Results driven, reliable team player, quick learner, self - motivated and customer focused professional with experience as technology engineer, tech lead, systems analyst/consultant, developer, tech project manager and manager. Most recent professional experiences in Enterprise Application Integration/middleware space for over 12 years with exposure in a variety of platforms/software systems.
Senior Technology Engineer
- The last several months focused to large extent on Confidential Gateway enhancements in architecting/designing new features, helping on troubleshooting of issues/incidents, consulting in fixes and solutions to requirements from internal and external customers, and leading the Confidential team to comply with enterprise-wide IT security mandates such as enforcement of TLS 1.2 and stronger ciphers, migration from basic authentication to Confidential (Ping identity), and product evaluation and proof of concept testing for an enterprise solution for SSH key management (creations, rotation/revocation, distribution) with ability for self-service meant to ease customer onboarding (end-to-end process support)
- Designed and built the current enterprise infrastructure for XML/API Gateway (internal and in the DMZ) with migration from physical to virtual appliances with upgrade of versions, ensuring capacity for current traffic and future growth, ensuring scalability, adequate resiliency and high availability to minimize business disruption and to ensure business continuity. Ensured compliance with licensing conversions in consultation with Layer 7 (vendor of XML Gateway at the time, now a product of CA, a Broadcom company).
- Implemented log aggregation using syslog (send logs from each API Gateway appliance to syslog servers for consolidated and easier access of logs and monitoring/alerting). Streamlined application and server restarts/reboots aligned with maintenance schedules to ensure no outages
- Built and implemented a tool with sharepoint/infopath to streamline the customer intake process/onboarding process enhancing the ability to track and report/share status with built-in work-flow for reviews and approvals
- Designed and implemented a 2-way-SSL authentication and authorization solution to support Confidential ’s multi-family business integrate their salesforce.com based DUS Gateway with their backend on-premise data store via XML/API Gateway
- Built several policy segments (assertions) to standardize common functions such as alerting via email and events as SNMP traps to Enterprise Monitoring and Management, SOAP based policies with WS Security and SAML, proof of concept testing of OAuth based integration with salesforce.com using the API gateway as pass-through and integration of the gateway with Enterprise Service Bus-ESB/JMS
- Resolved issues with ICAP based integration of XML/API Gateway with Bluecoat Anti-Virus (AV) appliances. Required a lot of testing to identify root cause and resolution.
- Streamlines daily and monthly backup of appliances to jump hosts with monitoring
- Developed Technology Contingency Plan and served as primary resource for its implementation in out of regions data center
- Onboarded several integrations (REST and SOAP web services, internal and external)
- Helped to establish a common understanding and expectations of incident, change and problem management processes aligned with the enterprise procedures and policies through documentation and presentations to the customer base/internal application teams.
- Served as Subject Master Expert and primary contact for discussions, requirements analysis, solutioning, interaction/work with other teams in the enterprise to deliver e for enterprise-wide projects/initiatives. Supported major strategic initiatives with requirement of interfaces via XML Gateway (e.g. Pricing Execution - Whole Loans, Multi-family, Common Securitization Platform, eBonding/outsourced support functions to IBM)
- Supported TIBCO BW and EMS, Enterprise Service Bus (ESB), IBM WebSphere MQ, in-house built component services (Id, calendar, Dara Repository, File Sharing) and Data Caching Services using Gemfire
- Designed and implemented a knowledge base for support teams and FAQs to customers to ensure effective support, promote self-service, enable timely issue/incident resolution and change implementation/validation/testing, and reduce the learning curve of new team members
- Automated database cleanup to avoid performance degradation and downtime due to database growth
- Participated in the inception of the Gateway following the decision to build in-house with the goal of replacing the few gateways the enterprise has, supporting the same protocols used in the current MFT (AS2, SFTP, Connect Direct with Secure+) and Web Services/APIs by XML/API Gateway
- Participated in architecting, designing and developing the gateway infrastructure and application components. Scalable Infrastructure and software design to accommodate increased volume and high availability providing 24x7x365, with no outage during maintenance. Components are loosely coupled with TIBCO EMS topics and queues for inter/intra component messaging maximizing message receipt and delivery (separate components) on same host while providing the ability to other hosts to process in failure situations
- Evaluated/tested TIBCO’s MFT products with special focus on AS2 but also TIBCO’s solution for internal file transfers
- Evaluated /n software’s EDI Integrator (java) and IP*Works -ssh to support AS2 and SFTP protocols.
- Issued recommendation to use /n software because it’s cost effective, provides a rich set of features and enables the ability for easier and flexible integration with other components of the Confidential Gateway being built (generic HTTPs mainly for web services, integration with Enterprise Service Bus - ESB - SOA infrastructure).
- Led the operations team to build out and commission the Gateway’s infrastructure internally and in the DMZ; servers, load balancers, apache and tomcat domains and instances, integration with enterprise identity providers - LDAP and Active Directory based, define requirements for firewall and routing rules for communication from/to DMZ components, define pipelines for deployments to Gateway’s production and non-production environments (CI/CD - Jenkins)
- Defined and built URL, log file and process monitors for the gateway. Automated the creation of HP vuegen scripts for the initial 150+ URL monitors. Later, provided requirements and helped build a java based monitoring and automation tool to replace the difficult to maintain vuegen scripts. The tool can optionally send events to enterprise monitoring for ticketing/alerting, has built in scheduling of tasks, allows making web service calls and parse responses, push or pull files over ssh, etc.
- Led the effort to build and test the out of region (disaster recovery site) infrastructure mirroring the main site.
- Developed and deployed an automated shakeout testing of gateway components (AS2, HTTP/Web services and SFTP) using synthetic transactions to determine health/availability with significant reduction of time vs testing manually and greater accuracy/completeness
- Evaluated VanDyke’s SFTP server as alternative solution for file transfer to Windows servers. Had experience with the
- Provided technical guidance to client engagement, development, testing and operations teams. Served as Subject Matter Expert (SME) and lead
- Led the Confidential team’s effort to integrate Confidential Gateway with Decision Insight for Operations Dashboard (health and metrics),with ELK and Splunk for log aggregation and dashboards
- Coached and/or provided technical guidance to junior and senior staff members.
- Took initiative to define and build operational metrics during the first months after joining the MFT (FLEX) team. The metrics included statistics such as transfer volumes and sizes, for trend analysis, incidents by category, service usage/consumption by customer/application, resource utilization (memory, CPU, I/O, network) with the purpose of capacity planning.
- Redesigned, tested and implemented a set of process and log file monitors for MFT with full coverage to the supported applications and infrastructure. This effort took several months involving analysis of millions of log entries and a discovery process to ensure no critical events/exceptions are missed
- Major contributions in architecting, testing and building out the MFT’s new/current platform following capacity and scaling issues.
- Took initiative to spend own time to test one of the new infrastructure component applications: Synchrony Transfer - CFT meant to be the primary software to enable internal transfers between Confidential applications. Came up with optimal configurations in order to help the project team move beyond the uncertainty whether Transfer CFT delivers as promised by vendor and does it reliably
- Developed and executed proof of concept research and testing of new applications (Composer, Passport, Sentinel, Synchrony Transfer - CFT)
- Carried out functional and performance testing of the new infrastructure and its applications (Axway Gateway Interchange, Synchrony Transfer, Sentinel among others)
- Designed, developed and helped test new shell scripts. Examples: Switcheroo2 script to initiate about 80% of the total number of file transfers transported by the platform on a daily basis, startup/shutdown scripts for when servers are reboot for all supported applications
- Designed, developed and tested SNMP trap based alerts for the new infrastructure: Correlated events sent as SNMP Traps from Sentinel to Enterprise Monitoring and Management
- Installed and configured almost all component applications on the new infrastructure servers (Gateway Interchange, CFT, Sentinel, Composer, Passport). Wrote detailed installation and configuration instructions of these components
- On-boarded several internal (A2A) and external ( Confidential ) file transfers over company preferred protocols (AS2, AS1, NDM/Connect:Direct and SFTP)
- Provided solutions to operational challenges and technical issues in the form of development of new or improved processes, or development of tools for automation
- Provided Level 2 production support in 24/7 environment with primary and secondary on-call duties
- Performed Proof Of Concept (POC) testing of for integration of B2Bi with WebSphere MQ
- Wrote design basis for a tool intended to provide internal applications to submit file transfer requests as web service calls and inquire the status of those transfers to enable them automate their end-end processes
- Member of a small team charged with building out Confidential ’s SWIFT platform environments (DEVL, INTG and 3 Production sites) in collaboration with other Confidential teams (network engineering and operations, information security, hosting, enterprise monitoring, platform support/IBM, etc.) and SWIFT. The platform uses Alliance Web Platform (AWP), Alliance Access (SAA) and Gateway (SAG). Back-office integration SOAP based, outsourced to Wall Street Solutions (WSS). The team installed, configured, tested and commissioned AWP, SAA and SAG/SNL, including HSMs (Hardware Security Module - Luna )and PED (Pin Entry Device) workstations.
- Helped define the security requirements for SWIFT and led implementation/implemented solutions;
- Defined roles/entitlements mapping to SWIFT entities/actions/permissions
- Ensured secure access to firewalled SWIFT servers via bastion servers, CITRIX and authenticated HTTP proxies for user interface (as an interim solution, final solution was using CyberArk)
- Helped implemented CyberArk (with Radius based 2-factor-authentication, password vaulting and PSM - Privileged Session Manager - for session isolation, monitoring and control of privileged accesses). Radius was later replaced with Duo.
- Defined and implemented access management procedure, end-to-end, integrated with the enterprise sailpoint based Identity and Access Governance with manual provisioning of access in SWIFT but with automated daily feed to IAG to update identities and grants/entitlements
- Defined and implemented feeds to Enterprise Information Security Operations (SecOps) to provide them with critical SWIFT events from AWP, SAA, SAG/SNL .. syslog feeds provided to SecOps’ ArcSight servers
- Developed and implemented scripts for startup of SAA, SAG/SNL and AWP including taking backup and archiving over to 2 other production and DR sites, extract SAA and AWP events to send to SecOps
- Defined requirements for a tool (built in java) to perform regular health check of the SWIFT platform with test messages, perform integrity checks, etc. The tool is also used to perform export of operators and profiles from the main production site and import to the remaining 2 production and DR sites. It also provides a daily feed to the Confidential enterprise Identity and Access Governance (IAG) system to ensure access granted are as approved
- Wrote knowledge articles for use by the Confidential SWIFT support team
- Provided support to Confidential business and WSS
- Provided limited technical support to the Confidential and WSS teams implementing Sanctions Screening, specifically as related TLS s and 2-way-authentication between Confidential and WSS
- Linux (Redhat, SuSE) and Windows. Integrations with AIX, IBM Mainframe, AS/400
- Axway Gateway Interchange (currently called B2Bi), Axway Synchrony endpoint Activator, Transfer CFT, Secure Proxy, Passport, Composer and Sentinel
- IBM Sterling Secure Proxy (SSP), External Authentication Server (SEAS), Configuration Manager (SCM), Connect Direct with Secure+ and FileAgent
- Apache, tomcat, weblogic, webgate and pingaccess apache plugins, Oracle databases, SQL Developer, TOAD, CITRIX, CyberArk for management of privileged access, sailpoint (access governance, compliance and automated provisioning), ArcSight
- /n software EDI Integrator (java) and ip-works-ssh (java), McAfee VSLE and ENS (end point security)
- TIBCO BusinessWorks (BW), TIBCO Enterprise Message Service (EMS), Enterprise Service Bus (ESB)-SOA built with TIBCO BW with EMS
- CA XML/API Gateway, Enterprise Service Monitor (ESM), Bluecoat proxy AV
- SWIFT Alliance Web Platform (AWP), Alliance Access (SAA), Alliance Gateway (SAG) and SwiftNetLink (SNL)
- LDAP, Active Directory, Role based Access Management (RAM), Autosys
- ELK, Splunk and Axway Decision Insight. In the process of initiating use of moogsoft
- ServiceNow for Incident, change, problem management and for records of configuration items
- Jenkins for CI/CD, SVN for versioning
- Some familiarity with BIG-IP F5 load balancers, networking, DNS, Limited UNIX administration (due to admin function for API Gateway physical and virtual appliances), Virtual Infrastructure/VMWare, zscaler proxy
- Several small/large tools ssh to UNIX hosts (Putty, SecureCRT), Exceed X-Server with SSH X11 Tunneling, MS Visio, MS Project, Atlasian JIRA, Kanban (for work items), Confluence (for team collaboration, document sharing/Knowledge base/FAQs/Self-help),
Technical Project/Program Manager
- Successfully delivered numerous projects and enhancement requests involving implementations interfaces (Managed File Transfers/batch - A2A and Confidential using Encryption Gateway Services (EGS), Ab Initio and Trading Partners Gateway (TPG) for file transfers over SFTP, FTP and Connect Direct, and web services) for significantly large projects such as:
- Interfaces with Equifax (Web services): for credit verification and reports
- PeopleSoft HR and PeopleSoft Financials: 200+ batch interfaces
- Oracle based Distribution/Logistics: about 100 batch interfaces with over 15 of them involving transformations with Ab Initio)
- Unified Billing Program with Ensemble/AMDOCS: 50+ batch interfaces.
- Configured Encryption Gateway Services to allow file transfers between Confidential Applications and Trading Partners as well as transfers among Confidential internal applications based on project/request requirements. Source/target platforms on UNIX, Windows, AS/400, Mainframe, Desktop/Laptop
- Architected and managed development of an application (File Transfer and Transformation Management System) to automate manual steps of on-boarding managed and secure file transfer and transformations. Software is used to serve as central repository of interface information and configuration, and to support processes from project engagement through production deployment, including automated deployment of configurations, keys and scripts to test and production environments. project of own initiative: secured management buy-in and funding.
- Project benefits from time savings in information gathering, project tracking and reporting, and follow-ups/communication with customers/vendors at the different stages of project lifecycle
- Provided design and assisted in development of software
- Defined, documented and implemented processes and tools for application release management, project engagement, project cost estimation, end-to-end process flows for on-boarding and configuration of secure file transfer interfaces (A2A and Confidential )
- Developed technical and user guides/ manuals for client/desktop/laptop based managed and unmanaged file transfer and transformation services
- Developed enhancements to file transfer and transformation service platform to eliminate time consuming ad-hoc development requirements: to allow unlimited file destinations/deliveries from a single source file, suppression of empty files from reaching destination and file format conversions
- Developed customized scripts (UNIX and Perl) for several secure file transfer interfaces and regular tasks such as clearing MQ messages, removal of old and unresolved files, archival of transfer history/file transfer audit trail
- Implemented message driven file transfers using MQ and Metastorm process monitor: define local, remote and transmission queues and triggers
- Developed Ab Initio graphs for parsing and processing distinct XML files into text files for logistics process with UPS
- Developed source-target mapping and transformation rules for Ab Initio transformation
- Maintained several java components of the EGS system and implementation of changes to respond to changing business requirements
- Developed message-to-file and file-to-message scripts for file transfers between applications consuming files and messages
- Set up automated file transfer jobs using Autosys, control-M
- Developed numerous reports, queries and data extractions from databases using PL/SQL, SQL, Crystal Reports for project status, ad-hoc analysis of historical and current data, and project financial performance reporting for management/operations reviews and data warehousing
- Participated in recruitment of new team members
- Coached junior developers and project managers
- Solaris, AIX, HP-UX, Windows, Mainframe
- IBM Websphere MQ, IBM Process Modeler
- Oracle, TOAD, SQL Developer
- Java, UNIX Shell Scripting, Perl
- McAfee PGP, GlubTech FTP SSL, Tectia SSH, Sterling Connect:Direct, Ab Initio, Telelogic Synergy, Mercury Quality, Telelogic DOORS, Autosys, Control-M, Crystal Reports, BusinessObjects, Eclipse, Tivoli
- EGS, TPG, EGS Lite - in-house built
- VanDyke’s SFTP server for Windows
- Designed, implemented and maintained SQL based database for an application (Territory Management - COMPASS): a multi-lingual CRM like application with cost savings in millions to the business over the life of the system. Application is used by territory managers, a few thousands worldwide. Development included triggers, views, stored procedures and data replication and synchronization between offline use/laptops and central database using XML import/export. Front-end developed using VB.NET
- Developed backend database (Oracle) for a web enabled application (Retail Assets Management System), ASP.NET. Application intended to help manage retail investment projects and assets
- Developed hundreds of reports and forms as part of Enterprise Resource Planning (ERP) implementations in several countries - Invoices, check forms, receivables and payables analysis, and financial report for corporate and statutory reporting
- Designed, developed and administered application and SQL databases for coupons and transporter invoices management systems: both delivered efficiencies in terms of accurate tracking and status of sold and redeemed coupons, pending invoices with controls to eliminate losses
- Migrated databases from Oracle to MS SQL
- Management: hiring, team development, supervision in areas of IT service delivery/operations, account management, Security and Controls, projects, infrastructure
- Technical Project Management: delivered several software development and infrastructure deployment projects):
- Planning and budgeting for Americas (USA, Canada and Latin America): Operational and project budgets including stewardship of budget and performance reporting/scorecards
- Systems Analyst/Process Improvement Specialist: implemented and supported ERP systems: SAP, JDEdwards. Sage ACCPAC, SUN Systems