SUMMARY

• Experience in development, design, and implementing security using PingFederate, WSO2, and Sun ONE Directory Server (LDAP).
• Continuously improving and automating in IAM technologies that consist of PingFederate, PingAcess, PingID, SiteMinder and LDAP directories.
• Experience in installation, upgrade and configuration of PingFederate 7.x/8.x/9.x.
• Experience in installing PingOne 1.x, WSO2.
• Configured SSO on Web/Application Servers to use the Sun One Directory Server for user authentication.
• Hands on experience on PingFederate 7.x, 8.x, 9.x and PingOne 1.x.
• Perform installation, configuration and maintenance of Access Manager and policy agents.
• Worked on PingFederate in conjunction with CA directory, SiteMinder adapters to implement various flows of authentication to provide single sign on (SSO) solutions to various clients in different scenarios.
• Expert in generating, implementing SSL s in both IIS 5/6/7, Apache 2.x.
• Developed custom PingFederate adapters and PingFederate custom data source drivers using PingFederate Java SDK (IdpAuthenticationAdapterV2 / Custom Data Source Driver / Password Credential Validator)
• Hands on experience on IIS, Apache Web Servers in Staging and Live environments.
• Experience in analyzing, debugging authentication/authorization related issues in PingFederate servers.
• Worked on PingID for Multi - Factor authentication in Dev and Production environments.
• Experienced in IAM (Identity and Access Management) and responsible to install, integrate and deploy the IdentityIQ OR Identity Now product in client environments.
• Extensive experience in financial and access management projects.
• SailPoint Identity Now Implementation strategized and implemented Identity and Access Management solutions for the client to strengthen the security posture and increase usability
• Worked with Active Directory, LDAP/UNIX groups, Networks, Human Resource systems for Identity and Access Management.
• Experienced Identity Access Management professional in the implementation of Access Review and Provisioning solution
• Managed projects for design, configuration and implementation of SailPoint IIQ, including coordinating with vendor leadership, technical services leadership, and end user customers.
• Understanding of directories (AD/LDAP) and group structures, policies, SAML 2.0, Frame set up for enterprise level Role mining, Role Based Access Control (RBAC), Multi Factor Authentication (MFA), Single Sign on (SSO), PAM (Privileged Account Management)/ (Privileged Identity Management), Entitlement Management and Identity Management.
• Excellent knowledge and experience in implementing user provisioning credential management, workflows, forms, application integration, connectors, reports and roles.
• Provided use cases and business processes for support groups on role, entitlement, provisioning and de - provisioning.
• Worked on the scrum team responsible for UI components in Identity Now, a cloud-based identitymanagement and governance solution.
• Implemented web-tier MVC module using the Struts framework and various technologies such as JSP, JavaScript, and Servlets.
• Established standards, designs and implementation of appropriate identity and access management processes and controls which help improve operations and lower risk.
• Experience in handling various modules of CyberArk, mainly Enterprise Password vault (EPV), Application Identity management (AIM), Central Policy Manager (CPM), Privileged Session management (PSM), Event Notification Engine (ENE). Upgrading CyberArk suite of products from 7.x to 9.x. (CPM, PSM, EPV and PVWA)
• Experience as a security professional in installing, managing and monitoring of CyberArk Privileged account security tool modules.
• Part of Privileged Access Management (PAM) Remediation and Engineering team whose role is to secure Web Based applications on user access and authorization.
• Performing daily operations support and maintenance of all security technologies centric to Privileged Access related information security solutions.
• Hands on experience with IIS, Confidential IHS, Apache, Sun One Web servers and WebLogic and WebSphere Application servers in Identity and access management environment.
• Worked with Active Directory, LDAP/UNIX groups, Networks, Human Resource systems for Identity and Access Management.
• Designed SailPoint deployment activities - connector configuration, custom rule development, workflow configuration, and development and third-party system integration.
• Knowledge in IAM-related standards such as SAML, SOAP, LDAP, Open-ID, and OAuth.
• Experience to implement best practices for Data clean-up and stabilizing the system for optimization.
• Extensive experience in Role Mining, Entitlements Analysis, and Advanced Analytics.
• Proven communication and troubleshooting skills to help identify, communicate and resolve challenges and issues to meet business requirements.
• Working experience with Integration Config to generate ticket in Service Now ticketing system.
• Supported operations & maintenance of SailPoint and LDAP connectivity.
• Able to simultaneously work on multiple tasks and projects in a fast-paced environment.

PROFESSIONAL EXPERIENCE

Confidential, New York

IAM Consultant

Responsibilities:

• Assigned as SiteMinder Engineer for upgradation, configuration, and deployments of CA SiteMinder policy server and support SiteMinder infrastructure.
• Design, develop, deploy, maintain and administer Enterprise wide application security using CA's Siteminder, Oracle Access Manager, Oracle Identity Manager, and Ping Identity.
• Develop, Administer, Maintain and troubleshoot Siteminder Policy Server, Siteminder web agents, Oracle Access Manager, Websphere Application server, Ping Federate, Apache, IIS and Confidential HTTP Webserver, SunOne Ldap and Active directory.
• Design and implement Single-SingOn between Siteminder and OAM integrated applications using Federation.
• Developed and Implemented Oauth 2.0 with different Grant Types on Ping Federate acting as Authorization Server to support Web service based SSO and Mobile based apps.
• Architect and built the Federation infrastructure and setup SSO for more than 100 Partners using SAML versions 1.0, 1.1, 2.0, WS-Federation, WS-Trust.
• Federated with SFDC (Salesforce) using Delegated Authentication SSO.
• Have done SSO for Webservice based environments and applications using WS-Trust technology.
• Have done SaaS provisioning to Salesforce CRM.
• Installed and configured SAML Affiliate agent for more than 50 partners and integrated with Confidential 's Siteminder Federation service acting as Identity Provider.
• Maintain, Administer and troubleshoot the Enterprise Infrastructure for different lifecycles like Test, Development, Stage and Production.
• Integrated Siebel/OBIEE servers, Confidential Websphere with Siteminder ASA.
• Involved in migrating the Enterprise wide Applications from Siteminder to Oracle Access manager.
• Configured policies, realms, rules, responses for more than 1000 applications and configuring them to work under SSO environment.
• Design, implemented a solution which manage the Identity lifecycle of almost all applications with the enterprise, without directly controlling the identity store within the application.
• Development of identity federation connectors from SailPoint to target systems, along with subsequent access control by SecureAuth.
• Ensure requirements gathered, processes defined, and use cases documented follow out of the box configuration vs. customization as much as possible
• Develop SailPoint deployment and solution architectures
• Participate in all SailPoint deployment activities - connector configuration, custom rule development, workflow configuration and development, third party system integration.
• Involved in creating custom reports, s to cater various data feeds.
• Achieved SOX and PCI compliance by building a flexible and scalable framework to provide authentication and authorization services while supporting rules/roles/languages requirements for various International countries.
• Design and Implement data import of various types of data files from internal and external target sources for validating access levels.
• Created a Registry for important information on all applications.
• Participate in and/or User Acceptance Testing and bug-related reengineering efforts
• Perform Installation and configuration of SailPointIdentityIQ
• Functioned as the primary liaison between the business client, operations, and technical areas throughout the project life cycle.
• Facilitated meetings with stakeholders to elicit business and functional requirements and perform business process analysis.
• Interacted with internal stakeholders to share findings from deep dive analyses.
• Building and Configuring SailPoint IIQ tasks like Group Aggregation, Identity Refresh, Roles, System Maintenance, Populations, Check Active Policies, Refresh, Run Rule, etc.
• Translated massive data sets into actionable business results.
• Implemented the foundation for entitlement for users to address regulatory compliance and audit requirements.
• Collaborated with technical resources to develop workable solutions that meet customer expectations.
• Gathered and analyzed application data provided by application owner.
• Translated business requirements into technical requirements and assist other team members in implementing the solution.

Confidential, Tampa,FL

IAM Cosultant

Responsibilities:

• Highly dynamic environment with sprint teams using agile methodology.
• Involved in the development of Solution Design Overview document and technical document.
• Development of identity federation connectors from SailPoint to target systems.
• Created Custom tasks, Custom Objects to update the entities in the system which are scheduled every week.
• Built Joiner, Mover and Leaver workflows to maintain user accounts
• Involved in creating custom reports, s to cater various data feeds.
• Participated in all SailPoint deployment activities - connector configuration, custom rule development, workflow configuration and development, third party system integration.
• Analysis of the specifications provided by the client and help Project Manager to estimate the effort required
• Developed Rules like Build Map, Correlation, Exclusion, Policy Violation, Policy Formatting etc., as part of connector development.
• Performed two upgrade cycles of entire Identity IQ installation (versions 5.1p10->6.1 and 6.1->6.1p4)
• On boarded different applications into SailPoint IDM. Integrated SailPoint with Confidential Tivoli IDM for importing roles into SailPoint System.
• Managed client requirements and configured SailPoint IIQ connectors.
• Upgrade and builtPingFederateon all the environments available.
• Engaged in the implementation of new Authentication methodologies likePingID.
• Gather the System configurations and Requirements for theSSORequests by engaging in meetings with the Application team.
• Working Knowledge ofOpen IDconnect.
• Creating a secure application environment often requires integration of existing user identity information that may be scattered across multiple locations and services. Oracle Virtual Directory, formerly known as OctetString Virtual Directory Engine, provides a single, dynamic access point to these data sources through LDAP or XML protocols.
• Experience in configuringPingOneto enablePingID.
• Experience Configuring and integrating applications with Single-SignOn (SSO) andSAML
• Implemented and configured bothIDP & SPconnections usingPingFederate(SAML).
• Working experience withSTS/WS-FED. Usage of Username token processor for authentication of email, mobile and other thin clients.
• Experience with modern authentication protocols including SAML, OpenID Connect (OIDC), and OAuth
• Exported metadata files from all the environments as per client requirements and implemented on Service provider end.
• Experience in bothSAMLbased and Agent Based configurations in PingFedereate.
• Worked on language-based kits(Java, .Net, Raptor and PHP kits) and Server based Kits(Apache, IIS)

Confidential, Jersey City,NJ

IAM Consultant

Responsibilities:

• Provided company-wide customer support with Identity and Access Management Systems (SailPoint) by assessment, analysis, and resolution of end-user complications.
• Requirement gathering for password management.
• Created power point presentation for business SME to facilitate requirements gathering.
• Created user flow, UI design and design specifications for client applications.
• Wrote use cases and requirements specification documents for user flow and requirements and technical specifications.
• Worked on design and documentation of Workgroups, roles and policies in Sailpoint.
• Worked on custom and out of box workflows in SailPoint.
• Requirement gathering for Segregation of duties (SoD)
• Provided the best practices for SailPoint functionalities and implementation.
• Participated in and/or User Acceptance Testing and bug-related reengineering efforts
• Requirement gathering for role-based access control (RBAC) with role mining practices.
• Ensured requirements gathered, processes defined, and use cases documented follow out of the box configuration vs. customization as much as possible
• Requirement gathering for Application owner review/
• Assisted in Testing by helping create Test plan and Test cases.
• Implemented and configuredSSL, requested digital s, created self-signed s and imported/exported public/private keys.
• Responsible for creatingfirewall,DNSrequests forSingle-sign-onimplementation
• Experience in setting up SSO Environment forPingFederate, andPingAccess. PF as Auth server and PA as Resource server protecting API
• Worked on implementing non-browser basedSSOonVPNthrough Radius.
• Installed, configuredSAFE-NET LUNAas aPOCforPingFederate.
• SupportedRSA integrationsandconfigurationsand daily operations like adding user disabling user token assignment.
• Worked on enablingSSOforISEand Clear Pass.
• Experience with Implementation and Administration of Sail Point for large population of users
• Experience in SailPoint tool customization, Report Generation, Integration with end/target systems, SailPoint API's and Application Development.
• Experience with Installation and configuration of CyberArk Vault, CPM, CyberArk PVWA, OPM CyberArk PSM, AIM, and PSM SSH proxy Architecture and design.
• Extensive experience on boarding Windows, UNIX, Database servers, RACF and Network device into CyberArk
• Experience in managing applications access in Okta and Active Directory. Exposure in design and architecture of PIM using Cyber-Ark. Account management i.e. adding /deleting accounts /group management.
• Managing policies and platforms. Creating and assigning Safes, reconciling accounts, rotating passwords.
• Create AD users and groups for safe delegation and updates. Conduct workshops with application and infrastructure teams about on-boarding privileged accounts.
• Assist application teams with CyberArk application Identity Manager Integrations and linked accounts.
• Coordinating with existing Provisioning Team for the application in order to get the existing User Access Management (UAM) model to make it fit in to IIQ.
• Provisioning application's requests in IdentityIQ to Create/Amend/Delete user access for the on boarded applications. Good understanding of policies in CyberArk Central Policy Manager (CPM) and PAM.

Confidential, Atlanta,GA

IAM Consultant

Responsibilities:

• Highly dynamic environment with sprint teams using agile methodology.
• Involved in the development of Solution Design Overview document and technical document.
• Development of identity federation connectors from SailPoint to target systems.
• Created Custom tasks, Custom Objects to update the entities in the system which are scheduled every week.
• Built Joiner, Mover and Leaver workflows to maintain user accounts
• Involved in creating custom reports, s to cater various data feeds.
• Participated in all SailPoint deployment activities - connector configuration, custom rule development, workflow configuration and development, third party system integration.
• Analysis of the specifications provided by the client and help Project Manager to estimate the effort required
• Developed Rules like Build Map, Correlation, Exclusion, Policy Violation, Policy Formatting etc., as part of connector development.
• Performed two upgrade cycles of entire Identity IQ installation (versions 5.1p10->6.1 and 6.1->6.1p4)
• On boarded different applications into SailPoint IDM. Integrated SailPoint with Confidential Tivoli IDM for importing roles into SailPoint System.
• Managed client requirements and configured SailPoint IIQ connectors.
• Configuring the Applications (Authoritative and Non-Authoritative) using AD, Flat file, JDBC and LDAP connectors to load the Identity Cubes.
• Performed Access re-, automatic manual remediation for applications managed by SailPoint for Employees and Contractors. Created numerous application definitions and associated rules to allow Identity IQ (IIQ) to retrieve access data. Main development was done in Bean Shell with occasional work in Java.
• Connectors types used included: JDBC, AD/LDAP, Windows, Unix/Linux, Delimited File, SAP, Logical
• Provide Sailpoint application consulting and development support to consumer applications as required.
• Designed and implemented custom solution for end users to request IdentityIQ capabilities following proper approval and auditing process. This feature is not available to end users by out of box.
• Recommended technical solution to fine tune performance in few of the out of box Sailpoint component.
• Developed several custom reports using the Identity IQ (IIQ) reporting system.
• Provide SSO and support for Partner Reverse Proxy environment to protect external facing applications.
• Worked on based SSO application development.
• Worked on BPIA/PRACS issues with external partners.
• Expert in generating, implementingSSLs in bothIIS 5/6/7,Apache 2.x.
• Developed customPingFederateadapters andPingFederatecustom data source drivers using PingFederateJava SDK(IdpAuthenticationAdapterV2 / CustomDataSourceDriver / PasswordCredentialValidator) Working on issuing BPIA/PRACS s to external partners whenever required.
• As a part of high level support, worked on escalated tickets on authentication and SSO.
• Documented applications and changes when a new application is integrated with PingFederate.
• ImplementedIdentity Manager Solutionsfor Services - Business Objects integration, initial steps for leveraging Identity Manager Solutions to external customers.
• Created forms to On-board companies, On-board external/tertiary users profile usingPingFederate 7.3.x,8.x and 9.x.
• Worked on DEV, ITG, and PROD environments extensively to develop, and support Applications.
• Working with PingID setup using PingFederate for MFA (Multi-Factor Authentication)
• Testing on Modern Auth development.
• Working onMulti-Factor Authenticationintegrations and engaging in the usage of other protocols likeOAuth.