- Around 7+ years of experience in IT field including Installation, Configuration, Development, Deployment, Administration, Trouble Shooting and network security, database systems, and Enterprise Document Management in large scale organizations.
- Experience with setting up multi factor authentication like LDAP, RSA, and RADIUS and has managed sessions in Privileged Session Management (PSM).
- Experienced in IAM/PAM tools with deployment, configuration, integration and troubleshooting CyberArk Privileged Account Security product suite - Enterprise Password Vault, Password Vault Web Access, Central Policy Manager, Privileged Session Manager, Application Identity Manager, and Privileged Threat Analytics
- Experience in handling various modules of CyberArk, mainly Enterprise Password vault (EPV), Application Identity management (AIM), Central Policy Manager (CPM), Privileged Session management (PSM), Event Notification Engine (ENE). Upgrading CyberArk suite of products from 7.x to 9.x. (CPM, PSM, EPV and PVWA)
- Experience as a security professional in installing, managing and monitoring of CyberArk Privileged account security tool modules.
- Part of Privileged Access Management (PAM) Remediation and Engineering team whose role is to secure Web Based applications on user access and authorization.
- Performing daily operations support and maintenance of all security technologies centric to Privileged Access related information security solutions.
- Hands on experience with IIS, IBM IHS, Apache, SunOne Web servers and WebLogic and WebSphere Application servers in Identity and access management environment.
- Worked with Active Directory, LDAP/UNIX groups, Networks, Human Resource systems for Identity and Access Management.
- Experience with Installation and configuration of CyberArk Vault, CPM, CyberArk PVWA, OPM CyberArk PSM, AIM, and PSM SSH proxy Architecture and design.
- Extensive experience on boarding Windows, UNIX, Database servers, RACF and Network device into CyberArk
- Implemented operational efficiencies using scripting tools (Python and PowerShell).
- Experience in automating day-to-day activities by using Windows PowerShell.
- Implemented Single Sign-On using SiteMinder on single/multiple cookie domains for Web applications and integrated SSO with SunOne LDAP and MS Active Directory and e-Directory. This also includes Federation both inbound and outbound using SAML 2.0.
- On-boarding of Privilege Accounts to Cyber-Ark, Configured CyberArk to MySQL, Oracle databases.
- Installed and configured bulk load client on various platforms to automate tasks in IDM.
- Experience in designing, development, deployment, migration and implementing Security and Infrastructure solutions using CA Identity Manager r12.5 SP8 CR1, CA SSO/SiteMinder r12.52 SP2 CR1, CyberArk, SunONE Directory Server (LDAP) 5.x/6.0/7.0 and earlier.
- Experience in managing applications access in Active Directory. Exposure in design and architecture of PIM using Cyber-Ark. Account management i.e. adding /deleting accounts /group management.
- Managing policies and platforms. Creating and assigning Safes, reconciling accounts, rotating passwords.
- Create AD users and groups for safe delegation and updates. Conduct workshops with application and infrastructure teams about on-boarding privileged accounts.
- Assist application teams with CyberArk application Identity Manager Integrations and linked accounts.
- Coordinating with existing Provisioning Team for the application in order to get the existing User Access Management (UAM) model to make it fit in to IIQ.
- Provisioning application's requests in IdentityIQ to Create/Amend/Delete user access for the on boarded applications. Good understanding of policies in CyberArk Central Policy Manager (CPM) and PAM.
- Developing Application instances and entitlements and Integrating New Application (Connected and disconnected) with OIM.
- Good knowledge in Active Directory and Involved in AD integration and adding user to with their privileges. Identified and tested vulnerabilities and conducted research in the areas of information system and network security.
- Have good knowledge in troubleshooting various issues related to CyberArk.
Security tools: CyberArk 7.x,8.x,9.x,10.x CA Identity Manager 12.5.x/12.6.x, CA SiteMinder 6.x/12.x, Oracle Identity Manager 10g/11g R1/R2 PS1/PS2/PS3 and Access Manager 10g/11g E1/R2 PS1/PS2/PS3, ADFS and UAG, Microsoft Active Directory
Web & J2EE Technologies:: XML, HTML, DHTML, JDBC, CA Identity Manager, CyberArk, OPM (On-demand Privileged Manager), CPM (Central Policy Manager), PAM (Privileged Access Management).
Operating Systems:: Linux, Windows, UNIX AIX/HP
Network Protocols:: TCP/IP, HTTP, FTP, SNMP, and SMTP
Web/App Servers:: Tomcat, Apache Web Server, WebSphere, WebLogic
Databases:: Oracle, Microsoft SQL Server, MS Access, MySQL
Scripting Languages: PowerShell, Python
- Installation and configuration of CyberArk Vault, CPM, CyberArk PVWA, AIM, OPM CyberArk PTS, and PSM SSH proxy Architecture and design.
- Implemented CyberArk upgrade from 9.9.5 to 10.2 versions including Vault, PVWA, PSM and CPM.
- Administration experience of CyberArk vault with Safe creation, integration with LDAP and other authentication methods.
- Maintaining Active Directory groups and policies as well as Backups.
- Ensure ongoing CyberArk system Maintenance is scheduled and completed on time.
- Installation and configuration of CyberArk Vault, Password Vault Web Access (PVWA), Central Password Manager (CPM) and Privileged Session Manager (PSM) in Prod and DR.
- Managed Safes ad Server/ host addresses in EPV, and resolved issues with CyberArk's CPM to communicate with hosts to reconcile credentials.
- Troubleshooting and maintaining the Password Vault, Central Password Manager (CPM), Privileged Session Manager (PSM), Application Identity Manager(AIM), DR Vault in DR Server, Worked on Active Directory (AD) and group policy Management (GPO).
- Troubleshoot DNS integration with Active Directory, Installed, configured and administered WINS, DHCP, IIS and WSFTP, File and Print servers.
- Configure AD integration and manage CyberArk Enterprise Password Vault, Manage the day to day operations of CyberArk solutions including adding and deleting accounts, Exposure to Identity and Access Management concepts.
- Working on various PowerShell scripts for automating the group and account creation in CyberArk by invoking the restAPI’s of CyberArk
- Use of rest API’s of CyberArk with Python and PowerShell for automating the tasks like account creation, safe creation, managing platform details, onboarding rules for CPM, maintaining the system health.
- Patching & Monitoring Vault, Central Password Manager, Two-factor authentication, Privileged Session Manager, Password Vault Web Access servers and services.
- Managed Safes ad Server/ host addresses in EPV, resolved issues with CyberArk's CPM to communicate with hosts to reconcile credentials.
- Installed, managed and troubleshot DNS in multiple zone environments.
- Installed, configured and maintained SiteMinder policy servers by integrated with LDAP for Policy Store and upgraded them from 5.x to 6.0, 6.0 to r12 and r12 to r12.5.
- Configured User Authentication Stores and Policy Authorization Stores on LDAP.
- Identified, diagnoses, and resolved problems for users of the personal computer or laptop software and hardware. Coordinate with the neighboring teams and analyze the data that is flowing to LDAP.
- Administered and Maintained Multiple Policy Servers and WebAgent in the SiteMinder SSO environment. Installed and Administered Policy Server and WebAgent Option Pack tools for using Federation security services.
- Performed daily backup operations, ensuring all required file systems and system data are successfully backed up to the appropriate media, recovery tapes or disks are created, and media is recycled and sent off site as necessary, Onboarding windows and Linux accounts.
- Expertise in working with web servers - SunOne Web server, IIS, Apache Web servers and IHS (IBM HTTP Server).
- Experience in Privileged Access Management solutions particularly CyberArk, network security, and administration.
Environment: JDK 1.4/1.5, CyberArk 9.9.5 to 10.2, CyberArk PVWM, CPM, PSM, AIM, CA SiteMinder 5.X/6.X/12.x, SunOne Directory Server 5.X/6.X, Apache 2.0, Solaris 8/9/10, Windows 2000/2003, Oracle 10g/11g, SQL Server 2005, DB2 8, Python and PowerShell.
- Involved in CyberArk significant updates from 8x to 9x versions for domestic and worldwide clients.
- Good comprehension of policies in CyberArk Central Policy Manager (CPM) and (PSM).
- Used the Microsoft Deployment Kit and PowerShell to build Hydration Kits to create robust testing environments
- Assist in the scripting of AD user and contact object updates using PowerShell, having experience with Various PowerShell module (Active Directory and exchange online)
- Resolved CyberArk issue's in CPM to communicate with a host to accommodate credentials.
- On-boarded Privileged Accounts and Super User IDs in the CyberArk Safes utilizing Bulk upload utility.
- Part of Privileged Access Management (PAM) Remediation and Engineering team whose role is to secure Web Based applications on user access and authorization.
- Implementation and create of web policies, password policies. Vault Back-up Management process, AD Configuration (User to connect AD & Branches). Load Balancer architecture, Application Identity Manager Design, On-Demand Privileges Manager Design.
- Break Glass Access Management Process, Integration with other Systems (email configuration). Change Management Process Plan (OS, patch updates). Responsible for Create New User, Activate, enable user, group and OU account in Active Directory.
- Configured AD pass-through authentication for Identity Access Manager (IAM). Installed and configured the LDAP Sun ONE Directory Server. Configured the multi master. Workflows and Integration of various target system privilege account integration.
- Application involves intranet and internet usage of users, running on different platforms Linux, Unix, Windows, etc.
- Involved in troubleshooting issue work requests on day-to-day basis for the applications integrated with CyberArk in QA and Production Environment.
- Hands on experience with CyberArk implementation and configuration of Vault, CPM, PVWA, AIM.
- Experience in trouble shooting various issues, checking and maintaining health of UNIX environment.
- Experience in Providing technical guidance to the team to ensure successful service for physical access deliverables for the enterprise
- Experienced in using IAM/PAM tools for deployment, configuration, integration and troubleshooting of CyberArk Privileged Account Security product suite - Enterprise Password Vault, Password Vault Web Access, Central Policy Manager, Privileged Session Manager, Application Identity Manager, and Privileged Threat Analytics.
- Worked with other platform teams and external suppliers to consistently deliver on physical access objectives or requirements.
- Excellent communication and interpersonal skills and a very good team player with the ability to work independently.
- Daily administration of CyberArk Enterprise vault Management includes. Safe Management, Master Policy Management, Platform Management and Access Management.
Environment: CyberArk PAM 8x to 9x, CA SiteMinder Policy Server v 6.0/12.51, Apache Web Server 2, CA Identity Minder 12.6.x, WebSphere 8.4, RSA, Oracle RDMS, XML, UNIX, Windows Active Directory, PowerShell.
- Primary responsibilities include Installation and configuration of CyberArk Vault, Vault Client, Active CPM, Network load balanced CyberArk PVWA, Clustered CyberArk PSM and PSM SSH proxy Architecture and design.
- Implementation and create of web policies, password policies. Vault Back-up
- Change Management Process Plan (OS, patch updates). Responsible for Create New User, Activate, enable user, group and OU account in Active Directory.
- Installed and configured the LDAP Sun ONE Directory Server. Configured the multi master. Workflows and Integration of various target system privilege account integration.
- Experience with the implementation of RSA two factor authentication tokens for the integrated web service security in a SSO environment for the service provider applications in both environments.
- Monitor CyberArk reports and respond to failed password verification alerts and work with system account owners to resolve failure alerts.
- Experienced in day to day operational support in adding and deleting accounts, applying policies, assigning safes, synchronizing failed accounts, Password rotations.
- Managing User Accounts, Server Space & other Log files on servers and Maintaining Mail Accounts in Microsoft Office Outlook & Backup of Emails. Helping organization target architecture for infrastructure privileged access and the high-level requirements for the privileged access management solution.
- Implementing the strategy for infrastructure privileged access control in organization, and the drivers in terms of risk and regulatory control. Cyber-Ark as a platform for managing privileged access to infrastructure. An initial project is focusing on managing networking devices accounts. In parallel, analysis is ongoing.
Environment: CA IDM 12.x, JDK 1.4/1.5, CyberArk 8.2, CA Identity Manager r8/r12Solaris 8/9/10, Active Directory, Windows 2000/2003, Oracle 10g/11g, SQL Server 2005.
Confidential, Seattle, WA
- Developed and supported IAM solutions to globally dispersed businesses and customers.
- Implemented and Customized Manage Access and Identity modules as per customer requirements
- Worked on different out of the box and custom connectors like Active Directory, UNIX, Delimited, JDBC, RACF, LDAP, etc.
- Worked on various Certifications, developed custom tasks and reports
- Developed Custom java to fetch custom Tasks in IIQ.
- Configuration of Roles, Policies and Certifications for governance compliance and configure business processes to manage ongoing changes.
- Worked on Standard Quicklinks, Lifecycle Manager Quicklinks and built and configured custom Alerting clients to suspicious activity or instances observed on their network, such as DDoS attempts, Cross-Site Scripting, or malware infections, then providing recommendations and solutions to handle them.
- Installing new Web Agents on Unix Apache servers and Windows IIS servers for implementing SSO for new applications. Enabling services and applications with SAML using CA API Gateway
- Performed manage, resume, release privileged credential using CyberArk privileged management vault administration.
- Provided guidance in adding, removing, change and lifecycle of Privileged Identity Management (PIM) in order to provide the highest quality levels of Security.
- Retrieved CyberArk system and application password's and assist Database, Linux, and Core Application Support teams when passwords are needed.
- Good knowledge in Active Directory.
- Experience in using Unix/Linux utilities for analyzing logs, and trouble-shooting the applications with Application servers and Security/Identity management server. Worked with Sun ONE Directory Servers to configured Directory Server instances as User.
- Involved in planning and accessing directory data, designing schemas, directory trees, directory topologies and replication process.
Environment: CyberArk Privileged Account security 8.0, Active Directory, JDBC, RACF, LDAP, Apache, SSO, Sun One.
- Designed the policies and the objects, which will be most feasible for the client's environment.
- Configured Policy Domains, User Directories, Rules, Realms and Policies, for protected web resources on Linux and Solaris platforms for multiple projects.
- Supported Sun One LDAP, SiteMinder in Production Environment.
- Installed and configured SiteMinder components.
- Upgraded policy servers and web agents.
- Installed Configured SiteMinder Policy Servers Policy Stores. Integrated Policy Store with LDAP to use LDAP user repository.
- Created and implemented password services and policies.
- Configured SiteMinder audit logs and created reports as per the business security requirements.
- Installed SSL certificates on WebLogic and WebSphere applications.
- Installed and configures WebLogic 8.x/9.x plug-ins on Apache 2.0/Sun One iPlanet web servers.
- Worked on defining channels using SSL certificates.
- Experienced in SiteMinder Test tool and SiteMinder policy server log files for Troubleshooting SiteMinder environment.
- Fine-tuned SiteMinder, Agents, DIT's LDAP configuration parameters for better Throughput response time.
- Troubleshooting and maintenance of web servers and policy servers
- Created groups and add users for the new Applications.
Environment: SiteMinder, Web Servers, Apache, iPlanet, IIS, WebLogic, Active Directory, HTML, Windows