SUMMARY

• Technical Architect with more than 13 years of experience in Designing, Developing and Deploying business technology solutions for several Customers with vast experience ranging from System Design, Technology Operations, IT Infrastructure Services, IT consulting, Delivery Management & Team Management.
• Specialized Identity and Access Governance Architect with 10+ years of experience in IAG space, effectively working on design and implementation of Identity & access Governance solutions.
• Experience in design and deploying Enterprise level Directory Services (Ping, ODSEE (Oracle Directory)), Virtual Directory Services (RadiantOne FID/VDS), HR Systems (SAP, PeopleSoft) integration with Identity Management for large firms.
• Experience in defining, developing and enforcing IAM control frameworks in alignment with Risk Management and Regulatory / Audit requirements.
• Achievements in managing large strategic IT initiatives involving re - engineering of business processes, operations and enterprise applications.
• Proven ability to translate Business needs into technology requirements that support company's Business objectives, and to successfully manage all phases of IT Projects from need analysis and requirements definition to vendor, implementation, and support.
• Expertise in PingFederate (SAML, OAuth, OIDC), multifactor authentication (DUO) and Meta-Directory Services.
• Good understanding of LDAP protocol, designing of schema, planning the directory data according to the enterprise need.
• Experience in designing, implementing and deploying LDAP architecture which includes replication, data synchronization.
• Experience in Directory Server Configuration/Administration (Ping, ODSEE (Oracle Dir), RadiantOne FID VDS (Virtual Directory), Sun One Directory server 5.x).
• Experience in control process monitoring and continuous improvements, Incident and Problem management.
• Experience in Project Management which includes estimations, process improvements, preparing project plan, Initiation to design reviews, risk management, review verifications, stake holder meetings.
• Excellent analytical, organizational & interpersonal skills.

TECHNICAL SKILLS

Directory Servers: PingDirectory (UnboundID), RadiantOne VDS (Radiant Logic Virtual Directory Server), Sun 5.2 Directory Server, ForgeRock OpenDJ, Oracle ODSEE (Oracle Directory)

Multifactor: DUO

Access Management: Ping Federate 8.4.4 (SAML2.0, Oauth2.0, OpenID Connect, WS-Fed)

Privileged Access Management: CyberArk

Languages: Perl, Shell Script

Monitoring Tools: Splunk 6.6x

Sync Tools: Ping Data Sync Server, Critical Path Meta Directory Server

Operating System: Linux, Solaris, Windows

Others: Apache SOLR, REST API, JSON, SCIM 2.0

PROFESSIONAL EXPERIENCE

Confidential

Technical Architect

Responsibilities:

• Engaged in Design, Architecture and implementation of Identity & Access Management solutions to help business achieve Information Security goals.
• Area of focus incudes - Identity Management, Provisioning, De-provisioning, Role based provisioning, Identity Workflows, LDAP Directories, Virtual Directories, Access Management, Single-Sign-On, RBAC, ABAC, Identity integration for Merger & Acquisition, Compliance and Auditing.
• Single AuthN/AuthZ source for applications with multiple password stores: Implemented this solution with the help of VDS where a view was created for using multiple password stores as source and diverted authN/authZ requests to respective backends based upon type of requests. For end applications, it was only VDS is exposed as single source to reduce complexity on app end.
• Reporting and Lookup tool for HR: Created a rich VDS virtual view consisting 2 LDAPs, 2 Active directories and 2 DBs as a single source of data for tools used by HR for validating records and generating quick reports.
• 3NET: Companywide initiative to migrate all existing Linux/Solaris severs out of 3.x IP range and migrate all services to new IP/server. We migrated 200+ services to platforms within 3 months without any downtime.
• SAP AWS migration: SAP is source of employees and directories are tightly coupled with SAP systems. When SAP decided to move to cloud, we worked with SAP teams closely to upgrade all directory services, inbound/outbound jobs towards new cloud platform.
• Peoplesoft to Workday migration: Worked with comcast team to enhance all directory services, inbound/outbound jobs to point new workday system.
• CGA Audit: Remediated 150+ import and export jobs and 70+ directory service instances for audit vulnerabilities related to password management, SSL/TLS connections, encryption and folder directory permissions.
• CyberArk Integration: Integrated all Linux servers, active directory, Ping directory and VDS directory accounts and privilege service accounts with CyberArk for enhanced password security and scheduled rotation.
• Directory Console Access with fine-grained permissions: Removed single admin user shared within team for admin related tasks and implemented user-based access with limited capabilities as per experience level for better security and enhanced auditing capabilities.
• Proxy for Active Directory: Based upon a unique requirement from application where app wanted to consumer Active directory data for only certain groups, users with limited attributes and real-time refresh, created a proxy using VDS with all desired capabilities. Active directory is not exposed to users since it is working as password store for all users/applications.
• Sensitive Attribute Masking: This was an initiative from HR where they wanted to limit directory attributes to end applications based upon their criticality. Directory data is being shared with 1000+ applications via various means like LDAP, APIs, flat files etc. Attributes were limited based up ACIs created for apps.
• DreamWorks Integration: Architecture, design and technical management of DreamWorks Acquisition from Identity and Access Management perspective.
• Enterprise Virtual Directory Environment: Architecture, Design and implementation of enterprise Virtual directory solution for Single-Sign-On Environment.
• Ping Sync Pipe for Solr and DW: Developed sync pipes for real-time provisioning/deprovisioning from master directory to Solr and DreamWorks.
• Sun 5.2 LDAP Migration: Architecture, design and technical management of project to migrate legacy Sun 5.2 LDAP environment to PingDirectory.
• Solr Setup: Configured Solr env for applications to implement a powerful auto-suggest feature in respective search applications.
• GE-NBCU Divestiture: Architecture, Design and Lead a team to perform divestiture activities for GE-NBCU divestiture from IAM perspective using coexistence and seamless migration approaches.
• Upgrades: Responsible for scheduled time to time upgrades of Ping directory, VDS virtual directory, Solr and Meta directory services for bug fixes and patches.
• Good Experience on Federated solution with Ping Federate and Multi Factor Solution with DUO.
• NBCU SSO Support: This project consists of supporting 100+ production applications which are integrated with PingFederate and LDAP(for authentication), integrating new applications into PingFederate and enable multifactor authentication using DUO.
• Good experience on Creating SAML Connection, OAuth and OIDC Client.
• Worked on Birth Right Implementation in enterprises wise using group and attribute-based Access Implementation in enterprise-wise.
• Ping Federation integration with DUO Security for Multi Factor authentication.
• Extensive knowledge on trouble-shooting authentication/authorization issues.
• Involved in automating various tasks with Shell scripting, e.g., maintaining log files, backup of LDAP schema and data files, handling downtime activities.
• Extensive experience in creating Custom attributes, Indexing, ACI's and Multi-master replication between instances for high availability.
• Created shell and Perl scripting for monitoring and reporting of various services.
• Involved in the design documentation and dataflows of new stacks and services.
• Experience in working with load balancers and LTM/GTM configuration for directory interfaces.
• Responsible for project planning and managing a team of 11 resources.

Environment: PingDirectory (UnboundID), RadiantOne FID VDS(virtual directory), Ping Data Sync Server, Ping Federate, DUO, Sun 5.2 Directory Server, Perl, Shell Scripting, Critical Path meta directory Server, Splunk, Apache SOLR, Linux.

Confidential

Lead Consultant

Responsibilities:

• Module Lead & Developer.
• Bug fix and enhancement changes.
• Unit, regression and system testing.
• Production release and co-ordination.
• Creation of project related documents.
• Monitoring the existing application and reporting.
• Resolving Level 3 escalation issues report by business admin and end users.
• Business Analysis, Requirement gathering in liaison with Middle Office users.
• Automate manual processes and performance tuning.

Environment: Solaris, Linux, PERL, Shell Scripting