SUMMARY:

• Rishika has 8+ years of experience in IT engineering and Information Security, in architecting and deploying Identity Management, LDAP Directories, Single/Reduced Sign - On (SSO), PingFederate, RSA, CA/Netegrity SiteMinder. Provisioning and /Identity Workflows, Access Management, RBAC (Role-Based Access Control), Compliance and Auditing Technologies, Federated Identity/Federation, Enterprise Security Infrastructure Design, Authentication and Authorization technologies, as well as custom-built security and technology frameworks. Persuasive verbal and written communication skills compliment a proven ability to multi-task, maintain an organized approach, and ensure success - even when faced with high-pressure or high-risk situations.
• Integration of third party applications with various Single Sign On matrix like Open Token, Agentless and SAML based services through Ping Federate, created both WS-Fed and SAML 2.0 protocol Service Providers endpoints using Ping Federate.
• Experienced in Identity and Access Management tool - SailPoint IdentityIQ Access Governance, in Configuring Connectors, Role Management, Life Cycle Manager Provisioning and Access Certifications, Report generation, Integration with end/target systems and SailPoint Identity IQ APIs, REST APIs, Custom Connector, Patch up gradation.
• Experience in network protocols, Firewalls and Communication Network design. In-depth knowledge of deploying and troubleshooting IP protocols. Experience and familiar with both Windows server, Linux platform. Experience in upgrading SiteMinder/Identity Minder from 6.x to 12.0 and from 12.0 to 12.51
• Efficient use of Microsoft VISIO as technical documentation and presentation tools. Proven experience in network/hardware/operating system troubleshooting, PC assembly, system integration, technical support and customer service helpdesk.
• Effectively plan, install, configure and optimize IT infrastructures to achieve high availability and performance. Experience of working in both Windows and Linux-based IAM implementations. Quick learner and experience working with production and 24x7 on call environments.
• Exporting Metadata, creating Adapters, Service Provider connections, Identity Provider connections, replicating configuration archive, importing and exporting SSL certificates using Ping Federate, Experience with using IdP initiated and SP initiated SAML profiles with different binding methods like POST, Artifact, Redirect to deliver a custom SSO environment as per the requirement
• Configured Ping Gateway to Authenticate the users and API’s through Ping Access and Ping Federate, involved in migration and implementing Security and Infrastructure solutions using Netegrity/CA SiteMinder 5.x/ 6.0/12.0/12.51 and Oracle 11g Directory Server (LDAP).
• Expertise in Installation, Deployment and Administration of IBM WebSphere Application Server, Oracle WebLogic Application Server 8.x/9.x/10.x, 4.x/5.x/6.x, Sun Java System Identity Manager 6.0/7.0/8.0, Sun Java Access Manager 6.0/7.0/7.1, IBM HTTP Server, IIS and Apache Tomcat Server.
• Expertise in designing and building the Security Infrastructure and installation, configuration, troubleshooting and performance tuning of CA SiteMinder, CA Identity Manager, Sun ONE Directory Server/Active Directory, WebSphere, WebLogic and JBoss Application Servers on distributed platforms.
• Experience in LDAP design including the deployment of Sun One Directory Server. Designed Single Sign On. Architecture design, task estimation and documentation. Experience implementing SSO (Single Sign On) functionality between various applications using SiteMinder 5.5/6.0/12.5.
• Experience in Upgrading the environment like upgrading CA SiteMinder Secure Proxy Server 6.0 sp3 cr6 to 6.0 sp3 cr7, 12 sp3, SiteMinder 6.0 to 12.5 and Sun ONE Directory Server 5.2 to 6.3. Experience in deploying J2EE components on WAS 5.0/5.1/6.0/6.1 using WAS Admin Console.
• Extensively worked on BEA WebLogic Application Server as an administrator in installing, configuring and administering Server Configuration, Deployment of Components and Performance Tuning including Troubleshooting and Maintenance.

TECHNICAL SKILLS:

Platforms: Apache Web Server 2.0/2.2, Microsoft IIS 5/6/7, IBM HTTP Server 6.0/6.1/7.0/8.5. x, Microsoft IIS 5/6/7, BEA Web Logic Server 8.1/9.2, IBM Web Sphere Process Server 6.X, 7.X, 8.5.x BEA Web Logic Server 8.1/9.2, Tomcat 5.0/5.5/6.0, I Planet/Sun ONE Web Server.

Tools: Fiddler, Site Scope 8, Jmeter, Load Runner, SailPoint IIQ 7.0p2/6.3/6.4 CVS, Clear Case, Clear Quest, SVN, MS Visio, MS Project.

Security platforms: SiteMinder 5.x/6.0, 12.x, CA Identity Manager r12, Oracle Identity Manager (OIM) 10g/11g, Oracle Access Manager(OAM) 10g/11g, Oracle Role Manager (ORM), CA SiteMinder/SSO 6.0/R 12.x, (OAAM), Sun Identity Manager 7.0/8.0, Layer 7, Ping Federate, Single Sign On (SSO), Secure Proxy Servers 12.x

LDAP Directories: Oracle Internet Directory (OID)10g/11g, Oracle Virtual Directory (OVD) 10g/11g, Active Directory, Tivoli directory Server, Sun ONE Directory Server, Novell eDirectory

Programming: C, C++, Java, Korn Shell Scripting, HTML, XML, WLST, Perl, Jython, Python, Ant

Operating Systems: SUN Solaris 8/9/10, IBM AIX 5.2/5.3, Windows 2000/2003/2008/ R2/2012, Red Hat Linux 4/5

Markup Languages: HTML, XML, DHTML

DB2, Oracle 8i/9i/10g, MS: Access, SQL Server

Protocols: TCP/IP, FTP, SMTP, LDAP, SOAP, JSON, RMI and HTTP

PROFESSIONAL EXPERIENCE:

Confidential, Salt Lake City, UT

Sr. IAM Engineer

Responsibilities:

• Working with application’s business and technical teams to gather requirement to integrate application with PingFederate/PingAccess/PingID for Single Sign On. Designing and implementing applications integration with PingFederate/ PingAccess/PingID in both Non-Production and Production.
• Creating SP /IDP connections in Ping Federate using SAML2.0 protocol based on applications details or metadata. Working with IBM team to gather requirement to migrate Junction based application from IBM to Ping Access.
• Designing and implementing solution to migrate junction-based application from IBM to Ping Access. Creating various Ping Access configurations - creating site, application, Identity Mapping, Web Session etc.
• Configuring Ping Access logout and sharing the URL with Application team. Configure Ping ID MFA in ping Federate for providing two factor authentications for some applications Troubleshooting application integration/migration issue with respect to Ping SSO.
• Identify security gaps through Ping; if there is any, then will develop roadmap/solutions that fit with company/customer systems architecture standards.
• Research, evaluate, design, test, recommend, and plan implementation of new and/or improved information security with a focus on SSO and MFA with consumers, caregivers, vendors and partners.
• Manage SSO and MFA server inventory and work with different teams to manage SSO servers, firewalls, storage, network etc.
• Demonstrate a working knowledge of identity and access standards and technology including SAML, OAuth, OpenID Connect. Integrate Ping with common identity stores like LDAP, relational databases, application servers, virtual directory servers, physical access management systems.

Environment: Ping products (PingFederate, Ping Access, Ping Governance, Ping Datasync, Ping Directory), SAML 2.0, SAML1.1, WS-FED, OAuth2.0, Active Dir

Confidential, Menomonee Falls, WI

IAM Engineer

Responsibilities:

• Worked with SailPoint and server migrations to beyond trust. Worked on provisioning and password management, Identity governance, access management. Experienced in user lifecycle management, Provisioning of accounts, creating access profiles, certification implementation on SailPoint.
• Setup of roles in ISIM and SailPoint. Also, setup of provisioning policies in ISIM. Setup of access profiles in SailPoint. Role-mining based on existing access and lines of business. Raising role requests in service now and using access management application for mapping it to the existing business process.
• Migrating servers from LDAP to AD. Making sure everyone has the right access to right systems and giving them access to certain applications based on the requests of the application owners. Configured SSO Integration Adapters for session clean up as part of Single Logout (SLO) in the SSO implementation.
• Identified different SAML 2.0 issues and fixed the issue in NetIQ Access Manager 3.1.Worked on ping federate both inbound and outbound calls using SAML 2.0.Migrated SAML and OAuth connections from NetIQ Access Manger to Ping Federate in staging Environment.
• Plans to all the application teams, useful when they need to take off the SSO. Configured SSO Integration Adapters for session clean up as part of Single Logout (SLO) in the SSO implementation.
• Prepare a plan for user communication to switch from ADFS to Okta SSO. Created a detailed implementation and migration guide for Office 365 Okta SSO integration. Document detailed technical steps to be executed by administrator’s to accomplish federation configuration switch from ADFS to Okta. Active member of PAM Team responsible for the deployment of CyberArk Security Initiatives.
• Created detailed document illustrating current user’s SSO experience using ADFS. Document client’s Okta SSO implementation and user guides. Leveraged SailPoint IdM infrastructure to provision birth right SSO AD groups to provide access entitlements for end users.
• Involved in requirements gathering discussion with Workday app team and helped them utilize Okta’s SSO feature for Workday. Multi-tasking managing multiple application owners and technical contact to drive SSO integration and external user provisioning objective.
• Document existing Office 365 use cases as part of requirement gathering exercise. Prepare a plan for user communication to switch from ADFS to Okta SSO. Created a detailed implementation and migration

Environment: CA IDM 12.x, JDK 1.4/1.5, J2EE, JDBC, XML, SAML 2.0, NetIQ Access Manager 3.2/4.2/4.3 CA SiteMinder 5.X/6.X/12.x, Ping Federate 7.1/7.3, Sun ONE Directory Server 5.X/6.X, Okta SSO 3.4.x SAML 2., CA Identity Manager r8/r12, Ping Federate 5.x/6.x/7.x.

Confidential, Irving, TX

IAM SSO Engineer

Responsibilities:

• Deploying Staples CA SSO 12.52 and CA Identity Manager 12. 6 infrastructures from the scratch, with accompanied LDAP repositories like ODSEE, AD. Actively involved in the Requirement gathering for SSO enhancements to the existing project.
• Implementing SSO (Single Sign-On) among the applications configured with Access Manager. Worked on implementing SiteMinder environment from the scratch and integrating enterprise applications with SiteMinder. Configured System objects like Agents, Agent Conf Objects, Host Conf Objects, User Directories, Domains, Administrators and Schemas.
• Develop POC for Agent for SharePoint and enable SSO for SharePoint site collections, Migrated all SiteMinder protected Applications to ping Access. Created Joint Condition from AD and Sun One directory server defined in VDS Radiant Logic for user Search from SiteMinder Policy Server.
• Prepare a plan for user communication to switch from ADFS to Okta SSO. Created a detailed implementation and migration guide for Office 365 Okta SSO integration. Document detailed technical steps to be executed by administrators to accomplish federation configuration switch from ADFS to Okta. Set up Partner connection using Ping Federate 7.x( IdP and SP initiated SSO)
• Document existing Office 365 use cases as part of requirement gathering exercise. Prepare a plan for user communication to switch from ADFS to Okta SSO. Created a detailed implementation and migration guide for Office 365 Okta SSO integration.
• Experience in installing Ping Access in clustered and high-availability mode, Have knowledge in Upgrade and maintenance of Ping Access and Federation product tools. Implement the SSO for new applications with Ping Access and Federation Manager.
• Configured Ping Federate 6.x/12.x for SSO across multiple web based enterprise applications. Installed and configured PingFederate 7.0.1 with the existing Siteminder environment and used LDAP authentication for the admin console. Experience in configuring SSO with Ping Access using out of the box and custom developed authentication schemes
• Researching, recommending, and implementing new solutions in support of project and business requirements with focus on security and privacy. Perform system, security, and application log and reports reviews following established procedures.
• Implement the SSO for new applications with Ping Access and Federation Managers. Configured SiteMinder for SAML Federated Authentications by configuring ID Provider/Consumer using SAML 2.0 POST binding. Document client’s Okta SSO implementation and user guides.
• Integrated Okta with enterprise directory for both internal and external environments. Migrated all SaaS based SSO solutions from SiteMinder to Okta.
• Migration of critical applications that are secured using CA SiteMinder to Ping Federate version 7.1/7.3 Providing support to internal and external teams for integration of applications with CA SiteMinder and Ping Federate, Integration of third party applications with various Single Sign On matrix like Open Token, Agentless and SAML based services.
• Experience with the implementation of RSA two factor authentication tokens for the integrated web service security in a SSO environment for the service provider applications. Configured SSO Integration Adapters for session cleanup as part of Single Logout (SLO) in the SSO implementation.
• Experienced in Privilege Identity Management, Identity & Access Management, and Single sign On, SAML, OAuth, ADLDS, ADFS, OKTA, TLS/SSL, and Active Directory. Fixed Active Directory mapping connection to provision users and groups into CyberArk vault and e-mail notification failures.

Environment: LDAP, PingFederate 8.2.2, PingAccess v4,AD Integration, UNIX, Firewall, IDS/IPS, SIEM, Cisco ASA Firewalls, Okta SSO, CA SSO/SiteMinder 12.52 RSA Risk Based Authentication, RSA 2 Factor Authentication, RSA Envision LDAP Sun One Directory Server, Routers, ACS, DNS, TCP/IP, F5 Load Balancer

Confidential, Irving, TX

IAM Ping Consultant

Responsibilities:

• Performing development, customization, and administration on the CA Single-Sign-On Identity and access management application for mapping it to the existing business process. Installed new CA Single-Sign-On (SSO) R12.52 SP1 policy servers and pooled them into clusters in development, staging and production environment.
• Analyzing planning and implementing CA Single-Sign-On on multiple Cookie Domain and internet security to Enterprise level web applications using CA Single Sign On integrated with Oracle Directory Server Enterprise Edition 11g. Experienced in Single-Sign-On Test tool and Single-Sign-On policy server log files for Troubleshooting Single-Sign-On environment.
• Debugging of authentication / authorization related issues and creating Rules, Responses, Realms and Policies in CA Single-Sign-On. Monitor user activity through CA APM web view, HP Site scope and other exception reports to ensure security is being maintained.
• Experience in installing Ping Access in clustered and high-availability mode, Have knowledge in Upgrade and maintenance of Ping Access and Federation product tools. Implement the SSO for new applications with Ping Access and Federation Manager.
• Experience in installing Ping Access in clustered and high-availability mode, Have knowledge in Upgrade and maintenance of Ping Access and Federation product tools. Experience in implementing Password Policies and reading the password blob using SM agent API.
• Assisted in executing the implementation of IAM systems and upgrade to systems as needed. Assist in updating (SailPoint IIQ) workgroups and Monitor SailPoint IIQ product functionalities. Implemented Self-service feature, Password management feature, Provisioning feature and forgot password change in SailPoint.
• Installed and configured settings for provisioning users from various AD domains. Involved in configuring Okta for user provisioning from Active Directory. Created groups for specific users to enable access for applications such as Duo Security, Service Now, and Zoom.
• Worked on de-provisioning users from few domains that are in-active and unregistered domain from Windows servers Okta AD Agent Manager, Automated various tasks by using Windows PowerShell script for extracting reports for User Registrations, PWR and Unlock accounts.
• Worked on creating group rules for Okta groups to generate reports for Okta Usage which includes Registrations, Password Resets, Un-lock Accounts from System logs on weekly basis. Used VLookups filter in reports to compare data with users in Okta’s Universal Directory.
• Configured Ping Federate 5.x/6.x for SSO across multiple web based enterprise applications. Performed user provisioning in Identity Provider (IDP) site Service Provider (SP) site using SAML for SSO, Technical liaison with new business partners in the Federation protocol space - working with Ping Identity and Trustgenix. Implemented SAML server with Ping ID libs, (java & eclipse).
• Implemented Access Certification, Automated Provisioning and Governance aspects of IIQ. Develop complex workflows and service adapters in the SailPoint Identity IQ configuration interface. In the process of upgrading the IdentityIQ product from SailPoint 6.3 to SailPoint 7.0.
• Configured Ping Federate 6.x/12.x for SSO across multiple web based enterprise applications. Installed and configured PingFederate 7.0.1 with the existing Siteminder environment and used LDAP authentication for the admin console.
• Administrating & Configuring UNIX & Windows servers and ensure all applications are up and running on all servers. Implementation of federation Services (SAML 1.0/1.1/2.0) through CA Single-Sign-On with third party vendors for Single-Sign-On both as Service provider and Identity provider.
• Performed Installation and configuration of SailPoint 7.0. Configured Flat files and JDBC connectors in SailPoint. Assist in updating (SailPoint IIQ) workgroups. Monitor SailPoint IIQ product functionalities.
• Managed client requirements and configure SailPoint connectors. Responsible to manage Administration functionality of the SailPoint such as loading data, create roles, create policies, scheduling tasks and certifications and reports.
• Expertise in analyzing the logs (trace logs, smaccess logs) and Trouble Shooting issues in Integration of other applications using CA Single-Sign-On and Identity Management tools along with LDAP and Web-server agents.

Environment: CA SiteMinder R12 SP2, Identity Manager 6.0, Okta AD Agents, Active Directory, PxM 9.5,J2EE, JDBC, XML,JBOSS 7, OKTA Microsoft Identity Manager SAML 2.0, Sailpoint 7.0,Ping Federate IIS 7.1/7.3, Solaris 8/9/10.

Confidential, Seattle, WA

Siteminder LDAP Engineer

Responsibilities:

• Experience in installing, configuring SiteMinder policy server, Web Agents, Active Directory server (LDAP) and various Web & Application servers. Installed, configured and maintained CA SiteMinder Policy Server 5.x/6.xand Sun ONE Directory Server 5.2 on Solaris, Windows platforms.
• Configured and Defined the Policy Domains, User directories, Rules, Realms, Policies and Responses in SiteMinder and configured SiteMinder web agents, Affiliate agents and RADIUS agents to provide federation of web services in the SSO environment.
• Configured user impersonation feature to enable Customer service department to provide a better service to the business clients. Worked extensively on creating Custom Password policies and Authentication schemes as per the requirement.
• Updated Corporate User store with the expanded user base as a result of new business acquisitions by directory acquisition and Correlation schemas using custom attributes. Extensively used WebService variables to facilitate federation of web services.
• Installation, Configuration and Administration of IBM WebSphere Application Server 5.x/6.x on UNIX platform, Linux, I series. Migration of SiteMinder 5.5 to 6.0 for advanced Load balancing, failover configurations and for facilitation of user impersonation. Installed and configured WebAgent on Webservers like IIS 5.0/6.0, Apache 2.x, SunOne Webserver 6.1/7.0.
• Configured custom alerts and e-mail notifications based on the business needs. Created and updated the provisioning policies as per the change in the business environment using policy Xpress, Experienced in SiteMinder policy server logs for Troubleshooting SiteMinder environment.
• Experienced in assisting Web Administrators, LDAP Administrators to determine what the best values for SiteMinder parameters and tune the system to boost SiteMinder performance in the Web Tier, the Application Tier, and the Data Tier.
• Experienced with SiteMinder policy server log files for Troubleshooting Site Minder environment. Technical liaison with new business partners in the Federation protocol space - working with Ping Identity and Trustgenix. Implemented SAML server with Ping ID libs, (java & eclipse).
• Working knowledge in installation and configuring SAML Federated security services and web services for enterprise applications. Installed, configured and integrated Web servers (plug-in file), SiteMinder agents and LDAP user directory with Weblogic Server V10.
• Installation configuration and maintenance of RSA authentication manager 6.x for enabling token based authentication along with the form based authentication as a part of the security solution. Experience with the implementation of RSA two factor authentication tokens for the integrated web service security in a SSO environment for the service provider applications.
• Monitored and implemented the failover and load balancing strategies between the Web Agents and Policy Servers, Implemented Ping Identity’s PingFederate v.2.1 using SAML 1.1 protocol to provide authentication, attribute and authorization portability across autonomous security domains for customers.
• Installed, configured and integrated Web servers (plug-in file), SiteMinder agents and LDAP user directory with WebSphere Application Server, Monitored & Supported Sun One LDAP Directory and SiteMinder in Production Environment.
• Fine-tuned response time by configuring Site Minder, Agents, DIT’s & LDAP parameters, Installed & Configured SiteMinder Policy stores, Key stores, User stores and Integrated with LDAP. Expert in setting up SSO Environment for SiteMinder and SunOne LDAP directory server.
• Hands on experience with configuring LDAP initiated and SP initiated SAML profiles with different bindings like POST, Artifact, and Redirect as per the custom business and security requirements. Creating Open SSL Certificates and using the same for Federation of external Services to achieve the purpose of maintaining confidentiality, message integrity and bilateral Authentication.
• Worked on Load balancing and clustering under SiteMinder for ensuring high availability. Effectively maintained the policy store, key store and the user store. Experience with performance tuning of policy servers and associated components and generating performance reports using customized crystal reports.

Environment: CA SiteMinder 5.X/6.X, Identity Manager 6.0, Web agents 5.x/6x, IBM WebSphere Application Server 5.x/6.x, 1.4/1.5, J2EE, JDBC, XML, SAML 2.0, Sun ONE Directory Server 5.X/6.X, CA Identity Manager r8/r12, Apache 2.x, IIS 5.0/6.0, Solaris 8/9/10, Windows 2000/2003, Oracle 10g/11g, SQL Server 2005, DB2 8.X.

Confidential

System Engineer

Responsibilities:

• Worked on defining various SiteMinder Policy Server System objects and Domain objects, Password Services and associated different realms, rules, responses and policies with it. Performed ongoing SiteMinder infrastructure load testing, tuning to support business growth.
• Installation of eTrust SiteMinder Agent r6.0 for IBM WebSphere. Installation of SiteMinder Policy Server Optional Pack and Web Agent Optional Pack for Federation, Responsible for installation of various components involved in the setup of a standalone security setup using LDAP and SiteMinder.
• Installation and configuration of Sun ONE Directory Server 5.2 and SiteMinder SP 5.0. Designed logical security application architecture integrating WebSphere Application Server, SunOne Web Server, iPlanet LDAP Directory Server, Netegrity SiteMinder and implemented Single Sign-On security.
• Maintained Redhat Directory server central repository for an Identity Management infrastructure, user management, eliminating data redundancy and automating data maintenance.
• Expertise in configuring, administering and deploying components like iPlanet, Netscape, WebSphere application server, Tomcat, Java web server, Directory server (iPlanet directory server (LDAP 5.x), Netegrity Siteminder and Netscape administration server.
• Worked on writing Shell script and Linux script for command line interpretation of Operating system. Implement Policy-based Security using Web Agents, User Directories, and Realms. Authentication, Schemes, User Sessions, Rules, and Responses to protect, manage, authenticate and authorize access to enterprise resources. Creating security permissions for resources in policy server.
• Enabling secure connections between directory servers using SSL. Worked on monitoring access/audit/error logs. Auditing/tuning database for better performance of directory server. Installation and configuration of Apache/sun-One/IIS Web Server.
• Determine the root cause, implement solutions, and apply patches to resolve authentication, authorization, and performance issues. Involved in server, policy store and key store configuration file backups. Experience with Change management procedures.
• Troubleshooting SiteMinder environment using SiteMinder test tool and SiteMinder policy server log files and agent log files. Configured custom alerts and e-mail notifications based on the business needs.

Environment: Netegrity SiteMinder 5.5/6.0, Sun ONE Directory Server (5.1, 5.2), IBM WebSphere Application Server 5.x/6.x, Web agents 5.x/6x., XML, SAML 1.0, Oracle9i, BEA WebLogic 9.2/8.1, iPlanet 6.0