- Over 8 years of experience in the design, development, testing, implementing and supporting operations enterprise wide security applications using CA SiteMinder and Oracle IAM. End to End design, implementation, upgrades and support of IAM infrastructure and Identity Federation on products, protocols, modules listed below.
- CA Siteminder FSS R6.x, R12.x, R 12.5x
- CA Federation Manager 12.x
- CA Identity Manager R8, R12 SPx
- Microsoft ADFS 1.0 - 2.0
- TFIM 6.2.1 & Tivoli Access Manager for e-biz 6.1
- Cloud Services - Azure Cloud
- SAML 1.1 - 2.0, WS-Fed Protocol, OpenID, OAuth, OpenSAML
- PKI, SSL Parsing, XML Signing, Encryption, JCE, Bounty castle
- Multi-Factor, Step-up authentication
- Federation Service delivery platform FuGen MISP
- Infrastructure Virtualization VMware, VSphere client
- Cisco 5500 series firewalls/gateways ACL’s
CORE FUNCTIONAL EXPERTISE:
- CA Siteminder - Federation Manager: End to End design, implementation, migration and upgrades of CA Siteminder Version 6, 12, 12.5 and CA Federation Manager Version 12 and their service packs.
- Domains, Affiliate Domains, Realms, Rules, Policies, Active response, Accept/ Reject Rules, Authentication Schemes like Multi-factor/Step-up/X 509 authentication/Custom Authentication Schemes, Agents configuration, Host configuration, User directory and mappings, Password Policies APS, PKI Signing encryption certifications, SM-Profiling, Backup Strategy, Failover and load-balancing, Policies export, import and xpsconfig.
- Agents installation and configuration on different web servers like Apache, IBM Http server, IIS, WebSphere, WebLogic, Reverse-Proxy setup on the web servers to application servers, load balancing of agents, Sticky Sessions
- Federation web service installation and configuration on different application servers ServletExec-IIS, Apache-WebLogic, WebSphere. Auditing, logging, tracing of Federation web services.
- Creating IdP, SP entities both local and remote, Creating IdP-SP, SP-IdP Partnerships, Signing and Encryption certificates, Metadata configuring, importing and exporting of the partnership, Attributes and Name Identifier mappings, Custom Assertion generation plug-in, Message consumer plug-in, SDK’s to read Open format/Legacy cookies for the federation to work end to end for SAML 1.0, SAML 2.0 AND WS-FED profiles
- SAML 1.0 - SAML 2.0 protocol messages, Authentication Request, Response, Logout Request, Logout Response, Artifact Profiles, and Attribute Query profiles for different bindings like POST, Redirect, Artifact. WS-FED, STS, WS-Trust
- XML Signing, Encryption, Decryption, Certificates procuring from CA’s, Self-Signing certificates, Client Certificates using OpenSSL, Cryptographic Hash Algorithms (MD5, SHA-1, SHA-256), Encryption Algorithms DES, 3DES, AES Programming PKI using JCE, Crypto libraries, Bouncy castle, SSL Traffic capturing, Parsing using JPCap, WinPCap.
- Core Java, J2ee JSP, Servlets Struts framework, Hibernate, JPA, Web 2.0, AJAX, Java-Script, YUI, Content Management Liferay, Magnolia portals and Portlets development, Architecture, Class diagrams, Documents like Solution requirement specifications SRS, SDS, STP for the projects
- TFIM 6.2.1 Installation, Configuration, Ad-ministration/ Federation end to end implementation in TFIM, Creating partnerships, Certificate Man-agement
- Installation, Configuration and setup to protect the realms, Configuring ACL’s, Protected Objects, User management.
- Installation/ Configuration, Junctions protections, EAI, Authentication methods configurations, Auditing and logging.
- Installation, Configuration, Administration of CA Identity manager, Directory Server, Provisioning Server/Manager, Connectors. End to end identity management environment for User management, Roles, Tasks, Self-service, provisioning and customizing as per SRS. Defining Tasks, Roles, Groups, Membership, workflow, Policies, Self-service, Synchronization, Bulk loader, Scheduler in IDM. Integration with Connectors, Provisioning Directory, Siteminder protection to the IDM environment. Custom Development using Java for Event Listeners, Business logic task handlers, Logical Attributes deployment in IDM
Identity Federation and Access: Management Products & Protocols:
Privileged Access Management Tools: CA s Siteminder, Federation Manager, Identity Manager, IBM s Tivoli TAM-TFIM, Pingfederate, Microsoft ADFS 1.0/2.0, SymLabs, OpenSSO, OpenSAML, Federation Services platform FuGen MISP, SAML 2.0/1.0 Profiles AuthnRequest, Response, Logout request/response, Artifact Profiles, Attribute queries, IDP Discovery, WS-FED RSTR, STS, WS-TRUST, OpenID and OAuth profiles CyberArk 9.1 and 9.2 (Digital Vault, PVWA, PSM, and CPM)
Languages/Server Programming: Java, J2EE, Struts Frame work, Hibernate, JPA, JDBC3.0/2.0, JNDI
PKI: Encryption/Decryption, Signing using Public/Private key pairs, JCE, Bouncy castle and crypto libraries
XML/Web Services: XML, XSL, XSLT, SOAP1.1, WSDL, AXIS, REST
Application/Web Servers: Jboss 4.x, Tomcat 5.x, 6.x, WebLogic, WebSphere, IIS 6/7, Apache 2.x, IHS
Oracle9i, MS: SQL server, MS Access, MySQL, DTS, SunLDAP, CA Directory, MS-AD
IDE: Eclipse3.x, NetBeans5.x, PLSQL Developer 7.x, MS-Visio, MS-Project
CMS: Magnolia, Liferay
Analysis & Design: UML, Design Patterns
Linux 4: 5, RHEL AS, Solaris x86 64 SPARC, Windows 2003/ 2008 servers
Confidential, Irving, Texas
Info Security Analyst Senior
- Worked as L3 support primarily fixing the issues caused due to the automation failures for Siteminder policy creation and Cloud automation failures of configurations on the web servers.
- Focused on issues arising during the web agent upgrades from R6 to R12 where CA products have difficulty in upgrading the agent.
- Used smobj and xps utilities to import and export policy store to different versions of directory servers. Implementing SSO across multiple domains and Line of business.
- Worked on CA SDK as well for testing purpose.
- Installed and tested patches for new releases in CA Policy server and WebAgents in the Siteminder SAND box and applied in production environment to resolve authentication, authorization and performance issues.
- Troubleshooting escalated production issues by trying to recreate them and opening CA cases to resolve them.
- Configured SiteMinder web agents, Affiliate agents and RADIUS agents to provide federation of webservices in the SSO environment.
- Configured CA SiteMinder policy server, framing Rules and Policies, Policy Server maintenance, SSO call clearance, Web Agent & Application agent installations, troubleshooting production problems.
- Worked on SiteMinder SMSession, Persistent and Secure Cookies.
- Configured Ping Federation Environment for SAML Federated Authentications for users coming from partner sites by configuring ID Provider/Consumer using SAML 2.0 POST binding.
- Worked on Ping Federate both inbound and outbound calls using SAML 2.0
- Involved in installation and implementation of SiteMinder Trust Authentication Interceptor (TAI) for IBM WebSphere 6.x, 7, 8
- Experience in troubleshooting the SSO issues for Cookie Provider enabled applications for cross domain authentications.
- Installed and Configuring CA web agent on IIS 7.x, IBM HTTP.
- Involved in upgrading the SiteMinder policy servers & agents.
- Configured various Web servers like IIS and IHS with Single Sign on (SSO) using Siteminder.
- Configuring User Sessions to support for SSO over single domain and multiple domains.
- Troubleshooting SiteMinder environment using SiteMinder test tool and SiteMinder policy server log files and agent log files.
- Identify and fix the VA scan SiteMinder issues for the applications in a timely manner.
- Helped create strategies for backup and recovery of Siteminder environment.
- Worked on day to day Service Now tickets to resolve the Siteminder issues within the SLA.
Confidential, Tempe, AZ
- Analyzed Functional Specifications provided by the application teams, and brought out the feasible solutions for addressing the security implementation requirements for the WCA (Wholesale Common Authentication) applications, and created design specification document with the relevant information for the QA group
- SME on pingfederate protocols such as SAML 2.0, WS-TRUST and OAUTH.
- Integrated SAAS applications with pingfederate.
- Worked on IDP adapter such as WAM, IWA, composite and HTML forms. And token translators such as WAM, open token translator.
- Worked on bindings such as redirect, POST and artifact.
- Primary engineer for integrating the newly acquired GE Finance applications with Wholesale Common Authentication using CA Siteminder version R12.51 and R12.52.
- Critical role in addressing the challenges with the new SSO integrations which use in-bound SAML for authentication and accessing the third party vendor application.
- Upgrading Siteminder web agents on all the web servers IIS, WebSphere, Apache, IBM HTTP from R12SP3CR11 to R12.52 in CEO (Commercial Electronic Office) Portal environment.
- On Call Engineer:
- 24/7 Production Support POC for WCA (Wholesale Common Authentication) and CEO (Commercial Electronic Office) Portal.
- Handling the team email box with respect to Netcool alerts, information requests, and accessibility issues in the lower environments
- Verifying the scheduled Policy Servers restarts
- Administering (Rollover, restoring backup, restarting, verifying) the Policy Servers and LDAP servers for all the certificate renewals and software patching on the Policy, LDAP, and Web Servers in all the environments
- Work on the quarterly waves (releases) for multiple applications with respect to CA SSO including SAML 2.0
- Deploying the application specific appstrings to the LDAP Userstore as and when required with the application integrations.
- Assisting (validating the access) the CA SSO Quality Assurance team for verifying the application readiness and signoffs
- Responsible to reset authentication in CA SSO environment periodically that includes Root passwords of User Store, Policy Store, User Conditioning scripts for WAS and QA teams, CA SSO Administrator Passwords (smreg command), WebAgent registration password, Login passphrase, LDAP DMD scripts, sm.apsexpire, etc.
- WebAgent upgrade and repoint to new Policy Servers as a part of data center migrations.
Confidential, Stamford, CT
Identity Access Management Security Analyst
- Created and assigned Privilege Accounts access and ensured the Privileged Account Management password policy, rules and all business requirements were met while reducing the serious business risk due to noncompliance with internal and external regulations
- Investigated researched and resolved user related ABAC (Attribute Based Access Control) issues.
- On-boarding, de-boarding, privileged accounts to CyberArk using PACLI and Export Vault data utility.
- Troubleshoot end-users issues wrt access to admin and local accounts using CyberArk.
- Update Quova data in CA Risk Authentication system.
- Evaluated user based requests for ITAR and Regulatory compliance after which the request was either approved/declined and assigned to the relevant Roles Based Access group in SAP, ENOVIA and Active Directory
- Identified designed and implemented process improvement activities on various tasks executed within the IAM team to avert export compliance, audit process adverse findings and reduce business disruptions and frustrations encountered within the on-boarding and off-boarding activities
- Identified implemented and documented with heavy emphasis on provisioning and de-provisioning workflows to reduce the loss of productivity as users struggle to access the resources they need
- Initiated and created a training curriculum and trained offshore remote Identity Access Management (IAM) analysts in Active Directory, SAP, ENOVIA and CAMS provisioning
- Reviewed Resolved Active Directory password authentication and management issues
- Resolved Export Compliance, ITAR and Intellectual Property audit results findings
- Researched and resolved users related application and network Identity and Access Management Access (IAM) issues
- Completed the new users, new suppliers and new customers on-boarding and off-boarding activities to reduce business disruptions and productivity.
Confidential, Chandler, AZ
- CA Siteminder FSS R 12 SP1 Policy Server, CA Siteminder FSS R 12 SP1 web agent, CA WAM r12 SP1, CA Identity Manager R12 CR5, IBM Directory Server v.6.0, CA Siteminder SDK R12 SP1,Web Logic 9.2
- Setting up of Service Provider Side
- Siteminder FSS R6 CR 15, Sun ONE Directory Server 5.2
- Enabled federation for the Customer Web site, Single sign on to customer’s portal and using SAML 2.0 Federation exchange getting access to HR service.
- Enabling SSL for IdP, SP Domains, Process of Getting Signing, Encryption Certificate from Certificate authority
- Creation of new Auth Realms, Rules, Policies, Authentication Schemes, HTML form template, SAML 2.0 Template and Affiliate Domains for SP Configuration
- Triggering Active rules, Active responses to fetch value from assertion to add in the Headers to the customer specific, Authentication events, Authorization events Handling, Created response for onAuthattempt, onAuthAccept, onAuthReject.
- Worked on J2EE application used SDK API to Modify Custom Assertion generator plug-in to add Attributes, the challenge here is to create an attribute which is partial static and partial dynamic and an XML string.
- Enable Provisioning with CA Identity Manager. Monitored heartbeats and refresh rates for various components of SiteMinder.
- Experienced in creating and maintaining security policies for SiteMinder.
- Configured Node manager for administration of Managed servers.
- Installed and configured Wily Introscope Enterprise Manager with agents.
- Responsible for deploying enterprise applications from Admin console and enabling security using LTPA and LDAP for admin console and application components on AIX.
- Provided training and group presentations on SiteMinder security planning to all employees, using Microsoft Visio and PowerPoint.
- Experience in implementing failover and load balancing schemes between WebAgents and Policy Servers and also between PolicyServers and LDAP.
- Experienced in setting up integrated security access to the portal and Single Sign-On.
Confidential, Atlanta, GA
- Experience in configuring multiple Site Minder Instances with Siteminder Federation/Option Pack. (Ping Federate Equal)
- Installed, Configured and Managed Netegrity SiteMinder 6.0.
- Migration of policy server from SiteMinder 5.5 to 6.0 for Load balancing, and failover configuration of the Policy store.
- Involved in Virtualization / Decommission of SiteMinder policy servers and sunoneldap servers across multiple data centers.
- Migration of Dev/UAT/PROD from 6.5 to 12.0 with 1000+ WebAgents
- Involved in detailed setup for troubleshooting and implementation of support procedure.
- Experience in configuring multiple LDAP instances and defined LDAP Schemas.
- Experience in configuring Netegrity Siteminder 6.5/12 with WebLogic 6.0/8.1/9.2 and WebSphere Portal 6.0.
- Defined and maintained Sun and Active Directory (LDAP) security models.
- Administered policy and user stores using the Sun ONE Directory servers while also providing redundancy and availability.
- Involved in Configuring SSL for high security of web application.
- On-call Support (24x7) for both Testing and Production Environments.
- Defined monitoring, maintenance and capacity planning for Siteminder policy servers.
- Designed processes for enterprise Active Directory user, group, printer, file share and password policy.
- Delivered new global enterprise SSO and LDAP architectures for development, staging and Production Environments.
- Upgrade project plan and direction for SiteMinder version 6.0.
- Performed the upgrade from SiteMinder version 6.5 to 12.0 in development, staging and production environments’. This included all web server agents, policy servers and Active Directory policy stores involving 2000 Plus applications.