Identity and Access Management
Resume:
Professional Summary:
Around *+ years of experience in Information Technology, which includes demonstrated work experience in the design, development, testing and implementation of enterprise wide security applications using NetegritySiteMinder, Ping ID Sun One LDAP Directory, Active Directory and other Sun/Netscape/iPlanet/IBM products on Windows,UNIX and Linux.
Involved in analyzing planning and implementing Single Sign-On on multiple Cookie Domain and internet security to Enterprise level web applications using CA SiteMinder integrated with Sun One LDAP Directory, Active Directory. Experienced in installing, configuring SiteMinder policy server, Web agents, Sun One Directory server (LDAP) and various Web & Application servers on multiple platforms like windows, UNIX (solaris), rhel.
Experienced in debugging of authentication / authorization related issues and creating Rules, Responses, Realms and Policies in SiteMinder. Fine-tuned and set up High availability with LDAP and SiteMinder. Tested and implemented back up,recovery.
Experienced in Wily. With CA Wily Introscope, you regain essential 24 x 7 visibilities into vital web applications in production environments. CA Wily Introscope enables you to isolate bottlenecks in your application, right down to individual Servlets, JSPs, EJBs, Classes and Methods.
Experienced in analyzing the logs (trace logs, logs) and Trouble Shooting issues in Integration of other applications using CA SiteMinder (Access Management) and Identity Management tools along with LDAP and Web-server agents and SiteMinder federation services.
Experience with Multi Master LDAP configuration in distributed environment and performance tuning for high availability and optimized response time.
Experience in integrating WebLogic Portal Application Server driven Portal with CA SiteMinder as Identity Provider and External third Party services as Service Providers.
Used SiteMinder tools like smobjexport, smobjimport to export and import Policy Stores respectively, smreg to change the SiteMinder super user password.
Expertise in working with web servers – Sun One Web server, IIS, Apache Web servers and IHS (IBM HTTP Server).Developed and documented to assist IBM on how to create functional / system accounts and the administration of the CyberArk application in order to vault system accounts for privileged access. The CyberArk application is a privileged account security solution.
Privileged Access Management (PAM) project which includes implementing CyberArk Password Vault, Web Access, Central Password Manager and Privileged Session Management.
Developed reports using SQL and LDAP within the RSA tool. Worked with RSA Authentication Manager V6.0, V7.1.
Installed and configured multiple TAI agents on WebSphere, Weblogic servers to implement SSO.
Automated identity management tasks such as user provisioning, role based access control, delegated administration, attribute based auditing and reporting using CA Identity Manager.
Hands on experience with IIS, IBM IHS, Apache Web servers and Weblogic and Websphere Application servers in Identity and access management environment.
Experienced with, Failover, Load Balancing and other Administration tasks.
Experience in installing and implementing Web Application servers IIS, Apache, iPlanet/Sun/Oracle Web servers, IBM http web server, Apache Tomcat, iPlanet App server, web logic, web sphere.
Installed and configured web agents on IIS, Apache, and Sun Java System/iPlanet web servers on Multiple Platforms. Experience in developing applications using java, j2ee and using databases oracle 10g.
Excellent communication skills and good Interpersonal skills helped me to keep productive and positive working relationships with staff from varying technical backgrounds and skill levels.
Technical Skills:
Security
Netegrity/CA SiteMinder 5.x/6.x/12.0
Application/Web Servers
WebLogic Application Server 6.0/7.0/8.1/9.2/10.3, WebLogic Portal 8.1/9.2/10.3, JBOSS 5.x, WebSphere MQ 5.3/6.x, IBM WebSphere 5.x/6.x, Apache - Tomcat, IBM HTTP Server, Netscape Enterprise Server 3.5, iPlanet 6.x, Microsoft IIS.
Directory Servers
Sun ONE Directory Server (5.1, 5.2, 6.3), Microsoft Active Directory, Novelle Directory 8.7x
IDE’s/Tools/Utilities
JBuilder 4/8, Microsoft Visual Studio IDE 3.1, Eclipse, NetBeans, IBM VA for Java, SQL*Plus, MQ Series 5.x, Microsoft Project 2000
Identity Management Tools
CA Identity Manager r12/r8.1, Sun Identity Manager 8.0/7.1/6.0, Ping Identity and Access management.
Operating Systems
UNIX (Solaris 9/10, AIX), Red Hat Linux, Win 95/98/NT/ 2000, 2003, 2008.
Packages & Utilities
MS Project 2000, Adobe Photoshop, Adobe Acrobat, MS Office (Word, Excel, PowerPoint, FrontPage)
Design Methodologies
Unified Modeling Language (UML) 1.0, Rational Rose, Rational Clear Case, Rational Requisite, MS Visio, ERWIN.
Education:
Masters in Computer Science
Professional Experience
Client: Northern Trust, Chicago
CA IDM/ Siteminder and Security Consultant JUNE 2016- Present
Designed the architecture based on technical requirements and implemented the solution with CA Identity Manager r12.6 SP4, SiteMinder 12.51, Governance Minder 12.6.1 with my primary focus on Identity Manager and SiteMinder
Installed, configured and administered CA IDM, CA SiteMinder Policy Server, Web agents, CA Directory and Oracle Directory Server (LDAP) on various platforms for a clustered and HA environment on WebSphere 8.5, JBOSS 6.4EAP and various Platform
Integrated IDM with CA SSO, Providing Authentication and Authorization to IDM
Used CA Wily Introscope monitoring tool to generate performance reports of SiteMinder policy servers and other LDAP servers
Configured System objects like Agents, Agent Conf Objects, Host Conf Objects, User Directories, Domains, Administrators and Schemas
Work on implementing and supporting SAML-based Federation technologies and Active Directory Federated
Developed multiple Policy Xpress to trigger on various tasks and also to generate standard company requirements like generation of unique ID's, passwords, emails, record entries etc.
Responsible to handle complex JobCode logics which involved multivalued attributes and multiple PX's to tie groups, provisioning roles and endpoints to respective JobCode
Built various custom tasks in IDM API for administrators to facilitate ease of access and troubleshooting tickets
Responsible for provisioning users across endpoints like Active Directory, LDAP, Unix, and RACF/Mainframe.
Experienced in implementing and/or administrating CyberArk (Password Vault).
Worked with each organizational group to update work flow processe incorporate CyberArk tool Experienced in Siteminder policy server logs for Troubleshooting SiteMinder environment.
Developed and deployed JDBC and JNDI custom connectors using Connector Xpress as per the requirements for LDAP endpoint and used role definition generators to deploy to IDM
Worked or various OOB and custom Workflows that involved complex logics to handle assignment of approvers
Worked on setting up remote task to IDM through Web services calls from EFI front-end applications via Task Execution Web Service (TEWS).
Improvised Logical Attribute Handlers, BLTH modules using CA identity manager API's
Migrated passwords from legacy application to IDM capturing the last password change date
Good experience in setting up Bulk Load Clients and automating different IDM tasks
Good hands on experience on Kettle (Pentaho/PDI) for data manipulation during data migration from legacy to IDM.
Good experience in analyzing SiteMinder logs, IDM application server logs, provisioning server logs to troubleshoot various authentication/endpoint related issues
Used windows task scheduler to execute Kettle/Pentaho scripts for automated generation of Reports, Extracts and Feeds from various data sources like CATS (HR Database), Corporate Store, Oracle database etc.
Created and maintained attribute mapping document from IDM to all the managed endpoints
LDAP integration with command client and PassagePoint Global application, from server to client.
General support of security systems and applications to maintain the availability standard and protect from any outage, performance degradation and vulnerabilities.
Assisting the Implementation of application patches and upgrades; developing quality deliverables including configuration, unit testing, and support documentation
Collaborating with Security Architecture organization as needed.
Reviewing documentation, processes or procedures, and recommends where automation or improvements can be implemented
Operating independently; has in-depth knowledge of business unit/function; Accomplishes engineering and organization mission by completing related results as needed
Environment: CA IDM r12.5/r12.6 SPx, CA SSO r12.x, CA Governance Minder 12.6.1 CA Directory r12.x, WebSphere Application Server, JXplorer, Oracle Sql Developer, SNMP, UNIX, LINUX, Solaris, IBM AIX, Windows, Kettle (Pentaho/PDI). March Networks Command Enterprise Server and StopwarePassagePoint Global / PassagePoint EDU.
CLIENT:World Bank, DC
SiteMinder/CA IDM and IAM Engineer AUG 2014 – MAY 2016
RESPONSIBILITIES:
Installed configured and administered Sun One LDAP Directory server and SiteMinder policy server on Sun Solaris and implemented single sign on across multiple domains using Cookie Provider.
Installed and configured various web agents in accordance with the web servers involved.
Designed and implemented Identity Management and Single Sign-On solutions utilizing Sun’s Identity Manager and Access Server, Ping Federation Server, and SAML.
Hands-on configuration of cloud/on-premise solutions, PingFederate SAML/OAuth configurations, ADFS / Siteminder, Microsoft CA’s, OpenSSL, SQL queries, LDAP, Puppet Master/Clients and automating deployment packages.
Endless authentication possibilities with over 20 out-of-the-box authentication modules to fit the needs of your business including device fingerprinting, one-time password, and adaptive risk authentication, with OpenAM. Authentication to anything in a simple manner with scripted authentication modules, with OpenAM.
Hands on experience in proxy server. Proxy server provides a proxy-based solution for access control.
Worked on powerful proxy engine that provides a network gateway for the enterprise and supports multiple session schemes that do not rely on traditional cookie-based technology. Proxy servers act as a proxy on behalf of a group of users for all resources on the Internet.
Managing federation partnerships via PingFedrate on a day to day basis, which involves provision users to cloud applications using Ping 3rd party plugins. Federated identity management architectures (open ID, cookie based, SAML) and implementation (Ping Federate Oracle). Hands on experience in Oracle Virtual Directory (OVD) and Oracle Internet Directory (OID).
Directory services in an enterprise application infrastructure providing applications with identity services such as users profiles, access and authorization data.
Hands on experience in Wily. Customizing the CA Wily Introscope dashboards to create deep, intuitive views of the application infrastructure. Integrate CA Wily Introscope with CA Wily Customer Experience Manager, you gain even greater end-to-end visibility into customer transaction errors and critical business processes. Greater value by enhancing CA Wily Introscope with additional products.
Database or activity directory, customer and partner data in CRM database and LDAP directories.
Worked on OID structured and organized directory services in the foundation of efficient and effective identity management solution that enables enterprise applications.
Overcome difficulties in OID, deploying new applications due to lack of a unified view of identities.
Data Transformation and Application Specific Views. In addition to virtually unify underlying identity data, OVD can transform underlying data for applications.
Flexible options for single sign-on (SSO), whether the requirement is to enable cross-domain SSO for a single organization, or SSO across multiple organizations, using OpenAM.
Seamless heterogeneous OS and Web application SSO environment with Windows Desktop SSO support.
Identity Management Consulting in cyber security.
Federation and Single Sign-On in cyber security.
Hands on experience in identity governance platform. Enabling business-centric approach to analyze, define and certify user access using identity governance.
Performance tuning for LDAP and SiteMinder for better response time and throughput. Enabling assessment based on mission criticality as tactical, mission essential, or missioncritical.
Tackling assessment which occurs in the assessment. Hands on experience in IAM GAP analysis.
Experimenting the GAP between the two existing data value. Enabling the time period GAP between the given data and the given time period.
Implemented password policies for all the applications using SiteMinder. Created policies, realms, rules and responses to protect the applications and configure them to work under the SSO environment.
Installed and configured IAM. Analyze client’s business requirements and processes through document analysis and workshop.
Provide input into developing and modifying systems to meet client needs and develop business specifications to support these modifications. Meeting security audits and regulatory compliance such as SOX, HIPAA and PCI.
Self-service Password Reset which supports all current web browsers using FIM. FIM Reporting engine via the System Center Service Manager and MS SQL Server reporting Services (SSRS).
FIM using A WebServices Connector to connect to SAP ECC 5/6, Oracle PeopleSoft, and Oracle eBusiness.
Eliminating password fatigue and security lapses by deploying a secure, centralized vault for password storage and access.
Configured load balancing and failover mechanisms for various SiteMinder components in different environments. Supported and maintained website using SiteMinder and troubleshoot the problems.
Created security permissions by creating rules realms and policies with in multiple policy servers for protecting resources stored on web servers
Policy based provisioning using RSA VIA. Hands on experience in RSA VIA leverage existing systems and also end to end process. RSA VIA rapid application on boarding.
Reconfigured directory server in replication environment on and monitored servers synchronization
Upgraded SiteMinder Policy server from version 5.5 to 6.0 and Sun One LDAP Directory Server from version 5.1 to 5.2. Configured SiteMinder Policy Server with key and policy stores stored within a Sun One directory server
Implemented Policy Stores to utilize Sun ONE Directory Server (LDAP) as the user and policy repository on Linux. Configuring User Authentication Stores and Policy Authorization Stores on LDAP.
Modifying schema by creating custom object classes and custom attributes whenever necessary
Installed and configured Sun Java System web server/Oracle iPlanet, IBM HTTP web server and configured web agents on each of them.
Installed and configured Oracle WebLogic and Worked on bridge between SiteMinder Policy Server and WebLogic. Provided 24/7 on call support for solving Tickets on a rotating basis with other team members.
ENVIRONMENT:SiteMinder 5.5,6.0, Web agents 4.x,5.x,6.x, Sun One directory server 5.2/ iPlanet Directory Server, Sun Solaris 2.8, Sun Java System Web Server 6.0,7.0/Oracle iPlanet Web Server and IBM HTTP Web Server, IIS 5.0 and 6.0.
CLIENT: Liberty Mutual, NH
SiteMinder/CA Identity Manager/ IAM Engineer JAN 2013 – July 2014
RESPONSIBILITIES:
Working on SiteMinder and RSA adaptive authentication to make the application remembering the device with which users logged in. Working on Microsoft Active Directory Federation Services.
Microsoft Forefront Identity Manager. Hands on experience in IAM.
Multiple options for enforcing policy and protecting resources, including policy agents that reside on web or application servers, using OpenAM. Built-in Security Token Service (STS) as a multi-protocol hub, translating for providers who rely on other and older standards, with the help of OpenAM.
Providing preventive & detective security controls through approval workflows & real-time alerts on password access using IAM.
PingFedrate on a day to day basis, which involves provision users to cloud applications using Ping 3rd party plugins. Improving IT productivity many times by automating frequent password changes required in critical systems.
Develop approval workflows within the RSA tool. Develop provisioning workflows within the RSA tool.
The proxy server caches frequently accessed resources so that requests for those resources are handled faster in the Demilitarized Zone (DMZ). Requesting a resource directly from a destination server, the reverse proxy server caches much of the content from the destination servers, providing ready access for users.
Hands on experience with pingfederate.
Developed few scripts to install the agents on IHS instances as part of Automation. Working on Identity Manager to Provision the users into IDM and assigning the respective roles
Involved in Upgrading the SiteMinder Policy Server version from 6.0sp5 to R12. Worked on latest version web agent 12.0sp3 cr08 on multiple platforms. Providing 24*7 Production on call support on multiple platforms.
Integrating Custom applications with SiteMinder by designing required Architecture.
Involved in Bitkoo installation which is used as single sign on without agent for various Third party applications.
ENVIRONMENT:SiteMinder 6.0sp5, r12 sp3, Web agents 6QMR4, 6QMR5 Active Directory Server, Windows 2003/2008,and Red hat Linux with Apache 2.2 and IBM HTTP Web Server, IIS 5.0 and 6.0 and 7.0.
CLIENT: Bank of America, CA
SiteMinder/ CA IDM and LDAP Admin OCT 2010 – DEC 2012
RESPONSIBILITIES:
Worked on defining various SiteMinder Policy Server System objects and Domain objects, Password Services and associated different realms, rules, responses and policies with it.
Installed, Configured and administered SiteMinder 5.x/6.x and Sun One Directory Server. Installed and Configured IBM WebSphere Application Server 5.0 on Solaris operating system.
Experience in implementing LDAP security models. Utilized Resource Analyzer and Log Analyzer for performance testing and troubleshootingandKnowledge on managing LDAP Policy Store.
Integrated SiteMinder with Sun ONE Directory Server to use directory server instances as Policy Stores and User stores for Policy Servers. Implemented FTP infrastructure that uses LDAP for authentication and supports virtual domains. Created custom LDAP schema to support infrastructure.
Developed a system that uses data from LDAP and local templates to dynamically provision and re-provision virtual domains in both Production and Non-production environments. Installation configuration and maintenance of RSA authentication manager 6.x for enabling token based authentication along with the form based authentication as a part of the security solution.
Experience with the implementation of RSA two factor authentication tokens for the integrated web service security in a SSO environment for the service provider applications. Configured SSO Integration Adapters for session cleanup as part of Single Logout (SLO) in the SSO implementation.
Creating OpenSSL Certificates and using the same for Federation of external Services to achieve the purpose of maintaining confidentiality, message integrity and bilateral Authentication. Worked on new Directory Server Schema's as per the needs of the business.
Experience in trouble-shooting the issues by analyzing the trace and TAI logs. Installed, Configured, Administered and Monitored Sun Java Identity Manager 7.x on windows and Solaris platforms in both Production and Non-production environments.
Troubleshooting SiteMinder environment using SiteMinder test tool and SiteMinder policy server log files and agent log files in both Production and Non-production environments. Integrated web applications with SiteMinder, Sun ONE LDAP server using custom APIs and various affiliate agents in both Production and Non-production environments. Implemented a strong authentication and authorization framework for the well maintenance of the SSO environment by defining user policies and rules.
ENVIRONMENT:CA SiteMinder 5.5/6.0/R12, CA IDM r8/r12 Sun Java System Directory Server LDAP 5.x/6.x/7.0, Web Sphere Application Server 5.x/6.x, Ping Federate 4.4/5.0, SSL, SNMP, UNIX, LINUX, Solaris, IBM AIX, Windows.
CLIENT: AIG, NC
SiteMinder/ CA IDM and LDAP Consultant NOV 2008 – SEP 2010
RESPONSIBILITIES:
Expertise in providing security to applications and application servers and setting up SSO in Web Sphere environment in both Production and Non-production environments. Enabled Single Sign-On across Web servers in a single cookie domain or across multiple cookie domains without requiring users to re-authenticate.
Used Configuration wizard and builder extensively to create and manage Web Logic 8.1. Worked on Creating for security policies for the SiteMinder.
Develop user access reviews within the RSA tool. Configured and setup Secure Sockets Layers (SSL) for data encryption and client authentication.
Deployed the web applications and maintained on multiple Web Logic Servers. Configured Web Sphere resources like JDBC providers, JDBC data sources, connection pooling and Java Mail sessions.
Involved in Configuring and updating IBM Http Server Plug-in to work with WebSphere Application servers on routine basis. Wrote wsadmin scripts to automate application deployments, to update configuration changes.
Developed Crontab scripts for timely running jobs and provide server status. Created Queue Managers, Channels and Clusters in WMQ 5.0.x.
Involved in integration testing for third party API integration. Configured Workload Management (WLM) using server groups in WAS 4.x and Server clusters in WAS 5.x.
Performed routine management of Web Sphere Environment like monitoring Disk Space, CPU Utilization. Provided operational and on-call pager support for assigned applications
ENVIRONMENT:JDK 1.4/1.5, J2EE, JSP, Servlets, EJB, JDBC, XML, DB2 8.X, CA SiteMinder 5.X/6.X, LDAP, Sun ONE Directory Server 5.X/6.X, Sun Identity Manager 7.0/8.0, Sun ONE 7.0/6.1, Tomcat 5.5, Apache 2.0, WebSphere MQ, Wily Introscope 7.0/7.2, Ant, WLST, AIX, Solaris 8/10, Windows 2000/2003.
Contact this candidate