Extensive experience as an application architect and designer specializing in SSO (Single Sign On), Federation Service, PKI design, implementation, and management. Six Sigma Green Belt.
Operating Systems: Unix (Solaris, HP UX, AIX), Windows, Linux
Applications: Oracle/Sun Directory Server 11G, 6.3, 5.2; Enterprise Server, Application Server, CA/Netegrity SiteMinder R12, R6; IndentityMinder R12, R6
Oracle: Access/Identity Server 11G
BEA: WebLogic, IBM WebSphere
Microsoft: Active Directory, Ping Federatation Server
Confidential, Somerset, NJ
Lead Internet Engineer
- Upgraded Siteminder from version R6 to R125. including the design of a new high availablility and scalable architecture consists over 60 production siteminder policy server around the world, which capable handles over 2000 applications.
- Manages bank Siteminder and Ping federated infrastructure, consists over 100 CA siteminder policy server with R12 and R6 and Ping federate server around the world. Support over 2000 applications enterprise wide, and thousands agents on the web servers.
Confidential, Somerset, NJ
Lead Internet Engineer
- Upgraded Siteminder from version R6 to R12. including the design of a new high availablility and scalable architecture, consolidating different lines of business applications into a single platform. Managed the migration, testing and cut - over of 200 applications on schedule and without business interruption.
- Designed an enterprise-wide Federation Service solution. Project scope included products evaluation, proof of concept based on SAML, infrastructure building, and working with partner corporations to integrate applications.
- Migrated enterprise directory servers supporting 10 million users from Sunone 5.2 to 6.3. Project included working with team members on the design of new architecture.
Confidential, Roseland, NJ
Led Technical Analyst
- Led the engineering team in developing and implementing internet security infrastructure and integration based on Siteminder 5, iPlanet Directory (LDAP) Server 5.1, iPlanet Web Server 6.0, IBM Websphere, and iPlanet Certificate Management Server (PKI).
- Upgraded the iPlanet Directory servers from version 4.11 to 5.1SP2 and converted the single master supplier server to multi-master supplier servers to increase the availability. Created all new replication agreements between suppliers and consumer’s on-site and off-site.
- Upgraded Siteminder from version 4.61 to 5.1 including upgrading Policy Server, converting policy store, working with various application teams to upgrade the web agents to version 5.
- Implemented new PKI to existing security infrastructure including building new Register Authority Server and Certificate Authority Server based on iPlanet Certificate Management Server. As result, company was able to add x.509 authentication mechanism feature to the infrastructure, giving clients a more secure authentication option.
Confidential, Kansas City, MO
- Managed agency’s E-Commerce application security infrastructure and Single Sign On (SSO) design, implementation and Support.
- Implemented agency’s Siteminder 5.5 upgrade, including project planning, exported the Siteminder policy store and key store before upgrade, and applied software upgrade to all the servers including production, staging, developing, imported policy store and key store.
- Designed the agency’s new application security infrastructure based on Microsoft Active Directory and Netegrity Siteminder platform, consisting of over millions of user entries at three production sites with fail over capability to each other. Task included designing the agency’s wide directory architecture, schema, installing Microsoft Active Directory servers and Netegrity Siteminder servers at each site.
- Setup application Single Sign On (SSO) migration plan. Worked with each individual application development team to migrate its application to new Active Directory/Siteminder platform. Task included design and setup policy domain and rule to each application, application code change, export and import the user entry to Active Directory from its legacy systems, setup migration schedule, migration communication plan, functional and stress test after application migrated.
Confidential, Pittsfield, MA
E-Commerce Infrastructure Security Leader
- Managed E-Commerce application project security, including design and support enterprise wide architecture for Web applications. Coordinate with different applications team to ensure the applications developed compliant with company’s standard and proper security mechanisms (LDAP and Siteminder).
- Implemented a new enterprise wide security mechanism based on 4 iPlanet LDAP servers and 4 Netegrity Siteminder servers for both internal Single Sign On (SSO) and extranet applications. Designed and setup schemas, namespaces, replication and synchronization processes, web agent installation. And covert existing applications to new security platform. As a result, company able to simplified to single platform for all the applications, and reduces the development and support cost.
- Implement over 60 applications Single Sign On (SSO) enable migration. Worked with applications team to design the migration plan and roll out plan and communication plant of the users. Tasks including installed web agent on every web servers, configured each web agent to enable SSO feature, tested each applications after SSO enable, roll out the end users.
- Define and document new E-Commerce application implementation process strategy and plan, including code test procedure in staging server, and security/legal review procedure, application stress/performance test using QA tools Loadrunner, Winrunner and others, changing control process after application went production.
- Managed a team consisting of 8 on-shore and offshore engineers to support company’s daily E-Commerce activity, including implementation, administration, monitoring and support NES, NAS, LDAP, Siteminder, Jrun, and Resonate applications, DB2 and Oracle Database connection.
- Designed and implemented company’s global E-Commerce architecture including development / QA/ production environment in distributed mode on over 50 UNIX and NT server at 3 DMZ in Exodus and 3 Data Centers around the world with multi-layer of routers, switches, and firewalls. The environment delivered a cost effective, fault tolerance and scalable platform for enterprises wide E-commerce applications.
- Lead a team that installed and configured 12 iPlanet Enterprise Servers, 4 iPlanet Application servers, 6 Macromedia Jurn servers, configured over 50 web applications on these servers, deployed applications code, performance tests.
- Define and document new E-Commerce application implementation process, including QA, security/legal review, changing control.
Confidential, Covina, CA
- Implemented new one-time-password authentication using RSA soft and hard tokens for a local corporation branch.
- Project included issuing a token for over 200 users, setting up accounts in corporate servers, users training, and daily maintenance.
- Managed a federal agency nationwide system upgrade.
- Replaced existing agency’s Novell server with 15 NT servers, and upgraded workstations to Windows NT. Project delivered a unified platform that enabled the agency to consolidate their applications into one platform. The agency saved millions of dollars on applications maintenance and user training each year.
- Provided a one-stop solution for a defense agency engineering division.
- Project included delivering Sun/NT servers and workstations for engineering development, and integrating these systems with existing agency’s engineering applications and system.
- Components included VAX, mainframe, high resolution scanning device, and variety output device.