SUMMARY:

• Subject matter expert in implementing custom solutions for web access, identity management, and identity governance including single sign - on, multi-factor, step-up and strong authentication; SSO with Cloud Apps; authentication for mobile devices; role-based access control; account provisioning; federation using SAML, OAUTH and OpenID Connect integration with social networking web-sites; securing web services; directory services integration, Identity-as-a-Service (iDAAS) and identity virtualization.
• Excelled at strategic alignment of technology solutions with overall business strategy of client-organization, understanding financial trade-offs to manage risks, operational feasibility and application security. In-depth knowledge of Business Continuity Plans (BCP), Disaster Recover Plans (DCP) and Business Impact Analysis (BIA).
• Ability to deal with ambiguity, competing priorities and conflicting requirements at the technical as well as project level. Excellent communication skills, professional demeanor, and ability to deliver challenging IT initiatives with aggressive deadlines; extensive management experience in development and delivery of software products and solutions, leadership-role and managing operations and teams in off-shore and on-shore model.
• Expertise in all phases of System Development Life Cycle (SDLC) in various roles including technical leadership and architecture; project management, resource planning and management; and overall responsibility for delivery of IT solutions.
• Current responsibilities include overall technical leadership; oversight of design & development; hands-on type of technical involvement including product selection and initial rollout; architecting solutions that can scale horizontally and vertically; high-availability geo-dispersed infrastructure spread across multiple datacenters; implementation and maintenance of several enterprise-wide identity management and access control tools.

TECHNICAL SKILLS:

Access Control & Identity Management: PingFederate, Ping Access and PingOne; CA SiteMinder (CA Single Sign-On), Okta, CA Identity Manager, CA Identity Portal (Sigma Portal), CA Identity Governance (Governance Minder) SiteMinder Federation; RSA Adaptive Authentication, RSA Authentication Manager, CA AuthMinder (Arcot WebFort), CA RiskMinder (Arcot RiskFort), custom Multi-Factor authentication solutions using Out-Of-Band Authentication (OOBA) Phone and One-Time-Use Passwords (OTP); SAML, OAUTH 2.0 and OpenID Connect (OIDC) integration with social networking sites; and authentication for mobile devices; and CA PAM (Privileged Access Management).

LDAP Servers & API: CA Directory Server, Ping Directory Server, Microsoft Azure, Oracle Enterprise Directory Server, Microsoft Active Directory (AD), Active Directory Application Mode (ADAM), and Radiant Logic Virtual Directory (FIDS)

Programming Languages: Java, XML, COBOL, C/C++, Unix Shell-Scripting.

Web Technologies: J2EE (EJB, JSP, Custom Tags, JSTL, Servlets, Servlet Filters and Listeners, Java Beans, Applets, JavaMail API, Struts, Xerces, Xalan, Saxon, Java XML Parsers, JMS, JDBC, JNDI, JAXP, RMI-IIOP, JSSE), Design Patterns (GOF), J2EE Design Patterns, Active Server Pages, HTML, DHTML, CSS, XSLT, JavaScript, Web Services (SOA), SOAP, SAML, WS-Security, XML-RPC, JMS, Object Oriented Design, UML and Model-View-Controller (MVC), SAML and Federated Identity.

Networking: TCP/IP, SMTP, LDAP, SSH using public key & private key authentication, network packet analyzer tools like Ethereal, SSL, configuring routers & firewalls, Network Address Translation (NAT), configuring mail servers and DNS servers, network security, design, architecting high traffic web sites, architecting High Availability and High Scalability application in a geo-dispersed environment. Hardware based web server load balancers and Global Traffic Manager (GTM) from CISCO & F5Networks, and SSL accelerators.

Relational Database: Oracle 12c, SQL Server 2012 R2, DB2, PL/SQL, Transact SQL, data modeling, data analysis, database tuning and performance, stored procedures.

Operating Systems: Solaris, Redhat Linux, AIX, Windows and MVS.

Application Servers: Oracle WebLogic, WebSphere, JBoss and Apache Tomcat.

Web Servers: IIS, Sun One/IPlanet Web Servers, Apache, CA Secure Proxy Server (Reverse Proxy)

Tools: Pentaho, Pentaho Reports, Jasper Reports, Eclipse, Soap UI, JMeter, Subversion, XML Spy, JBuilder, DBArtisan, Oracle Enterprise Manager, web server stress testing tools, Erwin, ER/Studio, TOAD, Confidential, ANT, Visual Source Safe, Clearcase, Rational Rose, Dream Weaver and Microsoft Project

Virtualization Technologies: VmWare ESX and Workstation, Microsoft Virtual PC

PROFESSIONAL EXPERIENCE:

Confidential, NJ

Sr. Technical Manager & IAM Architect

Technical Environment: PingAccess, PingFederate, PingOne, SiteMinder R12.8, Okta, SiteMinder Federation Services, CA Identity Manager, CA Identity Portal (Sigma Portal) version 14.2, CA Identity Governance; CA Directory Server, Ping Directory Server, RSA Secure ID Authentication Manager, RSA Adaptive Authentication, AuthMinder, Risk Minder, Office 365 and Azure Cloud Apps integration with SiteMinder & PingFederate, SAML 2.0, OAuth2 & OIDC; Out-of-Band Authentication (OOBA), Oracle Enterprise Directory Server, CA Directory Server, UnboundID, One-time-use Passwords (OTP), Oracle WebLogic Server, IBM WebSphere Application Server, Oracle HTTP Server, IBM HTTP Server, Apache HTTP Server, IIS7, WebSphere proxy plug-ins, F5 hardware based load balancers and Global Traffic Manager (GTM), application server clustering, SQL Server 2008 R2, Oracle 11g R2, IBM DB2, IBM AIX, RedHat Linux, Windows 2008 R2 & 2012, SOAP UI, JMeter, and VMware.

Responsibilities:

• Designed and implemented comprehensive web access-control, identity management and provisioning solutions using SiteMinder R12.8, Identity Manager, CA Identity Portal, CA Directory Server and Adaptive Authentication for risked-based multi-factor authentication; Ping Federate, AuthMinder (Arcot WebFort) and Risk Minder (Arcot RiskFort). Solutions also included federation-partnership with numerous business partners using SAML, OAUTH and OpenID Connect (OIDC) with social networking websites; end-point account reconciliation & using CA Identity Governance; privileged account management using CA PAM (formerly Xceedium)
• Responsible for delivering complete end-to-end design, architecture and implementation strategies of high-availability, fully redundant and geo-dispersed identity management infrastructure spread across multiple data centers; Business Continuity Planning and Disaster Recovery strategies.
• Technical responsibilities included - gap-analysis and working closely with vendors to customize solutions using product APIs to ensure that they align with specific use cases; design custom authentication schemes and responses; customize SiteMinder Federation Services, PingFederate and Reports to fulfill customer requirements.
• Hands-on type of involvement with IAM Engineers to solve technical challenges with aggressive deadlines including installation and configuration of various software components.
• As a subject-matter expert, worked closely with business users, application development teams, and operational teams to understand requirements, provided directions and detailed technical instructions on application security and how to leverage capabilities of access management and identity management tools.
• Responsibilities included over-all technical leadership to drive design decisions for complex needs, coordinating with other vendor-resources, define scope and provide status report to the management and as mentoring other technical resources.
• Provided recommendations for application security and built, highly-scalable security infrastructure for risk-based access control using AuthMinder, RiskMinder, SiteMinder, RSA Adaptive Authentication, and Identity Manager to provision user-accounts to various endpoints, CA Directory Server and Oracle Enterprise Directory Server in a heterogeneous environment for different clients.
• Designed DIT and schemas, formulated replication and backup procedures, recommended load-balancing and failover setup for high-availability; and defined monitoring strategies for Directory Server.
• Architected custom-reporting solutions for web access and identity management infrastructure to provide metrics as well as ability to track at transaction-level.
• Played a critical-role in implementing best-practices, documenting operational procedures and guidelines for operations team from a managed-services perspective for web access and identity management.

Confidential, Plymouth, MN

Enterprise Identity Management Architect

Technical E nvironment: RSA Adaptive Authentication, SiteMinder R12 & Identity Manager R12.5 with Provisioning, PingFederate, SAML 2.0, WS-Federation, OAuth, OpenID, WS-Security, Federated Identity, Out-of-Band (OOB) Phone Authentication, One-Time-Use (OTP) password, Oracle Enterprise Directory Server, IBM WebSphere Application Server, Mule, Enterprise Service Bus (ESB), IBM HTTP Server, Apache HTTP Server, IIS7, WebSphere proxy plug-ins, F5 hardware based load balancers and Global Traffic Manager (GTM), application server clustering, J2EE, JDK, JSP, Struts Framework, Java Server Pages, Web Services (SOA), JNDI, JSSE, JDBC, Data Sources & Connection Pools, JMS, OOPS, XML Parsers, XSD, HTML, JavaScript, CSS, ER/Studio, Oracle11g, SQL Server 2008 R2, IBM AIX, Redhat Linux, Windows 2008 R2, Solaris 10, Shell Scripts, SOAP UI, Apache CXF, and VMware.

Responsibilities:

• Delivered multiple enterprise-wide solutions for access-control using RSA Adaptive Authentication (risked-based multi-factor authentication), SiteMinder R12, Identity Manager R12.5 with Provisioning and PingFederate. Single point of contact for web access and identity management needs for a number of customer-facing and business-critical applications.
• Key member of the core team responsible for maintaining RSA AA, SiteMinder R12, Identity Manager and PingFederate infrastructure. Responsible for design, architecture and implementation of application integration with RSA AA and SiteMinder for access control, and federation with a large number of business partners.
• Technical responsibilities also included hands-on type of activities like installation and configuration of various components of SiteMinder (policy servers, web agents, application server agents, federation services, upgrades et al) and RSA Adaptive Authentication; troubleshoot problem, analyzing logs, working closely with vendors, analyzing root cause, technical documentation (Architecture Overview Document, Detailed Design Document, Deployment Document), reviewed load-test results and recommend corrective actions; update knowledge-base repository based on findings of root-cause analysis, monitor and triage service requests, create PowerPoint documents to explain technical concepts.
• Responsibilities included coordinating with vendor resources, review Statement of Work (SOW), defining scope and provide status report to management and managing resources.
• Act as a technical resource for the leadership team to ensure identity management and access control technology initiatives align with the overall vision and business strategies of the company.

Confidential, Irvine, CA

Enterprise Identity Management Architect

Technical E nvironment: SiteMinder & Identity Manager (RBAC), SAML and Federated Identity, Microsoft Identity Integration Server (MIIS), Radiant Logic Virtual Directory, TransactionMinder, Oracle/Oblix CoreID Access and Identity Server, SunOne Directory Server, Active Directory Application Mode, BEA WebLogic Application Server, BEA Portal Server, BEA AquaLogic BPM (Fuego Workflow) and ESB, IIS, BEA Application Server Plugins, ILOG Rules, Site Minder Test Tool, Ethereal Network Packet Analyzer, Softerra LDAP Brower, XML Spy, DevPartner, CISCO CSS hardware based load balancers, Eclipse, MyEclipse, Application Server Clustering, J2EE, JDK, JSP, Struts Framework, Java Server Pages, Web Services (SOA), JNDI, JSSE, Java Mail API, JDBC, Data Sources & Connection Pools, OOPS, XML Parsers, XSD, HTML, JavaScript, CSS, ER/Studio, Oracle9i, SQL Server 2000, Oracle Enterprise Manager (OEM), Windows 2003, Windows 2000, IIS, Solaris 9, Visio, Shell Scripts, ClearQuest, DevPartner, TogetherSoft and Mercury Load Runner, and VmWare, IBM FileNet P8, CA Reverse Proxy Server and Apache.

Responsibilities:

• Delivered a very complex, high availability enterprise-wide role-based access control (RBAC) solution for internal users based on identity attributes stored in multiple data stores which provided single sign-on between a variety of applications - .Net & J2EE web applications, BEA Portal Servers, BEA AquaLogic Business Process Management (Fuego Workflow Engine), IBM FileNet P8 imaging and document solutions. Used Microsoft Identity Integration Server (MIIS) to synchronize identity information between multiple repositories. Responsibilities included over-all leadership of the project, design and architecture, project management, resource planning and task allocation, developing request for proposal (RFP), hands-on technical involvement, coordination with vendor resources (including off-shore), review Statement of Work (SOW), negotiate rates, defining scope, manage a team and provide status report.
• Directly responsible for product selection, design, implementation and documentation of enterprise-wide role-based access control with Single Sign-on (SSO) ability across multiple applications. Architected and implemented Federated Identity with business partners using SAML with CA’s eTrust SiteMinder FSS.
• Secured Web services with Transaction Minder to support Service Oriented Architecture (SOA) model. Installed and configured TransactionMinder with XML payload and web service security based authentication using SSL and X.509 client s. Designed XML schemas with encryption for efficient data transfer between disparate applications.
• Designed and implemented role based User Management (self services and customized delegated administration) solution using J2EE components and IdentityMinder web services. Helped other teams to troubleshoot complex problems related to BEA cluster deployment, BEA application server plugins, JDBC connection pools, Struts and enterprise java bean (EJB) deployments. Mentored senior developers about Software Design Patterns (GOF), J2EE design patterns, LDAP API and JCE specific API classes to enhance application security. Analyzed BEA application server thread dumps to troubleshoot performance bottlenecks. Created architecture overview, detailed design, deployment documents and high-level presentations.
• Formulated best practices for directory services including SunOne LDAP Directory Server, schema design, container hierarchy, performance tuning, custom indexes, security and access control list (ACL), monitoring and backup. Designed custom schemas and attributes as per application requirements. Helped team members to create LDIF files for structural & auxiliary object classes, dynamic groups and setup multi-master replication.
• Installed, configured and performance tuned Site Minder Policy Server with clustering with multiple policy stores. Configured Web Agents to support load balancing and fail over. Secured various web applications - .net and J2EE using SiteMinder. Formulated best practices for creating SiteMinder objects - policies, rules, responses, realms and user stores in LDAP, AD, ADAM, SQL Server and Oracle. Implemented Active Rules which invoked Java code to validate business logic for authorization.
• Played a key role in enterprise-wide SiteMinder upgrade from 5.5 to 6.0 and several VmWare virtualization projects to provide high availability, fault-tolerant and extremely cost effective SSO & Identity Management infrastructure. Acted as a liaison between application architects, provided security insight and provided recommendations in line with business needs.

Confidential, Indianapolis, IN

Technical Lead

Technical E nvironment: J2EE, JDK, JSP, Struts Framework, Custom Tags, Java Server Pages, Web Services, EJBs, JNDI, JSSE, Java Mail API, Java Messaging Server (IBM MQ Series), Value Objects (DTO), JDBC, Data Sources & Connection Pools, OOPS, XML Parsers, DTD, HTML, JavaScript, CSS, ER/Studio, Rational Rose, WebLogic Application Server, Websphere, Oracle9i, SQL Server 2000, Oracle Enterprise Manager (OEM), Windows 2003, Windows 2000, IIS, Solaris 9, SiteMinder (SSO) & Identity Minder (RBAC), Directory Smart UIDP (SSO & RBAC), Sun Directory Server, JBuilder, Websphere Studio Application Developer (WSAD), Test Director, Visio, Shell Scripts, ClearCase.

Responsibilities:

• Designed new web modules to add functionality to the single sign-on product Directory Smart. Used Struts 1.1 & custom tags for JSP pages in line with Model View Controller (MVC) paradigm. Maintained clear separation between business tier and presentation tier to facilitate changes as per business requirements.
• Installed, configured and implemented Site Minder/Identity Minder on Solaris and its associated components - Policy Servers, Web Agents, LDAP Policy Store, Task Persistence and Workflow Data Stores for role based single sign-on Access Control, Workflow, Self Registration and Password services. Installed Sun One Directory Server on Solaris 9 configured for SSL and directory replication.
• Participated in client team meetings on business requirements, technical feasibility, implementation details and project status. Developed and documented Usecases, class & entity diagrams. Created high-level technical design documents and User’s Guide.
• Used vendor specific & LDAP Java APIs to add, modify, update and query LDAP objects (users, roles and organizations) in Sun Directory Server and Microsoft Active Directory. Extended LDAP API to customize searches. Implemented connection pooling for LDAP SSL connection and bind for optimum performance and better resource utilization. Enhanced application security and encrypted sensitive data with symmetric encryption using Java API. Used JDBC, Data Sources and JDBC connection pooling for web applications.
• Designed and implemented several web service oriented secure web based applications using SOAP. Helped other developers to debug, troubleshoot and coding practice. Used Java Mail and JMS to send messages from applications. Modified existing Java batch programs to update legacy systems after enforcing business rules. Configured batch programs to used SSL and implemented other security measures as per HIPAA guidelines and regulations.
• Designed, created, modified and deployed EJBs (Session beans and Entity Beans). Used Data Transfer Objects with EJBs to minimized network traffic, avoid latency and reduce multiple method invocations. Used local interfaces for better performance and Session beans to provide clients with a “coarse grained” view of the application data. Deployed applications as EAR on to WebLogic application server.

Confidential, Auburn Hills, MI

Technical Architect and Lead Java Developer

Technical Environment: J2EE, JDK 1.4, JSP, Struts Framework, Custom tags, Java Server Pages Standard Tag Library (JSTL), Servlets, Servlet Filters and Listeners, EJBs, JNDI, Java Messaging Server (IBM MQ Series), Applets, Value Objects, JDBC, UML, OOPS, XML Parsers, DTD, JavaScript, XSLT, CSS, HTML, ER/Studio, Rational Rose, Sun One Application & Web Servers, Websphere, Oracle9i, SQL Server 2000, DB2, Lens Server and Engenium Server, DB Artisan, Oracle Enterprise Manager, IMail Server, Solaris, Linux, Windows 2000 Server, Netegrity SiteMinder, Sun One Directory Server, Sun One Studio, Websphere Studio Application Developer (WSAD), Visio, Shell Scripts, Visual SourceSafe, IBM Eclipse.

Responsibilities:

• Designed the application with J2EE Design Patterns using JSP Model 2 Model View Controller (MVC) design. Implemented Struts 1.1 framework to separate business logic from presentation tier.
• Mentored Java developers on programming concepts and activities. Lead implementer of Java based workflows using JAXP XML parser (SAX and DOM) and JDBC to move data between two disparate applications. Used JAXP to validate XML based messages against DTDs.
• Maintain oversight for gathering and analyzing high level/low level business requirements from different customers. Designed the application architecture and workflow with sequence diagrams, class & entity diagrams and UML. Functional/Technical requirement specifications for the whole application were done using Rational Unified Process (RUP).
• Implemented identity management, access control and secured enterprise application using single sign-on and access control software (Site Minder). Installed, configured and administered Netegrity Site Minder, Policy Servers, Web Agents, Reports Server and Sun One Directory Server on Solaris for single sign-on functionality. Configured directory servers for supplier-consumer replication.
• Led the team through all the stages of SDLC. Responsible for selection of necessary hardware and software to run the application. Managed a team of offshore developers. Coordinated with third party vendors during software integration. Deliverables was on time and no outages have been reported. Interacted with project managers in US on project status and deadlines

Confidential, IN

Java Architect

Technical E nvironment: J2EE, EJBs, JSPs & Servlets, SSH, Erwin and ER/Studio, Custom Tags, JSTL, Jakarta Tomcat & Sun One application and web servers, Sun One Studio, Websphere Studio Application Developer (WSAD), Oracle 9i, Oracle Enterprise Manager, SQL Server 2000, DB Artisan, TOAD, Postgres, Solaris, Linux, Sirid, Confidential and ANT.

Responsibilities:

• Designed the application architecture and workflow with sequence diagrams, class & entity diagrams and UML. Used J2EE Model View Controller patterns for user interface design. Designed, developed and deployed server side EJB (Session Beans and Entity Beans) components on Sun One Application Servers and WebSphere for the business component layer.
• Gathered user requirements, performed requirement analysis, created business requirement documents and proto types. Analyzed and documented all enhancements. Used Sirid to track bugs.
• Installed, configured and stress tested Sun IPLANET J2EE web servers on Solaris operating system. Designed the data model with ER diagrams. Reverse engineered the existing data model and generated reports using ER/Studio. Installed and configured Oracle9i on Sun Solaris servers. idm
• Designed the architecture of the web site and defined the scope of the project. Used Class Diagrams, Use Cases, Sequence Diagrams and Interaction Diagrams. Led a team of developers through different phases of software development life cycle that included design, coding, testing and deploying. Coordinated between users, developers and the testing team.
• Installed, configured and deployed J2EE applications on IBM Websphere 3.5. Used XML based deployment descriptors. Administered Oracle9i & SQL Server 2000 database, created stored procedures, triggers and views. Tuned SQLs.
• Used Websphere Studio Application Developer (WSAP) to develop and deploy EJBs, JSPs, Servlets and Java components. Helped developers to debug and troubleshoot. Installed and configured VeriSign Payflow Pro software for online credit card processing.
• Load tested web servers using stress-testing tools (Portent Load Tester and Empirix). Used ClearCase for source code management and version control. Mentored Java developers and helped them to debug JSPs and Servlets.

Confidential, Lisle, IL

Senior Web Developer

Technical Environment: Java, Visual Age for Java 3.5, JSP, Servlets, IBM HTTP Web Server, WebSphere 3.5, WSAD, LOG4J, Windows NT, DB2 UDB, IBM S390, AIX, Clearcase

Responsibilities:

• Mentored Java developers on good coding practice for better runtime performance. Participated in different JAD sessions to gather user requirements and finalize technical specifications.
• Added several enhancements to the application that included database connection pooling using JDBC, logging capabilities using Log4J, multi-threading and error handling.
• Installed and configured IBM HTTP Servers and WebSphere application servers on AIX.
• Analyzed the existing data model and table structures to enhance performance. Created JSPs and servlets to generate dynamic contents of the web pages.

Confidential, IL

Developer

Technical Environment: Windows NT Server 4.0, Microsoft IIS 4.0, Microsoft FrontPage, VeriSign digital s, TOAD, CyberCash for real time credit card processing and Oracle 8 on Windows NT.

Responsibilities:

• Installed IIS and SSL enabled it. Stress tested the web server with load testing tools. Designed & created HTML & ASP pages using Dream Weaver and Microsoft FrontPage. Integrated Cyber Cash software for online credit card processing. Created tables using scripts generated from data modeling tools.
• Wrote SQL scripts and PL/SQL procedures in Oracle using TOAD & PLEdit. Used Oracle Enterprise Manager to manage schemas.