID Card Reader and Cards API’s, Eclipse.