SUMMARY

• 6+ years of experience in installation, configuration, deployment and maintenance of CyberArk 9.3v, 10v, 11v, 12v, Web Application servers, Web servers, LDAP servers and Site Minder components like the Policy Server, Web Agent, Policy Store, Key store and mainly the components PAM.
• Experience working on designing, building, testing, and deploying policies to manage least - permissive role-based access on end-user devices.
• Implemented foundational endpoint security controls across multiple endpoints with varying platforms from hybrid to cloud environments.
• Created audit trails to track and analyze privilege elevation attempts using EPM
• Worked on installing, implementing, deploying and maintaining EPM on different versions of CyberArk
• Completed safe training for agility with 2 years of experience working in agile.
• Extensive experience in installation configuration and maintenance of Netegrity Site Minder Policy Server version 5.x/6.x and implementing Single Sign on (SSO) with various web servers like Apache, IIS and SunOne. Maintain the production/ DEV / UAT and testing environment.

TECHNICAL SKILLS

Platforms: Apache Web Server 2.0/2.2, Microsoft IIS 5/6/7, IBM HTTP Server 6.0/6.1/7.0/8.5. x, Microsoft IIS 5/6/7, BEA Web Logic Server 8.1/9.2, IBM Web Sphere Process Server 6.X, 7.X, 8.5.x BEA Web Logic Server 8.1/9.2, Tomcat 5.0/5.5/6.0, iPlanet/Sun ONE Web Server

Tools: Fiddler, Site Scope 8, Jmeter, Load Runner, CVS, Clear Case, ClearQuest, SVN, MS Visio, MS Project, Privilege Threat Analytics (PTA)LDAP Directories, Oracle Internet Directory (OID)10g/11g, Oracle Virtual Directory (OVD) 10g/11g, Active Directory, Tivoli directory Server, Sun ONE Directory Server, Novell eDirectory

Programming: C, C++, Java, Korn Shell Scripting, PowerShell

Operating Systems: SUN Solaris 8/9/10, IBM AIX 5.2/5.3, Windows 2000/2003/2008/ R2/2012, Red Hat Linux 4/5

Markup Languages: HTML, XML, DHTML

Databases: DB2, Oracle 8i/9i/10g, MS-Access, SQL Server

Protocols: TCP/IP, FTP, SMTP, LDAP, SOAP, JSON, RMI and HTTP

PROFESSIONAL EXPERIENCE

Confidential, NJ

IAM CyberArk Consultant

Responsibilities:

• Deployed EPM on prem 11.4v and implemented the agents on 2000+ machines and servers.
• Created audit trails to track and analyze privilege elevation attempts using EPM.
• Worked on installing, implementing, deploying and maintaining EPM on different versions of CyberArk
• Implemented EPM on CyberArk and Maintained and Configured for the attack against Ransomware and Credential Theft.
• Patching the vulnerability and also fixing any errors that are occurring in the environment.
• Creating different platforms for grouping the windows privilege IDs on different domains and sync the same password out on all the domains.
• Work on Service Manager Tickets day to day to resolve the user issues if their passwords are not working or if they are having issues getting into CyberArk.
• Implemented EPM to manage devices by integrating with PVWA for the change of Credentials as required.
• Password Managed/Session Managed Azure, AWS, GCP IDs in CyberArk.
• Created a new set of privilege IDs which will enable the users to go through Privilege Session Manager.
• Upgraded Privilege Threat Analytics (PTA) to 10.4from 9.7.
• Create, manage and dispatch incident tickets based on the data collected from PTA.
• Determine operational objectives by studying business functions, gathering information, evaluating output requirements and formats.
• Design new computer programs by analyzing requirements.
• Upgrade CyberArk from 10.4V to 11.7v
• Construct architectural diagrams by studying the company's environment and writing specifications.
• Generating reports from CyberArk for checking productivity.
• Implementing and configuring CyberArk 9.7 in the environment and did troubleshooting of various applications and vault servers.
• Team management as well as discussing the project with the project management and presenting it to the upper management on a weekly basis.
• Laying out plans and responsible for completing the tasks in a timely manner and making sure that the audit timelines are met.
• Working on various PowerShell scripts for automating the process of group creation in an active directory.
• Onboarding of various privileged accounts on CyberArk and automating the process by running password upload utility scripts.
• Implementing Application Identity Manager in the environment to onboard all the APP IDs for password rotation.
• Implemented Privilege Session Manager in the environment to monitor the sessions of the domain users for better security.
• Worked on onboarding Linux servers to CyberArk and managing root password across different Linux servers.
• Implemented and onboard the mainframe privileged IDs to CyberArk for password management.
• Creating Microsoft Visio flowcharts to define a process to delete the privilege IDs which are not being used in the organizations anymore.
• Planning on upgrading the environment from CyberArk version 9.7 to 10.4 to 11.7v
• Implemented Privilege Session Manager SSH Proxy in the environment to monitor the sessions for the privilege IDs on UNIX servers.
• Looking for any attacks based on the user behavior pattern that was designed by PTA. My work was to make sure if there is any attack on any of the privilege IDs, then to change the passwords and send out alerts to the users

Confidential, Houston, TX

IAM CyberArk Consultant

Responsibilities:

• Experience in CyberArk Privileged Account Security product suite - Enterprise, Password Vault, Password Vault Web Access, Central Policy Manager, Privileged, Implemented all grant flows for OAuth 2.0/Open ID connect usingPingFederate.
• Experience in installingPingAccessin clustered and high-availability mode, Have knowledge in Upgrade and maintenance of Ping Access and Federation product tools. Experience in implementing Password Policies and reading the password blob using SM agent API.
• Implemented and Customized the SailPoint product to configure products (such as Blade logic, TAM, and OIM), systems administration, operational support and problem resolution.
• Involved in knowledge sharing sessions for SailPoint Compliance Manager Component and involved in creation of design documents, code reviews and statement of deployment methodologies for the clients.
• Migration of critical 200+ applications that are secured using CA SiteMinder to PingFederate version 7.1/7.3 Providing support to internal and external teams for integration of applications with CA SiteMinder and PingFederate, Integration of third party applications with various Single Sign On matrix like Open Token, Agentless and SAML based services.
• Experience installing and configuring web based applications. Administration of CyberArk safes and creation of Vaults for the privileged users. Onboarding privilege accounts in CyberArk 9.11.2, Generating reports from CyberArk for checking the productivity of the organization. Providing access to users to put passwords in CyberArk through Private Ark and creating vaults.
• Generate DNA reports from CyberArk and set up the Service accounts and Local Accounts in the server for compliance. Creating shared drives and drive mapping for the users through active directory.
• Active Directory server (LDAP) and various Web & Application servers. On Tivoli LDAP. Provide technical expertise and support to security administrators on distributed systems security and implement automated solutions for security administration requests.
• Perform as the subject matter expert for information security technology, processes and practices internally to the health plan provided by the client. Providing access to shared drives
• Privileged Access Management (PAM) project which includes implementing CyberArk Password Vault, Web Access, Central Password Manager and Privileged Session Management. Deployed and configured SailPoint Migrated Stealth Audit v8.0 from v7.6.
• Generating Inactive users report from Stealth Audit for further auditing and maintaining the data for Active Directory. Working with vendors in retiring the Oracle based applications completely from the Organization.
• Working on integration of web applications with SiteMinder and various affiliate agents, Defining various SiteMinder Policy Server System objects and Domain objects, Password Services and associated different realms, rules, responses and policies.
• Installed and configured RACF SailPoint connector to integrate with Mainframe systems. Performed Installation and configuration of SailPoint 7.0. Configured Flat files and JDBC connectors in SailPoint.
• Troubleshooting SiteMinder environment using SiteMinder test tool and SiteMinder policy server log files and agent log files, Troubleshooting issues with Single-Sign-On between cross domains, Administration of PKI services like SSL Certs and Partner Certs.
• Respond to support tickets and provide timely resolutions for issues, Technical writing for internal HP teams, Coordination on troubleshooting issues for the test teams with the backend support teams to resolve the issues in a timely manner.

Confidential, Atlanta, GA

IAM Consultant

Responsibilities:

• Configured SiteMinder for SAML Federated Authentications by configuring ID Provider/Consumer using SAML 2.0 POST binding. Installed Web agent Option Pack and created Partnerships, Documented Visio for SAML, AuthSchem and Day-to-day maintenance ofSiteMinderpolicy servers and troubleshooting production issues
• Coordinated with the Service providers and identity providers during the SAML Certificate upgrade and architectural changes Active Directory server (LDAP) and various Web & Application servers. On Solaris, Windows platforms and Red hat Linux Operating systems.
• Developed and documented to assist IBM on how to create functional / system accounts and the administration of the CyberArk application in order to vault system accounts for privileged access. The CyberArk application is a privileged account security solution.
• Privileged Access Management (PAM) project which includes implementing CyberArk Password Vault, Web Access, Central Password Manager and Privileged Session Management. Upgraded CASiteMinderto R12 from 6 and installed the Admin UI and configured the FSS Admin GUI, Involved in developing REST services to integrate AEM applications.
• Leveraged CyberArk Auto Detect (DNA) to perform auto detection of privileged administrative accounts from Active Directory for multiple platforms including UNIX, Linux, I Series and Windows. In charge of operation, security and maintenance of the CyberArk stack.
• Configuring User Authentication Stores, Policy Stores and Key Stores on VDS and maintained replicated environment for load balancing and failover Installed and Configured SiteMinder 5.5 Policy Servers, Web Agents, Sun ONE 5.2 and Active Directory Servers.
• Configuring CASiteminderSystem objects like Agents, Agent Conf Objects (ACO)Host Conf Objects (HCO), User Directories, Domains, Administrators and Schemas.Administered the RSA/ACE servers for issuing the Soft tokens for the VPN purpose as well as the applications which use RSA Token authentication.
• Migration of SiteMinder 5.5 to 6.0 for advanced Load balancing, failover configurations and for facilitation of user impersonation. Installed and configured Web agents on Web Servers like IIS 5.0/6.0, Apache 2.x, and SunOne Web Server 6.1/7.0 and upgrading CA Siteminder version 6.0 to R12, Ping Identity Federated Services in both Production and Non-Production environments.
• Configured User Authentication Stores, Policy Stores and Key Stores on VDS and maintained a replicated environment for load balancing and failover.
• Coordinated with IAM team in creating new Site ID, Implemented password policies for all the applications usingSiteminderPolicy Server. Configured APS, FPS, Rules, and Help Desk Functionality Replacement, Involved in configuring RSA Authentication.
• Installation and configuration of PingFederate 6.6/6.10/7.0. Involved in the migration of PingFederate from 6.6 to 6.10. Documented all the Siteminder related on JERA Digital Confluence.
• Installed and administered Radiant Logic Virtual Directory Server (VDS) and bootstrapped the VDS branches and service accounts. Worked on designing schemas for Radiant Logic virtual directory server (VDS LDAP) and creating root branches in VDS i.e. DN,CN.
• Responsible for day to day maintenance of Policy Servers and provided 24X7 support to the testing as well as productionSiteminderinfrastructure, Underwent the training for AuthMinder from CA and did the installs/setup for AuthMinder in sandbox and DEV environments.