SUMMARY:

• Experienced leader, goal oriented, and hands - on engineer focusing on Cloud Solutions, Web\Identity Access Management, and Strong Authentication.
• Business objective is to improve business efficiency which will support growth and level of assurance.

PROFESSIONAL EXPERIENCE:

Confidential,IA

Identity Access Management / Security Engineer

• Worked extensively with IBM Security Access Manager 9.0 (ISAM) managing reverse proxies securing protected resources. Daily duties consist of creating new connections, updating existing application, or junction endpoints.
• Use ISAM LMI to configure backend settings such as admin policies, TFIM SSO, Kerberos, EAI authentication, network interfaces, or edit Advance Access Controls (AAC).
• Attach admin policies, review ACL’s, import/renew certificates, create risk base policies, and publish resources.
• Troubleshoot reverse proxies log file errors, connection failures, review browser header trace files, or open IBM PMR’s.
• Configure new Pingfederate identity/service provider connections, maintain existing connection ID’s, handle AWS SSO federation group membership, perform adapter upgrades, and scheduled server maintenance to update adapter .jar files.
• Write Ping Federate ONGL scripts to automate or change common Active Directory administrative tasks such as username case sensitivity, LDAP attribute prefixes, or masking domain realm names.
• Responsible for Salesforce SSO integration. Managing development and production environment, Salesforce (SP) to Pingfederate (IDP) authentication, JIT provisioning, provision AD federation ID’s, and add/delete salesforce users.
• Other Salesforce duties included deploy and/or configure new domain Orgs, set role base permissions, build IdP to SP connections, install digital SSL certificate, update IdP initiated URL portal endpoints, and t roubleshoot assertion issues.
• Worked with departments and developers gathering detailed project information outlining application requirements.
• Fine tune F5 LTM traffic, adjust load balancing pools, monitors, virtual servers, add nodes, and update endpoint definitions.
• Experienced in Radiant Logic VDS. Deploy new LDAP views, update attributes mappings, create virtual OU for SSO and federation. Troubleshoot query results, DN issues, missing attributes, cached data, LDAP sync, or resolving support cases.

Confidential,Atlanta, GA

Identity Access Management / Solutions Architect

• Worked with project teams, review architecture integration points and methodologies before implementation.
• Created functional and deployment documentation outlining cloud services (IaaS, PaaS, SaaS), Authentication (U/P, 2-Factor, SSO), Connectivity (TLS Connectivity, Certificates, RDP), and Access Controls (Roles, Permissions, IP Ranges).
• Migrate mail server data to Google Apps, sync directories, and integrate ADFS SSO, and set user IAM policies.
• Design, Deploy, and Maintain AWS Windows/Linux AMI. Configured Security Groups, Network Firewalls, EC2, S3, and HA Zones. Support data security with IAM controls, Public/Private subnet isolation, data encryption in transit and at rest.
• Created Linux boot strap configurations to update OS’s, and install application on new AWS instances.
• Provided technical leadership and subject matter expertise for Privileged Identity Management to users and management.

Confidential,Dallas TX

Identity Access Management / Solutions Architect

• Focused on Strong Authentication, Identity Assurance, Federation, Privilege Identity Management, and Mobile Security.
• Strong knowledge of WS-Security, SAML, OAuth 2.0, OpenID, SSO, PKI, JSON, API’s, and SSL Certificates.
• Identify, investigate, and evaluate 2-factor/Multi-Factor service providers aligned with FIDO alliance specifications.
• Met with SSO/MFA service providers (CyberArk, IdenityX, SecurAuth, Okta. PingOne, etc) security teams discussing cloud/on-premise solution, security requirement, authentication options, application installation, and integration points.
• Critiqued and scored strong authentication service providers security features detecting authentication anomalies, unregistered devices, eFraud IP’s, or malicious apps. Reviewed granular role base settings, IAM administrator controls.
• Lead and define projects within banks business units outlining requirements, integration points, authentication protocols, SAML assertions, PKI certificates, and create Visio diagrams documenting architectural specifications.
• Defined RSA MFA (Biometrics, QR Codes, OTP, and SMS) project scope for an Out-of-Band security challenges.
• Analyze/Refine RSA’s Adaptive Authentication policies, MFA challenges, and create reports from RSA SQL database logs. Update, create, or delete admin console settings (Authentication Manager, BackOffice, Case Management…).
• Held meetings with RSA Adaptive Authentication Security team reviewing domain policies, SecureID tokens, Web Tier risk-based agents, LDAP directory source mappings, and PCI-DSS guidelines with audit trails.
• Reviewed Level of Assurance (LOA) polices to achieve a degree of certainty for protected resources base on risk factors. Create step-up authentications session-sign-in triggers such as un-registered UDID, Geo Velocity, or Risk Scores.
• Hands-on configuration of SP MFA rules/policies, PingFederate SSO Connections, Private Clouds, and LDAP browsers.
• Created Linux/Windows virtual environments installing POC applications, LDAP directory services, databases (Oracle/SQL, MySQL), and Web Services (IIS, Apache). AWS (IaaS, PaaS, SaaS) infrastructure design.

Confidential, VA

Sr. Google Apps Integration Engineer / Identity Management

• Led teams of Jr. Engineers providing SME by planning strategies, recommend solutions, or overseeing migrations.
• Transitioned large corporations legacy mail systems (Exchange/Louts Notes), data (File Server) to Google Apps SaaS solution.
• Vast knowledge of Security token Service, SAML, SSL, SSO, OAuth 2.0, PKI, and encrypted data file transfers.
• Performed Sales Engineer duties delivering presentation to CIO’s covering cost savings and SaaS services to close deals.
• Enforced 2-step authentication with OTP/SMS verification and managed Google’s Mobile Device Management solution.
• Synced Google LDAP directory services with AD, Lotus Notes, OpenLDAP, and Radiant Logic virtual directory .
• Deployed Salesforce SP authentication communities. Built SAML assertion connections with SP URL endpoints for IdP’s
• Assist clients with identity products such as ADFS, PingOne, Pingfederate, and IBM Security Access Manager 7.0.
• Design, Deploy, and Maintain AWS services such as Public/Private Subnets, Security Groups, Network Firewalls, VPCs, EC2, S3, and Gateway updates. Support PCI-DSS guidelines with IAM, SFTP data file transfer, and network isolation.
• Assist clients with F5 LTM traffic rules, pool members, monitors, virtual servers, policies, and SSL certificate update.

Confidential, Cleveland,OH

Sr. Google Apps Integration Engineer / Sales Engineer

• Served as Lead Engineer working on SaaS solutions, technical demo, data encryption, mail routing and virtual firewalls.
• Performed on-premise analysis of applications, data storage, device management, and network securities before migration.
• Migrated legacy mail servers (Exchange/Louts Notes), LDAP users, BYOD devices to Google Apps or Office 365.
• Integrated ADFS SSO by configuring relying parties, multi-domain authentication, with SSL certs. for GApps clients.
• Managed TLS connections, message encryption, content filtering, DNS (SPF, DKIM, TXT records) during migrations.
• Troubleshoot SaaS applications, web consoles (IIS, Tomcat), Active Directory LDAP sync, and PGP data file transfer

Confidential,Atlanta,Georgia

Sr. Windows System Administrator / Security Engineer

• Managed data center environment with AD, SQL, DHCP, SCCM, SaaS solutions, mobility tools, and Linux applications.
• Maintained high availability clustered servers, ESX Servers, Lotus Notes, Storage, McAfee EPO with VMware vSphere.
• Responsible for overseeing HIPPA privacy and security compliance rules, creating data workflows, and access controls.
• Deployed Cisco IDS/IPS to protect web services, desktops/servers against viruses, DOS attacks, and suspicious behavior.
• Utilized Active Directory Group Policy Objects (GPOs) to manage, users and computers, OUs and domain permissions.