Senior Siteminder and Identity access management consultant
Resume:
Vamsee Krishna Kurra Senior IDAM Consultant
ac7yaw@r.postjobfree.com
Professional Summary
Senior Information Technology and Security professional with over 10 years’ experience in architecting and deploying Identity Management, Access Management, Single Sign-On (SSO), Provisioning and Provisioning/Identity Workflows, RBAC (Role-Based Access Control), Federated Identity/Federation, Enterprise System Architecture, Security Infrastructure Design, Authentication and Authorization technologies, as well as custom-built security and technology frameworks.
Proven technical leadership skills include the ability to manage teams, lead by example, and thrive in an entrepreneurial environment. Persuasive verbal and written communication skills compliment a proven ability to multi-task, maintain an organized approach, and ensure success - even when faced with high-pressure or high-risk situations.
Technical Synopsis:
10+ years of strong experience in Web and Network Security Product Administration. This includes extensive work in Installation, Configuration, Deployment, Administration, Trouble Shooting and Migrating of Netegrity SiteMinder,
Sun One LDAP, Web security, network security, database systems, and Enterprise Document Management.
Expertise in Installation, Configuration, Deployment and Maintenance of SiteMinder/SSO Components like the Policy Server, Web Agent, Policy Store and Key Store.
Strong experience in Enterprise Security Domain. In-depth knowledge of Identity and Access management products - CA Siteminder Access Manager, OpenAM,CA Netegrity SiteMinder/SSO r12.52/r12/r6, Ping Federate, Tivoli Access Manager 6.x.8.x, Enterprise User Security, FIM 2010, Sailpoint, ODSEE 11g, Open DJ and AD.
Experience in Forefront Identity Management 2010 R2 and MIIS 2007.
Migration Experience from FIM 2010 R2 to MIM 2016.
Experience in design and development in IDM products like SailPoint IIQ, Sun Identity Manager.
Experience in building custom Sailpoint IIQ workflows, rules, policy, provisioning in IAM
Experience in the Security management with a deep expertise in Netegrity tools.
Involved in the upgrades of SiteMinder version 4.x to 5.5 and 5.5 to 6.0, 6.0 to 12.5X,12.6
Experience in LDAP based directories like iPlanet/Sun ONE Directory Server, Active Directory and Active Directory Application Mode (ADAM).
Successfully completed version upgrades. Involved in the upgrades of SiteMinder version 6.x to 12.0 and 12.0 to 12.52 Also, involved in the Sun One directory server upgrades from version 6.x to 11g
Delivered strategic, tactical service and feature enhancements to end users, including PingFederate SAML & OAuth SSO for over 100 connections.
Experience with Ping Federate for providing SSO solutions to multiple web-based enterprise applications.
Experience in designing, implementing and deploying LDAP architecture which includes replication, data synchronization.
Experience in working with multi cookie domain for single sign-on for mutual authentication using Netegrity products.
Excellent knowledge about the functionality of the SiteMinder components.
Strong experience with different Web Servers and Application Server Security and Application deployments.
Expertise in configuring and troubleshooting Webservers like Apache, IIS, iPlanet.
Experience in installing, configuring SiteMinder policy server, Web agents, Netegrity, Sun One Directory server (LDAP) and various Web & Application servers
Expertise with Replication, Chaining, Load Balancing and other Administration task.
Fine-tuned and set up High availability with LDAP and SiteMinder. Tested and implemented back up & recovery. Designed and implemented solutions for fail over and capacity planning.
Ability to adapt the different environments.
Installed and configured web agents on IIS, Apache, and Sun Java System/iPlanet web servers on Multiple Platforms.
Excellent Enhancements, Troubleshooting and Support Skills of ITIM, TAM, ISAM and its Inter dependent components (like IBM Tivoli Directory Server, IBM Tivoli Directory Integrator, IBM HTTP Server, Web SEAL Server and Policy Server).
Hands on Experience in integrating WebLogic Portal Application Server driven Portal with CA SiteMinder as Identity Provider and External Third Party services as Service Providers.
Experience with building and configuration of Intel based systems. Installation of various Operating systems such as Red Hat (LINUX).
Creation of groups, adding User ID to a group as a primary or secondary group, removing User ID from a group.
Mirroring of root disk in AIX and Linux. Trouble shooting User's login & home directory related issues.
Created Run Book for the standards to be followed during Installations and configurations.
Was an integral part of the 24/7 On-call team for troubleshooting outages/ issues.
Strong analytical, problem solving and communication skills.
Identity & Access Management and Federation Proficiency
CA Siteminder FSS R6.x, R12.x, R 12.5, R12.7
CA Federation Manager 12.x
FIM 2010, 2016
Microsoft ADFS 1.0 - 2.0
Pingfederate
TFIM 6.2.1 & Tivoli Access Manager for e-biz 6.1
Cloud Services - Azure Cloud
Sailpoint 7.1
Forgerock OpenAM 13.x, OpenDJ
SAML 1.1 - 2.0, WS-Fed Protocol, OpenID, OAuth, OpenSAML
PKI, SSL Parsing, XML Signing, Encryption, JCE, Bounty castle
Multi-Factor, Step-up authentication
Federation Service delivery platform FuGen MISP
Infrastructure Virtualization VMware, VSphere client,
Cisco 5500 series firewalls/gateways ACL’s
Core Functional Expertise
CA Siteminder - Federation Manager: End to End design, implementation, migration and upgrades of CA Siteminder Version 6, 12, 12.5 and CA Federation Manager Version 12 and their service packs.
Policy Server – Domains, Affiliate Domains, Realms, Rules, Policies, Active response, Accept/ Reject Rules, Authentication Schemes like Multi-factor/Step-up/X 509 authentication/Custom Authentication Schemes, Agents configuration, Host configuration, User directory and mappings, Password Policies [APS], PKI Signing encryption certifications, SM-Profiling, Backup Strategy, Failover and load-balancing, Policies export, import and xpsconfig.
Agents – Agents installation and configuration on different web servers like Apache, IBM Http server, IIS, WebSphere, Weblogic, Reverse-Proxy setup on the web servers to application servers, load balancing of agents, Sticky Sessions
Agent option pack – Federation web service installation and configuration on different application servers ServletExec-IIS, Apache-Weblogic, WebSphere. Auditing, logging, tracing of Federation web services
Federation Manager/FSS SAML-WS-Fed Implementation – Creating IdP, SP entities both local and remote, Creating IdP-SP, SP-IdP Partnerships, Signing and Encryption certificates, Metadata configuring, importing and exporting of the partnership, Attributes and Name Identifier mappings, Custom Assertion generation plug-in, Message consumer plug-in, SDK’s to read Open format/Legacy cookies for the federation to work end to end for SAML 1.0, SAML 2.0 AND WS-FED profiles
Identity Ping Federation: SAML 1.0 – SAML 2.0 protocol messages, Authentication Request, Response, Logout Request, Logout Response, Artifact Profiles, and Attribute Query profiles for different bindings like POST, Redirect, Artifact. WS-FED, STS, WS-Trust
PKI: XML Signing, Encryption, Decryption, Certificates procuring from CA’s, Self-Signing certificates, Client Certificates using OpenSSL, Cryptographic Hash Algorithms (MD5, SHA-1, SHA-256), Encryption Algorithms [DES, 3DES, AES] Programming PKI using JCE, Crypto libraries, Bouncy castle, SSL Traffic capturing, Parsing using JPCap, WinPCap.
Tivoli Access Manager/Tivoli Federated Identity Manager: TFIM 6.2.1 Installation, Configuration, Administration/ Federation end to end implementation in TFIM, Creating partnerships, Certificate Management
Tivoli Access Manager for e-biz – Installation, Configuration and setup to protect the realms, Configuring ACL’s, Protected Objects, User management.
Web Seal – Installation/ Configuration, Junctions protections, EAI, Authentication methods configurations, Auditing and logging.
Microsoft FIM (MIIS): Installation, Configuration, Administration of MIIS, Directory Server, Provisioning Server/Manager, Connectors. End to end identity management environment for User management, Roles, Tasks, Self-service, provisioning and customizing as per SRS. Defining Tasks, Roles, Groups, Membership, workflow, Policies, Self-service, Synchronization, Bulk loader, Scheduler in FIM. Integration with Connectors, Provisioning Directory. Creating MA and custom provision rules.
Sailpoint: Installation, Configuration, Administration of Sailpoint IdentyIQ Lifecycle Manager, Compliance Manager, Application On-Boarding, Access Request, Automated Provisioning, Password Management, Workflows, Quicklinks and custom forms components. Part of PwCID project to migrate FIM provisioning jobs to Sailpoint.
Forgerock OpenAM: Installation, Configuration, Administration of OpenAM, Open IG, CTS and Open DJ. Experience setting up authentication chains and trees with in Ope AM. Configured agent based SSO and experience with all federation protocols in OpenAM.
Work Experience
PricewaterhouseCoopers, IAM Solutions Lead, Tampa (From Dec'2010 - Present)
Leading Financial services Client – Onsite – USA: IAM Services Consultant, responsible for seamless Identity federation implementation to On-board multiple partners which includes major banks and financial services in USA.
Lead setting up of the Financial Provider's Hub (IdP) which has user base more than 100,000 users, using Siteminder - FSS R12SP3
Installation and Configuration of CA FM as a Service Provider in different environments and different Circle of Trust (CoT) created for the partners.
Experience in migrating Identity & Access Management systems across datacenters.
Experience in installation, configuration, deployment, administration and support of Optimal IdM products (Federation Identity Services & Virtual Identity Server)
Experience in Installation, configuration, deployment, administration and support of Entrust Identity Guard.
Built a fully functional, secure, robust, highly available Identity & Access Management portfolio using gamut of IdM products for PwC’s firm-wide SSO needs. This was moving existing services across PwC’s datacenters.
Experience in installation, configuration, deployment, administration and support of CA/Netegrity SiteMinder 6.0 & R12.5/R12.52, Sun One Directory Server LDAP 5.2/6.0/6.3, Oracle Directory Server 11g and maintaining Single Sign On (SSO) solutions for applications to maintain firm-wide SSO
Experience in LDAP based directories like Sun ONE Directory Server, Oracle Directory Server 11g and Microsoft Active Directory.
Experience in installation, configuration, deployment, administration & support of Microsoft Web Application Proxy (WAP), along with ADFS.
Experience in installation, configuration, deployment, administration & support of Microsoft Forefront Identity Manager (FIM) & Microsoft Identity Manager (MIM)
Created internal tools for administrators to manage & control internal IdAM services.
Experience in using Virtual Identity Server to consolidate directories to provide backend consumers with seamless data experience regardless of backend database.
Experience in RSA Authentication Manager and Juniper Secure Access devices.
Upgraded SiteMinder Versions, i.e. upgrading of SiteMinder Policy Servers from version 5.5 to 6.0 and SiteMinder Web Agents from version 5.5 to 6.x and then from R6 to R12.5 and very recently led an effort to migrate it to R12.52 from R12.5
Upgraded SiteMinder infrastructure from R6 to R12.5. Built a parallel environment and setup SSO between these environments. This was a global implementation across 4 territories
Upgrade of CA SM r6 SP1 to r12.1 SP3, SM 12.52 to 12.7
Joined Global IDAM Team supporting optimal cloud federation setups. Hands on experience setting up Saml/Oauth relying parties and migrating to higher environments.
Installing and Configuring Sailpoint IdentityIQ components and migrating FIM jobs to IdentityIQ.
Hands on experience setting SSO using Forgerock OpenAM and setup contextual authorization.
Setting up relying parties in Optimal IDAM and create service accounts in Optimal VIS
High Availability – Front end and Back End successful Implementation, Infrastructure Monitoring, Services monitoring to the customer IAM environment.
Open Format Cookie to final Application, Assertion generator plugin for Identity Mapping services for inbound use cases.
Lead the TCS/PwC offshore team to use PwC SAML token validation and certification processes to troubleshoot various partner federation issues such as Name ID format mismatch, certificate issues and timing mismatch issues.
Providing 24/7 support working in flexible shifts
Support whole infrastructure of Identity and Access Management.
Installation of CA Siteminder, CA Identity Manager and Registering Apache web agents (DMZ apaches and internal apaches), ASA Agents for web logic and Setting up Web logic reverse proxy for Federation services
Handling Custom Auth schemes, Message Consumer plug-in for Siteminder schemes
Setting up Identity Manager IME Environment and Configuring Business Logic Task Handlers, Event listeners, Logical Attribute Handlers for identity manager.
Setting up TEWS to create user, modify user, security questions, roles, tasks
Installing report server, WAMUI and merge with Siteminder and IDM to generate reports and to enable Auditing.
Installation of CA Siteminder, CA Identity Manager and Registering Apache web agents (DMZ apaches and internal apaches), ASA Agents for web logic and Setting up Web logic reverse proxy for Federation services
Handling Custom Auth schemes, Message Consumer plug-in for Siteminder schemes
Migrating CA SSO to Forerock SSO
Onboards new AWS accounts with LDIF files in linux to add configuration changes to OpenAM
Onboards BSP applications to our cloud platform for authentication/authorization to users
Monitors Forgerock Systems logs for OpenAM, OpenIDM, ans OpenDJ
Monitors connectors for federated systems and Active Directory access to ForgeRock LDAP
Provides Identity and Access Management support for the BSP cloud platform utilizing Active Directory and Forgerock LDAP suite
Involved in Configuration and development of SailPoint Life Cycle Events (LCM).
Configuring various roles and policies in SailPoint.
Implemented Restful web services to connect the AC and SailPoint applications and fetch the data into portal application.
InfoDat Solution, India (From Oct'2006 to Dec'2008)
Installed, Configured and Maintained SiteMinder 4.5.1/5.5, Policy Servers, Sun One Directory Server and configured multi master replication in Directory server.
Used SiteMinder Policy Server which provides policy management, authentication, authorization, and accounting.
Installed, configured and administered BEA Web Logic Server 8.1 in Solaris and AIX environments with Oracle9i database.
Enabled Single Sign-On across Web servers in a single cookie domain or across multiple cookie domains without requiring users to re-authenticate.
Worked on Directory integration involving LDAP, ODBC, Active Directory, Win NT and Custom directories.
Used SiteMinder which provides several caches that can be configured to maintain copies of recently accessed data to improve system performance.
Used SiteMinder to ensure user's ability to access information quickly and securely.
Configured and setup Secure Sockets Layers (SSL) for data encryption and client authentication.
Worked with Agent Resource Cache which stores a record of accessed resources, Agent User Cache maintains users' encrypted session tickets.
Upgrade the Web Agents from v 4.5.1 to v 5.x in all the Environments
Configuring the multi master replication in iPlanet directory server
Worked on creating security policies for SiteMinder.
Involved in creating and managing the cells using Network Deployment Manager.
Involved in configuration of Web Server interfaces, session management, virtual hosts and transports for WebSphere Application Servers.
Awards and Recognitions:
Awarded in TCS Gems for seamlessly implementing PwCID project migrating FIM jobs to Sailpoint IdentityIQ
Appreciated by Senior Management pf PwC for the deep knowledge in Technology and effective solutions to the customers
Most sought Identity Federation consultant for CA Products, where the Project Scope of 3 days given by customer went to months because of showing high technical skill in federation implementation.
Recognized and requested by the client by name for a new IAM implementation. Extension for their Identity infrastructure maintenance and federation implementation
Appreciation from CTO of InfoDat, for their first federation implementation.
TCS/PwC Best employee award for consistency in successful implementation of projects involved and well appreciated by the customers and manager.
Technical Skills:
Security
Netegrity/CA SiteMinder 5.x/6.x/R12/R12.5/R12.52(SPx), Optimal IdM OFIS, Entrust Identity Guard, Active Directory Federation Services,Ping Federate,Open AM,
Directory Servers
iPlanet/Sun ONE Directory Server (5.1, 5.2, 6.0, 6.3), Microsoft Active Directory, Novell eDirectory 8.7x, IBM Tivoli Directory Server, Oracle Directory Server 11g, Optimal IdM Virtual Identity Server
Application/Web Servers
WebLogic Application Server6.0/7.0/8.1/9.2/10.3.WebLogic Portal 8.1/9.2/10.3,JBOSS 5.x, WebSphere MQ 5.3/6x, IBM WebSphere 5.x/6.x/7.x/8, Apache Tomcat, IBM HTTP Server, iPlanet 6.x, Microsoft IIS 6/7/7.5/8
Languages]
Java (JDK), JSP, Applets, ASP, C#, C, SQL, PL/SQL, JDBC, ODBC.
Scripting Languages
Windows Script, PERL JavaScript, C,C++, HTML
Protocols
HTTP, LDAP, TCP, FTP, DNS
Operating Systems
Windows (XP, Vista, 2000/2003,2008,2012), UNIX, Sun Solaris
IdM Tools
CA SiteMinder R6/R12/R12.5/R12.52, RSA SecurID, RSA Authentication Manager, Microsoft Identity Lifecycle Manager, Microsoft Forefront Identity Manager, Oracle Directory Servers 11g, Sun One Directory Servers 5.5/6.3.x, Optimal IdM OFIS, Entrust Identity Guard, Open AM, Ping Federate, Sailpoint
Contact this candidate