SUMMARY

• Subject matter expert in implementing custom solutions for web access management - single sign-on, multi-factor, step-up and strong authentication; authentication for mobile devices; role-based access control; identity management and provisioning; federation using SAML and OAUTH integration wif social networking web-sites; securing web services; and directory services integration.
• Excelled at strategic alignment of technology solutions wif overall business strategy of client-organization, understanding financial trade-offs to manage risks, operational feasibility and application security.
• In-depth noledge of Business Continuity Plans (BCP), Disaster Recover Plans (DCP) and Business Impact Analysis (BIA).
• Ability to deal wif ambiguity, competing priorities and conflicting requirements at the technical as well as project level.
• Excellent communication skills, professional demeanor, and ability to deliver challenging IT initiatives wif aggressive deadlines; extensive management experience in development and delivery of software products and solutions, leadership-role and managing operations and teams in off-shore and on-shore model.
• Expertise in all phases of System Development Life Cycle (SDLC) in various roles including technical leadership and architecture; project management, resource planning and management; and overall responsibility for delivery of IT solutions.
• Current responsibilities include overall technical leadership; oversight of design & development; hands-on type of technical involvement including product selection and initial rollout; architecting solutions that can scale horizontally and vertically; high-availability geo-dispersed infrastructure spread across multiple datacenters; implementation and maintenance of several enterprise-wide identity management and access control tools.

TECHNICAL SKILLS

Access Control & Identity Management: CA SiteMinder (R12), CA Identity Manager, SiteMinder Federation, PingFederate; RSA Adaptive Authentication, RSA Authentication Manager, CA AuthMinder (Arcot WebFort), CA RiskMinder(Arcot RiskFort), Oracle Access Manager (OAM), Oracle Identity Manager (OIM), Oracle Identity Federation (OIF), custom Multi-Factor authentication solutions using Out-Of-Band Authentication (OOBA) Phone and One-Time-Use Passwords (OTP); SAML and OAUTH integration wif social networking sites; and authentication for mobile devices.

LDAP Servers & API: Sun One Directory Server, Microsoft Active Directory (AD), Active Directory Application Mode (ADAM), CA Directory Server and Radiant Logic Virtual Directory

Programming Languages: Java, XML, COBOL, C/C++, and Unix Shell-Scripting.

Web Technologies: J2EE (EJB, JSP, Custom Tags, JSTL, Servlets, Servlet Filters and Listeners, Java Beans, Applets, JavaMail API, Struts, Xerces, Xalan, Saxon, Java XML Parsers, JMS, JDBC, JNDI, JAXP, RMI-IIOP, JSSE), Design Patterns (GOF), J2EE Design Patterns, Active Server Pages, HTML, DHTML, CSS, XSLT, JavaScript, Web Services (SOA), SOAP, SAML, WS-Security, XML-RPC, JMS, Object Oriented Design, UML and Model-View-Controller (MVC), SAML and Federated Identity.

Networking: TCP/IP, SMTP, LDAP, SSH using public key & private key authentication, network packet analyzer tools like Etheiral, SSL, configuring routers & firewalls, Network Address Translation (NAT), configuring mail servers and DNS servers, network security, design, architecting high traffic web sites, architecting High Availability and High Scalability application in a geo-dispersed environment. Hardware based web server load balancers and Global Traffic Manager (GTM) from CISCO & F5Networks, and SSL accelerators.

Relational Database: Oracle 11g, SQL Server 2008 R2, DB2, PL/SQL, Transact SQL, data modeling, data analysis, database tuning and performance, stored procedures.

Operating Systems: Solaris, Redhat Linux, AIX, Windows and MVS.

Application Servers: Oracle WebLogic, WebSphere, JBoss and Apache Tomcat.

Web Servers: IIS, Sun One/IPlanet Web Servers, Apache, CA Secure Proxy Server (Reverse Proxy)

Tools: Eclipse, Soap UI, Subversion, XML Spy, JBuilder, DBArtisan, Oracle Enterprise Manager, web server stress testing tools, Erwin, ER/Studio, TOAD, CVS, ANT, Visual Source Safe, Clearcase, Rational Rose, Dream Weaver and Microsoft Project

Virtualization Technologies: VmWare ESX and Workstation, Microsoft Virtual PC

PROFESSIONAL EXPERIENCE

Confidential, Vienna, VA

Sr. Identity & Access Management Architect

Responsibilities:

• Designed and implemented comprehensive web access-control, identity management and provisioning solutions using SiteMinder R12, Identity Manager, CA Directory Server and RSA Adaptive Authentication for risked-based multi-factor authentication; Ping Federate, AuthMinder (Arcot WebFort) and Risk Minder (Arcot RiskFort). Solutions also included federation-partnership wif numerous business partners using SAML and OAUTH wif social networking websites.
• Responsible for delivering complete end-to-end design, architecture and implementation strategies of high-availability, fully redundant and geo-dispersed identity management infrastructure spread across multiple data centers; Business Continuity Planning and Disaster Recovery strategies.
• Technical responsibilities included - gap-analysis and working closely wif CA’s Global Delivery Team to customize solutions using vendor APIs to ensure that they align wif specific use cases; design custom authentication schemes and responses; customize SiteMinder Federation Services and Reports to fulfill customer requirements;
• Hands-on type of involvement wif IAM Engineers to solve technical challenges wif aggressive deadlines including installation and configuration of various software components.
• As a subject-matter expert, worked closely wif business users, application development teams, and operational teams to understand requirements, provided directions and detailed technical instructions on application security and how to leverage capabilities of access management and identity management tools.
• Responsibilities included over-all technical leadership to drive design decisions for complex needs, coordinating wif other vendor-resources, define scope and provide status report to the management and as mentoring other technical resources.
• Provided recommendations for application security and built, highly-scalable security infrastructure for risk-based access control using AuthMinder, RiskMinder, SiteMinder, RSA Adaptive Authentication and Identity Manager, CA Directory Server and Oracle Enterprise Directory Server in a heterogeneous environment for different clients. For products from Oracle stack, solutions architecture included GTC Connectors and Custom Connectors, Trusted Reconciliation, Disconnected Resources, IdP-initiated and SP initiated SSO, LDAP Sync and other advanced features of 11g R2 version.
• Designed DIT and schemas, formulated replication and backup procedures, recommended load-balancing and failover setup for high-availability; and defined monitoring strategies for Directory Server.
• Played a critical-role in implementing best-practices, documenting operational procedures and guidelines for operations team from a managed-services perspective for web access and identity management.

Confidential, Plymouth, MN

Enterprise Identity Management Architect

Responsibilities:

• Delivered multiple enterprise-wide solutions for access-control using RSA Adaptive Authentication (risked-based multi-factor authentication), SiteMinder R12, Identity Manager R12.5 wif Provisioning and PingFederate. Single point of contact for web access and identity management needs for a number of customer-facing and business-critical applications.
• Key member of the core team responsible for maintaining RSA AA, SiteMinder R12, Identity Manager and PingFederate infrastructure. Responsible for design, architecture and implementation of application integration wif RSA AA and SiteMinder for access control, and federation wif a large number of business partners.
• Technical responsibilities also included hands-on type of activities like installation and configuration of various components of SiteMinder (policy servers, web agents, application server agents, federation services, upgrades et al) and RSA Adaptive Authentication; troubleshoot problem, analyzing logs, working closely wif vendors, analyzing root cause, technical documentation (Architecture Overview Document, Detailed Design Document, Deployment Document), reviewed load-test results and recommend corrective actions; update noledge-base repository based on findings of root-cause analysis, monitor and triage service requests, create PowerPoint documents to explain technical concepts.
• Responsibilities included coordinating wif vendor resources, review Statement of Work (SOW), defining scope and provide status report to management and managing resources.
• Act as a technical resource for the leadership team to ensure identity management and access control technology initiatives align wif the overall vision and business strategies of the company.

Confidential, Irvine, CA

Enterprise Identity Management Architect

Responsibilities:

• Delivered a very complex, high availability enterprise-wide role-based access control (RBAC) solution for internal users based on identity attributes stored in multiple data stores which provided single sign-on between a variety of applications - .Net & J2EE web applications, BEA Portal Servers, BEA AquaLogic Business Process Management (Fuego Workflow Engine), IBM FileNet P8 imaging and document solutions. Used Microsoft Identity Integration Server (MIIS) to synchronize identity information between multiple repositories. Responsibilities included over-all leadership of the project, design and architecture, project management, resource planning and task allocation, developing request for proposal (RFP), hands-on technical involvement, coordination wif vendor resources (including off-shore), review Statement of Work (SOW), negotiate rates, defining scope, manage a team and provide status report.
• Directly responsible for product selection, design, implementation and documentation of enterprise-wide role-based access control wif Single Sign-on (SSO) ability across multiple applications. Architected and implemented Federated Identity wif business partners using SAML wif CA’s eTrust SiteMinder FSS.
• Secured Web services wif Transaction Minder to support Service Oriented Architecture (SOA) model. Installed and configured TransactionMinder wif XML payload and web service security based authentication using SSL and X.509 client certificates. Designed XML schemas wif encryption for efficient data transfer between disparate applications.
• Designed and implemented role based User Management (self services and customized delegated administration) solution using J2EE components and IdentityMinder web services. Helped other teams to troubleshoot complex problems related to BEA cluster deployment, BEA application server plugins, JDBC connection pools, Struts and enterprise java bean (EJB) deployments. Mentored senior developers about Software Design Patterns (GOF), J2EE design patterns, LDAP API and JCE specific API classes to enhance application security. Analyzed BEA application server thread dumps to troubleshoot performance bottlenecks. Created architecture overview, detailed design, deployment documents and high-level presentations.
• Formulated best practices for directory services including SunOne LDAP Directory Server, schema design, container hierarchy, performance tuning, custom indexes, security and access control list (ACL), monitoring and backup. Designed custom schemas and attributes as per application requirements. Helped team members to create LDIF files for structural & auxiliary object classes, dynamic groups and setup multi-master replication.
• Installed, configured and performance tuned Site Minder Policy Server wif clustering wif multiple policy stores. Configured Web Agents to support load balancing and fail over. Secured various web applications - .net and J2EE using SiteMinder. Formulated best practices for creating SiteMinder objects - policies, rules, responses, realms and user stores in LDAP, AD, ADAM, SQL Server and Oracle. Implemented Active Rules which invoked Java code to validate business logic for authorization.
• Played a key role in enterprise-wide SiteMinder upgrade from 5.5 to 6.0 and several VmWare virtualization projects to provide high availability, fault-tolerant and extremely cost effective SSO & Identity Management infrastructure. Acted as a liaison between application architects, provided security insight and provided recommendations in line wif business needs.

Confidential, Indianapolis, IN

Technical Lead

Responsibilities:

• Designed new web modules to add functionality to the single sign-on product Directory Smart. Used Struts 1.1 & custom tags for JSP pages in line wif Model View Controller (MVC) paradigm. Maintained clear separation between business tier and presentation tier to facilitate changes as per business requirements.
• Installed, configured and implemented Site Minder/Identity Minder on Solaris and its associated components - Policy Servers, Web Agents, LDAP Policy Store, Task Persistence and Workflow Data Stores for role based single sign-on Access Control, Workflow, Self Registration and Password services. Installed Sun One Directory Server on Solaris 9 configured for SSL and directory replication.
• Participated in client team meetings on business requirements, technical feasibility, implementation details and project status. Developed and documented Usecases, class & entity diagrams. Created high-level technical design documents and User’s Guide.
• Used vendor specific & LDAP Java APIs to add, modify, update and query LDAP objects (users, roles and organizations) in Sun Directory Server and Microsoft Active Directory. Extended LDAP API to customize searches. Implemented connection pooling for LDAP SSL connection and bind for optimum performance and better resource utilization. Enhanced application security and encrypted sensitive data wif symmetric encryption using Java API. Used JDBC, Data Sources and JDBC connection pooling for web applications.
• Designed and implemented several web service oriented secure web based applications using SOAP. Helped other developers to debug, troubleshoot and coding practice. Used Java Mail and JMS to send messages from applications. Modified existing Java batch programs to update legacy systems after enforcing business rules. Configured batch programs to used SSL and implemented other security measures as per HIPAA guidelines and regulations.
• Designed, created, modified and deployed EJBs (Session beans and Entity Beans). Used Data Transfer Objects wif EJBs to minimized network traffic, avoid latency and reduce multiple method invocations. Used local interfaces for better performance and Session beans to provide clients wif a “coarse grained” view of the application data. Deployed applications as EAR on to WebLogic application server.

Confidential, Auburn Hills, MI

Technical Architect and Lead Java Developer

Responsibilities:

• Designed the application wif J2EE Design Patterns using JSP Model 2 Model View Controller (MVC) design. Implemented Struts 1.1 framework to separate business logic from presentation tier.
• Mentored Java developers on programming concepts and activities. Lead implementer of Java based workflows using JAXP XML parser (SAX and DOM) and JDBC to move data between two disparate applications. Used JAXP to validate XML based messages against DTDs.
• Maintain oversight for gathering and analyzing high level/low level business requirements from different customers. Designed the application architecture and workflow wif sequence diagrams, class & entity diagrams and UML. Functional/Technical requirement specifications for the whole application were done using Rational Unified Process (RUP).
• Implemented identity management, access control and secured enterprise application using single sign-on and access control software (Site Minder). Installed, configured and administered Netegrity Site Minder, Policy Servers, Web Agents, Reports Server and Sun One Directory Server on Solaris for single sign-on functionality. Configured directory servers for supplier-consumer replication.
• Led the team through all the stages of SDLC. Responsible for selection of necessary hardware and software to run the application. Managed a team of offshore developers. Coordinated wif third party vendors during software integration. Deliverables was on time and no outages have been reported. Interacted wif project managers in US on project status and deadlines

Confidential

Java Architect

Responsibilities:

• Designed the application architecture and workflow wif sequence diagrams, class & entity diagrams and UML. Used J2EE Model View Controller patterns for user interface design. Designed, developed and deployed server side EJB (Session Beans and Entity Beans) components on Sun One Application Servers and WebSphere for the business component layer.
• Gatheird user requirements, performed requirement analysis, created business requirement documents and proto types. Analyzed and documented all enhancements. Used Sirid to track bugs.
• Installed, configured and stress tested Sun IPLANET J2EE web servers on Solaris operating system. Designed the data model wif ER diagrams. Reverse engineered the existing data model and generated reports using ER/Studio. Installed and configured Oracle9i on Sun Solaris servers.
• Developed, tested and deployed Java servlets & JSPs using JDBC “thin client” drivers to access Oracle database. Used JavaMail API to send emails from web pages.
• Designed the architecture of the web site and defined the scope of the project. Used Class Diagrams, Use Cases, Sequence Diagrams and Interaction Diagrams. Led a team of developers through different phases of software development life cycle that included design, coding, testing and deploying. Coordinated between users, developers and the testing team.
• Installed, configured and deployed J2EE applications on IBM Websphere 3.5. Used XML based deployment descriptors. Administered Oracle9i & SQL Server 2000 database, created stored procedures, triggers and views. Tuned SQLs.
• Used Websphere Studio Application Developer (WSAP) to develop and deploy EJBs, JSPs, Servlets and Java components. Helped developers to debug and troubleshoot. Installed and configured VeriSign Payflow Pro software for online credit card processing.
• Load tested web servers using stress-testing tools (Portent Load Tester and Empirix). Used ClearCase for source code management and version control. Mentored Java developers and helped them to debug JSPs and Servlets.

Confidential, Lisle, IL

Senior Web Developer

Responsibilities:

• Mentored Java developers on good coding practice for better runtime performance. Participated in different JAD sessions to gather user requirements and finalize technical specifications.
• Added several enhancements to the application that included database connection pooling using JDBC, logging capabilities using Log4J, multi-threading and error handling.
• Installed and configured IBM HTTP Servers and WebSphere application servers on AIX.
• Analyzed the existing data model and table structures to enhance performance. Created JSPs and servlets to generate dynamic contents of the web pages.
• Used JavaMail API to send email notifications.

Confidential, NIU, IL

Developer

Responsibilities:

• Installed IIS and SSL enabled it. Stress tested the web server wif load testing tools. Designed & created HTML & ASP pages using Dream Weaver and Microsoft FrontPage. Integrated Cyber Cash software for online credit card processing. Created tables using scripts generated from data modeling tools.
• Wrote SQL scripts and PL/SQL procedures in Oracle using TOAD & PLEdit. Used Oracle Enterprise Manager to manage schemas.

Confidential

Team Leader and Senior Java Developer

Responsibilities:

• Responsibilities included managing a team of developers and analysts at client site, identify business processes for automation, managing client expectation, system design & programming architecture and creating test plans. Developed several applications to automate the business processes. Extensively written Unix shell scripts for ASCII file manipulation and processing. Written application programs using C and multi threaded Java.
• Designed and developed many additional features of an existing application like commercial loans, money market loans, mortgages, safe deposit facilities, personal lines of credit to attract more clients/customers in its new business strategy. Used OOAD in order to support the specs for design and development. Oracle 7 was used as the backend database.