PROFESSIONAL SUMMARY:

• AZURE and AWS Certified DevOps Engineer with over 10 years of IT industry experience working with Major Financial companies and state department in DevOps, Systems Administration, Configuration Management, IAM engineering with strong base on Azure AD. Working on various Cloud Providers such as AWS and Azure IAM infrastructure system engineer with extensive experience in Build/Release Management, performing duties such as monitoring, automation, deployment, documenting, support and troubleshooting.
• Strong Knowledge on protocols such as SAML, OAuth, OIDC and Open ID.
• Knowledge on different Azure services such as Azure Storage, Azure Pipeline and Azure Application deployment. Azure Active Directory B2B and B2C environment
• Identify security issues and risks and develop mitigation plans.
• Architect, design, implement, support, and evaluate IAM - focused tools and services including project leadership roles.
• Develop and interpret security policies and procedures.
• Troubleshoot system issues Participate in security compliance efforts.
• Interact with various departments and outside partners regarding IAM service use and issues.
• Develop and deliver training materials and perform general security awareness and specific security technology training.
• Evaluate and recommend new and emerging security products and technologies.
• Good team skills - ability to motivate, mentor and work with cross functional teams to achieve organizational and personal goals.
• Governance, Compliance and Procedures
• Disaster Recovery / Business Continuity & Recovery Services
• Data Protection (Backup, Storage, and Information Security Services)
• Client & Vendor Management
• On-Premises, Cloud and Hybrid DC Solution
• Azure Site Recovery & Azure Migrate
• Cloud App Security (CASB) Solutions, DLP, ATP, AIP
• Microsoft Azure Office 365 Security & Compliance
• MDM Mobile Device Management
• Azure Identity Access Management
• Azure Sentinel
• Service Now
• Microsoft Azure (ARM, VM, CDN, WebApps, Resource Groups, App Services, SQL Databases, Images, Availability Sets, Storage, Virtual Networks, Azure AD, Azure AD DS, Backup, Azure DNS, Site Recovery, Application Gateway, Virtual Network Gateway, Local Network Gateway, Network Security Group, Express Route, Traffic Manager Profiles, VPN Gateway, Load Balancer, Monitoring & Management)
• Office 365 Migration/Flow/PowerApps/Teams/SharePoint Admin
• Kubernetes-based event driven autoscaling using KEDA which allows for fine grained autoscaling (including to/from zero) for event driven Kubernetes workloads.
• MS Exchange/Active Directory/Azure Active Directory/Migrations
• Server & Desktop Virtualization
• DC Build and Migration
• Transition & Transformation
• Capable of delivering results in high pressure and time sensitive situations.
• Hands on experience deploying Infrastructure as Code utilizing Continuous Integration (CI/CD) tools, build configuration, change history for releases, maintenance of build system, Automation & smoke test processes.
• Experience in deploying and managing AZURE and AWS resources such as EC2, S3, IAM, Lambda, KMS, VPC, SNS, EBS, ELB, CloudWatch, AWSCLI, CF and AWS API calls.
• Initiated multiple Save-Cost/Cut-Spending projects to save on Cloud cost and run stable environments efficiently.
• Created and managed Docker deployment pipeline for custom application images in the cloud using Jenkins.
• Experience in ingesting real-time data and building data pipeline utilizing Kafka and ELK.
• Set up Confluent Kafka Replicator (MirrorMaker) to ship huge data from one Data Center to another.
• Created Elastic Search cluster with Hot/Warm architect and SSL/TLS configured. Ensured Logstash is ingesting data without any lag to Elasticsearch/Kibana dashboard.
• Extensive experience in UNIX System Administration on RedHat/CentOS Linux (5.x,6.x,7.x) and Bash Shell and Python scripting.
• Experience at managing and supporting RHEL 5.x,6.x,7.x, Kernel tuning, LVM, YUM/RPM, IP Bounding and setting up RAID.
• Good understanding of SDLC Methodologies like Agile, Waterfall, RUP, RAD and other processes.
• Identity & Access Management professional experience in IT Industry which includes Microsoft FIM/MIM Identity Access Management security stack, 3+ years in Java Enterprise Edition (JEE), and specialized in defining Architecture, Design, Development, Implementation, and support of Identity & Access Management solutions, & Java J2EE projects.
• Extensive knowledge of Identity & Access Management solutions & Network Security Solutions designing, products Identity and Access Management Solution information technology including architecture implementing supporting Identity Management, LDAP Directories, Provisioning/Identity Workflows, Access Management and JAVA/JSP Programming.
• 4 years of experience in Microsoft FIM/MIM and AD Administration
• 5 years of experience in Active Directory Federation Service and Microsoft Forefront Identity Manager
• 5 years of experience in Web and Web Service development
• 3 years of experience in Java programming
• 3 years of experience in Python programming
• Extensive knowledge in implementing and supporting with accreditation from Identity and Access Management (FIM/MIM | Access Governance |Privilege Access Management into CyberArk Security/AZURE/AWS IAM/Microsoft Forefront Identity Manager (FIM), AD,Azure AD.
• Installation, Configuration, App Integration
• Systems Engineering and Deployment experience
• Understanding of software and application lifecycle and the implementation of security principals throughout
• Understanding of complex environments, their sub-components, concepts, and interactions
• Deep understanding of large networks and systems and the interaction between applications, infrastructures, etc.
• Proficient in Windows and Linux access systems (specifically: Linux integration to Active Directory)
• A broad knowledge of information security principles
• Ability to work independently on initiatives with little oversight.
• Strong analytical skills/problem solving/conceptual thinking; out-of-the-box thinker.
• Ability to identify, analyze, and address problems to resolve issues in a way that minimizes negative impact and risk to the organization.
• Ability to be comfortable delivering messages across a wide spectrum of individuals having varying degrees of technical understanding.
• Strong leadership skills and qualities which enable you to work with peers and various levels of management.
• Effective communication skills and motivation/willingness to learn.
• The IT and Digital team is built on three key principles: enable rapid decision making, empower teams for greater accountability and collaboration across the enterprise, and drive a customer-first approach through technology. Our team as an Identity and Access Management Systems Engineer Information Security team.
• We are ready to grow our Identity and Access Management team to support our new Digital Roadmap. This will help us to support our rapidly growing IAM space.
• Experience configuring Access Management tools preferable FIM/MIM Security Access Manager
• Strong knowledge and experience with Single Single-on and authentication protocols (SAML, OAuth, OpenID, Kerberos, LDAP, etc.)
• Working knowledge of AD Directory Server, Azure AD and LDAP Directory Integrator
• Strong understanding of LDAP protocol and LDAP query
• Strong understanding of User Provisioning and Management framework to support RBAC and ABAC
• Experience with one or more scripting languages such as JavaScript
• Technical Qualifications:
• Knowledge of OWASP secure coding
• Experience working with other Access Manager products such as AD, Azure AD, ADFS, or OKTA.
• Experience working with other Identity Manager or Governance products.
• Understanding of Application Security, API Getaway, Web Services
• Experience configuring Multi-Factor Authentication
• Troubleshooting skills to debug any Access Manager issues
• Must be able to think out of the box. The ability to troubleshoot non-standard issues/undocumented issues, to look at the big picture and see how a problem fits in and determine a solution that fits within the existing framework.
• Provide input to assist with continual improvement.
• Effective communication and good documentation skills.

TECHNICAL SKILLS:

• Windows 2003/2008/2008 R2/2012/2012R2 Installation including issues like software, hardware driver matching, installation setups like distributed, unattended and Disk Image setups using third party tools. Configuring system as domain controllers, application servers, member controllers etc.
• User & group Addition/deletion/modification, Auditing, defining Access Control and Windows 2003/2008/2008 R2/2012R2/Azure Active Directory Administration. Identity Access Management.
• Setup and Configuration of ADS, DNS, DHCP, IIS, WINS, Print Services. Outlook 365

PROFESSIONAL EXPERIENCE:

Confidential, Springfield, MA

Azure Architect

Responsibilities:

• Hands on experience in Azure infrastructure enterprise level projects.
• Responsible for in design and deployment to the Azure cloud.
• Deploying, testing, and implementing application services migrations in either a manual or automated manner
• Handled Client operational project resources include updating their on-premises practices to include cloud.
• Experience in defining process to create and maintain Azure Subscriptions, Service Principals, Key Vault and Managed Identities
• Extensive experience in defining different conditional access policies for Azure AD applications
• Experience in defining Multi Factor Authentication, Risk Based Sign-in Protection and PIM policies
• Excellent in designing Password less authentication options.
• Good understanding on Device management strategies
• Worked on different Azure services such as Azure Storage, Azure Pipeline and Azure Application deployment
• Strong Knowledge on protocols such as SAML, OAuth, OIDC and Open ID
• Experience working with Azure Active Directory B2B and B2C environment
• Experience in deploying on-prem based applications in different Azure cloud zones.
• Manage a combination of on-shore and off-shore resources coordinating cloud migrations.
• Working closely with application, network, and security teams to ensure requirements are reflected appropriately in the Azure design.
• Hands-on knowledge on Azure security technologies and associated components and variations, Azure Security Center, Azure Monitor, Log Analytics, Azure Sentinel
• Azure Networking: VNET, Network Security Group (NSG), VNet peering, Azure Firewall.
• Azure Storage Security: storage accounts, managed disks, blobs, encryption at rest and in-transit, Azure Key Vault,
• Azure Active Directory, RBAC, MFA, SAML, Conditional Access
• Azure Load Balancers
• Windows Server/Cloud migrations
• Administration and migration experience with Office 365 and MS Azure
• Experience leading the team, mentoring, leading projects, virtualization/cloud computing technologies, specifically VMware spin-up/migration projects.
• A solid understanding of cloud computing, IAAS, PaaS, SaaS, and Cloud design patterns.
• Troubleshooting of ongoing deployments
• Technical writing of documents, use cases, deployment procedures and migration services.
• Building and migrating applications, software, and services on the Azure platform.
• Participating in deep architectural discussions with customers to ensure solutions are designed for successful deployment in the cloud.

Confidential, Chicago, IL

Azure SSO Security Engineer

Responsibilities:

• Work closely with enterprise architects to identify and mitigate risks, perform security reviews, design top. tier security practices, and deliver strategic, innovative cloud-based security offering.
• Oversee the implementation and maintenance of information security activities including access management, vulnerability assessments, penetration testing, infrastructure, and regulatory compliance with privacy laws.
• Knowledge of common cyber security technology tools such as firewalls, IPS/IDS, DLP, CASB Network access control, DDOS Mitigation, Anti-Malware, Anti-Virus, encryption, and two factor authentication, multi factor authentication.
• Managing projects exclusively for the global Information Security teams. Successful deliveries of Cyber Security, Key Generation and Storage, SSO (Single Sign On), Certificate Management, MFA (Multi-Factor Authentication), Cloud Federation, Identity Management, PKI (Public Key Infrastructure), Anti-Phishing, and Perimeter Security technologies
• Deployed and managed 1,000 + Microsoft Intune, Mobile Device Management, (MDM)
• Communicate threat intelligence and vulnerability management options.
• Analyzing threats and current security controls to identify gaps in current defensive posture.
• Meet with clients and leading workshops.
• Identity and Access Management principals, including B2B and B2C cloud design and implementation.
• Designing and developing Cloud-specific security policies, standards, and procedures e.g., firewall management, SSL/IPsec, security incident and event management (SIEM), data protection (DLP, encryption), user account
• Documenting all technical issues, analysis, client communication, and resolution.
• Assisting clients with transitions to the Cloud from existing on-premises environments.
• Cloud Multifactor Authentication (MFA) and Identity Management knowledge
• Work with security teams and cloud engineering team to implement security controls, including Azure RBAC, Azure Network Security
• New tenant deployments/configurations and migrations (Azure Site Recovery, Azure Migrate)
• Perform deep analysis and develop metrics that measure current risk.
• Propose, design, plan and execute strategic and tactical operational security objectives.
• Identity and User Management - Active AD, Azure AD and Office365.
• Migrating from MS Exchange online to Office365.
• Administering and managing Office 365 Suite Outlook, Skype, OneDrive, Teams, LogicApps.
• Managed Security using Azure OMS, Azure Security, Office365 Security and Compliance.
• IaaS - architectural design, infrastructure build, configuration, migration and implementation to include PowerShell; Containers, Virtual Networks/Machines; ARM Templates; ASG (Application Security Groups); NSG (network security groups); role-based access controls; Azure Active Directory; and Azure Automation.
• SaaS - SharePoint, Exchange, AD, Teams architectural design, migrations and administration
• Configuring & Managing DR environment using Zerto (Disaster Recovery)
• Migrating VMs from VMware to Hyper-V via Zerto (Disaster Recovery)
• Strong knowledge of Cloud security standards and principles including Identity and Access management in Azure.
• Ability to analyze applications for Azure suitability and propose right target state on Azure considering cost, performance, and security.
• Member of the IAM team to automate daily administrative activities.
• Responsible for oversight, management, and development of Tier 1 & Tier 2 support teams, collaborate with internal IT departments to create best practices supporting Microsoft Intune, Azure and O365 Cloud customers.
• Management in administering and configuring mobile devices for enterprise users via Office 365, Intune Standalone, Hybrid (SCCM integration with Intune), and Azure Active Directory environments.
• Provide support to clients in administering deployment of policies (configuration and compliance) to company owned/user owned mobile devices.
• Oversaw escalated Intune, Azure, and O365 incidents, conditional access and MDM enrollment policy issues.
• Provided project level SME support for all aspects of centralized user authentication.
• Designed and implemented AD in new manufacturing facilities and offices.
• Responsibilities include 24x7 Tier 3 support of company’s critical business infrastructure.
• Day-to-day AD support and security.
• Install, Configure and Troubleshoot VMWare products
• Manage daily virtual environment operations.
• Create, Clone, administer and backup Virtual Machines.
• Monitor Hardware, Disk, Network, Application resources for the virtual platform.
• Configure Cisco Directors, VM image backups and restores.
• Perform firmware and BIOS upgrade, Patching servers.
• Managing Windows Active Directory Services, Adding Users, and setup File permissions
• Implement Azure Site Recovery from On-Premises to the cloud
• Deploy command line scripts to automate tasks.
• Systems automation using batch scripting and software deployment.
• Plan and execute disaster recovery drills at remote sites.
• Extensive experience in infrastructure integrating Identity Management deployment.
• Experience on Azure AD SSO/MFA and conditional access implementation, governance and reporting capabilities.
• MIM/FIM Identity and Access Management domain knowledge.
• Deep level of understanding specially in SAML2, WSFED, OAuth2, OpenID Connect, REST SSO/SLO, SCIM.
• Microsoft Azure AD, Azure MFA, ADFS.
• Experience in integrating Web and mobile applications for single sign on using Azure AD.
• Work with Application teams in integrating their applications with Azure AD.
• In depth knowledge of SAML2.0, OAuth2.0 and OIDC protocols is essential.
• Troubleshooting expertise in various SAML and OIDC scenarios.
• Knowledge of Azure MFA and experience in configuring ADFS 2016 Azure MFA Adapter.
• Assist/guide team in troubleshooting production issues.
• Co-coordinating with client/users for providing acceptable solutions to the issues queries raised by business users within predefined stringent SLAs and giving solutions to users.
• Good communication skills and a willingness to contribute to technical documentation.
• Involving in preparing Status Reporting/Agile/ScrumMaster Stories, Handling Escalations. Willingness to learn new technologies.

Confidential, Cary, NC

System Engineer

Responsibilities:

• Building, Installing and Managing Windows Servers.
• User Management - Active Directory and Office365
• Migrating from Outlook to Office365.
• Provide Level 3 support including: performance monitoring, troubleshooting, resolving incidents across production.
• Build and verify the New Virtual Machines in the VMware environment and in Hyper-V by using Microsoft Deployment Tool.
• Performing Systems Operation Support, including Microsoft Windows Server Administration, general troubleshooting, and troubleshooting of complex engineering issues for hardware, software, and network components
• Add/Remove Storage Disks.
• Tracking the change & incident tickets using the ServiceNow ticketing tool
• Building and Planning MDT server according to the documentation provided. Working with multiple technical teams, architects, managers and business users, reviewed and documented workloads, system.
• Implemented high availability with Azure Classic and Azure Resource Manager deployment models.
• Setup Virtual Appliances (VMs) to meet security requirements as software-based appliance functions (firewall, WAN optimization and intrusion detections).
• Worked on installation, administration, and support of OS RHEL 5.x, 6.x.
• Hands-on Linux Administration, Hardware Configuration and Software Installation of RedHat and Ubuntu servers.

Confidential, Salem, OR

System Engineer

Responsibilities:

• Responsible for monitoring, maintaining, and supporting Microsoft Identity Manager/Forefront Identity Manager (MIM/FIM) infrastructure and processes.
• Includes synchronization service, portal service, managed identities and troubleshooting workflows.
• Experience in creation, change, delete user accounts, privileges, and roles that includes management, administration, and support of Microsoft Active Directory (AD) domain structure.
• Proficient in PowerShell and SQL queries.
• Delivered installation document, Administration document and high-level flowchart.
• Design and configuration of the FIM/MIM suite components.
• Requirements gathering and analysis.
• Created complex approval workflow.
• Integrated FIM and AD for SSO
• Configured and tuned AD, LDAP connector according to business requirement
• SSL configuration for LDAP instances
• Created Plugins (Scheduled Task and Event Handler)
• Configure FIM/MIM to integrate with Active Directory using connector.
• Provide provisioning and reconciliation solutions for Active Directory using the connector server.
• Responsible for reporting and following up problems and issues.
• Prepared Policy configurations, Identity store configurations for FIM, MIM, WebLogic in LDAP
• WebGate configuration and registration with AD
• AccessGate configuration for EBS application
• Setting up Identity Manager for Single Sign-On with AD.
• Access Manager Integration with Application.
• Configured Identity Manager and Access Manager sample reports.
• Applied AD and WebLogic patches. Experience with upgrades process.
• Building environment installing and configuration of products.
• Provide most detailed deployment release notes contains detailed information related to hardware and software requirements for system architects and administrators about AD and LDAP Directory concepts, including data replication, high availability, indexing, access control, proxy functionality, virtualization, and directory service schema, mapping including JDK requirements, and IPv4/IPv6 certifications for installing OUD.
• Worked in directory integration platform to enable synchronization for LDAP Directory and synchronization between AD and Third-Party directories.
• Intensively worked on known issues with LDAP Directory.
• Intensively worked on scripting languages to create build WebLogic startup scripts for deployments.
• Good understanding with RedHat Enterprise Linux OS (5.5,6.0)
• Responsible for reporting and following up problems and issues.
• Worked in LDAP implementation that includes conversion of objects from another directory and closely work with LDAP design team for highly available architecture.
• As an LDAP proxy server, where the server acts as an interface between the client and the directory server that contains the data.
• Worked on disaster recovery with LDAP infrastructure.
• Wrote custom batch and ps3 scripts to enable user.
• Understanding the high-level LDAP and WLS layout, and the corresponding terminology along with a list of bugs fixed in respective bundle Patches (BP).
• Created installation and configuration documentation for Dev, Test and Prod environments. adapters
• Developed SOA composites for request-based approval workflows.
• Responsible for an upgrade
• Developed several custom Event Handlers and Scheduled Tasks
• Configured email notifications for various user management operations.
• Developed and implemented custom pre-populate and process task.
• Configuring MIM and FIM in High Availability.
• Integration with AD-ADFS with Advance Integration.
• Customizing OAM Login.
• SSO Integration with web application and AD/RSA/CA.
• Integration with AAM for IP based access control.
• SSL configuration between OHS and AD.
• Strong understanding of business issues related to security and communicated effectively with developers and end users.
• Exposure to Webservices (SOAP, Rest, JSON, SOAPUI) and client development, query invoke.
• Experience in AD UI customization and branding.
• Experience in integrating AD with reporting platform and enabling reporting and auditing.
• Experience enabling Federated SSO using AD.
• Experience in working with Application Servers (WebLogic, WebSphere) or developing J2EE products.
• Should have the ability to understand customer scenario and requirements (may include integration situations) and be capable of suggesting solutions.
• Good knowledge of tuning AD configurations for achieving best performance.
• Designing and implementing API Proxies using CA Layer 7 API Management
• API Performance Tuning
• API Analytics
• Layer 7 Developer Portals
• Experience implementing API Security and Access Control (OAuth/SAML etc.)
• Excellent communication skills and ability to work with global counterparts.

Confidential

IAM Engineer

Responsibilities:

• Architect and design Azure AD migration of existing IAM infrastructure.
• Guide application teams on understanding the requirements for integration with Azure AD.
• Work with various stakeholders including Microsoft for the rollout of Azure AD across the organization
• Ensure that security solutions are build such that they meet requirements, adhere to applicable policies, and comply with information security requirements.
• Demonstrate extensive knowledge across a broad range of identity and access management technologies.
• Expert knowledge of Identity Management, Access Management, Directory Services, Good understanding of Cloud concepts and hands on knowledge on Azure/AD.
• Hands-on management experience of software developers/system administrators/architects.
• Hands-on experience developing and deploying large-scale enterprise Identity & Access Management solutions using Oracle products.
• Knowledge of applicable SOX audit controls and applicability to IAM services architecture, design, and processes
• Demonstrated ability to work across a broad range of technologies to deliver complex solutions.hands-on Azure AD and other Cloud based IAM systems.
• Experience in supporting Privileged Access Management (PAM)
• Experience in Access and Authentication (Idp, MFA) using RSA and Secure AUTH,
• Experience in Identity Access & Governance using Microfocus IDM and RSA.
• Access and Authentication (Idp, MFA)
• Hands-On experience with UI customization, writing scripts and developing code to fetch assertion values form multiple data sources.
• Experience with Ping and Secure Auth
• Design and implement AD.
• Requirement gathering and analysis.
• AD Multi datacenter setup
• Created Plugins using C, C++.
• Setup Co-Existence
• Utilizing PAM to set up a common authentication schema to be used by different applications.
• Secure access manager communication
• Ability to identify and efficiently automate manual tasks Eg: wrapper script along with optimization.
• Identity lifecycle management
• IAM technology support and implementation activities
• Good Understanding how components of an architecture work together to deliver the desired solution.
• Aligns vision and direction of the technical solution with the goals of the organization.
• Works with business subject matter experts to document technical requirements.
• Responsible for maintaining current and future state architecture documentation.
• Experience with the following Cardiology applications.
• Add enhancement to existing Web Access management infrastructure.
• Work with AD product development team
• Integrated more than 20 applications with SSO.

Environment: MIM/FIM, AD, Apache, Enterprise Linux 5, Oracle Database, IHS, IIS

Confidential -Davidson, Milwaukee, WI

FIM/MIM System Administrator

Responsibilities:

• Provided guidance with MIM/FIM architecture having AD, Exchange, and EBS as custom target resources.
• Provided recommendations on system architecture for IDM, AD, EBS, LDAP, AD for 11g Release1.
• Introduced them with hands on experience of MIM and MS AD, Exchange connectors.
• Installed and configured FIM
• Extensive knowledge of Identity & Access Management solutions.
• Installed and configured AD
• Created Roles & Policies in AD
• Responsible for Reporting and Attestation features of AD
• Created Roles & Policies in Microsoft Identity Analysis.
• Responsible for Reporting and Attestation features.
• Proposed the technical recommendations/functionalities that needs to be in place to meet the existing system’s functional requirement with respect to IDM project.
• Designed and proposed a Project Plan for the needed functionality to Go-Live.
• Installation and configuration of MIM/FIM across all environments Development, Stage, Production
• Installation and configuration of MS AD connector, Exchange connector and CF connector framework
• Created adapters for different tasks.
• Setup entitlements for AD using Workflows and access policies and custom process task.
• Automate provisioning of different resources to selected roles, distribution lists and security groups in AD.
• Designed and deployed Generic Technology Connectors for various resources(application) provisioning.
• Designing UI look and feel as per client’s requirements by adding user defined fields.
• Prepopulate these fields by designing Entity Adapters.
• Configured Customized Password Policies for End-User.
• Established Provisioning environment to 3 Managed Resources.
• Active Directory
• MS Exchange
• EBS
• Reconciled approximately 4,000 users from external ADP files by writing customized java tasks (Designing of Periodic reconciliation with HRMS)
• Performed Delegated administration by configuring manager approval-based resource provisioning.
• Develop SOA custom approval composites with 3 Level approval workflows.
• Performed Installation and configuration of LDAP,AD.
• Worked with a worldwide cross-functional team and assisted the project manager and tech lead to drive projects to completion.

Environment: MIM/FIM MS AD Connector, Exchange Connector, AD Password Sync Connector, Remote Manager, Unix 6.0, Microsoft Windows Server 2003.