We provide IT Staff Augmentation Services!

Info Security Engineer Resume

Wheeling, IL

PROFESSIONAL SUMMARY:

  • A skilled and motivated MiddlewareEngineer with 10+ years experience of successful experience in designing, implementing, upgrading, enhancing Security software to support strategic business objectives.
  • Experience in Middleware Security Product Administration. This includes extensive work in Installation, Configuration, Deployment, Administration, Trouble Shooting and Migrating of CA SiteMinder, Sun One Directory Server, Web security, network security, database systems, and Enterprise Document Management.
  • Involved in scoping, elaborating and designing IDM core components for an in - house IDM Solution using cloud based micro services Architecture. Also supported existing IDM platform for Confidential (NT) which currently has 35 k users and 1000’s of applications.
  • Good Experience in building & supporting both Windows and Linux servers/environment.
  • Extensive experience in implementing Single Sign On solutions using Ping Federate and CA SiteMinder and Sun One/Oracle Directory servers.
  • Expertise in installing Ping Federate Server on Solaris, Redhat Linux, AIX and Windows environments.
  • Expertise in installing and configuring SiteMinder Policy Server on Solaris, Redhat Linux, AIX, Microsoft Azure Cloud Computing and Windows environments.
  • Extensive experience in different SiteMinder Web Agents on HTTP Web Servers like IIS, Apache, SunOne Web Servers.
  • Experience using PING Identity Solutions for performing the federation aspects in large enterprise networks.
  • Migrated SAML Based SSO partners from Ping Federate 7.1 to Ping Federate 7.3 and 7.3 to 8.2.
  • Supported development with integration of Mobile Apps using OAuth/SAML in Ping Federate.
  • Excellent communication skills and working on with SAML Trace, Server log files for trouble shooting the error from client end.
  • Used Ping API to deploy and create SAML changes.
  • Highly experienced in SAML2.0 POST federation using Ping Federate and CA SiteMinder 6.x, R 12.x and R12.5x and setting up both IDP's (Identity Provider) and SP's (Service Provider).
  • Solid understanding of Identity SAML Management architecture and exposure to entire features of CA SiteMinder (Policy Servers & Web Agents), PingFederate 7.1.2 and later versions, Oracle Access Manager, ADFS.
  • Experience with using Secure Proxy Servers and Reverse proxy servers.
  • Experience in configuration of Ping Access Authentication Schemes, Policies, Realms, Rules and Responses.
  • Customization using JAVA for the following IDM task
  • Migration of IDM roles, policies. Migration of IDM environment settings, custom code.
  • Involved in understanding Confidential ’s business needs and enable solutions using SUN Identity Manager (Waveset 7.X) product. Designed and developed Sun IDM solutions at Confidential to manage user identities and accesses in various target systems: LDAP, Active Directory, SAP, Livelink, Arcot, PeopleSoft Google Apps, Role Manager (RBAC), Solaris, SolarisMailstore, Prosoft, Kerberos
  • Installed and configured Micrososft Azure AD, AD Connect, ADFS and ADFS Proxy component, setup ADFS for SSO to support various type of authentication protocols like Security Assertion Markup Language.
  • Experience in configuration of SiteMinder Authentication Schemes, Policies, Realms, Rules and Responses.
  • Experience installing and configuring different J2EE Application Servers like WebSphere,JBoss, Tomcat and WebLogic.
  • Experience in installing and configuring Oracle DSEE 11g.
  • Production Support 24X7 on call rotation basis, maintain and monitor Ping Federate Servers.
  • Implemented Logging and Auditing system for SiteMinder to track and identify user activity as well as acquire intrusion reports of unauthorized attempts at access.
  • Working knowledge on CA Identity Minder, Auth Minder and Risk Minder.
  • Hands on experience in designing, deployment, disaster recovery, fine tuning, replication and maintenance of Oracle/SunOne Directory Servers on Solaris and Windows platforms.
  • Expert in maintaining, troubleshooting issues in production environment.
  • Involved in Designing IDM connecter services for the In-house java based custom IDM solution
  • Involved in documenting and elaborating the existing business AS-IS process IDM workflow Artifacts
  • Expertise in Developing, Configuration, Deployment, Troubleshooting and Management of Enterprise Applications for CA IDM, CA SiteMinder and CA e-trust Directory server.
  • Maintained both Test and Production servers for Ping Federate along with the cluster management and timely Replications to deploy changes to servers.
  • Designed, deployed and supported highly available and scalable Ping Federate infrastructure in AWS and On-premise that provides single-sign-on (SSO) and federation solutions for internal accesses.
  • Implemented a single sign on authenication from Ping Federate Server and AD server. Users are generated on the fly using LDAP import with their corresponding role based access
  • Played a leadership role for implementing infrastructure of new enterprise applications using technologies such as WebSphere, JBOSS, WebLogic or Tomcat (J2EE) app servers.
  • Troubleshooting issues related to SSO, authentication and authorization, as well as troubleshooting LDAP issues, Ping Federate, ADFS, PingAccess.
  • Worked as Load Balancing Engineer where I was part of load balancing team providing extensive support for various banking applications which are desktop and mobile
  • Worked in successful implementation of Single Sign On and Federation Solutions on Prod, QA and Dev environments.
  • Configured Affiliate agents, RADIUS agents to provide federation of web services in the SSO environment providing authentication & authorization to IDM.
  • Worked on Single Sign On (SSO) to implement security polices and handle LDAP, Siteminder and Webserver on Solaris environment. Also in has scope for maintenance of RSA SecurID.

TECHNICAL SKILLS:

Access Management Platforms: Ping federation 7.X/8.X, CA Single Sign On (Site Minder 6.X/12.5X), CA Authminder, CA Riskminder, Ping Identity Ping Federate, CA API Gateway, CA Secure Proxy Server, Open IDM 4.0,Oracle Waveset / Sun IDM 5.5/6.0/7.1/ 8.1

Open Standards: OAuth, OpenID, SAML sp

Directory & Application Server::

LDAP directories: Microsoft Active Directory, CA directory, Oracle RDBMS, MySQL, IBM DB2, Sun Java Enterprise System (JES) Directory Server, Oracle Virtual Directory. JBOSS 4.1, IPlanet, Sun One, Tomcat 6, IBM WebSphere 6.x, Rational Weblogic6.x

Programming and Markup Languages: Java, PHP, Perl (including Active State), Unix Shell,HTML/XHTML, XML/XSL, JavaScript (including JQuery and AJAX), C/C++, SQL, Oracle PL/SQL, Python, Visual Basic.

Web Technologies Apache web server: IBM HIS, ASP.NET, C#, VB.NET, Web Services,Micrososft Azure, JSP, JAVA, HTML / DHTML, XML, SAML, OAUTH, WebLogic and WebSphere.

PROFESSIONAL EXPERIENCE:

Info Security Engineer

Confidential

  • Installed, configured and maintained Netegrity/ CA SiteMinder Policy Server 6.X/12.X, CA IDM r12.x and Sun ONE Directory Server 5.2 on distributed platforms.
  • Written custom active responses to extend the capabilities of SiteMinder and to support the client requirement.
  • Hands on Experience on other Single Sign-On products like CA SiteMinder. Implemented and Designed Access Management Solutions.
  • Experience in migrating Identity & Access Management systems across datacenters.
  • Experience in installation, configuration, deployment, administration and support of Optimal IDM products (Federation Identity Services & Virtual Identity Server)
  • Built a fully functional, secure, robust, highly available Identity & Access Management portfolio using gamut of IdM products for firm-wide SSO needs. This was moving existing services across datacenters.
  • Experience in installation, configuration, deployment, administration and support of CA/Netegrity SiteMinder 6.0 & R12.5/R12.52, Sun One Directory Server LDAP 5.2/6.0/6.3, Oracle Directory Server 11g and maintaining Single Sign On (SSO) solutions for applications to maintain firm-wide SSO
  • Experience in LDAP based directories like Sun ONE Directory Server, Oracle Directory Server 11g and Microsoft Active Directory.
  • Experience in installation, configuration, deployment, administration & support of Microsoft Web Application Proxy (WAP), along with ADFS.
  • Created internal tools for administrators to manage & control internal IdAM services.
  • Experience in using Virtual Identity Server to consolidate directories to provide backend consumers with seamless data experience regardless of backend database.
  • Upgraded SiteMinder Versions, i.e. upgrading of SiteMinder Policy Servers from version 5.5 to 6.0 and SiteMinder Web Agents from version 5.5 to 6.x and then from R6 to R12.5 and very recently led an effort to migrate it to R12.52 from R12.5
  • Upgraded SiteMinder infrastructure from R6 to R12.5. Built a parallel environment and setup SSO between these environments. This was a global implementation across 4 territories
  • Upgrade of CA SM r6 SP1 to r12.1 SP3, SM .7, r12.7 to r12.8
  • Joined Global IDAM Team supporting optimal cloud federation setups. Hands on experience setting up Saml/Oauth relying parties and migrating to higher environments.
  • Installing and Configuring Sailpoint IdentityIQ components and migrating FIM jobs to IdentityIQ.
  • Hands on experience setting SSO using Forgerock OpenAM and setup contextual authorization.
  • Setting up relying parties in Optimal IDAM and create service accounts in Optimal VIS
  • High Availability - Front end and Back End successful Implementation, Infrastructure Monitoring, Services monitoring to the customer IAM environment.
  • Open Format Cookie to final Application, Assertion generator plugin for Identity Mapping services for inbound use cases. Setup different oAuth 2.0 grant flows in Optimal IdM federation server
  • Worked with the TCS offshore team to use SAML token validation and certification processes to troubleshoot various partner federation issues such as Name ID format mismatch, certificate issues and timing mismatch issues.
  • Involved in requirements gathering discussion with Workday app team and helped them utilize Okta's SSO feature for Workday.
  • Prepare a plan for user communication to switch from ADFS to Okta SSO.
  • Configuration and integration experience Single-Sign On SSO (with SAML, ISAM).
  • Providing 24/7 support working in flexible shifts
  • Support whole infrastructure of Identity and Access Management.
  • Installation of CA Siteminder, CA Identity Manager and Registering Apache web agents (DMZ apaches and internal apaches), ASA Agents for web logic and Setting up Web logic reverse proxy for Federation services
  • Handling Custom Auth schemes, Message Consumer plug-in for Siteminder schemes
  • Installing report server, WAMUI and merge with Siteminder and IDM to generate reports and to enable Auditing.
  • Installation of CA Siteminder, CA Identity Manager and Registering Apache web agents (DMZ apaches and internal apaches), ASA Agents for web logic and Setting up Web logic reverse proxy for Federation services
  • Handling Custom Auth schemes, Message Consumer plug-in for Siteminder schemes
  • Migrating CA SSO to Forgerock SSO
  • Onboards new AWS accounts with LDIF files in linux to add configuration changes to OpenAM
  • Onboards BSP applications to our cloud platform for authentication/authorization to users
  • Monitors Forgerock Systems logs for OpenAM, OpenIDM, ans OpenDJ
  • Monitors connectors for federated systems and Active Directory access to ForgeRock LDAP
  • Provides Identity and Access Management support for the BSP cloud platform utilizing Active Directory and Forgerock LDAP suite
  • • Involved in Configuration and development of SailPoint Life Cycle Events (LCM).
  • • Configuring various roles and policies in SailPoint.
  • • Implemented Restful web services to connect the AC and SailPoint applications and fetch the data into portal application.
  • Manager R12, Policy Store, User Store configuration.
  • Hands on experience on Ping Federate, CA Single Sign-ON, CA Advance Authentication, CA Secure Proxy Server, Ping Access, and Ping Cloud.
  • Co-ordination with Ping Federate vendor if any software related issues.
  • Maintained both Test and Production servers for Ping Federate along with the cluster management and timely Replications to deploy changes to servers.
  • Developed custom Ping Agent using Ping SDK and Implemented SAML Protection with Digital Signature.
  • Migrated SAML Based SSO partners from CA Single Sign-On federation to Ping Federate.
  • Converted from Sun IDM in production to OIM and add a TAM LDAP Java plugin.
  • Have effectively handled IDM administrative tasks including password policies, bulk account actions, creating, defining and editing IDM objects and IDM approval.
  • Integrated IDM with CA SSO, Providing Authentication and Authorization to IDM.
  • To manage the user identities CA IDM was used. Identity Management, Multifactor authentication and Password Management.
  • Primary support for the IDM team to resolve account propagation and sync error issues for users across the globe.
  • Used Siteminder tools like smobjexport, smobjimport to export and import Policy Stores respectively, smreg to change the Siteminde super user password.
  • Troubleshooting Siteminder environment using Siteminder policy server log files and agent log files.
  • Used Ping API to deploy and create SAML changes.
  • Delegated Authentication on External VAM System.
  • Remote Provisioning, Account Linking CA IDM R 12 CR 5.
  • Experience in installing, configuring SiteMinder policy server, Web Agents, Active Directory server (LDAP) and various Web & Application servers.
  • Created policies, realms, rules and responses to protect the applications and configure them to work under the SSO environment.
  • Integrated new applications with SiteMinder and configured them to work under SSO.

IAM Engineer

Confidential, Wheeling, IL

Responsibilities:

  • Implemented fully API based SSO architecture using, CA IDM, Ping Federate, and Radiant Logic Virtual Directory Server which accomplishes end applications integration with SSO easier.
  • Configured CA API Portal, CA API management tasks, Implementation of Rest based security policies, preparing testing strategies, automating maintenance solution, preparing design document and business requirements and implementation of security templates.
  • Experience in CA API Management tasks, configured CA API Gateway and REST API.
  • Involved in integration Services, specifically API Gateway (Layer 7), ADFS and external federation.
  • Experience in writing policies for CA API Gateway (Layer 7).
  • Aggregating users into SailPoint using various connectors like Active Directory, Database and SAP Technologies.
  • Design, implementation and configuration of ISIM solution.
  • User provisioning through portal using ISIM Web Service Call.
  • Configuration of ISIM System Securities - ACI and Views.
  • Requirement gathering, analyzing, designing the ISAM account provisioning and automation process through ISIM.
  • Worked on adapter using TDI for enabling SOAP based endpoint using input from ISIM.
  • Changed ISIM workflows for ADD/MODIFY/DELETE Persons for requested new user registration and approval process for access.
  • Installation and configuration of end point agents and ISIM Services.
  • Proficient in creating and modifying workflows for implementing business flows.
  • Customization and configuration of Workflows for Provisioning and de-provisioning accounts across various internal and external systems in SailPoint IdentityIQ.
  • Developed LCM events in SailPoint IIQ.
  • Good experience on Aggregation and Provisioning Process using various connectors like Active Directory, Database, File Delimiter, and LDAP.
  • Developed and customized workflows, configurations, rules in SailPoint IdentityIQ
  • Created STS ID's used by SOAP Web Services for Authentication wherein the API would authenticate with STS ID and receives SAML Token when posted to Ping STS Endpoint URLs.
  • Designing, developing and promoting standards, guidance and best practices of API Management platform and policies.
  • Extensively worked on integrating third party applications with Ping Federate and Federated more than 50 Applications as Identity Provider with SAML 2.0 protocol.
  • Created Custom Adapter Replacing Site Minder 3.0 Ping Federate Identity Provider adapter.
  • Performed Proof of concept for Open AM, Ping Access 3 and CA Single Sign-On R12.52.
  • Supported development with integration of Mobile Apps using OAuth/SAML in Ping federate.
  • Integrated Site Minder with Ping federate using CoreBlox token translator to bridge the SSO gap between applications protected on either system.
  • Designed, deployed and supported highly available and scalable Ping federate infrastructure in AWS and On-premise that provides single-sign-on (SSO) and federation solutions for internal accesses.
  • Performed POC for Ping Access Authentication Solutions.
  • Created SP/IdP connections using Ping Federate with external partners.
  • Developed shell scripts for backing up current setup and upgrading between different Ping federate versions.
  • Deployed several Ping federate integration kits for Apache, CoreBlox, Atlassian, Java, PHP, Symantec VIP, Agentless, IWA etc., to establish the "first- and last-mile" implementation of a federated-identity.
  • Deployed Policy Agents across different HTTP and application servers: Apache, JBoss, Tomcat.
  • Ping Federate Performance tuning for supporting support heavy traffic.
  • Responsible for assisting vendors to resolve issues aroused during integration.
  • Worked on OGNL Expressions for sending Attributes with modification from CDSN Directory.
  • Hands on in on boarding Ping OAuth Client ID's for REST Web services Authentication with Grant types: Client Credentials, Access Token Validation (Client is a Resource server).
  • Integrated Native Mobile Application with OAuth Infrastructure using Grant Type: Authorization Code, Implicit.
  • Hands on experience with CA Single Sign-On SSO, SAML, user directories, and web access management technologies.
  • Developing custom components to enhance the existing out of the box functionalities provided by CA Site Minder Policy Server and WebAgent.
  • Single Sign On, Identity federation using SAML and OAuth.
  • Installing and configuring Site Minder Advanced password services (SMAPS), Site Minder Proxy server (SPS) etc.
  • Enhancement of Site Minder and overall application performance by doing performance analysis of Site Minder components.
  • Configuring Site Minder policy server, framing Rules and Policies, Policy Server maintenance, SSO configurations, Web Agent & Application Agent installations, Troubleshooting Site Minder integration specific problems.
  • Experience in using Unix/Linux utilities for analyzing logs, and trouble-shooting the applications with Application servers and Security/Identity management servers.
  • Integrated Site Minder to third party internal applications like Clarity, Splunk, Alarm Point, Good integration and Service Now.
  • Deliver support on tight deadlines projects after thorough understanding of needs by speaking to application team. Their useful information enabled me to efficiently reach their target.

Environment: CA Siteminder 12.5x, Ping Federate 7.1, CA API Gateway 8.6-9.2, SAML 2.0, SAML1.1, WS-FED, OAuth2.0, Active Directory, Java, C#, PowerShell.CA Identity Manager, Cyber Ark, Azure Active Directory, AWS Directory, LDAP, ILM, Active Directory

IAM ENGINEER

Confidential, Costa Mesa, CA

Responsibilities:

  • Implementing Federation Solution using Ping Federation to allow the usage of Third Party applications with Marriott wherein Marriott being IDP and the vendors acts as SP.
  • Configured Ping Federate clusters and configured ping one desktop for cloud based SSO.
  • Configured Open Token adapter to send session ID & attribute details to applications integrated with Ping Federate.
  • Have implemented API Gateways (CA API Gateway/Layer 7).
  • Responsible for developing Docker Images to configure API Gateway, my sql and migrating gateway and joining individual images to make complete automation.
  • Updating the certificates in Ping Federation. Experience in ping configuration involving OAuth Implementation for APIs.
  • Developing Adaptor, Scheduler, Connector with the Help of API.
  • Operational 3rd level support and administration of the L7 API Gateways.
  • Worked on Application API Gateways (CA Technologies Layer 7 API gateway) and WS-Policy based policy and assertion development.
  • Worked on Implementing OAuth Configuration with CA API Gateway to provide JWT token to get access to gateway for Clients.
  • Involved in Configuring Gateway cluster and auto provision a Gateway.
  • Used Ping API to deploy and create SAML changes.
  • Worked on API Gateway Migration Utility migrate Out, migrate IN, manage Mappings to Migrate the entire gateway for automation.
  • Migrated SAML Based SSO partners from CA Single Sign-On federation to Ping Federate 7.
  • Application onboarding using PING Federate, integration of User Directories (AD, LDAP) with PING Federate.
  • Creation and maintenance of digital certificates to be integrated with PING Federate for integrity of assertion.
  • Involved in working on Ping Federation, configuration of Identity Provider and Service Provider and troubleshooting various issues regarding Authentication Request, SAML token.
  • Provided solutions for complex application using Site Minder and Ping Federate.
  • Ping federation installation, creating adaptors, upgrading Certs, creating IDP and SP based connections using POST and ARTIFACT bindings.
  • Responsible for Site Minder administration implementation and configuration of Netegrity Site Minder policy server framing and management of Realms Rules Responses and Policies.
  • Creating security Policies for authentication and authorization of users in Policy server and creating Access Control policies in CA Directory.
  • Experience in working various web servers like IIS, Sun One, Apache, IBMHTTPD Server and integrating the web agent for these web servers.
  • Extensive experience in troubleshooting the various issues involved in ping federate regarding SAML response, SAML assertion, Authentication request.
  • Developed custom Ping Agent using Ping SDK and Implemented SAML Protection with Digital Signature.
  • Expertise in Security Integrating of Tivoli Access Manager ebiz with IBM Web Sphere Portal 5.x and Web Sphere Application Server 5.x/6.x
  • Experience working with LDAP based directories - IBM Security Directory Server formerly known as IBM Tivoli Directory Server, CA Directory.
  • Migrated Federated Single Sign on solution from CA Siteminder12.52sp2 with IBM Tivoli Federated identity Manager6.0.

Environment: CA Siteminder 12.x, 6.x, CA API Gateway9.2, Ping Federate 7.1 SAML 2.0, OAuth2.0, AD, Java, PowerShell, Oracle ODSEE 11g, Web Agents, Policy Servers, Oracle LDAP Directory Server 11.0g, IBM WebSphere, SQL Server, HTML, SQL, MS Visual, Cyber Ark, Azure Active Directory, AWS Directory, LDAP, ILM, Active Directory.

SITEMINDER ENGINEER / Developer

Confidential, Columbus, IN

Responsibilities:

  • Integrate applications from development to production, assist development teams in identifying and resolving various issues related to SiteMinder.
  • Created Rules, Rule groups, Response, Response groups, Realms and Policies for Directory Server users, implemented SiteMinder policy based security.
  • Coordinated with the Service providers and identity providers during the SAML Certificate upgrade and architectural changes.
  • Worked with SiteMinder engineering team to document technical specifications and procedures for SiteMinder best practices.
  • Involved in design and upgrading Siteminder Policy Servers from R12.0 to R12.52.
  • Upgradation of WebAgent on Apache and IIS Web Servers.
  • Supported Siteminder 24x7 with on-call rotation. Performed deployments, upgrades and changes during off-business hours and weekends.
  • Worked with the Application development teams to resolve CA Siteminder Agent issues during upgrade process on Microsoft IIS, Apache, WebLogic and WebSphere servers.
  • Installed and configured CA SiteminderFederatoin User Authentication Services using SAML 2.0 Post and creating the policies for Identity Provider and Service Provider in Siteminder Policy Server.
  • Determine the root cause, implement solutions, and apply patches to resolve authentication, authorization, and performance issues, as well as provide feedback to CA Siteminder product bugs.
  • Created documentation for Change Requests, Service Requests, and upgrading processes for support purposes.
  • Analyzed the existing configuration and provided the road map to integrate the CA Siteminder with several web applications.
  • Maintain and Monitor Siteminder Policy Server logs.
  • Handled user tickets, trouble shoot and resolve Siteminder Issues.
  • Supported Operating System and Web Servers patching.
  • Documented the application SSO on-board process procedure for future reference.
  • Performed tuning for Siteminder along with LDAP for better Response Time, Low Latency and High Throughput.
  • Implementation of SSO and authentication services using CA NetegritySiteMinder.
  • Responsible in Performance Tuning for SiteMinder to provide better response time, low latency, high availability and maximum throughput.
  • Proxy service protection for internal Web infrastructure by providing SSL, fault tolerance and load balancing.
  • Assist load testing team during load tests.
  • Prepare project plan and submit weekly progress reports, throughout the project duration.
  • Provided roll-back plans to all application teams when any issue.
  • Supported endurance and regression testing in pre-production environment.
  • Involved in daily Site minder updates for Production, UAT and Development environment.
  • Assisted multiple applications during any production outage.
  • Handled multiple alerts related to servers in various environments.
  • Assisted Infrastructure Team during any changes.

Environment: CA SiteMinder R12 SP3 r12.x, Sun Solaris 9/10, Windows Server 2003/2008, SunOne Directory Server, Microsoft IIS 6.x/7.x, Apache 2.x, Webserver 6.1, Tomcat 4/5,, RHL 5.x/6.x,, Oracle DSEE 11g, Apache2.x, WebLogic and WebSphere.

Entry level developer

Confidential, Urbana-champaign, il

  • Maintain websites to support business initiatives for a global ecommerce
  • Participate in releases end-to-end (i.e. requirements gathering, change documentation and creation of release notes) and ensure communication to all stakeholders
  • Code, test, debug and maintain website content including homepages, landing pages, category pages and feature shops
  • Build efficient, reusable front end components and infrastructure
  • Follow best practices and guidance to optimize application for maximum speed and scalability

Hire Now