SUMMARY

• 8+ Years of IT experience in Software development, Business Analyst, testing, integration and deployment.
• 7+ years of expertise in Identity Access management tools SailPoint IdentityIQ with (Versions - 6.4-8.0) and Java technologies. Good understanding of Identity Now for SSO Configuration
• Experience in Identity/Compliance Management Solutions, Lifecycle Manager and User Provisioning.
• Configuration & customization of Business Processes/Workflows for Provisioning and de-provisioning accounts across various internal and external systems in SailPoint IdentityIQ.
• Worked withActive Directory,LDAP/UNIX groups,Networks,Human Resource systemsfor Identity and Access Management.
• Managed projects for design, configuration and implementation ofSailPoint IIQ, including coordinating with vendor leadership, technical services leadership, and end user customers.
• Understanding of directories (AD/LDAP) and group structures, policies etc,SAML 2.0, Frame set up for enterprise level Role mining, Role Based Access Control (RBAC), Multi Factor Authentication (MFA), Single Sign on (SSO), PAM (Privileged Account Management)/(Privileged Identity Management), Entitlement Management and Identity Management.
• Excellent knowledge and experience in implementinguser provisioning credential management,workflows,forms,application integration,connectors,reportsandroles.
• Experience in SailPoint tool customization, Report Generation, Integration with end/target systems, SailPoint API's and Application Development Experience in analyzing, debugging authentication/authorization related issues in PingFederate servers.
• Worked on PingID for Multi - Factor authentication in Dev and Production environments.
• Worked on JSON web token to send client to Windows and Apache servers for authentication purpose.
• High level of understanding on Federation services.
• Previous experience with modern authentication protocols including SAML, OpenID Connect (OIDC), and OAuth
• Experience in installation of PingFederate, and troubleshooting in Windows IIS, Apache Tomcat, and Red hat Linux webservers.
• Ability to generate SSL certificates using OpenSSL for SSO services in both ITG and Production environments.
• Experience with Installation and configuration of CyberArk Vault, CPM, CyberArk PVWA, OPM CyberArk PSM, AIM, and PSM SSH proxy Architecture and design.
• Experience on IAM products from ForgeRock (OpenIDM, OpenAM and OpenDJ) and building IAM solutions implementing OAuth2 and ODIC specification
• Extensive experience onboarding Windows, UNIX, Database servers, RACF and Network device into CyberArk
• Exposure in design and architecture of PIM using Cyber-Ark.
• Experience providing SSO to the Internal users using Ping Federate.
• Provided Single Sign on for the Internal applications with the multiple Domains using Cookie Provider in SiteMinder.
• Coordinating with existing Provisioning Team for the application in order to get the existing User Access Management (UAM) model to make it fit in to IIQ.
• Provisioning application's requests in IdentityIQ to Create/Amend/Delete user access for the on boarded applications.
• Expertise in Installation and Configuration of Oracle Identity Manager 11GR2PS2.
• Expertise in User Life Cycle Management and implementation of various workflows design with different application resources.
• Experienced in implementing theSitemindersolution to supportTokenized ID’s.
• Experienced in configuring SSO withPingAccessusing out of the box and custom developed authentication schemes.
• Experienced in implementingSAML ProtectionwithDigital Signature.
• Experienced in implementingOAuth & OpenIDSolutions usingPingfederate.
• Worked onPingfederateto allow users to performsingle sign - onwith other third-party applications.
• IntegratedPingAccesswithPingf ederateSystem to get authenticated by Pingfederate and Authorized byPingAccessServers using the Access Control Lists.
• Experienced in installation and configuration ofPingAccess.
• Expert in defining Access administration (Provisioning, de - provisioning), access, enforcements (authentication protocols) and access governance (certification, Logging and monitoring).
• Experienced in validating all requirements, and separate key business requirements from wish lists.
• Expertise in SailPoint lifecycle Manager, Compliance Manager and Access Governance modules.
• Experienced in Conducting JAD sessions, created Use Cases, work flows, screen shots and Power Point presentations for the Web Applications.

PROFESSIONAL EXPERIENCE

Confidential, San Bruno, CA

IAM CONSULTANT

Responsibilities:

• Designed and implemented Access Certification, Automated Provisioning and Governance aspects ofIIQ.
• Mainly responsible for converting the combination of manual andCONTROL-SAprovisioning to direct SailPoint provisioning via both out of the boxSailPoint connectors, and custom writtenJavacode connecting to a variety of systems via mechanisms such asSOAPandRESTweb services,JDBC, customAPI'setc.
• Rewriting the workflows to encompass the new way of provisioning. Restructured the entire product to reflect direct provisioning across many applications. In the process of upgrading theIdentityIQproduct from 6.1 to 6.3.
• Led a team to develop connectors for new applications includingSSAE16,SOXand high risk ranking applications using SailPoint Identity IQ 6.1.
• Implementation of different direct/custom connectors to connectMainframe(RACF), Teradata, Unix and Oracle etc.
• Installed and configured RACFSailPointconnector to integrate withMainframesystems.
• Provided company-wide customer support with Identity and Access Management Systems (SailPoint) by assessment, analysis, and resolution of end-user complications.
• Worked on migrating OAuth applications from Ping OAuth to CA OAuth 2.0 by gathering necessary information from the users.
• Worked on Access Management products and solutions preferably on Directory Servers, LDAP as well as DB and Ping Access/Federation.
• Worked with vendors and application teams to migrate SAML applications from PingFederate to CA Single Sign-On.
• Worked on migrating applications from legacy environment SiteMinder to OAuth, SAML and mod OIDC.
• Helped application teams install mod-OIDC plugin on Apache Tomcat servers and migrate them from CA SiteMinder environment.
• Working closely with application teams to migrate applications off SiteMinder platform as part of decommissioning the environment.
• Worked with application teams to on-board them into SSO either with CA Single Sign-On with SAML or CA API Gateway with OAuth.
• Requirement gathering for password management.
• Created power point presentation for business SME to facilitate requirements gathering.
• Created user flow, UI design and design specifications for client applications.
• Wrote use cases and requirements specification documents for user flow and requirements and technical specifications.
• Worked on design and documentation of Workgroups, roles and policies in Sailpoint.
• Worked on custom and out of box workflows in SailPoint.
• Requirement gathering for Segregation of duties (SoD)
• Provided the best practices for SailPoint functionalities and implementation.
• Participated in and/or User Acceptance Testing and bug-related reengineering efforts
• Requirement gathering for role-based access control (RBAC) with role mining practices.

Confidential, NY City, NY

IAM Consultant

Responsibilities:

• Interacted with the SME’s to gather information about project related requirements.
• Requirement gathering for password management.
• Created power point presentation for business SME to facilitate requirements gathering.
• Created user flow, UI design and design specifications for client applications.
• Wrote use cases and requirements specification documents for user flow and requirements and technical specifications.
• Worked on customizing User Onboarding process as per customer requirements.
• Worked on various Certifications, developed custom task and reports.
• Worked on installation and configuration of PingAccess Policy Servers and PingAccess Agents.
• Integrated PingAccess with Pingfederate System to authenticate the user using Pingfederate and Authorize by using PingAccess Servers.
• Integrate the custom developed independent application with PingAccess to track the owner of the application which is being protected by PingAccess and Pingfederate.
• Worked on apache web server to make the application URL work with both http and https and protected both secure and non-secure URL’s using PingAccess.
• Worked on application configuration with PingAccess and defining PingAccess Sites, rules, Virtual hosts, Policies and Rules.
• Experienced with multiple Ping Federate adapters like HTTP adapter, Open Token adapter and Composite adapters.
• Worked on Token Generator and Token Processor to establish a connection between two web services from different Enterprises and Ping Access and JWT tokens to authenticate the user using Ping Federation.
• Executed platform upgrades for Pingfederate.
• Integrated Ping Access with Ping Federate servers to Authenticate using custom Adapters.
• Worked on OAuth Grant types to get Access Token to access Protected API's.
• Integrated OAuth with Ping federate to protect RESTful API's.
• Protected multiple applications both web based, and API based using Ping Access and Ping Federate.
• Worked on OAuth Integration using Ping Federate and Ping Access and implementing Federation SAML services to SSO into third-party vendors.
• Implemented OAuth to access the protected API with Access Token by using Different OAuth Grant types.
• Developed rules for various functions within IIQ including aggregation, correlation, provisioning, policy and certifications.
• Created custom workflows for contractor extensions and employee provisioning.
• Developed and configured lifecycle events for user transfer, user terminate and native change detection.
• Designed and developed policies around SOD, activity and advanced business rules.
• Configured logical applications and managed entitlements with custom rules
• Worked on custom tasks for aggregation threshold check to manage JDBC application account aggregations.
• Developed code for Provisioning and Correlations using Java and BeanShell.
• Configured continuous certification for application owners on quarterly basis and follow-ups on revocation process
• Providing support to the end users to all questions or needs related to certification of access

Confidential, Alpharetta, GA

IAM Consultant

Responsibilities:

• Developed a custom form in the SailPoint UI so that various admins can create Employee/Contractor user accounts manually through UI and provision users
• Created and ran the aggregation task to bulk load authoritative source data from Active Directory, Exchange and LDAP
• Developed a creation rule to run update, terminate and rehire transactions on specified Employee and Contractor user accounts based on the feed file data.
• Developed a scheduler using Java that will periodically run to terminate contractors on their specified contract end date
• Developed a code that will send expiration notification to Contractors
• Developed a scheduler that would periodically check for Name change requests in the feed file data and will change the name of respective Employee account
• Developed a java code that will consolidate role details of user accounts into a CSV file and send to HR or Application Admin. The admin can then act upon the access of users accordingly.
• Built Joiner, Mover and Leaver workflows to maintain user accounts
• Developed custom workflows with approvals and also modified OOTB workflows as per client requirement
• Created and Implemented static/dynamic roles. Configured entitlements and policies.
• Did Access re-certification, automatic/manual remediation for applications managed by SailPoint for Employees and Contractors
• Migrated SAML Based SSO partners from Ping Federate 6.x to Ping Federate 7.x.
• Developed custom Ping Agent using Ping SDK and Implemented SAML Protection with Digital Signature.
• Upgrading between Ping Federate versions 6.x to 7.x.
• Ping Federate Performance tuning for supporting support heavy traffic.
• Implemented OpenID and OAuth solutions using Ping Federate.
• Implemented open token instead of traditional http headers.
• Facilitated meetings with stakeholders to elicit business and functional requirements and perform business process analysis.
• Interacted with internal stakeholders to share findings from deep dive analyses.
• Building and Configuring SailPoint IIQ tasks like Group Aggregation, Identity Refresh, Roles, System Maintenance, Populations, Check Active Policies, Certification Refresh, Run Rule, etc.
• Translated massive data sets into actionable business results.
• Implemented the foundation for entitlement certification for users to address regulatory compliance and audit requirements.
• Collaborated with technical resources to develop workable solutions that meet customer expectations.
• Gathered and analyzed application data provided by application owner.
• Translated business requirements into technical requirements and assist other team members in implementing the solution.
• Provided direct technical evaluation of third-party products for inclusion in IAM solutions and define software development processes.
• Set up an automated application user certification campaign for approval of the access and privileges for certification.
• Generated reports for each application for audit purpose.
• Setup the workflows for requesting, granting and revocation of the user access.
• Reviewed the documentation on a regular basis to ensure accuracy and completeness.
• Analyzed and communicate the viability of the solution to meet project timeline, budget and quality.
• Designed, documented and explained the file formats for collecting the Separation of Duties (SOD) data within the application and system
• Coordinate analysis of discovered user accounts for risk, ownership and access appropriateness
• Coordinate with application owners during UAT post RBAC deployment
• Manage and engage change network and conduct change impact assessment
• Work with stakeholders to understand their access needs and design access roles accordingly
• Coordinate on-going remediation efforts by working with stakeholders to determine ownership and appropriate corrective actions
• Define roles and resource groups for standardization as per client security standards
• Review active privileges in the system and conclude on creation/modification of roles
• Communicate requirements to stakeholders, manage conflicts, issues and challenges in order to ensure that stakeholders and project team members remain in agreement on solution scope