SUMMARY

• Around 6+ years of experience in IT field including Installation, Configuration, Development, Deployment, Administration, Trouble Shooting and network security, database systems, and Enterprise Document Management in large scale organizations.
• Experienced in IAM/PAM tools with deployment, configuration, integration and troubleshooting CyberArk Privileged Account Security product suite - Enterprise Password Vault, Password Vault Web Access, Central Policy Manager, Privileged Session Manager, Application Identity Manager, and Privileged Threat Analytics
• Experience in handling various modules of CyberArk, mainly Enterprise Password vault (EPV), Application Identity management (AIM), Central Policy Manager (CPM), Privileged Session management (PSM), Event Notification Engine (ENE). Upgrading CyberArk suite of products from 7.x to 9.x. (CPM, PSM, EPV and PVWA)
• Experience as a security professional in installing, managing and monitoring of CyberArk Privileged account security tool modules.
• Part of Privileged Access Management (PAM) Remediation and Engineering team whose role is to secure Web Based applications on user access and authorization.
• Performing daily operations support and maintenance of all security technologies centric to Privileged Access related information security solutions.
• Hands on experience with IIS, IBM IHS, Apache, Sun One Web servers and WebLogic and WebSphere Application servers in Identity and access management environment.
• Worked with Active Directory, LDAP/UNIX groups, Networks, Human Resource systems for Identity and Access Management.
• Designed SailPoint deployment activities - connector configuration, custom rule development, workflow configuration, and development and third-party system integration.
• Experience with Implementation and Administration of Sail Point for large population of users
• Experience in SailPoint tool customization, Report Generation, Integration with end/target systems, SailPoint API's and Application Development.
• Experience with Installation and configuration of CyberArk Vault, CPM, CyberArk PVWA, OPM CyberArk PSM, AIM, and PSM SSH proxy Architecture and design.
• Experience on IAM products from ForgeRock (OpenIDM, OpenAM and OpenDJ) and building IAM solutions implementing OAuth2 and ODIC specification.
• Extensive experience on boarding Windows, UNIX, Database servers, RACF and Network device into CyberArk
• Experience in managing applications access in Okta and Active Directory. Exposure in design and architecture of PIM using Cyber-Ark. Account management i.e. adding /deleting accounts /group management.
• Managing policies and platforms. Creating and assigning Safes, reconciling accounts, rotating passwords.
• Create AD users and groups for safe delegation and updates. Conduct workshops with application and infrastructure teams about on-boarding privileged accounts.
• Assist application teams with CyberArk application Identity Manager Integrations and linked accounts.
• Generating various reports in IIQ like Identity Reports, Orphan Account reports, Account Discrepancy reports, Role composition report and Application attribute reports etc.
• Coordinating with existing Provisioning Team for the application in order to get the existing User Access Management (UAM) model to make it fit in to IIQ.
• Provisioning application's requests in IdentityIQ to Create/Amend/Delete user access for the on boarded applications. Good understanding of policies in CyberArk Central Policy Manager (CPM) and PAM.
• Developing Application instances and entitlements and Integrating New Application (Connected and disconnected) with OIM.
• Good knowledge in Active Directory and Involved in AD integration and adding user to with their privileges. Identified and tested vulnerabilities and conducted research in the areas of information system and network security.
• Have good knowledge in troubleshooting various issues related to CyberArk.

TECHNICAL SKILLS

Security tools: CyberArk 7.x,8.x,9.x,10.x CA Identity Manager 12.5.x/12.6.x, CA SiteMinder 6.x/12.x, Oracle Identity Manager 10g/11g R1/R2 PS1/PS2/PS3 and Access Manager 10g/11g E1/R2 PS1/PS2/PS3, ADFS and UAG, Microsoft Active Directory

Web & J2EE Technologies: XML, HTML, DHTML, JDBC, CA Identity Manager, CyberArk, OPM (On-demand Privileged Manager), CPM (Central Policy Manager), PAM (Privileged Access Management).

Operating Systems: Linux, Windows, UNIX AIX/HP-UX/

Network Protocols: TCP/IP, HTTP, FTP, SNMP, and SMTP

Web/App Servers: Tomcat, Apache Web Server, WebSphere, WebLogic

Databases: Oracle, Microsoft SQL Server, MS Access, MySQL

PROFESSIONAL EXPERIENCE

Confidential, NY

Security Consultant

Responsibilities:

• Expertise in Installation, Configuration, Deploying, Troubleshooting of Applications for CyberArk Enterprise Password Vault version 7.x, 8.x,9.x,10.x and Active Directory Server on Windows, Linux, AIX and Solaris environments.
• Expert in Upgrading of CyberArk Enterprise Password Vault version 7.x to 9.x. Built, Deployed, and managed Active Directory network encompassing 100+ domain controllers.
• Directed upgrade of Active Directory from Windows 2008 R2 to Windows 2012 and SharePoint, UAG, and ADFS to Windows 2008 R2.
• Monitor CyberArk reports and respond to failed password verification alerts and work with system account owners to resolve failure alerts.
• Configurations including AD integration and Management of CyberArk Enterprise Password vault.
• Managing CyberArk Password Vault Web Access (PVWA).
• Performed PAM Operational tasks such as Creating Safes, Defining Access Control, Policies, User Provisioning and entitlements, Managing Applications Credentials and User Access Policy Management in both production and non-production environment.
• Worked on Active Directory Concepts including Users, groups and Policies.
• As part of CyberArk implementation installed and configured Vault, CPM, PVWA, PSM, OPM, PSMP.
• Worked on Authentication and Authorization of privilege user working with CyberArk and Access Management in both production and non-production environment.
• Worked developing and installing and support the provider agents, pacli commands and custom scripts to automate the distribution and account passwords by CyberArk .
• Expert in installing, configuring SiteMinder policy server, Web Agents, Netegrity Transaction Minder, Active Directory server and various Web Servers and Application servers in both Production and Non-Production environments.
• Cyber Ark Vault Maintenances. Building CyberArk safes and adding different applications/portfolios in the safes. Active Directory group/user authentication and maintenances. Authentication and Authorization of Privilege users working with Cyber Ark and Access Management.
• General managing of Cyber-Ark Security that offers any enterprise a wide range of services and support options to making digital vault solution a success; these services include implementation, consulting, training, maintenance, online support and vault scripting, SIEM, and Digital Certification supporting. Decommissioning servers as need be or as requested by server Engineers.
• Setting security policies to enhance orderliness in the usage of security issues.
• Knowledge of CPM/PPM/EPV/PSM&PSM Recorder for RDP connections and session recording of activity logs in the PVWA, such as SIEM.
• Knowledge of PKI encryption and decryption functionalities in the Vault and EPV.
• Complete knowledge of PIM components.
• Implemented multi-factor authentication and self-service password management using Azure Active Directory in both Production and Non-Production.
• Strong knowledge and experience on scripting languages python, Perl and VB.
• Worked with existing user stores and new external LDAP stores. Integrated Active Directory & Sun ONE directory servers as user stores & SQL Server as Policy store in both production and Non-production environments.
• Cyber Ark Vault Maintenances, 2FA troubleshooting, accesses and authentications, SAPM troubleshooting & repairs, SUPM users authentications and maintenances. General managing of Cyber-Ark Security that offers any enterprise a wide range of services and support options to making digital vault solution a success; these services include implementation, consulting, training, maintenance, online support and vault scripting, and Digital Certification supporting.
• Perform Penetration testing and vulnerability assessment to improve application security.

Environment: CyberArk Enterprise Password Vault version 7.x, 8.x,9.x10.x, CA Identity Manager 12.5.x/12.6.x, JDK 1.6/1.7, J2EE, JDBC, XML, SAML 2.0, CA SiteMinder 5.X/6.X,12.X, Federation, Sun ONE Directory Server, Ping Federate 5.x/6.x, Microsoft Active Directory, Azure AD, ADFS, Tomcat 5.5, Apache 2.0, Solaris 8/9/10, Windows 2000/2003, Oracle 10g/11g, SQL Server 2005, DB2 8.X.

Confidential

IAM Engineer

Responsibilities:

• Involved in CyberArk significant updates from 8x to 9x versions for domestic and worldwide clients.
• Good comprehension of policies in CyberArk Central Policy Manager (CPM) and (PSM).
• Resolved CyberArk issue's in CPM to communicate with a host to accommodate credentials.
• On-boarded Privileged Accounts and Super User IDs in the CyberArk Safes utilizing Bulk upload utility.
• Part of Privileged Access Management (PAM) Remediation and Engineering team whose role is to secure Web Based applications on user access and authorization.
• Implementation and create of web policies, password policies. Vault Back-up Management process, AD Configuration (User to connect AD & Branches). Load Balancer architecture, Application Identity Manager Design, On-Demand Privileges Manager Design.
• Break Glass Access Management Process, Integration with other Systems (email configuration). Change Management Process Plan (OS, patch updates). Responsible for Create New User, Activate, enable user, group and OU account in Active Directory.
• Configured AD pass-through authentication for Identity Access Manager (IAM). Installed and configured the LDAP Sun ONE Directory Server. Configured the multi master. Workflows and Integration of various target system privilege account integration.
• Application involves intranet and internet usage of users, running on different platforms Linux, Unix, Windows, etc.
• Involved in troubleshooting issue work requests on day-to-day basis for the applications integrated with CyberArk in QA and Production Environment.
• Hands on experience with CyberArk implementation and configuration of Vault, CPM, PVWA, AIM.
• Experience in trouble shooting various issues, checking and maintaining health of UNIX environment.
• Experience in Providing technical guidance to the team to ensure successful service for physical access deliverables for the enterprise
• Good knowledge in scripting technologies like Windows Shell, JavaScript. Experienced in day to day operational support in adding and deleting accounts, applying policies, assigning safes, synchronizing failed accounts, Password rotations.
• Experienced in using IAM/PAM tools for deployment, configuration, integration and troubleshooting of CyberArk Privileged Account Security product suite - Enterprise Password Vault, Password Vault Web Access, Central Policy Manager, Privileged Session Manager, Application Identity Manager, and Privileged Threat Analytics.
• Worked with other platform teams and external suppliers to consistently deliver on physical access objectives or requirements.
• Excellent communication and interpersonal skills and a very good team player with the ability to work independently.
• Daily administration of CyberArk Enterprise vault Management includes. Safe Management, Master Policy Management, Platform Management and Access Management.

Environment: CyberArk PAM 9.7.2, CA SiteMinder Policy Server v 6.0/12.51, CyberArk 9.6 & 9.8 Web Agent QMR7, Apache Web Server 2, CA Identity Minder 12.6.x, WebSphere 8.4, OKTA, RSA, Oracle RDMS, Korn shell scripting, Perl, XML, UNIX, Windows Active Directory.

Confidential, Jersey city, NJ

CyberArk Engineer

Responsibilities:

• Primary responsibilities include Installation and configuration of CyberArk Vault, Vault Client, Active CPM, Network load balanced CyberArk PVWA, Clustered CyberArk PSM and PSM SSH proxy Architecture and design.
• Implementation and create of web policies, password policies. Vault Back-up
• Load balancer architecture, Application Identity Manager Design, On-Demand Privileges Manager Design.
• Primary responsibilities include Installation and configuration of CyberArk Vault, Vault Client, Active CPM, Network load balanced CyberArk PVWA, Clustered CyberArk PSM and PSM SSH proxy Architecture and design
• Change Management Process Plan (OS, patch updates). Responsible for Create New User, Activate, enable user, group and OU account in Active Directory.
• Installed and configured the LDAP Sun ONE Directory Server. Configured the multi master. Workflows and Integration of various target system privilege account integration.
• Experience with the implementation of RSA two factor authentication tokens for the integrated web service security in a SSO environment for the service provider applications in both environments.
• Managing User Accounts, Server Space & other Log files on servers and Maintaining Mail Accounts in Microsoft Office Outlook & Backup of Emails. Helping organization target architecture for infrastructure privileged access and the high-level requirements for the privileged access management solution.
• Implementing the strategy for infrastructure privileged access control in organization, and the drivers in terms of risk and regulatory control. Cyber-Ark as a platform for managing privileged access to infrastructure. An initial project is focusing on managing networking devices accounts. In parallel, analysis is ongoing.

Environment: CA IDM 12.x, JDK 1.4/1.5, CyberArk 8.2, CA Identity Manager r8/r12Solaris 8/9/10, Active Directory, Windows 2000/2003, Oracle 10g/11g, SQL Server 2005.

Confidential, Jersey City, NJ

Security Engineer

Responsibilities:

• Creating Static and Dynamic roles, Provisioning policies based on the requirement
• Working on user identity issues like password issues, inactive profile/accounts issues
• Documentation of TRD, BRD & DLD, analysis of current and future processes/systems
• Worked on Cyber Ark Enterprise Password Vault and PVWA.
• Installed and configured Private Ark to Client to manage Vault server.
• Managing, monitoring and Supporting systems hardware, software, and applications.
• Resolved CyberArk issues in CPM communicate with host to reconcile credentials.
• Researching, recommending, and implementing new solutions in support of project and business requirements with focus on security and privacy.
• AIM to remove hard coded password from application and stored those credentials in Vault.
• Integrated Active Directory to the Vault Server to discover devices using bind account.
• Efficiently Managed Active Directory implementations across multiple domains.
• Worked on administering of User accounts, Group memberships, and Organizational Units using Active Directory.
• Coordinating efforts with vendors for upgrades and system maintenance.
• Managed failed accounts synchronization and password rotations.
• Confirming that all projects and infrastructure are properly documented.
• Cyber Ark integration with SIEM tool Arcsight.
• Managed sessions in Privileged session management (PSM).
• Generated reports of the account and devices inventories in the Cyber Ark.
• Perform system, security, and application log and reports reviews following established procedures.
• Good understanding of policies in Cyber Ark Central Policy Manager (CPM) and (PSM) on boarding windows and Linux accounts.
• Fallback from DR vault server to production in case of production vault server failure.
• Performed real-time proactive security monitoring and reporting on various security enforcement systems, such as NITRO (SIEM), Anti-virus, Internet content filtering/reporting, malcode prevention, Firewalls, IDS & IPS, Web security, Anti-spam, etc.
• Analyzed output from network vulnerability assessments and recommend mitigation strategies. Reviewed and provided feedback on security plans and procedures regarding all aspects of LAN, WAN or MANs as applicable. Worked with Cyber Ark utilities, PAR explicate, PACLI and PAR client.
• Responsibility includes maintenance of the system by installing and upgrading the application packages for Siteminder Policy server, Web servers and LDAP.
• Involved in performance tuning activities for SiteMinder and Sun One LDAP Directory Server.
• Installed and configured Apache, Microsoft IIS and Sun iPlanet web servers, Weblogic application servers, with Netegrity Siteminder authentication, and Sun One LDAP Directory Server.
• Installed and configured various web agents in accordance with the web servers involved.

Environment: : Cyber Ark 7, 8, 9. PIM, LDAP, AD Integration, UNIX, Firewall, IDS/IPS, SIEM, IIS, IBM HTTP SERVER, PVWA, PSM, AIM or CCP, CPM, PTA ACS, DNS, TCP/IP, Security, VB script, Powershell.