SUMMARY

• Over 21 years of IT experience and 13 years of Identity & Access Management experience. Over 10 years of extensive experience in Software Development including architecture, analysis, design, development, deployment and testing experience in B2C, B2B, Web Portal environments.
• Over 12 years’ experience in architecting and deploying Identity Management, Access Management, LDAP Directories, Single Sign - On (SSO), Provisioning & Approval Workflows, RBAC (Role-Based Access Control), Compliance and Auditing Technologies, Identity Federation, Enterprise System Architecture, Security Infrastructure Design, Authentication and Authorization technologies, as well as custom-built security and technology frameworks.
• Good analytical & technical skills combined with good communication & inter-personal skills. Skilled in working as Team Lead as well as Team member.
• Proven technical leadership skills include the ability to manage teams, earn the respect of its members, led by example, and thrive in an entrepreneurial environment.
• Fast learner and able to understand unfamiliar areas independently.
• Very easily adaptable to new systems and tools. Can clearly express technical information and concepts to a non-technical audience and vice versa.
• Persuasive verbal and written communication skills compliment a proven ability to multi-task, maintain an organized approach, and ensure success - even when faced with high-pressure or high-risk situations.

TECHNICAL SKILLS

Identity Management: Oracle Identity Manager 9x/10g/11g/11gR2, Sun Identity Manager, Novell

Access Management: CA SiteMinder, Oracle Access Manager 10g/11gR1/11gR2, Sun OpenSSO Enterprise 8.0, Sun Access Manager, RSA Access Manager (Cleartrust), Web Agents, Policy Servers

Identity Federation: RSA Federated Identity Manager 2.5/3.1, Netegrity SiteMinder Option Pack, CA Federation Manager R12, Oracle Identity Federation (OIF) 11g, PingFederate 5.3/6.0, Sun Federation Manager 7.0, Sun OpenSSO Enterprise 8.0

Directory Services: Novell eDirectory, Sun ONE Directory Server 5.2, Microsoft Active Directory, Oracle Internet Directory 10g/11g (OID), Oracle Virtual Directory 10g/11g (OVD)

Security Technologies: SAML 1.1/2.0, WS-Fed, OAuth, OpenID, WS-Security, Kerberos, PKI, LDAPGeneral Cryptography, and Federated Identity Management

Security Testing Tools: Tenable Nessus, IBM AppScan, nmap, snort, snoop, tcpdump Web/Internet

Technologies: ASP, ASP.NET, ADO.NET, J2EE (JSP, Servlets, JDBC), XML, XSL, XSLT, XL-FO, SAX/DOM, HTML/ XHTML/DHTML, CSS, JavaScript, VBScript, C#, Perl CGI.

Web Servers: IIS4.0/5.0/6.0, Apache, Tomcat, SunOne WebServer

App Servers: Weblogic Server 5.0/6.0/8.1/9.2 , Oracle Application Server, Sun Glassfish Server, IBM Websphere, JBoss, Apache Tomcat

Programming Lang.: Visual Basic 5.0/6.0, Java 1.4.2/1.5,1.6, PL/SQL, Unix Shell Scripts.

APIs: J2EE, J2SE, JDBC, JNDI, ODBC, Perl CLI for Netegrity SiteMinder, Java SDK for Netegrity SiteMinder, Novell NDK for eDirectory, Oracle Identity Manager API

Standards: HTML, CSS, XML, SOAP, XSLT, XPath, LDAP, DOM, HTTP, PDF, UML

Dev Tools/IDE: Eclipse 3.2, Microsoft Visio, Microsoft Project, Oracle JDeveloper, Microsoft Visual Studio 6.0, Microsoft Visual Studio .NET, SQL Navigator, Quest TOAD, Allaire Homesite, Macromedia Dreamweaver, Microsoft Frontpage,, Softerra LDAP Browser, Microsoft ADSI Edit

Databases: Oracle 10g/9i/8i, MS SQL Server 6.5/7.0/2000 , MS Access.

Control Sys: Visual SourceSafe, Rational ClearCase, Stellent ECM, SVN

O/S: Windows XP/Vista/2000/2003, Linux, Sun Solaris

PROFESSIONAL EXPERIENCE

Confidential

Solutions Architect

Responsibilities:

• Architect/Design a new SSO infrastructure for external access using the Ping Identity components.
• Develop a custom Ping adapter that calculates a risk score for authentication based on the user’s location & device details. The adapter will call RSA AAOP web services with user device details in the payload and RSA returns a risk score. Based on this risk score the user will be challenged by a second factor which will challenge them with a one-time password that will be delivered using email, phone or SMS.
• Integrate SSO/TFA for 4 critical applications at 7-Eleven

Confidential

Senior Security Architect

Responsibilities:

• Architect/Build a new SSO DEV infrastructure for on Oracle Managed Cloud (OMCS).
• Worked on a POC for multi-factor integration with DUO plugin for OTP.
• Set up federation scheme to authenticate to Liferay with OAM as an IdP. The federation scheme was set up as a 2FA authentication scheme with Forms authentication + DUO OTP
• Worked together with Stanford’s to implement & test uses cases for SSO, TFA, R12, Liferay.
• Integrate a sample mobile app for native authentication with Oracle Access Manager using OAuth API.
• Integrate a sample mobile app for Social authentication with Oracle Access Manager using OAuth API
• Provided detailed documents for all integrations that were deployed on OMCS

Confidential

Senior Security Architect

Responsibilities:

• Architect/Build a new SSO infrastructure for high availability based on Oracle recommendations.
• Built an identical clone datacenter environment for failover using Oracle’s Multi Data Center (MDC) approach.
• Set up federation scheme to authenticate with R12, WCI & Discoverer with CoreLogic’s Ping Federate instance
• Assisted the PingOne team to expose these applications on the Cloud Desktop
• Worked together CoreLogic’s NetOps team to implement & test uses cases for failover & switchback between datacenters. Put together a DR runbook for failover/switchback operations.
• Design/Implement SSO integration for R12, WCI & Discoverer
• Worked with the InfoSec to remediate security vulnerabilities reported for the SSO components as well as server related vulnerabilities
• Provided detailed documents for all integrations that were deployed on TeamForge
• Played a key role in resolving issues with the SSO integration during QA which included CoreLogic users globally
• Provided training & mentoring to CoreLogic support team members

Confidential

Senior Security Architect

Responsibilities:

• Architect/Build a new SSO infrastructure for high availability based on Oracle recommendations. This architecture was reviewed by Oracle and certified
• Built an identical clone datacenter environment for failover using Oracle’s Multi Data Center (MDC) approach.
• Helped resolve firewall/clustering issues after the stack was migrated over to a private VLAN with restricted access
• Worked together with JPL’s Network engineer to implement & test uses cases for failover & switchback between datacenters. Typical failover/switchback times were under 5 minutes
• Design/Implement SSO integration for about 9 DEA ADF apps that were hosted in a mix of 11g & 12c ADF/WebLogic environments
• Worked on multiple POCs for SSO integration with SharePoint, consuming OAM OAuth tokens for authorization, Federation SSO for Django applications using pySAML, integration with JEMS (ColdFusion) application.
• Provided detailed documents for all integrations that were deployed on the JPL wiki site
• Played a key role in resolving issues with the EBS integration
• Provided training & mentoring to DEA support team members

Confidential

Senior Security Architect

Responsibilities:

• Architect/Build a new SSO infrastructure with stable releases for the following IDM components OAM, OID, OIM, SOA, OHS
• Draft detailed requirements specifications for SSO and Provisioning use cases based on discussions with key business stakeholders at Activision
• Migrate existing SSO infrastructure to OAM 11gR2PS2 and the provisioning system to OIM 11gR2PS2
• Provide seamless (zero signon) for EBS R12 and SalesForce (ServiceDesk) for users in the Activision/Blizzard network
• Configure DIP Sync between Activision/Blizzard AD domains to populate users in OID for SSO
• Implement SSO for EBS R12 with OAM as SP and ADFS as IdP
• Implement SSO for ServiceDesk with OAM/ADFS as IdP and SalesForce as SP
• Implement a HA architecture for the entire stack with no single-point-of-failure.
• Provide DR guidelines and document the process.
• Provide support for Cut-over and Post GoLive activities