SUMMARY

• Develop and designed architectural diagram for CyberArk environment.
• Successfully implementing Radius, and SAML, LDAP, RSA Token Authentication method.
• Successfully installed and configure CyberArk components EPV, CPM, PVWA, PSM, PSMP, EPM, AAM (CP\CCP), Conjur, PTA and DAP.
• Worked on cloud and on - premises version on CyberArk.
• Completed SAFE training for agility with 2 years of experience working in agile.
• Provide the SME support for CyberArk which will include on-call support.
• Worked on creating CPM and PSM custom plugin and imported in Production.
• Extensively experienced in implementation and deployment of Privileged Account Security solutions for Windows, UNIX, Database servers, Security, Networks, and Websites.
• Ran CyberArk from scratch to end life cycle to manage Privileged account.
• Performed assessments of the endpoint environment security and in corporate suitable remediation activities into the policy design.
• Designed solution for control and insight over the distribution, usage, and protection of privileged access across enterprise environment.
• Worked with CyberArk rest API and also with Powershell scripting language.
• Worked on Disaster Recovery (failover/failback process) and performed DR drill in the environment.
• Extensively worked in the implementation and deployment of Privileged Account Security solutions for Windows, UNIX, Database servers, Security, Networks, and Websites.
• Integrated service manager ticketing system with London flavor and SailPoint (Identity IQ) 2.0V.
• Integrated Service Now ticketing system with CyberArk.
• Created safe, setup policies in the platform as per user requirement, duplicated platform
• Worked closely on check in/checkout, one time password, dual control access policy.
• Upgraded CyberArk component from 10.4 to 10.7 and 10.7 to 11.7 and 11.7 to 12.2 V.
• On-boarded Privileged Accounts to Cyber-Ark, Configured CyberArk to Oracle databases.
• Ran DNA scan tool to scan the windows and Linux server for the privilege and non-privilege credential.
• Well experienced inCyberArkAdministration task and troubleshooting.
• Worked closely on Active Directory and managing Users, Groups, Computers, and Organizational Units.
• Good analytical and communication skills and ability to work independently with minimal supervision and perform as part of a team.
• Configured and customized SailPoint IIQ connectors for integration with different systems.
• Worked on different ticketing systems like BMC Remedy, Service Now.

PROFESSIONAL EXPERIENCE

Confidential, Houston, TX

CyberArk Consultant

Responsibilities:

• Determine operational objectives by studying business functions, gathering information, and evaluating output requirements and formats.
• Upgrade CyberArk from 10.4V to 11.7version.
• Installed Splunk Universal forwarder agent on CyberArk component and configured on the Splunk side.
• Worked on building Splunk dashboard for CyberArk Component like EPV, CPM, PSM, PVWA, AAM.
• Design architectural diagrams for CyberArk environment by gathering all the required information.
• Upgraded CyberArk core Component from 11.7 to 12.2version of CyberArk.
• Vaulted and Managed Service account across the environment.
• Worked on Generating reports from CyberArk for audit purpose.
• Worked on data migration from 2012 OS to 2016 windows OS
• Installed and implemented Application Access Management in the Production environment.
• Laying out plans and responsible for completing the tasks in a timely manner and making sure that the audit timelines are met.
• Worked on various Power Shell scripts for automating the process of the group creating in the active directory.
• Successfully installed and implemented EPM in the production environment.
• On- boarded of various privileged accounts on CyberArk and automating the process by running password upload utility scripts.
• Implemented Application Identity Manager in the environment to onboard all the APP IDs for password rotation.
• Implemented Privileged Session Manager in the environment to monitor the sessions of the domain users for better security.
• Worked on onboarding Linux servers to CyberArk and managing root passwords across different Linux servers.
• Implemented and onboarded the mainframe privileged IDs to CyberArk for password management.
• Created Microsoft Visio flowcharts to define a process to delete the privilege IDs which are not being used in the organizations anymore.
• On-boarded windows, database, mainframe, and Linux accounts.
• Lead Solution Architect for Identity, Access and Privilege management.
• Worked on Active Directory (AD) and group policy Management (GPO).
• Applied Microsoft Security Patch in the vault server.
• Worked on Monthly operation Review with all stakeholders with wide spectrum of projects.
• Worked on Account discovery.
• Integrated in-house application like Java application,.net application and a lot of known application like service Now, Blue Prism.
• Worked with Technology users to configure privileged IDs to leverage appropriate CyberArk services, including Vault, AIM, PSM, APIs, or DAP. Ability to assess user’s use case, provide recommendations on service offering to meet use case, and implement and debug solutions for configuring privileged IDs.
• Installed CP agent on scheme servers.
• Integrated CyberArk with SailPoint, Service Now, Splunk with CyberArk.
• Worked on maturing the product by integrating application like Java, .net.
• Involved in operational task like account on-boarding, off-boarding, creating safe, setting up policies, duplicating platform, granting access to the user.

Confidential, Pontiac, Michigan

CyberArk SME

Responsibilities:

• Participate in Proof of Technology (POT) and Proof of Concept (POC) to help identify the right solution and recommend the most efficient and cost-effective solution.
• Experience in installing and configuring web-based applications. Administration of CyberArk safes and creation of Vaults for privileged users. Onboarding privilege accounts in CyberArk 9.11.2, Generating reports from CyberArk for checking the productivity of the organization. Providing access to users to put passwords in CyberArk through Private Ark and creating vaults.
• Generated DNA report from CyberArk and set up the Service accounts and Local Accounts in the server for compliance. Creating shared drives and drive mapping for the users through an active directory.
• Worked on Active Directory server (LDAP) and various Web & Application servers. On Tivoli LDAP. Provide technical expertise and support to security administrators on distributed systems security and implement automated solutions for security administration requests.
• Upgraded CyberArk component EPV, CPM, PVWA, PSM from 10.7 to 11.0 version
• Performed as the subject matter expert for information security technology, processes, and practices internally to the health plan provided by the client. Providing access to shared drives and administrating the inactivity of the internal users through Active Directory.
• Worked on Privileged Access Management (PAM) project which includes implementing CyberArk Password Vault, Web Access, Central Password Manager, and Privileged Session Management. Deployed and configured SailPoint Migrated Stealth Audit v8.0 from v7.6.
• Generated Inactive users reports from Stealth Audit for further auditing and maintaining the data for Active Directory. Working with vendors in retiring the Oracle-based applications completely from the Organization.
• Experienced in CyberArk Privileged Account Security product suite - Enterprise, Password Vault, Password Vault Web Access, Central Policy Manager, Privileged, implemented all grant flows for OAuth 2.0/Open ID connect usingPingFederate.
• Experienced in installingPingAccessin clustered and high-availability mode, have knowledge in upgrading and maintenance of Ping Access and Federation product tools.
• Experience in implementing Password Policies and reading the password blob using SM agent API.
• Implemented and Customized the SailPoint product to configure products (such as Blade logic, TAM, and OIM), systems administration, operational support, and problem resolution.
• Provided new capabilities in the global CyberArk privileged access management platform to meet security requirements, processes, and best practices
• Worked on CyberArk vault with Safe creation, integration with LDAP, and other authentication methods.
• Partnered with other support teams and vendors to resolve problems with effective troubleshooting skills or implement new products or services.
• Patched & Monitored Vault, Central Password Manager, Two-factor authentication, Privileged Session Manager, and Password Vault Web Access servers and services.
• Provided one-on-one end-user problem resolution over the phone.
• Used standard technology monitoring tools to monitor assigned environments and/or technical assets and identify/detect behavior outside of established standards.
• Worked on Qualys tool for Vulnerability scan of the server before applying a security patch.
• Worked closely with the monitoring team on monitoring the CyberArk Services and CyberArk critical logs.

Confidential, Atlanta, GA

CyberArk Engineer

Responsibilities:

• Worked on Privileged Account Management withCyberArkPIM suite Administration.
• Installed and configured the EPV components (Central Policy Manager, Password Vault Web Access, High Availability Vault Cluster, Secure Zone Access, SAN storage, SSL certificates, and Load Balancing.
• Configured platforms, and master policies, created Safes & On-Boarded 1000's of Privileged Accounts, connection components, transparent components, and access control through AD Group Nesting.
• Imported Several CPM and PSM plugins in the CyberArk for a network device.
• Daily administration and maintenance of the company's E-Directory
• Creation of policies and reports in PVWA.
• On-boarded 5K network devices in the production environment.
• Administration experience ofCyberArkvault with Safe creation, integration with LDAP, and other authentication methods.
• Upgraded CyberArk from 9.10 version to 10.4v
• Integrated with Active Directory (LDAP), 2 Factor Authentication (RADIUS).
• Defined, developed, and documented IDAM services including Single Sign-on, Self-Service registration, workflows, user management, management dashboard, Role Base Access Control (RBAC), Attribute-Based Access Control (ABAC), resource and business layers Provisioning, credentialing, federation, and auditing.
• Involved in application-to-application credential management.
• Defined user account settings through Active Directory and used Active Directory to create, modify, and manage user, computers, and group accounts.
• Experience in performing Privileged Account Management with a fair understanding of the underlying business processes.
• Responsible for determining the target Privileged Session Management (PSM) audience. Determine what infrastructure and systems PSM will target (servers, virtual servers, database)
• The performed internal configuration of PSM to the vault itself
• Installed, and configured disaster recovery Vaults and DR services
• Maintained development, testing, and production systems. Coordinate maintenance with support teams
• Performed Penetration testing and vulnerability assessment to improve application security.
• Implemented, installed and successfully rolled out CyberArk poduct in the production and QA environment.
• On-boarded windows domain, local account, Linux, database, mainframe, network devices in the CyberArk.
• Involved in the meeting to discuss with the stakeholder and gather the requirement.
• Managed linux SSH key in the environment.
• Responsibled for managing Incident ticket, opening up change request, Courion tools Deployment and administration.
• Troubleshoot end user incidents and where possible resolve upon first conflict.
• Created documents describing access rights management to different business application.
• Collected, analyze policy event data, and provide meaningful recommendations to improve the current policy configuration.
• Provided support for management reporting activities.
• Coordinated with the vendor support team for timely resolution of any bugs and issues.