- Highly proven Technical Specialist with more than 22 years of IT experience. Experienced in architecture planning, designing, implementing and doing IV&V, supporting environments/domains of distributed infrastructures in the enterprise environments and government data centers / shared infrastructure.
- Familiar with architecture frameworks like TOGAF, FEA, CEA F2 frameworks and NIST standards. Hands on experience with Design Engineering, Solutions Architecture planning and Enterprise architecture planning. Experienced in creating architectural and design artifacts and deliverables.
- Cloud experience includes Oracle Cloud, IBM Blue Cloud, Azure and AWS.
- Experience with Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Security as a Service (SaaS). Engineered systems experience includes ExaLogic and IBM Blue Systems.
- Proven experience of Enterprise Security including Network Security, Zones Security, O/S Security, Applications, Data and Web Services Security. Through understanding and hands on experience with Authentication, Coarse Grain, Fine Grained, Object Level Security and Interfaces Security. Worked with ISO Officers, Risk Officers and Compliance Officers to assist in designing and governing the Security Roadmaps.
- Experience includes architecting and supporting solutions for Identity Management including Identity Life Cycle Management, Identity Federation, Access Management, Web Services Security, API Security, Security Incident & Event Management and PKI infrastructure management.
- LDAP Experience includes Active Directory, iPlanet, Open LDAP, Oracle Unified Directory (OUD), Oracle Internet Directory (OID), Oracle Virtual Directory (OVD) IBM Directory Services and Red Hat Directory Server.
- Identity Life Cycle Management experience includes using tools like Oracle Identity Manager, Microsoft Identity Manager and IBM Identity Manager. Provisioning and Reconciliation work flows. Adapter installation and configuration.
- Access Management experience includes Oracle Access Management (OAM), IBM Access Manager and Open AM.
- Adaptive Access Management including Multi Factor Authentication. Device, Location and IP fingerprinting. Support of hardware and soft tokens.
- SSO and Federation experience includes Oracle SSO, OpenSSO, OAM, and Cloud Federation using Ping, Okta, Shibboleth and Active Directory Federation Services (ADFS).Designing and supporting claims based applications.
- Experience includes designing and supporting B2B/ G2G security solutions using Sun jCaps/ See Beyond, IBM Managed File Transfer, Oracle Managed File Transfer and custom /prosperity frameworks.
- Integration of idM/ OAM solutions with enterprise applications and ERP software.
- Point of entry security Apache / Web Gate / Web Agents / OpenSSO agents’ management. SSL/ TLS certificates managements, CA setup and security vulnerabilities & Patches review. Security based event monitoring and reporting.
- Security Analytics using Oracle Analytics (OBIEE), Splunk, Kibana, Stash and Service Manager.
- Experience includes using of Oracle API Gateway & XML Gateway like IBM Data Power., Transport / Channel level security. Message security using encryptions/ SAML tokens. SOA Governance using SOA Tool and Oracle Confidential . Policy Automations using Oracle OPA.
- SSL / TLS Certificate Management, Key & Policy Store Management.
- Reviewed existing setup and issues. Worked with various teams to resolve existing issues. These issues also included SSO Logout.
- Reviewed existing documents and gaps. Updated the documents.
- Set up ADFS, Okta, Ping, Site Minder, Shibboleth, OAM instances in Azure Cloud. Configured Claims Providers Trust, SAML Assertions, Federation Metadata, and Claim Rules with transformation using expression language. Set up idPs, SP and WAPs, Kerberos Delegation and Authentication Policies . Set up Multi Factor Authentication.
- Routine AD and ADFS administration activities.
- Created new documents for various audiences (Internal teams and Customers). For example Ping Interface Document for Ping customers and Okta document for Okta customers.
Sr. Oracle Fusion Middleware Specialist
- Automated the patching of Middleware components hosted on Windows and Linux using Oracle Cloud Control 12c. Performed 13c upgrade.
- Research and fix ongoing issues with OMS / Cloud Control. Creation of How To / Procedural documents for other data center administrators.
- Architected and designed a scalable architecture for a Facility Management software (FAMIS). Use of Oracle Weblogic, Forms, Reports and Auto CAD.
- Support Education ERP System (Banner) infrastructure & integrations with other Oracle Products.
- Designed and set up 11g idM infrastructure.11g OID (220.127.116.11) integration with AD (DIP) including Kerberos Tokens. User Provisioning workflow setup and validation.
- Integrated EBS (12.1.3) with OID.
- Setup 11g OAM (18.104.22.168) and integrated with EBS 12 using AccessGate, WebGate on Oracle Linux 7 - 64 bit.
- Securing URLs through OAM. Setting up Authentication Scheme, Authentication Module, Web Agents, Policy & ID stores and synchronization profiles.
- Created “How To” documents for technical staff and Strategy Documents for management.
- Architected and integrated Single Sign On with Oracle E Business Suite 12.1 using Oracle OID, idM OAM and Access Gate.
- Integrating OID and AD using Directory Integration (DIP). Created design artifacts and procedural documents.
Senior Fusion Middleware Specialist
- Reviewed existing architecture and identified gaps and issues.
- Worked with various teams to resolve and document these issues.
- Implemented Web Services Security using OWSM. Implemented security policy management by integrating Service Bus ( Confidential ) with OWSM.
- Integration with Open AM and Oracle E Business Suite.
Tools: Oracle SOA, Confidential, OWSM OpenAM, EBS and OBIEE
Senior Architect & Design Engineer
- Technical requirements gatherings from stakeholders via formal channels like IS intake and non-formal sessions. Technical requirements from NFRs and map/track it in traceability matrix. Creation of high level LOE, Cost Matrix for funding and detailed Cost Matrix for cost recovery.
- Led technical design sessions, creation of design documents, patterns and build sheets.
- Presented the designs in the peer’s reviews sessions, to the project teams, EA and to the senior leadership. Leading the projects to robust, scalable and highly available architecture. Continuously worked with PMs, Enterprise Architects (EA) and various engineering teams.
- Created and helped PMs/EDMs with Service-Now tickets. Helping PM obtaining security approvals and creating Run Books.
- Helped vendors to implement COTS products and fill technical, procedural and security gaps to implement COTS in BSC keeping it compliant with the BSC /BSCA rules.
- Acted as technical SPOC for projects and seeking answers for unknowns.
- Worked with various team mangers to mature the IT cost model.
- Detailed Design Documents, Cost Matrices, Build Sheets ( For Data Center, Platform Engineering Team, Server Build Teams, Storage Team, Monitoring Team and DR team), Run Books, and Firewall Access Control Sheets.
Senior Technical Specialist
- Reviewed and cleaned up identity mappings for privileged users (Centrify & AD Integration). Policy Automation using Puppet.
- Reviewed existing applications for security gaps and implemented best practices for various Middleware applications (HR/ Payroll / Benefits / UC Apply/ Benefits).
- Worked with Oracle / UCPath Team to implement and improvise federated services. Fixed TLS/StartTLS operational issues. Supported Berkeley Data Center Migration and AWS migration effort.
- Supported Shibboleth infrastructure for identity federation among 300 universities across USA.
- Worked on message security using encryption (Oracle SOA Cloud and IBM Legacy Applications on IBM WebSphere) and related issues.
Senior Oracle Fusion Specialist
- Gap Analysis: Reviewed existing SOA/ Confidential infrastructure and identified long standing performance issues, gaps in business processes, documentation gaps and suggested best practices to sustain current and future interfaces on a shared SOA infrastructure for Electronics Health Record Project.
- Created Impact Analysis Documents and Risk Logs. Researched, tested and suggested solutions to fix performance and operational issues. Reached out to Change Control Board for management and peers approval for implementing those solutions. Solved long standing performance (technical) issues. Reviewed existed Interface Control Documents (ICDs), identified gaps and updated with missing information.
- Reviewed Assessment done by Oracle / Gartner in the past and implemented changes where applicable.
- To support EHRS (Electronics Health Record Project) readiness effort, I architected and designed idM application infrastructure to integrate with SOA.
- Installed and Configured Oracle Identity stack including Oracle WebGate, Oracle Virtual Directory (OVD), Oracle Internet Directory (OID), Oracle Unified Directory (OUD), OAM, Oracle Federation Services .
- Message Level Security for various use cases (Tokens, SAML & Basic authentication) and for various interfaces (Correctional Hospitals, Third Party Labs, Pharmacies, Radiology vendors and DOJ’s SOMS). Tech stack was 11g with Web logic on 10.3.6.
- Integrated Weblogic, SOA domain, Confidential Domain, ODI and BAM.
- Demonstrated OAM capabilities to the client .It included Session Configuration, Audit Configuration, Password Policy Creation, Verification Revocation List, Identity Federation, Identity Providers, Security Token Service Configuration, Applying Encryption Template, Token Issuance Templates and Validation Templates, Partner and Partner Profile Creation including Requester, Relying and Issuing Authority Profile, Tokens and Attribute Assignment.
- Embedded Credential Collector (EDC) and De-attached Credential Collector (DCC). Configuration of Web - Gate for Dynamic Credential Collector
- Implementation & Planning of Oracle Identity Federation and Entitlement Services. Integration of OUD/OVD with AD for internal interfaces. Implemented Oracle Adaptive Access Manager in stage 2.
- Worked closely with Oracle to set up POC with API Gateway in stage 2. Use of OWSM for Web Services Security. SAML token implementation.
- Configured policies using OWSM and third party tools. Modified password storage mechanism to enable multiple hashes. Configured Directory server parameters.
- Installed and configured OAM. Created various policies for various interfaces.
- ODI security integration including integration with DoJ’s SOMS for Change Data Capture (CDC).Worked closely with Oracle to set up Golden Gate implementation.
- Setup highly available environment to demonstrate server migrations. Worked closely with F5 team to implement HA.
- Reviewed and worked with Verizon Services to fill gaps for the Service Recovery (SP) Documents and Shared Infrastructure Recovery Documents.
Senior Oracle Technical Architect & Support Specialist
- Over the period of 10 years, I worked on all the 4 generations of Identity & Access Management solutions.
- Fixed the architectural and technical issues when Confidential could not make it work. Worked extensively with Oracle Product Managers. Evaluated lot of other products like IBM and Open Source world.
- In Generation 2 (myCalPERS): Architected and implemented a custom solution with custom Apache Mod (mod osso) and a custom Java SSO application with its own session management.
- Generation 3 (PSR - Project budget over 500 Million USD): Worked closely with Accenture to implement Open SSO solution. This solution was based on Sun LDAP and Open SSO.
- Generation 4 (CalIAM Project): As a part of engineering team collaborated with Accenture team to architect and implement CalIAM project to provide Single Sign On capability for PSR Project. This was based on Oracle 11g idM/ IAM tech stack.
- Identity Management & SSO for PFRMS (A PwC / IBM project): Helped Enterprise Architecture Team to implement enterprise application authentication and authorization model based on Oracle LDAP / OID, JAZN and MVC 3.0 frame work. Performed all testing and followed up with Oracle Product and PWC team for bugs fixing. This SSO solution worked in parallel (for all internal applications) to above mentioned solutions. Provided routine administration support for this infrastructure for 8 years.
- Session failover testing of Oracle Application Server 10.3.x. Worked with Oracle Product Managers to shape the product.
- Helped Verisign to gather and document all security requirements for the enterprise.
- Reviewed security architecture of Exalogic Systems (engineered system).Worked with Oracle and internal teams to address ongoing issues.
- Architected system and user logging and information mining using Splunk as a part of SIEM part of security roadmap.
- For all Windows based internal applications, I architected a 3rd solution based on NTLM / Kerberos. This was used for Business Intelligence applications (IBM Cognos and Oracle OBIEE).
- Acted as Technical SME and Providing Level 3 technical support.
- Encryption and Decryption for JCaps B2B using PGP.
- Architecture planning and implementation of Certificate Authority and workflow design using Oracle CA products, MS Products and other third party products.
- Review of Security Vulnerabilities, patches and advise client about possible solutions.
- Response ISO audits and remediates the audit points. Applied for variance where applicable.
- Worked with ISO and Risk Officers to design security road maps and implement application security recommendations.
- Worked with DR and Business Continuity team to comply with their requirements.
- Worked with EA team to implement Message Encryption ( SOA Governance) jCaps Architecture: Worked with Sun Microsystem team to help install, configure and support Jcaps Suite 5.1.3. Configured B2B security with PGP/GPG encryption .
SSO & Portal Architecture Planning, Deployment & Architecture Support
- Architected and implemented Oracle Single Sign On and integrated with Oracle Ebusiness Suite (Supply & Delivery, Materials Management and Financials).
- Integrated with Oracle Portal and implemented object level security.
- Integrated Portal /SSO with Active Directory and Exchange Server
- Integrated other legacy applications based on Oracle Forms and Oracle Reports.
- Worked with database administrators and system administrators for designing Portal /iAS backup and recovery procedures.
- Worked with Security Administrators for designing security access and privileges for different locations, departments, groups and users. This security planning included at Network level, Domain level, Database level, Web server level (Apache), Application Server and Portal level.
- Installed 9iAS Release 2 included Infrastructure, Middle Tier, Portal, Web cache, OID on Windows 2000 and Linux.
- Installed and configured SSO with OID for Rel 1, iFS and Oracle Workflow 2.6.
- Replaced Microsoft Outlook Public folders with Portal folder portlets to enable user to access and upload data remotely.
Confidential, Atlanta, GA
- Wrote validation scripts in PL/SQL to put validated data in Interface tables and 11i tables. Customized Flex fields like items, account etc. Generated reports using Reports 6i / 11i apps backend.
- Modules handled includes AR, AP, Manufacturing, Order Management, Inventory Worked in Items, Vendors, Categories, Warranty, Auto Invoice, Customers, SO and PO.
- Generated customized reports for Decision Support Analysis with Oracle Express Server.
- Conducted installations of 11i applications (PROD, TEST, Vision Instances) and maintenance of all instances hosted by clients. Used Rapid Install. Implemented multi org, multi-currency and multiple characters sets (languages). Application of patches for GOLD and Platinum instances including C/D/G drivers. Used Web IV, Meta link, ARU.
- Versions used were 11.5.0, 11.5.4 and 11.5.5.Used ad patch utility. Assisted in handling of TAR logged by consultants and clients. Instance Cloning. Created cloning scripts.
- DBA Support. Implemented Oracle Demand Planning.
- 9iAS and portal administration
- Trouble shooting of all above mentioned instances and services hosted in oracle for different customers.