SUMMARY:

• Over 14+ years of experience in IT Industry and performed roles as Sailpoint Consultant, Information Security Consultant, IAM consultant, Cyber Security Consultant, Risk Remediation Analyst, Vulnerability Analyst, Business System Analyst and Quality Analyst.
• Experience in Identity and Access Management, Firewall Remediation, Application Vulnerability hardening, Server Vulnerability hardening, Database Vulnerability Hardening, Active Directory hardening and Data Migration Management.
• Experience with tools like Qualys, BladeLogic, Imperva, White hat, Fortify, App Scan, Firemon for Data Analysis and implemented in respective modules.
• Experience with Threat and Vulnerability Program, IT Security Risk Program, Risk Automation & Remediation Program and Quality Management.
• Experience in Application Security, Vulnerability Assessment, Penetration Testing, Risk Assessment, Risk Management, Incident Management and Cyber Security analysis.
• Managed projects for design, configuration and implementation of Sail Point IIQ, including coordinating with vendor leadership, technical services leadership, and end user customers.
• Understanding of directories (AD/LDAP) and group structures, policies etc, SAML 2.0, Frame set up for enterprise level Role mining, Role Based Access Control (RBAC), Multi Factor Authentication (MFA), Single Sign on (SSO), PAM (Privileged Account Management)/ (Privileged Identity Management), Entitlement Management and Identity Management.
• Excellent knowledge and experience in implementing user provisioning credential management, workflows, forms, application integration, connectors, reports and roles.
• Provided use cases and business processes for support groups on role, entitlement, provisioning and de - provisioning.
• Established standards, designs and implementation of appropriate identity and access management processes and controls which help improve operations and lower risk.
• Performed data analytics to ensure data is accurate prior to staging and activating certifications.
• Provisioning and access governance experience with and understanding of security on systems such as AD, LDAP/Unix, Oracle and manual provisioned applications.
• Direct provisioning using direct connectors for integration of target applications.
• Performed Integration with multiple applications such as AD, Exchange, RDBMS, and Flat File & LDAP.
• Excellent knowledge in profile-based security, structural authorizations, Central User Administration, Governance Risk and Compliance, troubleshooting user level problems to properly access the servers and Provide IT risk management consulting

TECHNICAL SKILLS:

Security & IAM Tools: Sail Point Products / Symantec DLP / CyberArk / End Point Protection / Enterprise Directory Services, FireEye

Tools: and Applications: Palin ID, Ping, Identity Manager, Active Directory, Nepuny, Splunk, BMC, Siebel CRM, MS Dynamic CRM, JIRA, Candor, SONIC, GRC Archer, Qualys, Cmdb, Rally, ALM, MS SharePoint, Qlik View..

Management tools & Operating Systems: Quality Center (ALM), Windows, BMC (Neptuny & Addm)

Languages& Protocols: SOAP, Salesforce CRM, Siebel CRM, Mobile Complete, Perforce, Bugzilla.

Automation & Scan Tool: Hammer call Master, QTP, Qualys

Version Controls: Visual Source Safe, Rational Clear Case

Database: Oracle8.0/8i/9i (SQL, PL/SQL), SQL Server, SQL, TOAD.

PROFESSIONAL EXPERIENCE:

Confidential, Reston VA

IAM and Information Security Consultant

• Worked on Validation of Sailpoint Migration, Plain ID implementation, CyberArk Updrade, Symantec DLP, End Point Protection, FireEye, Ping Identity and Cloud Implementation Projects.
• Implemented Sailpoint as per the functional and non functional requirement
• Worked on RBAC, certifications and other modules in sailpoint
• Kickoff the retirement process for all the migrated applications tools.
• Support in Analysis of the business requirements and present design review to estimate the timeline required to complete the project
• Work closely with SailPoint architect and engineers for design and solution architecture Implementation of Self Service feature of SailPoint IIQ.
• Implementation of Password features (PTA, forgot password, Change Password) of SailPoint IIQ.
• Familiar with Access Governance and Compliance, with knowledge of engineering SODS.
• On boarded various applications like delimited file, AD, JDBC etc.
• Implemented provisioning, de-provisioning and other related functionalities for new application
• Developed Build Map rules, Pre-Iterate rules and Customization rules.
• Configuration and development of SailPoint Life Cycle Events (LCM).
• Build and Configure SailPoint in-built tasks like aggregation, ID refresh, schedule tasks, correlation, etc.
• Documented the IT security and identity management environment to include processes.
• Involved in creating custom reports, certifications to cater various data feeds.
• Developed Delegation rules, customized certifications to send email notifications as per client needs.
• Development of custom workflows with multi-level approval and time-based escalation for Approval process, self-service, profile update and changing the profile of User and Group modifications.
• Involved in design and implementation of IdentityIQ solution in configuring Active Directory, and Shared Folders.
• Design complex exclusion rules, correlation and data loading tasks in Identity IQ.
• Involved in all phases of testing from creating test cases to sending the reports for validation approvals.
• Using Form Models Concept creating the Identity IQ objects like Quick links, Forms, Rules, and Custom Objects to design the workflows.
• Design correlation and data loading tasks in IdentityIQ.
• Designed and deployed Identity & Access Management solution to improve user experience, meet compliance, and reduce costs.
• Plain ID is replaced with CAM OES
• Validated Symantec DLP and End Point Protection in multiple projects
• Verify Design and validate new modules into existing applications.
• Transition to SailPoint for provisioning and use ping platform for access control.
• Active Directory integration will be verified.
• Validation of authorization and authentication in servers.
• Handles Tier 1 or server support involving application owners and remediated vulnerabilities.
• Coordinated and used Fireeye, Zscaler, RSA (analytics,enVision, IAM), PaloAlto network devices, and Splunk for granular analysis and visibility.
• Researched on tool like CyberArk, WireShark and Tivoli line of products
• Validate plain id tool in non production environment.
• Validation of TPI integration with SailPoint IIQ.
• Validate platform resiliency and enhance as needed.
• Provide platform maturity process improvements and upgrading the platform.
• Working on upgraded versions of IAM tools like sailpoint, plain ID and application integrations.
• Validate the CyberArk in non production environment against the list of functional requirements provided.

Confidential, Boston MA

E2E Migration Consultant and Risk Analyst

• Working on system End to End on Migration
• IT Risk findings management and remediation
• Worked with Risk Owners/management on agreed remediation activities
• Reviewed and supported implementation of Risk Treatment Plans (RTP)
• Reviewed system logs and reports from security systems, worked with system team members to resolve potential security issues
• Proactive team player with demonstrated problem solving ability.
• Developed executive and detailed reports of risk assessments performed
• Kickoff the retirement process for all the migrated applications tools.
• Validation of fail over servers will have the ability to connect to primary or secondary oracle database.
• Perform end to end validation of work streams of outlook migration and one drive migration.
• Provide a system where Security Vulnerability data will be aggregated and correlated with assets.
• Assist Line of Business(LOB) with the necessary information to make risk decisions.
• Assist with KRIs and risk ranking of Vulnerability.
• Move from a manual to automation process which will improve the accuracy of metric and remediation reporting .
• Validate the environment against the list of servers to confirm if the middleware versions got upgraded properly.
• Collecting evidences of current server configurations details for the list of impacted servers.
• Validate IRM plan execution, evidence, exceptions and Monitor data privacy compliance
• Prepare and execute on annual compliance validation plan for high risk assets
• Promote use and appropriate level of detail maintained in compliance tracking tool per business unit requirements
• Accomplished server change requests using ServiceNow ticketing system
• Contributed to the company Change Process standardization
• Maximized customer satisfaction by ensuring SLAs are met during a Change Request
• Trained team on the Change Management Process
• Central point of reference for other teams and customers for Change process and procedures
• Analyzed Change requests per SLA and importance
• Owned project milestones and drove them to completion in accordance with the budget and time constraints specified.
• Worked as SPOC for all communication channels with Client and updated stakeholders regularly on project status.
• Ensured effective quality control processes to monitor the quality of deliverables.
• Worked proactively on identifying, analyzing, measuring and managing project risks.

Confidential, Houston TX

Vulnerability and Cyber Security Consultant

• Performed risk identification and risk mitigation activities, control documentation and testing, and processes to evaluate and improve control documentation and security baseline controls effectiveness
• Conduct Vendor Risk Assessments for New Projects to align vendor applications with client security policies
• Conducting Project Security Reviews, security requirements and design reviews to implement security at Concept & analysis phases in SDLC
• Conducting periodic Security Risk Assessments for High Risk applications
• Create threat models using various attack scenarios.
• Conducting source code reviews with automated tool Fortify for short time
• Perform application vulnerability scans using commercial automated vulnerability scanners..
• Report Vulnerability findings to Application owners and helping them in remediation of vulnerabilities
• Used GRC tool for vulnerability management workflows and risk assessments
• Imparting security awareness training to new joiners as part of induction program.
• Assisting senior management and stakeholders with security requirements and concepts to complete Risk Management activities
• Training/mentoring junior resources and managing the team.
• Contributed in preparing VAPT test cases, approach documents
• Developed executive and detailed reports of risk assessments performed
• IT Risk findings management and remediation
• Worked with Risk Owners/management on agreed remediation activities
• Assess / document risk levels and gain consensus for the level of risk posed to the security of the IT environment.
• Report IT risk action plan progress.
• Maintain incident response plans. Monitor IT risk.
• Responsible for day to day execution of Enterprise risk acceptance/mitigation process
• Triage of escalated priority incoming security events, perform preliminary and secondary analysis, validate events, create war room to conduct incident management and event resolution with internal security and network engineering teams
• Validation of DR activities in sharepoint site.
• Proactive team player with demonstrated problem solving ability.
• Developed executive and detailed reports of risk assessments performed
• Worked with Risk Owners/management on agreed remediation activities
• Performed Production Application Support
• Trouble shouted and resolved application issues escalated from end users.
• Analyze application data to assess performance and uncover problems.
• Consistently Provided application and system support for several internal applications.
• Validation of the application metadata update through TPI.
• Validation of entitlement Lifecycle Management Workflows for metadata request and approval.
• Validation of Application Role Governance.
• Developed executive and detailed reports of risk assessments performed
• IT Risk findings management and remediation
• Worked with Risk Owners/management on agreed remediation activities
• Responsible for Identifying risks, Executing, closing.
• Understanding Existing Design and Change/redesign the logic to accommodate the changes required by client.
• Validation of SOD policies.
• Validation of transfer certifications.
• Validation of entitlement and roles reports.

Confidential, Houston, TX

Security and Sailpoint Analyst: IAM/ IDM Program

• Designed and implemented Access Certification, Automated Provisioning and Governance aspects of IIQ.
• Rewriting the workflows to encompass the new way of provisioning. Restructured the entire product to reflect direct provisioning across a large number of applications
• Led a team to develop connectors for new applications including SSAE16, SOX and high risk ranking applications using SailPoint Identity IQ .
• Wrote policy rules to ensure SOD, and written new workflows to reflect business needs.
• Built a customized task to generate manager certificates in bulk to improve the Technical and Functional Acceptance Testing (TAT/FAT) process efficiency.
• Involved in knowledge sharing sessions for SailPoint Compliance Manger component and involved in creation of design documents, code reviews and statement of deployment methodologies for the clients.
• Preparing Audit reports for monitoring the SOD conflicts using Control Software International (CSI) Tool.
• Execute (SailPoint IIQ) test cases through multiple launches and to include development and test environments.
• Implemented Identity-aware applications using Windows Identity foundation (WIF).
• Assist in updating (SailPoint IIQ) workgroups.
• Monitor SailPoint IIQ product functionalities.
• Provide a system where Security Vulnerability data will be aggregated and correlated with assets.
• Provide project management support across multiple security work streams
• I will go through SSAE16 data and understand it and provide the inputs to client and development the project.
• Gather data from so many sources to fill the gaps and develop the dashboards with automation tools such that client can access it and resolve it easily.
• Reviewing and validating requirements document, use cases, pain points/issues, and UML diagrams for the current as-is and the to-be system - Sail Point and doing GAP analysis on the datasets.
• Understanding the Authorization, Authentication and Elevated access model of different applications and designing the Questionnaire for application on-boarding.

Confidential, Houston TX

Risk Remediation and Vulnerability Analyst

• Performed Data Analysis and Implemented Firewall Remediation, Application Vulnerability hardening, Server Vulnerability hardening, Database Vulnerability Hardening and Poodle, Freak, Beast Vulnerability Hardening.
• Responsible for day to day execution of Enterprise risk acceptance/mitigation process
• Product Similar to RSA Archer to perform Vendor Risk Assessment Validation and report on mitigation / remediation activities and many more modules to perform remediation.
• Collaborate with IT Security team members, security architects and subject matter experts to identify risk remediation and mitigating controls.
• Data Analysis on Threat Vulnerability Management (Qualys) for App, Server and DB vulnerability, Sail point (Identity Management)
• Performed Third Party Risk assessments as part of the vendor evaluation process, including SSAE16 reviews
• Getting requirements from client on Entitlement and access data from Sail point.
• Responsible for data analysis in various sources such as Qualys, BladeLogic, Imperva, White hat, Fortify, Cmdb, Gear for Compliance and Non Compliance.
• IT controls required for SOX compliance including Access Control, Change Control, Data Management, IT Operations, Network Operations and Asset Management
• Prepared and Implemented Keys modules like Risk Register, Threat and Vulnerability Management, DLP, Termination dashboard, 3rd part, Vendor Management and so on in GRID.
• IT Governance, Risk, and Compliance (GRC) management
• Reviewed and supported implementation of Risk Treatment Plans (RTP)
• Performed risk identification and risk mitigation activities, control documentation and testing, and processes to evaluate and improve control documentation and security baseline controls effectiveness
• Implementation of Information Risk Management (IRM) processes using a GRC tool like GRID and Archer
• Worked on reports from archer and Scorecards, dashboard from GRID
• Worked on Setting and Patches for Systems, servers, Applications and Database to remediate vulnerabilities.
• Revalidated active legacy firewall rules and sunset of inactive legacy firewall rules.
• I worked on Keys areas like IAM, Vendor Risk Management, Risk Register, Risk Remediation, DLP, Termination and Outage Dashboard.
• Report on the state of risk and compliance management and Coordinate and remediate audit findings
• Analyzing large Role datasets (900K records) and user profile data (1400 users) using MS Excel and Access functions like Pivots, VLOOKUP, Query designer and make recommendations for streamlining existing process and creating role management standards.
• Leading and managing a team to on-board existing Confidential applications on to Sail Point, and conducting multiple data validation efforts to complete the on-boarding process.
• Performed Third Party Risk assessments as part of the vendor evaluation process, including SSAE16 reviews
• I will go through SSAE16 data and understand it and provide the inputs to client and development the project.
• Getting requirements from client on Entitlement and access data from Sail point.
• Contributed to the creation of IT and Information Security policies and standards
• Worked on Shell Scripting and Proactive team player with demonstrated problem solving ability.
• Use RSA Archer to perform Vendor Risk Assessment Validation and report on mitigation / remediation activities
• Implemented changes effecting rules in Palo Alto, ASA and Checkpoint firewalls.
• Used Firemon, for subnet issues resolution within network.
• Responsible for data analysis in various sources such as Qualys, BladeLogic, Imperva, White hat, Fortify, Cmdb, Gear.
• Worked with Candor, SAILPOINT, SONIC, Splunk and GEAR for Data Analysis.
• Worked on Keys areas like Risk Register, Threat and Vulnerability Management, IT RISK & SECURITY SCORECARD, DLP, RISK RATING, Termination dashboard, Active Directory, Pen Testing and VALIC Dashboard.

Confidential

Business System Analyst

• Interaction with client and gather requirements and understand the business impact of the requirements.
• Providing high level estimates and design document creations.
• Will be involved in formulating high level system requirements, creation of detail functional specifications
• Understanding Existing Design and Change/redesign the logic to accommodate the changes required by client.
• Ensure production team/account managers deliver & release final content packages within agreed Pfizer SLAs, and complete timely execution of RCA documentation to the clients’ Vendor Ops Team.
• Responsible for Business analysis and requirements gathering in Agile development methodology.
• Analyse and resolve operations business/systems issues; Liaison between business and IT.
• Conducting design workshops and gap analysis, Co-ordinate technical walkthrough sessions, Functional test case review, Production validation / shake out OR Identify Critical Workflows and Prepared Business Acceptance Criteria based Epics, User Stories, Use Cases and BRD’s
• Worked with testing team in developing the test plan, test conditions, test cases based on business requirements, technical specifications and Business Sign-Off after deployment.
• Involved in Brainstorming sessions and facilitated meetings and Joint Application Development (JAD) sessions with business stakeholders and technical units to generate innovative ideas and functional requirements.
• Preparing the Project Plan and Estimation and getting it approved with the client.
• Designed the business requirement collection approach based on the project scope and SDLC methodology.
• Conducting weekly calls with the client and resources to Monitor and Track the project.
• Created data mappings to extract data from different source files, transform the data using filters, expressions and Lookups then load to Oracle data warehouse
• Validating the mappings, generating & loading the Data.
• Responsible for all the Deliverables and Team co-ordination.
• Defect Tracking, Documentation & Client communication.
• Client interaction & Daily Status call with onsite/offshore team.
• Ensure deliverables are prepared to satisfy the project requirements.
• Effectively communicate project expectations to team members and stakeholders in a timely and clear fashion.
• Understanding Existing Design and Change/redesign the logic to accommodate the changes required by client.

Confidential

System and Quality Analyst

• Worked as SPOC for all communication channels with Client and updated stakeholders regularly on project status.
• Ensured effective quality control processes to monitor the quality of deliverables.
• Worked proactively on identifying, analyzing, measuring and managing project risks.
• Will be involved in data feed analysis and data migration.
• Gather data from so many sources to fill the gaps and develop the dashboards with automation tools such that client can access it and resolve it easily.
• Provide written reports and give presentations to Upper Management to explain system solutions and potential business impacts.
• Used the software development lifecycle, SDLC (requirements, design, implementation, testing, deployment and maintenance) to manage, track the progress of multiple projects, complete and deliver assigned projects
• Successfully designed and implemented new enterprise quality assurance tool, Application Lifecycle Management (ALM)
• Used strong oral and written communication skills to interact with Senior management, global business clients, process owners, and end users on a daily basis
• Responsible to work with business user to review the global template to identify gaps.
• Co-ordinate with SME / Client business team for further review and coverage.
• Identify the new BCRs (Business change requests) that will affect the test cases and coordinate with team in testing it for the new release
• Execution of Regression suite and BVTs in Development, UAT & Production environment as per enhancements.
• To understand the functionality of the application/module and develop test plan accordingly.
• Reviewing the Test Scripts of other team members. Working on Change Management (VSStool)
• Regression and Sanity Testing. Reporting Bugs using Bugzilla defect tracking system.

Confidential

Senior Software Engineer

• Understand the Client requirement and do the fit gap analysis.
• Prepare the Functional Requirement Document.
• Manually testing to ensure the Creation\Modification\Enhancements made in them are in according to the client\user requirement as part of upgrade in 3 different cycles like SIT, Integration and Pre Production.
• Worked on Agile methodology to implement projects.
• Manually Testing SQR programs (Reports, Processes and Interfaces)
• Preparing the test cases on every construction projects, which includes construction location, applicant details, details of construction works and agent information.
• Preparing System Integration Test Plans
• Participating in Weekly & Monthly Status Meetings
• Setup and Validated test data in QA environment being used for Testing. Executed all the test scripts manually and documented result in Quality Center by coordination with other areas.
• Analyzed existing software systems for technical issues and ensured that they were handled immediately to minimize downtime
• Monitor application systems by ensuring regular scrutiny of reports and note any problems that may cause downtime
• Assigned the tasks of identifying and diagnosing system failure and application issues
• Worked closely with the developers of applications to advise concerning changes on system-levels.
• Made effective and much appreciated suggestions for changes in the system applications, and gave expert advice as to proper operation.
• Trained end-users by means of verbal personal instruction and specially designed documentation.
• Worked productively together with the engineering and customer-support departments and teams.
• Involved in regression testing and analyze data for feature and selecting testing environment and platform for relevant regression testing. Provided inputs and recommendations on issues during testing and worked with technical and Business user for defects been identified during testing Communicated to management progress via daily status/defects meetings and reporting.
• Actively Involved in Interactive Voice Response (IVR) testing using Hammer Call Master for English and Spanish Language.
• Using Hammer Call Master, I create new test scripts and maintain the existing automated test scripts that are used to test the core functionality of the IVR voice system for every release.
• Responsible to schedule, run and report the results of the tests using Hammer Call Master.
• Responsible for complete Configuration Management of IVR.
• Creating a project taking a specific functionality of the IVR system with one or more call flow diagrams that are made of icons in the graphical editor using Hammer Call Master Client.
• Creating and updating the automation grammar files according to the new changes.
• Generating the new test scripts with Hammer call master client and servers.
• Identify the new BCRs that will affect the automated test scripts and implementing the changes to the respective scripts.
• Update, maintain and generate the existing automated test scripts in Hammer call master according to the new changes.

Confidential

Software Engineer

• Developing micro level testing plans and implementing test strategies as defined by architects
• Building test management tools and tracking bugs
• Reviewing test plans to ensure that the testing meets quality standard
• Setting testing environment and improving quality systems
• Responsible for test automation and deliverables
• Reporting Bugs using QC defect tracking system.
• Ensured that SDLC processes included secure software development practices and appropriate gating structures that enforce them.
• Actively Involved in Telcordia Billing System testing using Mobile Complete
• Prepared Daily/Weekly and monthly status reports.
• Analyzed user requirements, specifications & models for testability. Created Test Plan, Mapping the Requirement & Created Test Run.
• Involvement in Test Execution, Defect Reporting and Re- testing
• Involved in carrying out unit testing, parallel testing, integration testing and user acceptance testing for entire life cycle.
• Tracked, logged and responded to support tickets. Performed user account maintenance, managed incidents and provided resolution for end-users technical challenges. Troubleshoot hardware/software issues.
• Ensured that complex defects and problems were resolved through production releases and upgrades.
• Researched and documented program errors. Recorded all issues in the CRM software system.
• Prepared Test plans and test cases based on client s requirements in Mercury Quality Center
• Understand the Client requirement and do the fit gap analysis.
• Prepare the Functional Requirement Document.
• Worked on Agile methodology to implement projects.
• Manually Testing SQR programs (Reports, Processes and Interfaces)
• Participating in Weekly & Monthly Status Meetings
• Analyzed existing software systems for technical issues and ensured that they were handled immediately to minimize downtime
• Monitor application systems by ensuring regular scrutiny of reports and note any problems that may cause downtime
• Assigned the tasks of identifying and diagnosing system failure and application issues
• Worked closely with the developers of applications to advise concerning changes on system-levels.
• Made effective and much appreciated suggestions for changes in the system applications, and gave expert advice as to proper operation.
• Trained end-users by means of verbal personal instruction and specially designed documentation.
• Worked productively together with the engineering and customer-support departments and teams.