- Confidential has 1 1 years of total IT experience in Application Security (Identity and access management) primarily in Telecom, Manufacturing, Retail and Banking domains.
- He has experience in implementation and maintenance of access management solutions like CA Siteminder, Ping Federate, Ping Access, Ping ID, Oracle Access Manager, and Entrust Get Access.
- He has extensive knowledge in designing and implementation of Single Sign - On Solutions, Web based access control, SAML based Identity management solution, Multi factor authentication, Directory Server, and directory integration.
- He has experience in setting up Single sign on environment and providing access management solutions to multiple organizations.
- He has experience in enabling SSO for various web and mobile applications and providing different authentication solutions to them.
- He has excellent troubleshooting skills.
- Sun identity Management and IBM Tivoli Identity Management.
- OIM and OAM.
- Ping Federate
AREA OF SPECIALIZATION:
Single Sign: Ping Federate, Ping Access, CA Siteminder R12, Oracle Access Manager 10g, Entrust Get Access 8.x, RSA CT
Federation: SAML 2.0, OAuth, OIDC
IWA: Kerberos based authentication
DS: OUD, ODSEE, MS AD, CA DS
Web Technologies: Apache, IIS, Tomcat, Web Sphere, WebLogic
Incident management tool: Remedy 6, 7
Confidential, San Francisco, CA
- Successfully led the effort to set up alternate end point for Pinged Prod URL to allow request from external network.
- Upgrade PingFederate from 8.x to 9.1
- Working on Migrating internal application from Siteminder to Ping Access.
- Participating in analysis and planning for mobile app authentication and setting up OAuth/OIDC policy in PingFed with appropriate OAuth grant type.
- Setup PingOne for Mobile app development team to do POC.
Confidential, Plano, TX
Sr. Software Engineer
- Successfully lead the effort to upgrade Ping Federate production system from 7.3 to 8.3
- Successfully upgraded Ping Access production system from 3.x to 4.x
- Leading the effort to migrate SSO(Ping Federate and its component) from corporate data center to AWS.
- Setup PingID for 2nd factor authentication using mobile app and yubikey.
- Providing MFA(Multi factor authentication) solution to multiple critical application holding sensitive PCI data using Ping ID.
- Identifying the security vulnerabilities with the SSO system and provided fix.
- Setting up MFA for Unix and windows server login using PingID.
- Setting up radius server and radius based authentication for vault system.
- Provided L3 support for production issues and performed the role of SME for SSO.
Confidential, Bentonville, AR
Sr. Systems Engineer
- Worked on Application onboarding/integration with the access management platform and providing SSO solutions for web based applications using technology like Ping Federate 8.0 and RSA Clear Trust 6.2
- Integrating Ping Federate with provisioning connectors for applications like Box and working on strategy for provisioning and de-provisioning.
- Worked on migration of reverse proxy for application in DMZ and setting up authentication policy for new Reverse proxy using SAML 2.0
- Was key member in project for migrating application from TMG revers proxy to Blue Coat RP and was deciding on strategy involved to keep intact the SSO capability of the applications during migration.
- Worked on setting up Ping Access environment in walmart to replace it with their current SSO solution
- Providing on call support for high business impacting issues
Confidential, Vienna, VA
- Worked on implementation of Ping F ederate as access management solution.
- Installation of ping F ederate engine and Admin UI.
- Setting up the cluster for prod and non-prod environment.
- Configuring the IDP and SP adapters.
- Configuring Kerberos based authentication.
- Configuring composite adapter to select the authentication mechanism based on a defined rule.
- Make decision on type of integration to be used for different application i.e. SAML or Ping F ederate Integration kit.
- Integrating mobile application using SAML 2.0 or OAUTH.
- Setting up open token adapter for the application using different Integration kit.
- Worked on migrating applications from Entrust Get Access to Ping Federate.
- Worked as Tech Lead for support and maintenance work for Single Sign on and take the responsibilities for activity like upgrading the SSO system and integrating new application with Entrust Get Access using SAML 2.0 federation or using different webserver plugins.
- Troubleshooting critical issues reported by support team
- Meeting with external vendors and the internal application team to understand their use case and integrate them with Entrust Get Access solution.
Confidential, Tempe, AZ
- Developing Siteminder infrastructure and designing solution to integrate external and partner applications to provide authentication, authorization and SSO service
- Installation and configuration of CA Directory Server as Policy Store, Siteminder R12 Policy Server, Admin UI, Siteminder Web agent with option pack for Federation Services
- Installation and configuration of Apache with mod-proxy and mod-ssl and Siteminder web agents with option pack to integrate web application to provide authentication, authorization and SSO services
- Integration of third party partner applications using Siteminder as Identity Provider (IDP) and Service Provider (SP) using SAML 2.0 protocol to provide authentication, authorization and SSO services to Sales force and other SAML 2.0 compliance applications
Confidential, San Jose CA
Access Management developer
- Application onboarding/integration with the access management platform and providing solutions for web based applications using Oracle Access Manager 10g,CA Siteminder 6.0, Ping Federate 6.x, Microsoft AD’
- Installations and configuration of Siteminder Webagent and OAM webgate
- Creating policy in OAM and Siteminder for protection and unprotection of web application.
- Creating authorization policies in siteminder and OAM based on ldap attribute.
- Providing SSO between OAM protected and siteminder protected application by using ping federation
- Providing Kerberos based authentication to CISCO internal application
- Providing customized login form to the users.
- Primary contact for any Siteminder and OAM related issues.
- Infrastructure support and handling incidents for wireless and device authentication: using ‘Cisco Secure ACS 4.0’
- Infrastructure support and handling incidents for One time password authentication used in CISCO VPN authentication using Safeword Premier Access AAA
- Infrastructure support and handling incidents for password synchronization using PSynch
- Handling incidents for identity provisioning issues using Oracle Identity Manager