SUMMARY

• 6+ years of experience in IT field including Installation, Configuration, Development, Deployment, Administration, Trouble Shooting and network security, database systems, and Enterprise Document Management in large scale organizations
• Experienced in IAM/PAM tools with deployment, configuration, integration and troubleshooting CyberArk Privileged Account Security product suite - Enterprise Password Vault, Password Vault Web Access, Central Policy Manager, Privileged Session Manager, Application Identity Manager, and Privileged Threat Analytics
• Hands-On experience in integrating and troubleshooting platforms with CyberArk Privileged Account Security, such as Windows / UNIX servers, VMware ESXi, Network Devices, Middleware and Databases
• Worked on Configurations including AD integration and Management of CyberArk Enterprise Password vault and Managed Safes and Server/ host addresses in Enterprise Password Vault. Good experience in Implementation and Installation from CyberArk 9.0 to 10.9 version and 10.9 to 11.5, Privileged Identity Management (PIM) Suite.
• Experience with PAM Operational Tasks - Defining Access Control, User Entitlements, Manage Applications, Credentials and User Access Policy Management. Troubleshooting and Maintenance of the Password Vault, CPM, PSM, AIM, DR Vault in DR Server Responsible for installing and setting up POC for CyberArk Alero. Experienced in ticketing tools like CA SDM, ServiceNow
• Migrate user accounts into Password Vault using Bulk upload utility. Installation, configuration and troubleshooting of AIM clients for various teams. Installation and capacity management of Cyber-Ark Privilege Session Manager (PSM) including RDS Session host and licensing
• Exporting Metadata, creating Adapters, Service Provider connections, Identity Provider connections, replicating configuration archive, importing, and exporting SSL certificates using Ping Federate Configured Ping Gateway to Authenticate the users and API’s through Ping Access and Ping Federate
• Experience in implementation of Security Management tools in enterprise-wide Applications to achieve Authentication, Authorization and Accountability, Experience in administering LDAP based directory servers like IBM Tivoli, Oracle and Microsoft Active Directory, Experience in upgrading SiteMinder/Identity Minder from 6.x to 12.0 and from 12.0 to 12.51
• Experience in analyzing the logs (trace logs, logs) and troubleshooting issues in integration of other applications usingCA SiteMinder (Single Sign on) and Identity Management toolsalong with LDAP and Web-server agents
• Proficient in developing custom workflows to handle access requests and Self-registrations. Hands on experience in developing custom rules such as customization rule, build-map rule and connector rules. In-depth knowledge of deploying and troubleshooting IP protocols. Hands on experience with implementation of Sun Identity Management for various users account

TECHNICAL SKILLS

IDE/ Tools: Eclipse, Net Beans, Edit Plus, Macromedia Dreamweaver, XML SPY, JBuilder, RAD 7.0/6.0, WSAD, ITCAM, Tivoli, UML (Rational Rose, RUP), VSS, CVS.

Security Tools: IBM Identity Management and p6, CyberArk Privileged Account security 10.9, IBM Tivoli Access Manager 6.1.1, Tivoli Federated Identity Manager 6.2.2.

Core Java Concepts: Collections, Generics, Multithreading, Serialization, Exception Handling, RMI, File I/O and Reflection, API.

J2EE: Java 1.6/1.7, JSP, Servlet, EJB-Session Beans, Entity Beans, JMS, JDBC, JNDI

Operating Systems: SUSE Linux 9/10/11, Windows Server 2000/2003/2008/2012 R2, 2016, 2019, Unix

Languages: SQL, PL/SQL, J2EE, HTML, JAVA Script, Shell Scripting

Databases: ORACLE 8i/9i, MSQL, MS Access, MySQL

Web Servers: Sun One 4.1/5.1/6.1, Apache 2.0/2.2.4, IIS 5.0/6.0/6.5/8.5/10, Tomcat 4/5

Directory Services (LDAP): Novel eDirectory 8.7.x/ 8.8.1/8.8.5, Sun One/iPlanet DS 5.x/6.x., eDirectory 8.X, Active directory (ADLDS), Tivoli Identity Management, Forefront Identity Manager

SSO and Identity: Novell/NetIQ Access Manager, Ping Federate 6/7/8, SiteMinder R12 SP2, SP3 / R6 SP1, SAML 2.0. HP Service Manager, IBM Vantive, BMC Remedy, Service Now, CA SDM

PROFESSIONAL EXPERIENCE

Sr CyberArk Engineer

Confidential, VA

Responsibilities:

• Involved in all stages of CyberArk 10.5 PAS implementation to secure business critical accounts- Privileged accounts, Windows Local Admins, and Domain Admins to provide enterprise-wide security solution, Worked on PKI certificates on CyberArk windows servers, web applications, for RDP SSL/ TSL handshake and client-server trust model
• Installed and Configured core CyberArk 10.5 components (EPV, PSM, CPM, PVWA and PSMP) in Production and Dev Environments on Windows Server 2016 from the scratch, Made changes to Domain GPOs, Windows server Local Policies, AppLocker policies, and ACLs for CyberArk servers as per requirements.
• Configured F5 GTM and LTM load balancers for PSM and PVWA components across different locations for High Availability. Installed RDP health check for Privileged Session Manager (PSM) service on Windows server ‘16.
• Reviewed and made changes to PSM and CPM hardening scripts to fit the enterprise compliance requirements
• Involved in configuring CyberArk End-point Privileged Manager (EPM) for Implementing least privilege and, Windows Servers to contain attacks and stop lateral movement.
• SPOC for access provisioning on safes, managed RBAC in CyberArk. Configured custom platform settings for enterprise compliance requirements and smooth user experience. Worked on CyberArk utilities like, PADR, PA Client, PAR Agent, PA Restore, Export Vault Data, Create Cred File, Auth File, CA Vault Manager, CA Cert, Create Env, and PA Replicate leveraging full EPV functionality
• Implemented CyberArk policies, and managed Win domain accounts, Win local Admin accounts, Linux based root accounts, service accounts, and Database Administrator accounts, Implemented Privilege Threat Analytics (PTA) for maintaining risk-based strategy and automatic remediation with policies in place for auto onboarding and reconciling unmanaged accounts
• Extensively worked on Privileged Session Manger (PSM) troubleshooting issues, GPO compliance with PSM service, RDS licensing, RemoteApp, and other Hardening issues. Worked on custom CyberArk PSM connectors for ADUC, PowerShell/ ISE, PSM-PVWA, PSM-Private Ark, MMC, Win Server Manager, and CMD for secure session Isolation and session recording
• Involved in Saviynt (IGM), AAM (Application Access Management), EPM (Endpoint privilege Management) and PTA (Privilege Threat Analytics) implementation for CyberArk Integration. Worked on Password Upload Utility (PUU), REST API’s, PowerShell Scripts for automating CyberArk administration jobs. Engaged with CyberArk support for troubleshooting P1 issues on Production Vault.
• Integrated LDAPS, SMTP, ENE, NTP, RADUIS MFA, SIEM (Syslog), and SNMP (Splunk) with EPV for AD user authentication, email notification, time sync, two factor auth, Syslog, service monitoring respectively, Good experience in troubleshooting Windows servers, Networking issues, Debug CyberArk issues, read trace logs, and leverage CyberArk xRay tool.
• Experience in Installation, Implementation and performing upgrades on CyberArk Alero
• Experience in developing various REST API’s for CyberArk Alero for generating reports on vendors and users in the system. Experienced with vulnerability management tool, to resolve and mitigate various CVE’s and ensure systems are protected.
• Responsible for integrating AzureAD to CyberArk. Implemented Azure SSO with CyberArk login.
• P2 and P3 on call support for CyberArk issues. Good Communication skills, analytical skills, interpersonal skills.

Environment: CyberArk 10.x, 11.5, CyberArk Alero, LDAD, AD Integration, PSMP, PTA, EPM, AAM, UNIX, Firewall, IDS/IPS, SIEM, Rapid7, Symantec MSS LCP, VMware, ACS, DNS, TCP/IP, Saviynt, Splunk, SAML, RADIUS DUO, SAML 2.0, OAuth, F5 Load Balancer LTM/ GTM, and Network Security EPG’s

PAM Engineer

Confidential, IL

Responsibilities:

• Involved in gathering Technical Requirements from the client and worked closely with network team for requirements. Experience in Implementation and Installation of different versions of Cyber Ark Suite 7.0, 8.1.0 and 9.2.1.
• Experience in CyberArk Privileged Account Security product suite - Enterprise Password Vault, Password Vault Web Access, Central Policy Manager, Privileged Session Manager. Perform vulnerability assessments of Systems/Network device. Knowledge of Security tools likeCyberArk, IDS/IPS, SIEM, PIM, Cisco ASA Firewalls, ACS, NMAP, Nessus and Wire shark etc.
• ManagingCyber-ArkSecurity that offers any enterprise a wide range of services and support options to making digital vault solution a success; these services include implementation, consulting, training, maintenance, online support and vault.
• Implemented CyberArk CCP/AAM in Dev, Test and Prod environments, to eradicate credentials being hard-coded in scripts and various applications.
• Managed patches and upgrades for all CyberArk component servers in the environment.
• Worked on PAM Operational Tasks Defining Access Control, User Entitlements, Manage Applications Credentials and User Access Policy Management. Experience in performing Privileged Access Reviews, Compliance Reporting, Access Control Processes and other associated tasks with Privileged User Management.
• Implement application account management byCyber-Arkon Windows and Linux servers using AIM module. UpgradedCyber-Arksoftware version on the Production and DR vaults and pertaining CPM/PSM and PVWA. Troubleshooting and maintenance of the Password Vault, CPM, PSM, AIM, DR Vault.
• Migrate user accounts into Password Vault using Bulk upload utility. Experienced in Privilege Identity Management, Identity & Access Management, and Single sign On, SAML, OAuth, ADLDS, ADFS, OKTA, TLS/SSL, and Active Directory.
• Fixed Active Directory mapping connection to provision users and groups intoCyber-Arkvault and e-mail notification failures. Implemented AIM solutions to manage Windows and Linux application account passwords. Configured Auto-Detection processes to provision and manage Windows service accounts.
• Step up authentication for external users who are external to enterprise network and IWA for internal users. Migrated apps from legacy header-based approach to applications that are more standards-based approach like SAML 2.0, OAuth/opened connect.
• Experience with the implementation of DUO two factor authentication tokens for the integrated web service security in a SSO environment for the service provider applications highly skilled in Splunk to build, configure and maintain different environments and in-depth knowledge of log analysis generated by various operating systems.

Environment: Cyber Ark 7.0, 8.1.0, 9.2.1 PIM, LDAD, AD Integration, UNIX, Firewall, IDS/IPS, SIEM, Cisco ASA Firewalls, ACS, NMAP, VMware, Routers, ACS, DNS, TCP/IP, PingFederate Server 9.0,2, Splunk, SAML, Netegrity Siteminder v5.5, v6.0, 12x Web agents 5.x, 6.x, DUO, SAML 2.0, OAuth F5 Load Balancer, Network Security.

Security Consultant

Confidential, Germantown, MD

Responsibilities:

• Implemented CyberArk Privileged Identity management suite and session management suite for version 9.7. Prime in providing problem resolution to authentication issues to PVWA and directory sync problems. Worked on Cyber Ark Enterprise Password Vault and PVWA.
• Involved in gathering technical requirements and establish clear definition of clients CyberArk’s responsibilities and Maintenance. Experience in Implementation, installation and maintenance of CyberArk 9.5 PIM Suite. Primary point of contact for CyberArk Operational and Maintenance Tasks.
• Involved in gathering AOR PAM (Advisory Obstruction AL Requirements) for implementing CyberArk solution to control and audit access to privileged, Worked on NetIQ Access Gateway local and shared accounts such as local admin, Unix root, Oracle database accounts (SYS, SYSTEM).
• Utilized CyberArk PAS suite which includes Enterprise Password Vault, Password Vault Web Access, Central Policy Manager, Privileged Session Manager, Proxy and PACLI. Managed CyberArk Security that offers wide range of services and support including implementation, consulting, training, maintenance.
• Configured various platform policies in PVWA such as for privileged accounts, service accounts, UNIX (AIX, RHEL, and LINUX) and Oracle DB platforms. Creating personal safes for users and adding them to vault for privileged access to various servers. Integrated with LDAP, CyberArk and RADIUS Authentication to enforce security for PVWA authentication.
• Configured IDP initiated and SP initiated SAML profiles with different bindings like POST, Artifact, and Redirect as per the custom business and security requirements. Worked in SiteMinder environment using SiteMinder test tool and SiteMinder policy server log files and agent log files.
• Was responsible for system maintenance and adherence to compliance rules and also check the user level accesses via SailPoint. Privileged User Management working experience on CA PIM/PAM, CyberArk.
• Enabled services and applications with ADFS and SAML using CA API Gateway. Design, Implemented and troubleshot Layer 7 application API Gateways for Company wide application services. Gathered technical requirements and worked as primary point of contact for clients CyberArk Operations and Maintenance Tasks.
• Created IDP and SP connections for SharePoint apps, Java frame work, API based applications, jive-based applications; ADFS enabled apps, O365 integration and lot of third-party applications. Interacted with various business users to gather requirements to integrate various applications into CyberArk password management.
• Installed and Configured CyberArk security components EPV, CPM, PVWA, AIM, PSM, PACLI, Private Ark client. Involved in up gradation and installation of CyberArk version from 9.9.6 to 10.4 in test, prod and DR environments. I used ForgeRock to setup their IAM, MFA and SSO (Signal Sign On) Configure AD on Azure

Information Security Engineer

Confidential

Responsibilities:

• Installed, configured, and maintained Netegrity/CA SiteMinder Policy Server 6.X/12.X, CA IDM r12.x and Sun ONE Directory Server 5.2 on distributed platforms. Installed, configured Web agents, Netegrity Transaction Minder, Sun One Directory server (LDAP) with various Web & Application servers.
• Involved in the architecture and implementation of CA Identity Manager Solution for provisioning, delegated administration, workflow implementation and generating audit reports to be compliant with the security regulations.
• Involved in Designing infrastructure, documenting Identity manager requirements for migration to 12.5 from 8.0. Installed and configured PingFederate 7.0.1 with the existing SiteMinder environment and used LDAP authentication for the admin console.
• Updated Corporate User store with the expanded user base as a result of new business acquisitions by directory acquisition and Correlation schemas using custom attributes. Extensively used web services variables to facilitate federation of web services.
• Used custom attributes properties to track the information about the recipients of the application site. Created and updated the provisioning policies as per the change in the business environment using Policy Xpress. Implementing custom agents on SiteMinder admin console for PingFederate connections.
• Worked extensively on creating Custom Password policies and Authentication schemes as per the requirement.
• Configured CA SiteMinder policy server, framing Rules and Policies, Policy Server maintenance, SSO call clearance, Web Agent & Application agent installations, trouble shouted production problems.
• Involved in Migration of SiteMinder6.x to 12.x for advanced Load balancing, failover configurations and for facilitation of user impersonation. Installed, configured, and integrated Web servers (plug-in file), SiteMinder agents and LDAP user directory with WebLogic Server V10.
• Installed SiteMinder Policy Server Optional Pack and Web Agent Optional Pack for Federation web services. Configured SiteMinder web agents, Affiliate agents and RADIUS agents to provide federation of web services in the SSO environment.
• Configured user impersonation feature to enable Customer service department to provide a better service to the business clients. Experienced in assisting Web Administrators, LDAP Administrators to determine what the best values for SiteMinder parameters and tune the system to boost SiteMinder performance in the Web Tier, the Application Tier, and the Data Tier.
• Configured Ping Federate 6.x/12.x for SSO across multiple web-based enterprise applications. Performed user provisioning in Identity Provider (IDP) site Service Provider (SP) site using SAML for SSO, Experience with using Integration Kits and Token Translators for integrating identity enabled web services into SSO environment.
• Installation configuration and maintenance of RSA authentication manager 6.x for enabling token-based authentication along with the form-based authentication as a part of the security solution. Hands on experience with configuring IDP initiated and SP initiated SAML profiles with different bindings like POST, Artifact, and Redirect as per the custom business and security requirements.
• Worked on new Directory Server Schema's as per the needs of the business. Worked with existing user stores and new external LDAP stores. Integrated Active Directory & Sun One directory servers as user stores & SQL Server as Policy store. Experience in trouble-shooting the issues by analyzing the trace and TAI logs.
• Experience with using Wily and One view monitor for performance monitoring of identity management servers and components. Experience with performance tuning of policy servers and associated components and generating performance reports using customized crystal reports. 24x7 production support.

Environment: JDK 1.4/1.5, J2EE, JDBC, XML, SAML 2.0, CA SiteMinder 5.X/6.X/12.x, Sun ONE Directory Server 5.X/6.X, CA Identity Manager r8/r12, Tomcat 5.5, Apache 2.0, Wily Introscope 7.0/7.2, Solaris 8/10, Windows 2000/2003, Oracle 10g/11g, SQL Server 2005, DB2 8.X.