SUMMARY

• Software Engineering professional with over 7 years of experience with strong technical skills, security functions and a broad range of computer expertise.
• Experience in Privileged Access Management solutions particularly CyberArk, network security and administration.
• Experienced in implementing the market’s leading Privileged Access Management (PAM) solutions for enterprises.
• Experienced in CyberArk installation and implementation of Cyber Ark 7.0 and most recent implementation of CyberArk 8.1.0. and CyberArk 9.2.1
• Installation and configuration of CyberArk Vault, Password Vault Web Access (PVWA), Central Password Manager (CPM) and Privileged Session Manager (PSM) in Prod and DR.
• Troubleshooting and maintenance of the Password Vault, Central Password Manager (CPM), Privileged Session Manager (PSM), Application Identity Manager(AIM), DR Vault in DR Server.
• Configurations including AD integration and Management of Cyber Ark Enterprise Password vault.
• Managed Safes ad Server/ host addresses in EPV. Resolved issues with CyberArk’s CPM to communicate with hosts to reconcile credentials.
• Installation, configuration and troubleshooting of AIM clients for various teams.
• Administration experience of Cyber Ark vault with Safe creation, integration with LDAP and other authentication methods.
• Migrate user accounts into Password Vault using Bulk upload utility.
• Experienced in performing Privileged Access Reviews, Compliance Reporting, Access Control Processes and other associated tasks with Privileged User Management.
• Installed, managed and troubleshot DNS in multiple zone environments. Troubleshot DNS integration with Active Directory. Installed, configured and administered WINS, DHCP, IIS and WSFTP, File and Print servers.
• Ensured that system security plan and contingency plans are developed and maintained for each system and applications, and ensured systems personnel are properly designed, and trained.
• Installation, configuration and management of MS System Center Configuration Manager 2007/2012 (SCCM) infrastructure. Patched servers in pre - prod, Prod and DR environments for approved MS updates.
• Administration and troubleshooting of VMware ESX Servers, vCenter, HA, DRS and V-Motion.

TECHNICAL SKILLS

• CyberArk Tools: Cyber Ark 7.0/ 8.1.0 PIM
• LDAP
• AD Integration
• OPM
• AIM
• LTM
• GTM
• UNIX (basics)
• RDP
• Firewall
• IDS/IPS
• Routers
• ACS.

PROFESSIONAL EXPERIENCE

Confidential, Carrollton, TX

CyberArk Consultant

Responsibilities:

• Responsible for Privileged Account Management with CyberArk PIM suite Administration with a good understanding of the underlying business processes.
• Work daily with CyberArk's PVWA.CyberArkAdministration and Troubleshooting.
• Work on the actual EPV servers using PrivateArk to administer the Acceptance (UAT) and Production Vaults.
• Administration experience of Cyber Ark vault with Safe creation, integration with LDAP and other authentication methods.
• Performed PAM operational tasks, defining access control, user entitlements, management of Applications Credentials and User Access Policy.
• Worked on Privileged Access Reviews, Compliance Reporting, Access Control Processes and other associated tasks with Privileged User Management.
• Creating safes and adding users and groups to them for privileged access inCyberArk
• Administration of User accounts, Group memberships, and Organizational Units using Active Directory.
• Installation, configuration and troubleshooting of AIM clients for various teams.
• Worked on Application Identity manager to securely facilitate access to privileged passwords in applications or configuration files.
• CreatedIdentityManagerAdmin Tasks/Roles. CreatedIdentityPolicies to set Member/Admin Roles, Group Policies
• Created, modified and managed privileged user accounts throughActiveDirectoryfor both unclassified and classified networks.
• Troubleshooting and maintenance of the Password Vault, CPM, PSM, AIM, DR Vault.
• Migrate user accounts into Password Vault using Bulk upload utility.
• MonitorCyberArkreports and respond to failed password verification alerts and work with system account owners to resolve failure alerts.
• Ensure that allCyberArkaccounts communicate with Servers and correct any discrepancies or errors that are found.
• CreateCyberArkSafe's and add system and application id's to specified Safe vaults
• RetrieveCyberArksystem/application password's and assist Database, Linux, Wintel, and Core Application Support teams when passwords are needed.

Confidential, Minneapolis, MN

CyberArk Consultant

Responsibilities:

• Implementation and installation of Cyber Ark 7.0 and latest implementation of Cyber-Ark 8.1.0. and CyberArk 9.2.1
• Worked on Privileged Account Management with CyberArk PIM suite Administration.
• Installation and configuration of the EPV components (Central Policy Manager, Password Vault Web Access, High Availability Vault Cluster, Secure Zone Access, SAN storage, SSL certificates and Load Balancing.
• Configured platforms, master policies, created Safes & On-Boarded 1000's of Privileged Accounts, connection components, transparent components, access control through AD Group Nesting's
• Daily administration and maintenance of company's E-Directory
• Creation of policies and reports in PVWA.
• Administration experience of CyberArk vault with Safe creation, integration with LDAP and other authentication methods.
• Integrated with Active Directory (LDAP), 2 Factor Authentication (RADIUS).
• Defined, developed, and documented IDAM services including Single Sign-on, Self-Service registration, workflows, user management, management dashboard, Role Base Access Control (RBAC), Attribute Base Access Control (ABAC), resource and business layers Provisioning, credentialing, federation, and auditing.
• Involved in application to application credential management.
• Defined user account settings through Active Directory and usedActiveDirectoryto create, modify, and manage user, computers, and group account.
• Experience in performing Privileged Account Management with fair understanding the underlying business processes.
• Responsible for determining the target Privileged Session Management (PSM) audience. Determine what infrastructure and systems PSM will target (servers, virtual servers, database)
• Performed internal configuration of PSM to the vault itself
• Installed, configured disaster recovery Vaults and DR services
• Maintain development, testing, and production systems. Coordinate maintenance with support teams

Confidential, Chicago, IL

Network Security / Firewall Engineer

Responsibilities:

• Configured, administered and troubleshot the Checkpoint and ASA firewall.
• Configured Cisco ASA and Checkpoint firewall layers to secure the infrastructure for the Data Center.
• Worked on the Juniper environment including SRX/Junos Space.
• Configured Juniper NetScreen Firewall Policies between secure zones using NSM (Network Security Manager)
• Configured and set up DMVPN, GRE based VPN on Cisco-IOS based router.
• Responsible for setting up Web Application Firewalls (WAF) like SQL injection, http conversation.
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls
• Drafted, installed, and provisioned ASA and Checkpoint firewall rules and policies.
• Involved in Data Center migrations. Handled proper management, maintenance, configuration, and altered management of firewall structure.
• Worked on Cisco Wide Area Application Services (WAAS) that enhances/optimizes TCP base application performances which operate in Wide Area Network (WAN) environment.
• Used Qualys Tool for network discovery and mapping, asset prioritization, vulnerability assessment and tracking.
• Configured VLAN, Spanning tree, VSTP, SNMP on Juniper EX series switches
• Involved in Qualys policy compliance in detecting internal and external threats and vulnerability
• Tuned BGP internal and external peers with manipulation of attributes such as weight, local preference.
• Defined and maintained Active Directory (LDAP) security models.
• Worked on Check Point GAIA Firewalls R65, R70, R71, R75, R77.
• Upgraded Checkpoint firewalls and management servers from Splat R75.30 to Gaia R77.20.
• Worked on checkpoint provider R71, R75, R77.1, R77.30 GAIA and secured policies and blocked websites using URL filtering, application identification and threat prevention
• Worked with client engineering groups to create, document, implement, validate, and manage policies, procedures, and standards that ensure confidentiality, availability, integrity, and privacy of information.
• Configured Active Directory and LDAP over different forests and across multiple domains
• Configured Cisco ASA and Checkpoint firewall layers securing existing Data Center infrastructure. Migrated information securityfrom Cisco PIX to ASA5500 with LAN-failover platform.
• Responsible for the Windows environment, including backup, disaster recovery and network Security
• Worked on McAfee Data loss prevention endpoint (DLP)
• Installed and configured Checkpoint Firewall in Internet Edge
• Worked on IP Address management tools and their allocations.

Confidential

Network Engineer

Responsibilities:

• Configured RIP and EIGRP on 2600, 2900 and 3600 series Cisco routers
• Implemented VTP and trunking protocols (802.1q and ISL) on 3560, 3750 and 4500 series Cisco Catalyst switches.
• Upgraded Cisco 7200, 3600 Router IOS Software, backup Routers and Catalyst 3560, 4500 switch configurations.
• Migration of RIP V2 to OSPF, BGP routing protocols.
• Configured EIGRP for Lab Environment.
• Implemented ISL and 802.1Q for communicating through VTP.
• Worked with Client teams to find out requirements for their Networks.
• Deployed the networkinfrastructure to meet the requirements.
• Administered, maintained and troubleshoot Active Directory environment including replication, group policy and security.
• Created VLAN and Inter-VLAN routing with Multilayer Switching.
• Provided technical consultancy for better application response using QOS.
• Monitored performance of networkand servers to identify potential problems and bottleneck
• Performed RIP, OSPF, BGP EIGRP routing protocol administration.
• Installed Wireless Access Points (WAP) at various locations in the company
• Maintained redundancy on Cisco 2600, 2800 and 3600 routers with HSRP.
• Real time monitoring and networkmanagement using Cisco Works LMS
• Worked on installation, maintenance, and troubleshooting of LAN/WAN (ISDN, Frame relay, NAT, DHCP, TCP/IP)
• Configured Access List (Standard, Extended, and Named) to allow users all over the company to access different applications and blocking others.
• Configured STP for loop prevention and VTP for Inter-VLAN Routing.
• Performed maintenance and troubleshooting of connectivity problems using PING, and Trace route.
• Provided Networkand SecurityArchitecture and Operations support services for Windows 2008 based web, application and database servers