SUMMARY

• Experienced Senior Infrastructure, Identity and Privileged Access Management Architect and Engineer, focusing in large scale enterprise projects, on premise and hybrid cloud applications designed for fortune 500 companies, mitigating attack vectors through designing and implementing secure architectures, compliant with security standards. Highly experienced in assessment and audit of infrastructure for system integration, of IAM, IRM, PAM, PAS solutions for controlling and monitoring, sessions, endpoints, privileged accounts, elevated access and managing and provisioning identities within a global enterprise infrastructure. Expert in industry standard open authentication and authorization protocols such as WS - Fed, SAML 2 and Oauth to provide a uniform mechanism for managed identities to securely enter legacy and future applications, SaaS, IaaS, utilizing SSO, including solutions for directory synchronization, group and user management, across the global corporate landscape with multiple sites and disparate repositories. Advanced troubleshooting and problem solving ability with Microsoft, third party software and services, including a consistent record of identifying and resolving complex network issues.

PROFESSIONAL EXPERIENCE

Senior Active Directory and Identity Access Engineer

Confidential

Responsibilities:

• My responsibilities included architectural design and consolidation of Active directory forests, Domains and services including integration of corporate IAM, PAM solutions during an acquisition.
• Design and lead in the implementation of an improved and secured AD, IAM and PAM infrastructure, leveraging Hitachi ID suite, Password manager for Password Replication and Hitachi Privileged Access Manager for privileged account access through checkout or elevation into role based groups with RSA hard tokens for two-factor authentication including support for backend systems, DBs, Application servers, configuration and deployment and support.
• Improved security through implementing a role based model with tiered privileged access, leveraging multiple identity management solutions, Forefront Identity Manager, HiPAM and Aveksa to streamline the onboarding and termination process including entitlements through the user lifecycle.
• Consolidated and redesigned internal and external repositories for authorization including authentication workflows for internal, external, remote users and computers to applications and services at regional datacenters, global sites. Synchronizing identities, entitlements and implementing federation with Azure and O365 and external, portals, applications and 3rd party service providers.
• Participated and lead working groups, governance, executive meetings and business process review with stakeholders including project planning and tracking. Generated reports, technical specifications, process workflows, architectural documents and IT policy.
• As the technical lead and AD, IAM SME; provided guidance to the IAM and AD teams for issues affecting Microsoft applications and 3rd party identity management services with dependencies on active directory by leading troubleshooting efforts for configuration problems with applications, AD communication, 2FA, SSO, networking protocols, load balancers and software prerequisites that may impact services, synchronizations and workflows. Created guidelines for improving process per best practice.
• Lead for re-design of internal domains active directories comprised of restructuring of organizational units, group policy consolidation, account security and RBAC to simplify AD operations and centralize Centrify for Linux administration.
• Technical lead for supervision of the deployment of infrastructure, servers hosting scalable applications including synchronizing domain resources and identities hosted in AWS and Azure. Coordinated with and supported Centrify team to deploy new infrastructure for consolidated resource domain authentication.

Senior Systems Engineer

Confidential, Tampa, FL

Responsibilities:

• Administration of exchange enterprise 2010 DAG. Monitor DAG replication, perform switchovers, reseed databases and reclaim whitespace. Maintain and configure edge servers and administer forefront for exchange. Generate heat maps of exchange services and components. Delegate access with RBA.
• Perform daily administrative tasks bulk create new users and exchange accounts. Move mailboxes between databases. Generate exchange reports with powershell.
• Utilize the EMC for administration and ECP to run litigation reports and discovery searches. Add or remove litigation holds. Administer Activesync devices and polices. Renew autodiscover certificate.
• Deploy service packs and rollups to CAS, HUB, mailbox and edge servers. Manage and configure organizational polices.
• Resolved issue with transaction logs growing in size exponentially using all space on the LUN allocated to the log files causing a failover to the standby dag member. Utilized Log parser studio querying IIS logs for activesync activity. Determined employee’s mobiles were causing the hits and syncs generating the log files. Corrective measure disabled activesync on the users account and removed phone until wiped and reconfigured.
• Lead resource in disaster and recovery plan. Created high level process and detailed SOP’s. Proposed DAG with lagged database copy and all roles virtualized with datacenter switchover as the process.
• Contributor of technology direction, design and implementation of infrastructure for the company and lead of operations, working closely with the IT director and mentoring the operations staff and help desk administrators.
• Responsible for corporate 2008 r2 forests with transitive trusts and maintaining infrastructure at Peak10 hosted datacenter and backup datacenter located in Atlanta through managed services. Modify and deploy GPO’s.
• Responsible for maintaining vmware ESXi 5.1 environment utilizing vsphere client, troubleshooting and resolving problems with virtual servers. Configured and upgraded Quest vRanger. Configured backup jobs and policies for virtual machines on vsphere hosts.
• Manage and maintain the datacenter Exgrid systems SAN solution and monitor and configure site to site replication and de-duplication. Worked with exagrid support to resolve unbalanced consumption and space reclamation bugs.
• Manage datacenter Netapp SAN NAS Solution with NetApp System Manager. Administer Vm’s and pyshical hosts LUNS with Snapdrive console. Experienced using Data Ontap CLI.
• Implemented Distributed File System to scale and to add high availability to existing corporate file server.
• Administer Windows PKI environment, CRL configuration, internal and third party SSL certificate renewals.
• Team member fir HIPPA audits, generating reports and mitigating findings with corrective action.
• Implemented AD FS environment to federate corporate directory to add a third party SaaS provider; LMS and SSO functionality.
• Administer SharePoint 2010 infrastructure, manage groups and users access to department sites. Configured people picker to synchronize AD accounts
• Monitor and make configuration changes to headquarters and datacenter’s Cisco ASA’s with and Cisco core routers and switch stacks. Configuration of site to site vpn, firewall NAT and access rules.
• SCCM 2007 site configuration and collections, generating reports, deploying packages through advertisements, Configuration of SUP server. SCCM Client center. Created Powershell scripts for operations to push SMS client.
• Deployed SCCM 2012 Server and SQL DB Backend. Responsible for documentation of configuration and SOP of common tasks for desktop administrators.
• Support of Citrix company portal and publishing critical business applications, Manage Citrix group membership and access to applications.
• Support of Microsoft Direct Access environment with Forefront UAG and threat management gateway and configuration of NLB for load balancing and failover of DA servers. SSL renewal for IP-HTTPS generated from internal CA, PKI server.
• Deployed Graphite metric server with python, carbon whisper DB’s for real-time monitoring and to identify historical trends for critical servers and services. Deployed Kibana, with elastic search on clustered Ubuntu virtual servers for real-time and historical windows events and syslog monitoring.

Global Identity and Access Management

Confidential, Tampa, FL

Responsibilities:

• IdAM project resource on-boarded to implement a global collaboration solution with single sign-on and two factor authentication support for external and internal authentication projects.
• High level architecture and product documentation were utilized to create presentations outlining proposed deployment strategy including diagrams and flow charts to visually communicate architecture and processes. System Requirements, Technical Specification and Architecture documents were required for approval of project and allocation of budget.
• Responsible for Global IdAM operations and mentoring team while supporting four global resource forests and 100+ territorial domains containing a total of 650,0000 users.
• Administration of ESXi environment hosting 200+ virtual servers with vSphere 4.1.
• Maintained and administered multiple federated environments for both internal and external facing Global SharePoint web applications.
• Coordinated with Microsoft engineers and third Party vendors to discuss product evaluations and alignment of business requirements. During meetings there were discussions of research and of proposed solutions that met desired functionality.
• Support of Global Operations with administrative tasks and assisting with troubleshooting AD DS, Territory Domain Trusts, AD FS, AD FS proxies, Identity Guard 2 factor solution, ARR, SharePoint, UAG and Cisco load balancers.
• Configured SQL 2008 clusters with Microsoft clustering and generated and cluster computer accounts.
• Generated PowerShell and third party batch scripts for the Operations team including bulk AD commands; exporting and importing data, SharePoint and AD FS configuration.
• Resolved issues with redirection, SSL cert expiration, replication, load balancer failover, LDAP search latency, connection resets, AD FS sign out errors and federation relay state.
• Administration of Global Internal and External forests and support for territory domains. Configured and resolved issues with domain trust relationships.
• Coordinated with Global SharePoint operations and provided Powershell scripts to configure the claims provider and AD FS relying party trust configuration for SharePoint web applications.
• Tested vendor updates and patches for Identity Guard solution and worked with vendor engineers to resolve bugs.
• Worked with in house developer on the vendor Self Service portal which included a Mobile version of Federation Module and Self Service Module pages.
• Designed and documented a Self Service portal with control panel to replace vendor Self Service portal.
• Documented AD DS, AD FS and Identity Guard SOPs for US and Germany Operations.
• Part of a team in training Germany and Czech Operations for External Authentication.
• Coordinated with Germany and Czech Operations to create D&R plan and test plan for US and Germany Regional Data Centers Internal and External authentication infrastructure.
• Created and updated documentation, Visio and presentations for projects. Presented to Management, Project Managers and Team members.
• Team member in system validation and performance tuning of IdAM environment coordinating with Lead testers and Project resources.
• Completed root-cause analysis reports for operations management. Propose recommendations in streamlining processes, procedures and best practices.
• Worked with Information Security during risk analysis of Global External Authentication deployments and implemented security controls to meet IT security policy and standards.

Lead System Administrator

Confidential, Orlando, FL

Responsibilities:

• Lead Role as System Administrator for Corporate headquarters supporting 50+ servers and working with members of corporate and a newly acquired company’s IT team.
• Managed projects until completion. Delegated to IT team members.
• Maintained and administered a native 2008 R2 environment with 26 servers and 10 Remote RODC’s located across United States and Europe. Reassessed site replication and resolved replication issues.
• Supported acquired company IT Team with domain integration project and infrastructure which included 18 servers 2003, 2008 R2; DC’s with three 2003 Exchange.
• Responsible for both organization’s Exchange email infrastructures consisting of 2007 and 2003 servers including onsite barracuda and hosted spam filtering.
• Administered SharePoint Server 2007 farm; Central Administration, managing access, sites, collection sites, web apps, monitor usage, timer jobs and farm backups.
• Blackberry Enterprise Server Administrator including Blackberry Enterprise Server Express 5.02, 5.03 sp1 within separate domains including support for handheld blackberries.
• Administered Hyper-V environment hosting production and servers. Imaged and transferred images in Hyper V. Resolved complex issues with Hyper V clients and documented advanced recovery techniques.
• Administered TS gateway and load balanced application terminal servers. Resolved connectivity and session problems with terminal servers.
• Administered Team Foundation Server 2010, and supported Great Plains.
• Utilized 2008 Group Policy to maintain and configure security, remote access, mapped drives, restrict subnets, firewall configurations and policies, Employee desktop configuration, push applications, add common user accounts, security groups. Resolved group policy client side processing errors.
• Designed OU’s in Active Directory to reflect organizational structure, added nested global groups to local groups, created user accounts and configured AD profiles. Imported AD account information.
• Administered DHCP creating scopes, maintained and troubleshoot DNS and zone transfers.
• Utilized repadmin commands to determine ISTG’s and utilized event id’s, directory service logs of the ISTG DC’s to troubleshoot and resolve replication failures.
• Exchange administration consisted creating email accounts, dynamic distribution groups, utilizing attributes. Adding accepted domains and moving mailboxes, recovered recently deleted emails via OWA, delegating access and forwarding email. Powershell to retrieve statistics, create reports and PSscripts for common tasks.
• Resolved issues with SSL Certificates errors and Auto discover records with Exchange server, familiar with the process of purchasing and installing SSL certifications and binding them to services.
• Restored Exchange mailboxes to Recovery Storage group from Backup Exec.
• Added Exchange CAS server and implemented load balancing to distribute client access workload.
• Maintained Windows Deployment Services (WDS) images. Adding drivers and applications used for windows 7 imaging and Multicast deployments.
• WSUS approved updates and patches and pushed updates when least disruptive for clients, Servers were updated as needed or required hotfix after testing.
• Symantec End Point Console to manage Endpoint Clients, also tracking virus and worm trends and taking action to remove viri from reported infected clients.
• Added replication members using DFS management console resolved problems with Distributed File system file replication and lost files.
• Coordinated with DB administrator to resolve advanced problems with DTC and RPC communication between SQL servers affecting generated nightly sales reports.
• Implemented new backup strategy and restored backup job health Symantec Backup exec 12.5.
• Worked with Service providers to order network equipment including bandwidth upgrades for remote sites. Coordinated on projects with Network Engineer and low voltage Contractors for successful startup.
• Monitored online content and browsing using Websense blocking restricted content according to company policy and to track usage.
• Ordered Networking equipment, router switches, cabinets and spec Server hardware for Sites within budget, tracked progress updating projects in SharePoint Portal.
• Generated annual budget proposal, completed capex and expenditure requests according to policy.
• Documented Server Roles and services within the Organization and updated existing documentation.
• Configured Cisco routers and HP Procurve switches, loaded Cisco 861 router configurations Troubleshooting network throughput, QOS and coordinated with network engineer to resolve DMVPN issues, added approved devices and subnets to RADIUS configuration.
• Administered Cisco Call manager and Cisco Unity Voice Mail system including administrative tasks and support for employee Cisco 7962, 7942 IP Phones.

Lead System Administrator

Confidential, Lakeland, FL

Responsibilities:

• Role as Lead System Administrator and Project Lead for the site working with corporate IT team and IT Management for implementations, responsible for conception, planning, securing resources, testing and staging to deployment.
• Responsible for Infrastructure and day to day operations onsite which included 19 Windows 2003/2008 R2 servers within a global forest.
• Supported business critical services for Production; ERP, Business Intelligence; SQL databases Application and Fileservers, Tape backup library and Enterprise Linux servers located at backup facility.
• Attained ISO 27001 and WLA certifications for GETCH corporation having a lead role in project and was given the title; Information Security Officer for ISO 27001 auditing.
• Administered Active Directory, Group Policy, Exchange 2003, 2007, WSUS, DHCP, DNS, DFS, RADIUS, Print Server's, and File Server's. Symantec End Point and McAfee Endpoint Encryption Manager.
• Deployed VMWARE ESXi 3.5 for development and production environment, administering with vsphere 3.5 client configured datacenter, vnetwork and mapping to volumes on IBM SAN.
• Experienced utilizing maintenance mode, cli, system logs, server logs, enabling verbose and trivia to identify and resolve issues. Utilized ESXi tech support mode to resolve issues and prevent downtime for virtual server running in production. Created templates for new virtual machines and deployed hosts.
• Installation of SAN IBM DS4700 with FC HBA’s. Configuration of Management station and controllers. Utilized IBM DS Storage Manager to add storage subsystems and create storage partitions, define host types and groups, RAID arrays, create LUNS, define host ports to map LUNS to the servers. Configuration of SAN fabric switches and DS4700 HBA’s.
• Administered Cisco, Juniper and F5 networking and load balancing hardware working closely with corporate network engineers assisting in troubleshooting, hardware installations firmware, software upgrades, client vpn connections and IPSEC vpn tunnels.
• Utilized advanced techniques to resolve networking issues; packet capture and header analysis. Audited networking device configurations. Utilizing SolarWinds and Kiwi Syslog to monitor network activity and bandwidth. Furnished monthly reports on rogue WAP’s and documented network topologies.
• Installed and configured SharePoint 2010 server for a company portal allowing employees to collaborate.
• Monitored and maintained systems with Systems Center Operations Manager 2007. Used Perfmon to troubleshoot and determine future needs through base lining and metrics.
• Coordinated in meetings with; Senior Management, Platforms, Network engineering, Information Security, Voice, Production, Sales, Purchasing and Accounting for support, planning and updating.
• Created monthly reports for departmental Managers approval of employees access to domain resources and maintained daily IT checklists to add accountability.
• Accountable for capacity planning, purchasing IT equipment/software, assigning to cost centers and proposing annual IT budget.
• Formed new backup strategy and increased integrity/security on backups through scheduling, hardware encryption and availability by storing daily backup offsite with Iron Mountain.
• Worked with third party tech support and engineers in deploying, testing and documenting bugs for industry encryption solutions for example McAfee’s Endpoint Encryption suite and Symantec’s PGP Universal Server/ and desktop suite.
• Regularly security and SAS7 and SOX audits were conducted by information security firms on behalf of clients and third parties.
• Member of ISO 9001 and 14001 team expanding the management system for quality control and lending expertise to the environmental policy and processes.
• Member of disaster and recovery team; contributing to the sites emergency plan based on different disaster scenarios. Designed redundant offsite backup systems to enhance integrity and availability of mission critical data.
• Supported Graphics department for Design including high-end Epson, Kodak printers and print servers.
• Utilized VB and PowerShell to automate common tasks, simplify administration and to extract system information for reports.
• Trained and mentored Jr. System Administrator. Escalated support calls in the organization from different sites were forwarded.

System Administrator/Consultant

Confidential,  Pinkerton, P.A

Responsibilities:

• Administration of 5 Servers including Terminal, Application, Database and file servers with 75 workstations at two locations with over 100 domain users and email accounts.
• Server Administration of Exchange 2003 server and Barracuda Spam filter.
• Performed daily tasks; create email accounts, distribution group creation, utilize mail flow analyzer to resolve NDR’s.
• Upgrades, Installation and repair of server hardware, networking equipment, workstations and laptops.
• Assist employees with technical issues and assisted with word, excel outlook and Xerox WorkCentre.
• Maintain Nortel BCM400 and IP phone accounts.
• Responsible for ordering new equipment and coordinating with vendors; Dell, CDW and Microsoft on resolving technical issues with hardware and software.
• Upgrade subscriptions and renew accounts for 3rd party software.
• Monitor Daily automated backups and switch LTO 3 backup tapes.
• Ran bi-weekly CMS shadow call logging to filter and generate long distance calls reports for billing purposes.
• Managed VPN accounts and configured IP soft phones for telecommuting employees.
• Collect metric data to determine, call trends or bandwidth, disk and memory usage on Servers.
• Administer Blackberry Enterprise server 4.0, add employee’s activate Blackberry phones and harden BES polices.