- Senior Security professional with experience in architecting, deploying, developing, enhancing and supporting Identity & Access Management (IAM) solutions including Single Sign - On (SSO), User Provisioning, Identity Workflows, Application Access Control, Attribute-Based Access Control (ABAC), Role-Based Access Control (RBAC), Privileged Access Management (PAM), WS-Security, Web Security, LDAP Directories, Federated Identity, Security Infrastructure, XML Firewall, Multi-Protocol Gateways, Authentication and Authorization technologies.
- Experience in software development lifecycle including analysis, design, development, deployment, testing, documentation, and maintenance of client-server, Web, e-commerce, and Service Oriented applications.
- Working knowledge of Java/J2EE, WSDL, SOAP, UDDI, Oracle Databases, XML, PERL, Shell Scripting, C++, Weblogic, WebSphere, Apache, and JBoss under Unix, Solaris, Windows and Redhat Linux.
- Leadership qualities, strong interpersonal skills, ability to manage software and information security projects.
IAM Tools: CA SiteMinder 3.x, 4.x, 5.x, 6.x, 12.5x and 12.8, CA Identity Manager, CA Identity Governance, CA APS, DMS, CA Affiliate Minder, SPS, CA SiteMinder Federation, AzureAD, ForgeRock OpenAM, ForgeRock OpenIDM, Hitachi-ID PAM, PSync, IBM DataPower XI150, IBM IDI, SAML, Dell Boomi
Directories: Oracle Directory Server Enterprise Edition (ODSEE), Sun One, Open LDAP, Active Directory, Radiant VDS, Ping UnboundID OpenDJ and CA Directory.
Languages: Java, XML, C / C++, HTML, DHTML, WSDL, OWL-S, C#
Database: Oracle, DB2, CICS, JDBC
Servers: WebLogic 9.2/10.3, WebSphere 5.1/6.0/7.0, WebSphere Portal 5.1/6.0/7.0, Apache Tomcat 4.1.18, JBoss 3.2/5.1, Microsoft IIS, IBM HTTP Server (IHS).
QA Test Tool: Mercury Load Runner, Win Runner, Site Scope.
Networking: TCP/IP, LAN, WAN, VPN, Resonate, CSS, Symantec DLP.
Firewall: PIX, Checkpoint
Methodologies: Role Based Access Control (RBAC), Request Based Provisioning, Service Oriented Computing, Cloud Computing, SOA.
Platforms: Microsoft Windows, Sun Solaris, Linux, AIX
Quality: 6-Sigma Green Belt Certify
ESB: DataPower, Dell Boomi
Sr. Consultant, Identity and Access Management
- Successfully completed SiteMinder 12.8 upgrade for DotCom environment and actively working on SiteMinder 12.8 migration for CORP, SBA.
- Design and Leading the effort for the SSO integrations for Confidential Corporate, DotCom and Advantage. Providing architectural support for any corporate security initiatives focusing on IAM/SSO.
- Green - field IAM/IDM implementation for Confidential Business Advantage, consisting of: CA SiteMinder & WebSphere Commerce Server integration, UnboundID/Ping Identity LDAP. SiteMinder v12.x installation, SiteMinder upgrade to v12.8, IDM v14.x upgrade/integration, Ping Identity LDAP: scripting and monitoring
- Design the LDAP DIT architecture and configure the schemas, create the object classes and attributes and Indexing.
- Design and implement LDAP groups/roles for the application for the RBAC solutions.
- Working actively in problem identification and resolution for the migration from the CA suite of Federation to AzureAD Federation.
- Successfully integrated 60 SBA/HiTouch/eDiv B2B customers into CA SiteMinder Federation for inbound Single-Sign-On.
- Led the small team to implement the user campaign and process using CA Identity Governance.
- Support and perform administrative activities for user directory services (LDAP) and VDS.
- Working on future requirement analysis for future IDM rollout.
- Working on application security and SSO implementations using CA SiteMinder, MS AzureAD and other corporate approved security products.
- Lead the technical meetings with Application Owners to integrate their apps with SiteMinder / AzureAD for Single Sign-On, to integrate the applications for auto provisioning with Identity Manager, to integrate the applications for auto user campaign and process.
- Work with CA Identity Manager SMEs for the on-going development and new provisioning requirements.
- Lead Technology Review Board and make sure all stakeholders review and approve the changes / enhancements before they go into live for business.
- Conduct periodic incident & technical solution reviews as part of the on-going problem management.
- Work with SOX and PCI teams for compliance requirements and are addressed with technology stack
Sr. IT Security Architect, Identity and Access Management
Confidential, Jacksonville, FL
- Led the business and technical requirements for external identity management system to provision and de-provision application and data access for members, agents and benefit administrators, which laid foundation for quicker and less error-prone deployments when adding new constituents to self-registration and to federate identity data for cross-domain SSO with business partners.
- Involved in design Privileged Access Manager (PAM) by Hitachi-ID for Password Vaulting for system and privileged accounts. Management of "Fire call" IDs, ID used by users for elevated access with a shared account that was checked in and out. Managed Application IDs where Hitachi-ID was accessed by an application system to retrieve credentials for a back-end system. Allowed credentials to be managed.
- Evaluated IAM tools from the vendors like CA, IBM, Ping Federated, OKTA and ForgeRock products. Implemented POCs using ForgeRock OpenAM and ForgeRock OpenIDM. Secured the web applications under Guidewell connect using OpenAM.
- Design the rules, realms, responses and security policies in SiteMinder policy server based on detailed consultation with business and technical teams. Produce the web application security document for each web SSO integrated project.
- Defined the strategy and led SiteMinder 12.5 migration from SiteMinder 6.5.
- Improved Self-Registration with multi-stage enhancements to member and sales partner self-registration process for HIPAA compliance and usability. Evangelized and integrated one-person one-user id principle. Eliminated redundant pages and processes. Introduced more helpful error messages to aid customer and reduce phone support time. Improved support processes from technical and personnel perspective to create shorter SLA for resolving registration issues. Performed industry benchmarking in the use of “forgotten PIN” capability and implemented conclusions.
- Synchronized self-registration between web and phone (IVR).
- Tiered process security depending on constituency risk level.
- More than doubled the registration rate through these improvements.
- Led the design for Constituency management Database (CMD) to support self-registration to store the high level roles which eliminates the unwanted calls to the source systems.
- Helped establish processes to reset and synchronize passwords for Guidewell employees. Worked with Helpdesk to build SOP. Provided security guidance for P-Synch implementation.
- Architected and designed homegrown employee identity management solution to grant or terminate systems and network access near real-time. Used PeopleSoft HR Application as the source of record of user ids. Facilitated senior internal clients through requirements definition for access across Mainframe RACF, iPlanet LDAP Directory, and MS NT and Exchange.
- Coordinated 13 teams through development, configuration and documentation across all platforms.
- Managed release migrations and testing in all environments.
- Recognized by IT Director as one of top two IT persons with whom he has worked.
- Recognized for completing three projects in less than the timeline of one.
- Currently working on Design and strategy for Identity consolidation for the existing prospects, Members, Agents and Benefit administrators. To make sure the existing applications continue to work and smooth integration of the identities. Working on strategy to support to access the external applications for the internal identities.
- Managed integration of Siebel, PeopleSoft and multiple custom-built Java applications into Single-Sign-On infrastructure and Role Based Access Control (RBAC).
- Design the LDAP DIT architecture and configure the schemas, create the object classes and attributes and Indexing.
- Designed and Implemented third party SSO Federated solution (SAML) using SiteMinder and DataPower combination. Extensive experience in SAML 2.0 Service Provider (SP) and Identity Provider (IDP) initiated Single Sign On (SSO) solutions.
- Design the LDAP and SiteMinder security infrastructure for the Single Sign On. Hands on installation of the infrastructure using SunOne LDAP policy store and key store. Install, configure and administer the LDAP directory server for use with Siteminder.
- Established WebSphere Portal security strategy based on business needs, infrastructure constraints and supportability. Worked with outside consultants to include technical best practices. Strategy included recommendations on end-user provisioning, support roles, support processes, LDAP design, necessary authorization/role replication architecture and performance. Attended portal administration and security .
- Designed the Boomi AtomSphere integration platform as a service (iPaaS) and implementing SOA using Dell Boomi. Defined the accounts, sites, atoms and AAA policies for the different divisions, departments and project teams.
- Developed the POCs for REST security, Oauth and Open ID.
- Designed and architected the self-registration for the “prospects” who shop the insurance with Confidential . Implemented full life cycle of the Identity Management such as user administration, FPS process etc for this new constituent.
- Helped to create automated Datapower governance life-cycle with Systinet.
- Designed and implemented numerous transformation/translation rules with XSL. Built SSL Cert management utility in DataPower. Designed and supported XML firewalls, multi-protocol gateways (MPG) using DataPower.
- Designed and Supported SOAP based web services security using various security models such as basic auth, WS-Security and Digital Signatures.
- Install, configure and administer Identity Manager, Web agents, DMS, APS and SiteMinder policy servers. Configure the Single Sign On with business partners using CA SAML affiliate agent.
- Setup, implementation and migration of web applications from legacy systems to Siteminder 6 and SiteMinder 12 over Sun One, Websphere 4/5/6/7/8, IHS, IIS and Apache architecture. SSO enabling over 100 SiteMinder 6 and 12 sites and around 15 more sites are currently undergoing migration. Configured 24X7 high availability secure authentication and authorization infrastructure.
- Troubleshooting SSO and LDAP authentication/authorization failures by server logs analysis, report analysis and other troubleshooting methods.
- Ensure that patches and fixes for SiteMinder and LDAP server vulnerabilities are analyzed, tested and installed.
- Helping to maintain adequate settings in/on all systems components to comply with established policies and/or best practices. Establishing platform specific policies and procedures wherever required.
- Define project implementation guidelines, interact with business users to acquire requirements and translate user requirements to technical feasibility study.
- Work in deployment, rollout, and Team Player awareness for all LDAP and SiteMinder related policies, standards or procedures. Educate the business users on Single Sign On and create the security requirements and standard operating procedures for Single Sign On applications.
- Create ACLs for the LDAP directory structure based on the business requirements. Create the menu tools for the LDAP data access to the application teams.
- Develop the proof of concepts using latest security technologies/versions.
- Knowledge on the Data Loss Prevention software such as Symantec DLP.
- Knowledge on Public Key Infrastructure (PKI).
Infrastructure System/Security Administrator
Confidential, Pittsfield, MA
- Implementation, setup, administration and support of the Ecommerce Web Services infrastructure. Worked on all aspects of Netegrity (currently CA) SiteMinder and SunOne LDAP installation, implementation and support. Coordinate with legacy application teams to SiteMinder enable the applications developed. Ensure that the infrastructure is compliant with company standards and proper security mechanisms (LDAP and SiteMinder). Technical leadership and coordination of the Ecommerce Web Services technology team spread across the globe.
- Worked as a technical lead for team of consultants located across the globe (Singapore, Europe, North America) for the global Implementation and setup of the Single Sign On initiative for over 75 applications. Tasks included hands on installation of Netegrity Siteminder suite of products (both Version 4.X and version 5.X) and related SunOne LDAP (both Version 4.X and version 5.X) user directory infrastructure such as directory server installation, schema creation, user data population etc. Siteminder related tasks included web agent installation on web servers, enabling SSO authentication and authorization, policy creation, rules creation, testing applications after SSO enable, roll out to the end users, providing complete technical consultations to prospective new clients for SSO enabling their applications.
- Work on the Enterprise Architecture process in the development and maintenance of the corporate Netegrity Siteminder architecture including security roadmap and plan. Ensure that patches and fixes for Netegrity Siteminder server vulnerabilities are analyzed, tested and installed. Helping to maintain adequate settings in/on all systems components to comply with established policies and/or best practices.
- Development of the multi-lingual external user registration web application. The application involved Netegrity Siteminder API authentication and 128-bit encryption using Verisign SSL PKI server . The responsibilities include gathering client requirements and coordinating development with the offshore team. Ensuring on time delivery and first time right code as per the quality and security standards of the company.
- Setting up Siteminder policies, installing policy servers and web agents. Creating policy realms and secure cookie servers to ensure personal user data security and application integrity.
- Worked with applications team to design the migration plan and roll out plan and communication plant of the users. Tasks including installed web agent on every web servers, configured each web agent to enable SSO feature, tested each applications after SSO enable, roll out the end users.
- Define and document new E-Commerce application implementation process strategy and plan, including code test procedure in staging server, and security/legal review procedure, application stress/performance test using QA tools Loadrunner, Winrunner and others, changing control process after application went production.
- Managed a team consisting of 8 on-shore and offshore engineers to support company’s daily E-Commerce activity, including implementation, administration, monitoring and support NES, NAS, LDAP, SiteMinder, JRUN, and Resonate applications, DB2 and Oracle Database connection.
- Design and implement company’s global E-Commerce architecture including development / QA/ production environment in distribute mode on over 50 UNIX and NT server at 4 DMZ in Exodus and 4 Data Centers around the world with multi-layer of routers, switches, and firewalls. The environment delivers a cost effective, fault tolerance and scalable platform for enterprises wide E-commerce applications.
- Lead a team that installed and configured 12 iPlanet Enterprise Servers, 4 iPlanet Application servers, 6 Macromedia JRUN servers, configured over 60 web applications on these servers, deployed applications code, performance tests.
- Define and document new E-Commerce application implementation process, including QA, security/legal review, change control.
Information Technology Analys
- Manage E-Commerce application design, development, implementation of security infrastructure and Single Sign On (SSO) Support.
- Designed and developed the following in-house web applications using the technologies HTML, Java, Java script, ASP and VB Script on Unix and Windows platforms.
- Develop the web pages using the technologies HTML, Java, Java script, ASP and VB Script on Unix and Windows platforms and deployed into I planet web server and application servers.
- Implementing SiteMinder upgrade, including project planning, exported the SiteMinder policy store and key store before upgrade, applied software upgrade to all the servers including production, staging, developing, imported policy store and key store.
- Designed the new application security infrastructure based on I-Planet Directory and Netegrity SiteMinder platform, it consists over millions user entry and 3 productions sites with fail over each other capability. The task including design the wide directory architecture, schema, install the I-Planet Directory servers and Netegrity SiteMinder servers on each site.
- Setup application Single Sign On (SSO) migration plan. Work with each individual application development team to migrate its application to new I-planet Directory/Siteminder platform. The task including design and setup policy domain and rule to each applications, application code change, export and import the user entry to Active Directory from its legacy systems, setup migration schedule, migration communication plan, functional and stress test after application migrated.