- 10+ years of experience in implementing Identity and Access Management (IAM) solution and Privileged Identity and Access Management (PIM/PAM/PAS) solutions using IBM Security Suite, IBM Security Access Manager (ISAM), IBM Security Identity Manager (ISIM), WebSEAL servers, LDAP servers, Policy Servers, TFIM, IBM Security Identity Governance and Intelligence (IGI), SailPoint IIQ and CyberArk.
- Experience in coordinating with various teams to gather integration and implementation requirements and creating architectural diagrams to implement IAM solution.
- Experience in installation, configuration, administration and troubleshooting ISAM software version, ISAM Appliance, ISIM, IGI, TFIM (Tivoli Federated Identity Manager), WebSEAL (Reverse Proxy), Policy Server, Authorization Server and LDAP servers in POC, DEV, Test and Production environments.
- Experience in upgrading and migrating ISAM and its components from software version to appliance 9.0 in POC, DEV, Test and Production environments.
- Experience in implementing Single Sign - on (SSO), Two-Factor Authentication (2FA) and Multi Factor Authentication (MFA) for web-based applications for enhanced security.
- Experience in authentication and authorization protocols such as SAML, OAuth, OpenID Connect and JWT tokens.
- Experience in developing and supporting custom applications that use REST APIs in ISIM and ISAM.
- Experience in creating TCP, SSL and LTPA WebSEAL junctions for the web-based applications in ISAM.
- Experience in creating Policies, Resources, ACLs, POPs for fine grained access control in ISAM.
- Experience in implementing risk-based and context-based authentication mechanism using Advanced Access Control module in ISAM.
- Experience working on pdadmin command line tool and LMI for ISAM administration tasks.
- Experience working on SSL Certificates.
- Experience in upgrading, migrating, troubleshooting ISIM and integrating various targets such as AIX, LINUX, Windows Active Directory, Salesforce, Database, LDAP into ISIM for automated provisioning.
- Experience in integrating ISIM with IBM Security Identity Governance and Intelligence (IGI).
- Experience installing IBM Security Identity Governance and Intelligence (IGI) and load bulk data, integrate various target end points into IGI, implement end-to-end life cycle, access recertifications, SoD violations, certification campaigns, access risk control modelling and reporting.
- Experience in installing SailPoint IIQ, on-board bulk data, on-board applications, design forms, customize workflows, policies, access certifications, risk models, SoD violations and reporting in SailPoint IIQ.
- Experience in implementing Role Based Access Control (RBAC) by implementing Organizational roles, Business roles, IT roles and Permissions/Entitlements in ISIM, IGI and SailPoint IIQ.
- Experience in designing account and access request workflows and modify operational workflows to customize the standard operations as per the business needs.
- Experience in writing Java scripts, Perl scripts and TDI scripts to handle complicated System Administration, provisioning and migration related tasks.
- Experience in implementing CyberArk for Privileged Identity Management (PIM) and onboard privileged IDs into CyberArk from Unix, Linux, Windows, and other systems.
- Experience in integrating Cloud based applications such as Salesforce with IAM for user provisioning and implement MFA for enhanced security.
- Experience in setting up EC2 instances, S3 buckets, EBS volumes, EFS, CloudWatch, CloudFront, CloudTrail, Snowball, Route53, VPC, Load Balancers, Security groups, IAM roles, AMI’s, snapshots and other Cloud related tasks in Amazon Web Services (AWS).
Confidential, Columbia, Maryland
Information Security IAM Consultant
- Design, develop and implement Identity and Access Management (IAM) Solution and Privileged Identity and Access Management (PIM/PAM/PAS) using IBM tools, CyberArk and SailPoint IIQ which include Installation, configuration, administration, tuning and troubleshooting of IBM Security Access Manager (ISAM), IBM Security Identity Manager (ISIM), IBM Security Identity Governance & Intelligence (IGI), IBM Tivoli Federated Identity Manager (TFIM), IBM Security Directory Server (LDAP), IBM Security Directory Integrator (TDI), WebSEAL, Policy Server, Authorization Server and other Security components.
- Upgrade IBM Tivoli Access Manager (ISAM) from version 5.1 -> 6.0 -> 6.1 -> 6.1.1 -> 7.0 -> 8.0 -> 9.0, including upgrading Policy Sever, Reverse Proxy WebSEAL servers, Authorization Server, LDAP servers and migrate data and install recommended fix packs.
- Install WebSEAL servers and configure load-balancing and provide enhanced security for several backend applications.
- Create TCP, SSL and LTPA junctions between the WebSEAL servers and back-end applications to provide enhanced protection to the end-point resources.
- Create ACL's and POP's to provide restricted access controls for the end resources.
- Design and implement federated single sign-on (SSO) solutions using IBM Tivoli Federated Identity Manager (TFIM), ISAM Federation and Advanced Access Control (AAC) modules with third party applications such as Salesforce and other applications.
- Work on various authentication and authorization technologies and protocols including SAML, OAuth and OpenID Connect.
- Implement context-based and risk-based authentication for applications using second factor authentication (2FA) and Multi-Factor authentication (MFA) using the Advanced Access Control module in ISAM for enhanced security.
- Develop and support custom applications that use REST APIs for ISAM and ISIM.
- Develop, implement and support EAI based authentication in ISAM.
- Maintain ISAM and ISIM LDAP servers, support day-to-day configuration tasks and implement changes as needed.
- Guide and support the team on extending schema by defining custom attributes in LDAP to meet the business requirements for user management.
- Deploy, support, maintain, troubleshoot and monitor the Development, Test and Production environments which are clustered/highly-available/Load Balanced web applications.
- Troubleshoot user access issues and fix them in a given time frame.
- Configure Distributed Session Cache in the clustered environments for ISAM.
- Use pdadmin commands, Web Portal Manager and LMI console for day-to-day ISAM administration tasks.
- Take snapshots and install fix packs for ISAM periodically as needed.
- Periodically check performance related issues and run recommended performance tuning procedures in ISAM and ISIM.
- Periodically perform data backups and support Disaster recovery operations for Business Continuity.
- Install SSL certificates and renew them periodically for all Security components in the organization to have an uninterrupted communication between all the interrelated components.
- Provide Production support in incident management, problem management and change management for Identity and Access Manager Solution (IAM).
- Install and upgrade IBM Tivoli Identity Manager (ISIM) from version 4.6 -> 5.0 -> 5.1 -> 6.0 and migrate data, including provisioning policies, recertification policies, password policies, services and workflows.
- Design Organization tree structure and create Provisioning policies, Adoption policies, Identity policies, Password policies, Service Selection policies, Recertification policies and Separation of Duty policies in IBM Security Identity Manager (ISIM).
- Import adapter profiles to create service types and define services/on-board applications such as AIX, LINUX, Database, Active Directory, Oracle EBS, Salesforce, LDAP, RACF, CyberArk and Secret Server in ISIM, IGI and SailPoint IIQ.
- Create Access Control Items, Services and schedule reconciliations on the integrated resources in ISIM.
- Define and customize workflows, create new or modify the Entitlement workflows and Operational workflows in Security Identity and Access Manager (IAM) as per the organization requirements.
- Design and implement Recertifications, Separation of Duties (SoD) and access reviews as per the business requirement.
- Design and implement role lifecycle to define Business roles, IT roles, Admin roles and Entitlements in IGI and SailPoint and schedule reports periodically.
- Conduct security assessments and identify solutions in the areas of administration process and user provisioning, authentication, authorization, identity centralization, federation, single sign-on and compliance reporting.
- Write Java scripts and Perl scripts to handle complicated System Administration, provisioning and migration related tasks.
- Integrate ISIM with IBM Security Identity Governance and Intelligence (IGI) and load full data from ISIM to IGI and manage user provisioning.
- Upgrade IGI 5.0->5.1->5.2 and run assembly lines to synch users, roles and permissions between ISIM and IGI.
- Create comprehensive Identity Governance, Risk, and Compliance (GRC) infrastructure such as auditing, reporting, access review, and certification.
- Analyze and optimize roles and permissions in an existing user provisioning system in IGI.
- Build an advanced entitlement model by combining role-based and attribute-based authorization for fine-grained access control in IGI.
- Install and configure SailPoint IIQ and upgrade SailPoint from 7.0 -> 7.1 -> 7.2.
- Design forms, workflows, policies and access certifications within the SailPoint IdentityIQ.
- On-board applications into SailPoint IIQ such as AD, LDAP, Salesforce, JDBC, etc.
- Implement RBAC model in SailPoint IIQ by configuring role models.
- Define and configure Policies and Certifications for governance compliance in SailPoint IIQ.
- Define risk model for Identities and applications and implement certification campaigns for access reviews.
- Design and implement Provisioning policies for various Lifecycle events.
- Support CyberArk implementation for Privileged Identity and Access Management (PIM/PAM).
- Onboard privileged IDs into CyberArk from Unix, Linux, Windows, and other systems.
- Create EC2 instances in Amazon Web Services (AWS) and work on S3 buckets and Glaciers to store data based on criticality.
- Create IAM Roles in AWS to grant access based on the user duties and configure CloudWatch and CloudTrail.
- Create AMI’s, snapshots, bootstrap scrips, VPCs and implement auto scaling based on the load, and create Security groups for EC2 instances in AWS.
- Design, build and administer secure databases on AWS cloud platform based on industry standards, best practices and guidelines.
- Review the current architectural landscape, compare various solutions and make appropriate recommendations.
- Use AWS CLI and Management console to administer day-to-day tasks.
- Evaluate and implement emerging security technologies to better safeguard the security posture of the client organization.
- Provide recommendations on Identify software issues related to Security components and advise upgrade options.
- Research, develop and implement Information Security policies, plans, standards and procedures.
Confidential, Birmingham, Alabama
- Design, develop and implement Identity and Access Management (IAM) Solution using IBM Security Suite, which include Installation, configuration, administration, tuning and troubleshooting of IBM Tivoli Identity Manager (ITIM) and IBM Tivoli Access Manager (ITAM).
- Upgrade ISIM from version 4.6 to 5.0 and migrate data which includes migrating user data as well as all provisioning policies, recertification policies, password policies, services and workflows.
- Upgrade IBM Tivoli Access Manager v5.1 to v6, including upgrading Policy Sever, Reverse Proxy WebSEAL servers, Authorization Server, LDAP servers and migrate user data and install recommended fix packs.
- Create junctions between the WebSEAL servers and back-end application servers to provide enhanced protection to the end point resources.
- Create ACL's and POP's to provide restricted access controls for the back-end applications.
- Work on pdadmin command line for ITAM administration tasks.
- Deploy, support, troubleshoot and monitor Test and Production environments which are clustered/highly-available Load Balanced applications.
- Install, configure and support multiple instances of ITIM in Development, QA, Test and Production environments and migrate users from ITIM 4.6 to v5.0.
- Design and implement organizational tree structure as per the business requirements.
- Implement Provisioning policies, Password policies, Identity policies and Recertification policies.
- Design and implement services to manage various end points such as LDAP, AD, RACF, UNIX, LINUX, Database, etc.
- Design and implement workflows and attach them to Provisioning policies such that the workflows kick in when the policy is evaluated during user provisioning.
- Troubleshoot issues encountered during ITIM upgrade/migration and fix them in a timely manner.
- Install SSL certificates for ITIM and ITIM Agents for secure communication.
- Write Java scripts and TDI scripts to migrate thousands of users
- Set up Access Control Items (ACI) to define permissions to the users to access various resources as per their job duties.
- Setup nightly Reconciliations for various end-point resources for data synch.
- Implement Password Synchronization using RPSM so that password changes are captured and synchronized across all the resources.
- Install fix packs for various ISIM end points and import Service Profiles and define Services for end point resources.
- Design and configure account/access request workflows and approval workflows as per the Client requirements.
- Perform data backups and disaster recovery operations periodically.
Operating System: Windows Server 2000/2003/2008/2012/2016 , UNIX (AIX, LINUX), Windows 95/98/2000/XP/Vista/Windows7/8/10.
Languages: C, C++, Java, Java Script, Perl, HTML, XML, SQL, PL/SQL.
Middleware and Web Technologies: IBM WebSphere Application Server 5.0/6.0/6.1/7.0/8.0/ 8.5/8.5.5 , WebSphere Portal Server, Apache Web Server, IBM HTTP Server.
Database: IBM DB2 v9.1, 9.5, 9.7, 9.8, 10.1, 10.5, ORACLE 10g/9i.
Security Tools: IBM Tivoli Identity Manager (ITIM v4.6, v5.0, v5.1)IBM Security Identity Manager v6.0, v7.0
IBM Tivoli Access: Manager (TAM v5.1, v6.0, v6.1, v6.1.1)IBM Security Access Manager Appliance (v7.0, v8.0, v9.0)IBM Security Directory Integrator (TDI v6.0, v6.1, v6.1.1, v7.0, v7.1, v7.1.1, v7.2)IBM Security Identity Governance and Intelligence (IGI v5.0, v5.1, 5.2)SailPoint Identity IQ (v7.0,7.1,7.2)ISAM Web Portal ManagerLDAP - IBM Security Directory Server (v5.2, v6.0, v6.1, v6.2, v6.3, v6.3.1, v6.4)TDS Web Administration ToolCyberArkAmazon Web Services (AWS).
Networking: TCP/IP, HTTP/HTTPS.
Academic Knowledge: Database Administration, C & Data Structures, C++, Object Oriented Programming, Computers and Information Technology, Operating Systems, Operating System Design, Computer Architecture, Computer Organization, Computer Networks, Network Management & Design, Analysis of Algorithms, Data & Computer Communications, Digital Communications, Micro Processors & Micro Controllers, Digital Signal Processing, etc.