Enterprise Security Architect/technical Solution Consultant/technical Lead/pm Resume
Fairfax, VirginiA
SUMMARY:
- A results - driven hands-on technologist with significant execution experience in creating next-generation software solutions.
- Confidential is an evangelist with over 23 years’ experience with customer and partner interfacing in the areas of Enterprise Security, Identity Management, Mobile and wireless security and biometrics solutions.
- Works closely with Financial, commercial and government agencies supporting different initiatives such as Confidential DSS, Homeland Security Presidential Directive 12 (HSPD-12), HIPAA, System Infrastructure, security governance, policy management, Intelligent video surveillance and Business Intelligence(BI). Confidential holds multiple patents and prestigious industry accolades in the area of identity management, enterprise security, policy management and mobile security.
- Deliver high quality security solutions in response to varying business requirements and architecture.
- Present, implement and maintain end to end security solutions and exceed customer expectation with extensive leadership and management experience.
TECHNICAL SKILLS:
Environment: SUN, Linux RedHat, IBM RS6000, DEC, HP, DG UNIX (Solaris, SUN OS, AIX, Ultrix, HP-UX, DG), IBM PC (WIN NT, WIN 95, Win 3.x, DOS, QNX), DEC-10, Tandem mainframe, PRIME, PLC, Hub, Router, RS-232 serial devices, SECS (semi-conductor communication standard), JBOSS, Sun Directory Servers.
Languages: C, C++, Java, Java script, HTML, Cobol-85, Basic, Pascal, assembly language and SQL.
Software: Web Services, XML, WSDL, SOAP, HP OpenView, XMP, GDMO, SNMP, TCP/IP (FTP, Telnet, Socket library), Network Management, UIMX (X window GUI tool), Oracle 9i and 10g, MS SQL, Sybase, Interbase, Fox-Pro, dBase, Paradox, Frame maker, MS Word, Excel, Lotus, Time-line, MS Project and shell script. Netscape and IIS Servers, Entrust PKI, Confidential Security Software and GoldMine.
PROFESSIONAL EXPERIENCE:
Confidential, Fairfax, Virginia
Enterprise Security Architect/Technical Solution Consultant/Technical Lead/PM
Responsibilities:
- Managing Oracle 11g Identity Management solution including OIM, OAM, OAAM, OEM, OIF (SAML Federation), OVD, OUD, OEM and BI Publisher in support of FICAM, IRS and Confidential security requirements. All internal or public facing interfaces are based on secure https communication.
- Develop IRS agency requirements for Identity Management solution supporting FICAM, FPKI, HSPD-12 and USAccess
- Meet and interview IRS stakeholders to develop and build system architecture and map to system requirement and defined gap analyses
- Performed ISSO duties for Single Sign-On solution. Develop and maintain the Plan of Action and Milestones (POAM) and support remediation activities. Developed and maintained security authorization packages
- Developed supporting C&A documentation for SSO product including System Boundary and Scope, SSP 800-53 Rev3, Contingency Plan, Configuration Management Plan and managed the C&A process to receive Authority To Operate (ATO)
- As enterprise security architect designed security roadmap and platform for enterprise security, identity management, WebServices security and compliance with government standards including FICAM, HSPD-12, FIPS 201, FIPS 140-2 and C&A 800 Series documentations.
- Worked on Certification and Accreditation (C&A) for multiple high and moderate applications and developed C&A documentation for Confidential HSPD-12 solution to ensure total system security and compliance with HSPD-12, FIPS 201, 199 and other SP-800 (including 18, 30, 37, 53, 53A, ) and FIPS standards, procedures and controls including Risk Assessment, Vulnerability Scanning, Security Awareness and Training, Configuration Management, Contingency Planning, Incident Response, Maintenance, Media Protection, Physical and Environmental Protection, System Integrity, Access Control, Audit and Accountability Policy and Procedures, Identification and Authentication Policy and Procedures, System and Communications Protection Policy and Procedures.
- As a solution and security architect worked on design and architecture of Confidential Identity Management (IDMS) Solution for GSA Project, implementing HSPD-12, FIPS 201 and Public Key Infrastructure (PKI) technologies in support of credential life cycle management for Applicant Sponsorship, Registration, Activation, Issuance and Post-Issuance processes. The architecture included multiple XML based Web Services design and implementation with web services security, data security and encryption considerations with High Availability and fail over considerations.
- Performed ISSO and Confidential Officer duties. Performed complete Payment Card Industry Data Security Standard ( Confidential DSS) version 3.1 compliance validation and documentation for a Credit Union with over 15 Confidential based application to ensure credit card and card holder information is secure and Confidential data is protected based on Confidential, Confidential, GLB security standards. Performed security architecture analyses for Confidential data security and worked with the processor and all stake holders and application to ensure ongoing application security. Worked with AMEX to successfully pass AMEX Issuer Confidential compliance. Developed multiple work products to ensure smooth ongoing compliance. Developed and reviewed multiple security policies. Provide solution for tokenization. Reviewed software applications, hardware and network architecture and appliances including HSM solution.
- Performed Confidential DSS assessment and Gap analyses for about 16 applications across multiple domains
- Developed a Key Management solution for encryption of data in support of Payment Card Industry Data Security Standard ( Confidential -DSS).
- Designed, implemented and deployed SAML federation integration for multiple third party applications. Worked with vendors to troubleshoot and ensure integration is successfully implemented in Dev, QA and production environments.
- Extensive experience in mobile device management and policy base security
- Manage IDM day to day operation for all Oracle IDM components. Deploy IDM patches
- Architect member for Confidential Core Identity Management solution ensuring a scalable solution covering both commercial and federal customers based on Service Oriented Architecture (SOA), Smart Card Technology, Fingerprint biometrics (including Confidential 800-76 Biometric Data Specification for Personal Identity Verification), Physical Access Control System (PACS), Logical Access Control System ( Confidential ), Identity and Access Management Provisioning. This PKI solution included High Availability and DR sites and managed certificates using Hardware Security Module (HSM).
- Developed comprehensive deployment guide for deployment of Back-end system including ActivIdentity Card Management System (CMS), Batch Management System (BMS), TimeTrade Scheduling Server, ABIS Fingerprint/Facial Duplicate Check Server, Oracle Database, Active Directory and TIBCO BussinesWorks and EMS.
- Performed Administrator and Helpdesk staff training
- Develop OIM custom workflows and programming.
- Responsible for developing system and security architecture documents for Federally Facilitated MarketPlace (FFM) healthcare project involving Layer 7 XML Gateway, SAML federation, Web Services integration, EIDM integration and other FFM business area components to assist in consumer registration, plan selection and enrollment. Assisted in developing SSP and security assessment testing for FFM system security.
- Architected a IDM solution and developed Reference Architecture in support of FICAM
- Developed and implemented a Highly Available (HA) reference architecture using Oracle Fusion Middleware 11g Identity Management suite with Integration with PIV card and Kerberos for Single Sign-On (SSO) using OIM, OAM, OVD, OID to manage authentication, SSO, centralized Role Management and user provisioning for external and internal users. Developed Role Base Access Control (RBAC) for multiple custom applications and OBIEE using OID/OVD. Deployed a POC environment to evaluated use of OUD instead of OID.
- Developed detailed Implementation plan for deployment of Oracle Identity management to Development, Test and Production environments.
- Lead Architect as part of RFP for healthcare insurance company evaluating IDM solutions from IBM, Oracle and CA and selecting a vendor to perform Identity & Access management, Role and Entitlement management. Later architected an IDM solution using IBM Tivoli Access Manager (ISAM/TAM), Tivoli Federated Identity Manager (TFIM). Designed Roles base solution for Tivoli application.
- Architected a solution for Cloud based Single Sign-On and Cloud security to protect data stored in Cloud
- Presented report and discussed plans to secure Cloud computing
- Developed prototype application using Oracle Identity Management suite of products including Oracle Access Manager (OAM), Oracle Identity Manager (OIM), Oracle Identity Federation (OIF), Oracle Virtual Directory (OVD) including SAML integration with multiple service provides like Salesforce.com
- Implemented WebServices Single Sign-On and WebServices Security using WS-Security
- Designed and architected a file encryption Confidential DSS compliance solution for credit card information stored in the system
- Evaluated multiple SAML based Single Sign-on (SSO) solutions including Sun Access Manager/OpenSSO/OpenAM, Ping Identity, SiteMinder, Oracle IDM for GSA FAS project ensuring it’s alignment with FICAM. Developed product evaluation, product impact analyses and Single Sign-On Architecture document and presented to stakeholders team for product selection and approval.
- Successfully managed and implemented Single Sign-On (SSO) Solution based on Oracle/Sun OpenSSO product in Dev, Test, Production and COOP environment and integrated multiple applications using SAML based technologies using Sun Directory Server and OpenLDAP Directory servers and architected for high availability.
- Designed, installed, configured Directory Server Enterprise Edition (DSEE) on multiple servers and provided replication of data store and config store between these servers in Dev, Test, production and Coop sites.
- Architected enterprise wide security to include Single Sign-On solution for Web based and Web services applications to support both Java J2EE and .Net applications
- On a different project, reviewed Federal ICAM guidelines, United States Nuclear Regulatory Commission (NRC) security policies and interviewed stakeholders and developed Single Sign-on (SSO) requirements to include Business, Functional and Technical requirements. Evaluated SAML based technologies for applications based on Windows environment including Ping Identity, SiteMinder, Oracle IDM and developed prototype using SiteMinter for NRC
- Designed SOA based WebServices Security architecture and compliance base on 800-95 C&A Confidential documentations.
- Architected, developed and validated Entrust Resource Adapter PKI for Sun Identity Manager 8.0 for both Solaris and Windows Platform. Validated all user and certificate operation, including certificate creation, revocation, recovery and suspension. Worked on Entrust GetAccess software and GetAccess Adapter for Sun IDM.
- Installed and setup Sun Identity Manager 8.0 environment including Sun Directory LDAP Server, Entrust Security Manager 7.1 PKI, Entrust Security Administrator, Sun Application Server, IBM WebSphere Application Server
- Architected Data and Directory migration strategies for real-time, bulk and manual identity migration to Active Directory and Oracle database using Web Services and LDAP API.
- Worked on design of SOA architecture for HSPD-12 and developing Business Process Management (BPM) solution and evaluating different Business Process Management (BPM) solutions including TIBCO and Microsoft BizTalk. This is for both application and Human workflow management process within Confidential solution and architected a HSPD-12, BPM agnostic solution.
- Architected and implemented Wireless/Mobility security solution for Internal Revenue Service (IRS). Worked with customer to collect their requirement and design a 3 tier architecture for mobile infrastructure and implemented security policies. The technologies used include Mobile Security, Symantec Anti-Virus, Confidential Mobile Security, Firewall, Backup solutions, Altris and MSSQL. Worked with Microsoft Windows Mobile to provide security and encryption policy. Provide Best-Practices and fine tune different areas of the solution including database, OS. Worked on secure platform and evaluating and validating vendor solutions for FIPS and Common Criteria (CC).
- As a Technology Officer developed enterprise policy based management security and biometrics solution for mobile device market.
- As a Technology Officer, consulted with an startup to develop mobile payment processing solution for mobile banking and mobile commerce for carrier and financial organizations implementation.
- Architected an Identity as a Service (IDaaS) solution for enterprise identity management and password management supporting multi factor authentication using SMS, email, token devices and more. The solution includes Password Management, Identity management, Two Factor Authentication (2FA) and Multi Factor Authentication (MFA), PasswordLess solution and inter working on Fido solution.
- Architected a Software As A Service (SaaS) solution which included multiple web services and designed a security access model to validate applications connecting to web service. All data transactions are performed using XML messages over SOAP. Developed roadmap and go-to-market strategy.
- Implemented video surveillance security solution based on Microsoft Windows. Responsible for design, architecture and overseeing development of Video Analytics and Business Intelligence solution, including face biometric detection, face recognition and monitoring solution for video security.
- Manage team for day-to-day activity of production server (Linux, SUN and Windows), development server and QA server, including backup, storage requirement, web services solution and security.
Confidential, McLean, Virginia
Technologist
Responsibilities:
- Created cross-platform mobile security policy based solution supporting MSSQL, Active Directory, LDAP using a 3 tier architecture and security solutions around 802.11 to protect mobile devices.
- Created cross-platform crypto engine supporting seven different encryption/hash algorithm for Win32 and mobile devices (Palm, Windows Mobile, Symbian and RIM) and received FIPS 140-2 certification from Confidential .
- Implemented a comprehensive security architectures during SDLC to provide a secure mobility platform.
- Implemented a single-sign-on solution for mobile devices and provide back-end interface and support from MS SQL and Oracle Database to Active Directory and LDAP directories. This directory migration was performed one time and then using a synchronization tool developed for background processing.
- Performed Product management and managed a technical team of 20 system architects, software developers, and Quality Assurance team.
- Performed software security requirement analysis, security architecture design and developments to obtain Confidential certification for FIPS 140-2 on support of Confidential cryptographic module.
- Helped to develop Confidential Sales and Business Development Strategy
- Worked with Sales & Business Development team and acted as technical resource to help them with their accounts to provide unique solutions to match customer needs.
- Developed sales and technical presentation to support customer requirements
- Provided pre & post-sales support and product training to customers/partners and developed technical training material.
- Met with prospects and developed security and technical and security best practices solution as part of unified centralized policy manager solution.
- Worked with internal and external team to ensure project successful implementation and redefine project implementation plans as needed.
- As a mentor helped other team members with technology and solution understanding
- Conducted interactive discussions to capture and understand customer’s security needs and requirements.
- Speaker Confidential few local federal and Microsoft security shows on our unique technical mobility solutions.
- Worked with reseller & technology partner to design a solution that integrates with Confidential Solution
Confidential, Fairfax, Virginia
Technologist
Responsibilities:
- Managed a services organizations to help customers with CRM and Help desk sales and solutions. Designed and implemented Customer Relationship Management (CRM) solutions for small to large enterprise organizations.
- Coached and nurtured client sales organizations, showing them how to effectively use CRM solutions to improve their sales and lead management processes. Evaluated and designed X.500 Directory Strong Authentication for securing directory protocols (DAP, LDAP, DSP and DISP).
- Evaluated Strong Authentication of SNMP and NTP protocols to provide network security and access control.
- Performed over 150 different data and application migration projects for many CRM and helpdesk customers supporting different database (SQL, Oracle, Access, Dbase, etc.).
- Managed a team of 10 engineers and involved hands-on to handle daily server, desktop and network operation for both internal users as well as external customers. Developed and implemented procedures, SLA and best practices to perform daily tasks and better managed expectations. Implemented ticketing system. Successfully developed plans and relocated customer server, desktop and network to a new buildings for few of our clients.
- Involved in implementation and design of X500 and X509 directory and worked with Entrust Certificate Authority (CA) solution.
- Worked with Confidential Smart Card to provide SMIME message security for PC’s running Microsoft Windows operating system.
- Created an HP OpenView demo, using the existing native SNMP and AgentWorks SNMP agents and evaluated feasibility of replacing existing CA-Unicenter network management platform with HP OpenView network management platform (DMS project)
- Evaluated system wide SNMP MIB implementation for the DMS Management Workstation System (MWS)
- Evaluated, designed and prototyped a security system for network management protocols including FTP and Telnet using the Public Key Infrastructure, Confidential Network Security and Entrust X.509 Certificate Management products
- Designed network management training course material and instructed the staff Confidential & Confidential
- Designed and implemented SNMP trap solutions for Computer Associate’s Enterprise View Management platform
Confidential, Herndon, Virginia
Principal Software Engineer
Responsibilities:
- Team leader for porting Hub Device and Network Management software written in HP OpenView for Win 3.1 to HP OpenView for Sun Solaris and HP-UX.
- Developed fully integrated OpenView program using OpenView Map, Database, Alarm and SNMP API’s in C ++.
- Provided product training on Confidential Hub management software. Acted as the lead consultant for a key Network Attached Storage (NAS) project and provided direction on network management solutions.
- Evaluated both network management and enterprise management software platforms, including HP OpenView, NetView, Tivoli, CA-Unicenter and Spectrum.
- Analyzed the use of Java and HTML Web-based management (JMAPI and WBEM) and provided HP OpenView integration to Confidential ’s CAM backup software.