It Security Technical Professional
Resume:
Rajiv Ranjan
New Jersey, usa
ad1g7l@r.postjobfree.com Ph: 201-***-****
Full-Stack MultiCloud & Security Guy (GCP/AWS/ISC2 certified)
A technical professional with 2 decades of experience in the evolution of IT landscape to its current form geared towards digital agility based on cloud-native architecture, design and development anchored to microservices paradigms and operationalization aligned to devsecops and gitops practices.
Past accomplishments in cost savings/ROI and innovative solutions and workarounds while negotiating complex scenarios and well versed in multi-dimensional cloud cost minimization approaches.
List of skills include IT Security, though a little skewed towards 2 domains – Finance and Healthcare. Areas of security related expertise are centered around secure coding in Java, IAM, API Security, ZTNA and cloud security with occasional forays in other security domains. IT Security Credentials include cloud-agnostic ISC2 (CCSP) certification as well as provider-centric security certifications from 2 of the 3 top hyperscalers.
Work experiences across national boundary of North America as well as European and Indian outfits have provided an up-close view of landscape of Fortune 500 incumbents striving to move between SOAP and z/OS based System of Records and the new hinterland of nimble and composable IT Architecture, preferably with a provider-agnostic slant, fit to harvest big data and harness AI.
Capability to contribute to evolution of Reference Architecture Design and implementation both for domain-centric (Banking/Healthcare etc.) and technology-centric (BigData and Analytics, IOT, Security etc.) areas and a myriad of their intersection areas. Includes (i) use of BIAN architecture as a reference frame for a Mortgage Securitization modernization flows initiative and (ii) comparative review of cloud data technologies like Snowflake and Databricks against the yardstick of International Data Spaces (IDS) and GAIA-X initiatives of European origin.
Capacity to change hats based on challenges in hand, from architectural realms to developer realms and others in between.
Developed perspective on balancing acts - cloud vs hyperconvergence vs edge, Open standards vs provider specific value proposition, long-term AI/data science roadmap vs near-term AI usage using mature cloud APIs, etc. – geared towards tactical and strategic bottom lines.
Technical Leadership:
Enterprise Architecture experience in Application Portfolio Management, Open Source Governance, Technology Stack and Risk Management. Also conversant with “good, old” frameworks like TOGAF and Archimate.
Worked as Solution Architect, Integration Architect and Security Architect for a slew of project initiatives including high velocity Jira driven ones.
Trained in SAFe framework for balancing between micro and macro economics of program initiatives on one hand and minimizing technical debt on another while negotiating budgetary and cultural constraints.
Associated with ITSM/CMDB enhancements for DevSecOps, cloud assets and K8s/OpenShift.
Business domains exposure includes HealthCare, Retail Banking, Card Operations(PCI-DSS), Asset Management, SWIFT, IFX, FIX, Open Banking API/PSD2/BIAN.
Hands-on Skills:
Experience in 3 competing and cross-pollinating paradigms of microservices and REST APIs – Spring Boot, Quarkus and Nodejs/Restjs/TypeScript – as well as their Reactive offshoots (Spring 5 WebFlux) and event-driven variants (Kafka/Redis/Akka). Well-versed in evolving mutants like Serverless, GraphQL, gRPC.
Big Data pipeline design and implementation in complementary frameworks of Kafka, Spark, Flink and proprietary cloud systems like Dataflow/Dataproc/Kinesis/Snowflake.
Has worked for the onboarding of new security standards of OAuth2/OIDC//SCIM/ZTNA in the legacy mix of AD/SAML/Kerberos/WS-Security/XACML/SPML, often in collaboration with InfoSecurity Departments.
Implementation of a few Kafka use cases – CDC data integration, Asynch microservices for payment systems (Event Sourcing & Saga patterns), conversion of file feeds assets management system into Kafka based real-time data flow for multiple downstream consumers.
Deep Hands-on forays in Kubernetes/OpenShift/Anthos ecosystem – Helm, Operators (Strimzi Kafka/DataStax Cassandra etc.), Service Mesh (primarily Istio, a little Consul), Chaos Engineering (primarily Chaostoolkit, a little Gremlin), Prometheus/Grafana/Kiali, Tekton. Also dabbling in eBPF.
Multiple experience in migration of legacy monolithic J2EE apps (WebSphere/Spring MVC, often backended by archaic z/OS systems) to Spring boot microservices.
Architectural participation in AI/ML initiatives (mainly IBM Watson and GCP AI/ML), with hands-on contribution for integration requirements.
Understanding of emerging data economy patterns – ELT, data lake, data warehouse, data mesh, data space, data sovereignty etc.
Obsessions:
Occasionally self-validating theoretical concepts by going for professional certifications, a sample of which can be found below and that includes top-level certifications from ISC2, GCP, AWS, IBM and Oracle.
Application of clinical rigor to both architecture and implementation while pursuing pragmatic business goals, a trait partly derived from his alma mater (that he shares with the current Google CEO) and one of his previous bosses (at Royal Bank of Canada).
Highlights of Expertise
Multi-Cloud: AWS, Azure, OpenShift/K8/Anthos, GCP, IBM Cloud, VMWare, HCI.
Data Space Reference Architecture
IT Security Architecture
Domain Driven Design (Bounded Context/CQRS/EDA/Event Sourcing/Saga)
Technological Stacks Experience
Java/JEE: Spring Cloud, JEE 6/7 (IBM WAS/OpenLiberty, JBoss Wildfly, Weblogic, Spring MVC), Microprofile/Quarkus.
Kafka : Apache Kafka/ Spring Kafka, Stream/Table duality, State Stores, Interactive Queries, KSQL, Akka integration, CDC, Confluent Extensions, K8 operators.
JavaScript: TypeScript, Nodejs, Expressjs, Nestjs,GraphQL, Angular 9/ 10.
Web API: Spring REST, JAX-RS 2.x, apigee/IBM API Manager, Swagger 2.0/OpenAPI 3, HATEOAS/Richardson Maturity Model.
Security: OpenID Connect / SAML (IBM ISAM, PingFederate, Okta), Kerberos/Spnego, Passportjs, Spring Security, JAAS Login Modules, WAS TAI, Kafka Security, OWASP.
Backends: JPA/Hibernate/Spring Data, RDBMS(DB2/MySQL/Oracle etc.), NoSQL(Cassandra, MongoDB, Redis), JCA, RabbitMQ, Elasticsearch, PostgreSQL, Informix, Sybase.
APM: New Relic /AppDynamics/Dynatrace/Splunk for legacy and containerized Java/Nodejs applications.
ESB/SOA: Web API (RESTful) Design/Development, IBM IIB 9/WMB 7, WMQ, Solace
Patterns: Cloud-native patterns, 12-factor app, Integration Patterns, ELK stack, Limited forays in SMACK stack.
Presentation Tier: Angularjs 1.x - Angular 10, JSF 2.x, Portlet v2.0, IBM WCM.
IDEs/Tools: Eclipse, IBM RAD/RSAD, Intellij Pro, soapUI, Insomnia, Postman, JMeter.
Occasional Forays: Ethereum BlockChain/Smart Contract (Solidity), Hadoop MapReduce/HDFS/Spark, Python, DC/OS, Terraform, Ansible, Vagrant, WAS/WebSphere MQ admin/config, jQuery, HTML5, ES6, Fortify, Parasoft, IBM /MobileFirst, Nexus,Sonatype, LeanIX.
Soft Skills: Microsoft Office, UML, Jira, Confluence, Visio, Eclipse Papyrus, Visual Paradigm, Rally, IBM RSAD/RTC.
Education&Credentials
Indian Institute of Technology, Kharagpur, India
Master in Computer Science & Data Processing
Professional Certifications
MultiCloud: Google Certified Professional Cloud Architect Google Certified Professional Cloud Security Engineer Google Certified Professional Cloud DevOps Engineer Google Associate Cloud Engineer AWS Certified Solutions Architect – Professional AWS Certified Solutions Architect – Associate AWS Certified Security – Specialty
Security: (ISC) Certified Cloud Security Professional (CCSP) (ISC) Certified Information Systems Security Professional (CISSP)
Misc: Certified SAFe 5 Architect Oracle Certified Java Enterprise Architect IBM Certified System Administrator for WebSphere Network Deployment IBM Certified Integration Bus Solution Developer IBM Certified Integration Bus System Administrator IBM Certified MQ Solutions Expert Certified SAFe 5 Agilist
Past Skills: UNIX & Windows: C/C++ (STL RogueWave Tools h++ and DBTools.h++) Shell Script Tuxedo Informix Sybase ARM 2.0 API (C and Java) HPUX Measureware Tibco RENDEZVOUS &MessageBroker OpenVMS IBM OS/390: COBOL CICS DB2 IDMS VSAM JCL Clist Rexx ISPF.
Career Experience
A Leading Consultancy Firm, New Jersey, USA (June 2023 to Present):
RiteAid Elixir Fusion as Principal Architect
oAnalysis and design for conversion of ETL systems to real time data pipelines using complementary frameworks of Apache Beam, Flink, Kafka on Cloud engines like GCP Dataflow/Dataproc/Bigquery and Amazon Kinesis.
oConsolidation of disparate Java and C++ systems towards a single Pharmacy Benefit Manager SaaS system.
Wolters Kluwer as Principal Architect
oPlan of Action Creation for modernization of legacy system towards AWS centric DevSecOps infrastructure around containerized workloads.
Freddie Mac, VA as Principal Architect
Design and implementation of data pipelines for raw data intake, data conversion to MongoDB and data reconciliation (AWS engine with Flink/Spark APIs) backed by metadata registry.
Design and development of event driven processes for data consumption layer using Active MQ and AWS stateless services
WeaveWorks devsecops design and Tetrate Service Mesh integration on AWS EKS
Randstad Technologies, New Jersey, USA (March. 2020 to May 2023):
Aetna/CVS, New Jersey as Integration Architect
oDesign of APIC and ACE integration for Watson Assistant (IBM) systems with external systems (like legacy SOAP and Rest APIs, GCP Object Storage, Splunk, OpenShift on Azure).
oDesign of APIC and ACE integration for AHM DMS Integration projects (Content Management consolidation)
oSolution and Integration Architectures for OpenText Extreme to Quadient/FileNet/SalesForce/Adobe migration projects.
oAPI Integration and consolidation of Medicaid, Medicare and Commerical systems.
oManagement of DevOps through ServiceNow workflow for Jenkins pipelines.
Wells Fargo, New Jersey as Consultant
oDesign and development of an Enterprise Risk Assessment and Management system in Spring Boot and Angular for synching with Archer enterprise risk management workflow.
Bank of America, Delaware as Consultant
oAnalysis and redesign/enhancement of existing WAS/Spring MVC services to cater to a flux of new business requirements, related to COVID related features (CAP/PPP).
oMigration of SOAP/Spring MVC dominated services on WebSphere Network Deployment towards cloud-native Rest services on OpenShift hybrid cloud with IBM WebSphere Liberty Profile as the lightweight JVM, inter alia, setting security and integration standards.
oPOC for a Knative Build for Spring Boot microservices on Openshift
Infosys, New Jersey, USA :
Senior Technology Architect (Aug. 2018 to Feb. 2020)
Led the security architecture remediation for the Service and Portfolio Rationalization of UBS, New Jersey (Client site role: Security Architect).
oService design with 3-tier architecture, REST best practices and Open Banking API standards. Service design with 3-tier architecture, REST best practices and Open Banking API /BIAN/FAPI standards.
oApigee as the secure service gateway and policy enforcement point (PEP).
oJWT for Security context propagation.
Participation in Digital Transformation Blueprint preparation for AllState Insurance(Chicago). Contributed to second and third bullets below.
oCustomer 360 view by breaking organization silos
oUse of cloud-ready, multi-tier microservices architecture
oHighly scalable and performant session management for omnichannel and personalized services
oTransition from monolithic workflow products to lightweight cloud-ready workflow engine(Camunda)
Conversion of legacy InvestOne system (Portfolio/Holdings management) into a cloud-native Kafka data streaming system for Fidelity Investments (NH) on AWS platform (dockerized microservices on EC2 instances)– taking the dual role of Application Architect and a developer.
oThe project targets to increase the speed of daily funds and trading data flow by order of magnitude and align it to concurrent big data and analytics initiatives of the organization.
oThe design and development exercise included unraveling of complex financial reconciliation logic and some custom serialization/deseralization of data in the pipleline.
oDesign and implementation of async microservices for varied QoS requirements – onlyOnce/exactlyOnce/streaming.
oVetting and implementation of security among different components(OIDC implementation/Kafka Security).
oDevOps oversight for Concourse pipelines delivering container images.
Migration of a slew of UBS Financial Services (Trade Cycle and FA related) to Broadridge Financial Services platform (NJ).
oBridging the data incompatibility and disparate security mechanisms of the two systems
oEnhancements to leverage API economy and adherence to new security standards
oSecurity and risk assessment for Amazon Managed Service plan of action by 2ndWatch(vendor).
Royal Bank of Canada, Toronto, Canada
Led Java and middleware standardization and governance activities across Bank’s different business groups and cross-border sister concerns(RBC Capital Markets, New York/RBC Wealth Management, Minnesota/RBC Investor Services, Ireland), Perform integration projects and develop new verification and validation procedure, design and develop POCs, coordinate continuous improvement activities and successfully navigate enterprise application architecture and various infrastructure domains.
Integration Middleware Specialist (2007 to Aug 2018)
Partner with corporate and external resources to develop, install and maintain middleware applications.
Drove integration of OpenID Connect/ JWT / SAML with Nodejs and JEE apps for IBM ISAM V9/PingFederate/Okta using PassportJS and Spring Security respectively; facilitated onboarding of new Mobile and Web API applications with new security standards.
Collaboration with InfoSecurity Group to chart out strategic API Security roadmap.
Design and development of event-driven business processes for re-engineered Payment system using Kafka for messaging and Elasticsearch as data store.
Set up from scratch and single-handedly a Nodejs COE as an extension of existing Java COE (under Enterprise Architecture Group)– saved the organization from costly consultancy expenses in onboarding a new technology.
Designed and deployed the Investment Advisory Application, based on Restful microservices, utilizing multiple integration requirements (Spring Boot on IBM Cloud/WAS Liberty Profile/Cloud Foundry).
Led the first AWS application architecture POC(AWS VPC/EC2/Route 63/public & private subnets/bastion host)
POCs for uniform Java/Nodejs application deployment on multiple platforms - GCP, Azure, OpenShift – using K8 orchestration. Also exercised CoreOS managed K8 on AWS EC2.
Design and development of an enterprise security services framework for JEE platforms using web services and SPML standards. Integration of services for multifactor and step-up authentication using IBM ISAM/EAI (External Authentication Interface) and Entrust H/W Tokens. Initial design for SPML to SCIM conversion. The single application developed by the small team was adopted by a number of different business groups in the bank and established a substantial ROI for the time and effort. Worked as tech lead in 5 persons team.
Managed the security integration of IBM WP portlet application with z/OS using JAAS custom login module (AD to RACF integration) – obviating the need for costly vendor consultancy procurement(code formally vetted and given green signal by IBM Chief Security Architect). Login module developed as 1-man team.
Conducted integration of OAuth 2.0 (grant type password) with mobile applications using IBM ISAM v8 and customization with legacy security requirements for downstream services.
Identified, tracked, and resolved unique technical issues, including enhancement of Capital Markets global message hub for newer interfaces(Kafka for stream processing, Nodejs for newer systems of engagement).
Bank of America, Delaware, US
Senior Consultant(2001 to2007)
Supported the Data Access Component, a framework built on JDBC, accessing diverse databases and providing troubleshooting and production support to nearly 20 different complex application groups.
Developed a Web Services based Strategic Rewards System for the Bank’s Credit Card Rewards system, resulting in improved retention and greater client relations.
Recognized as the Subject Matter Expert and Developer of XML Configuration file based generic data access framework for J2EE applications, supporting DB2, Informix, Sybase and Oracle.
Developed a C++ wrapper API for ARM 2.0; captured performance data in HPUX Measureware.
SME for genaccess component for Tuxedo services for accessing diverse databases using RogueWave DB library.
Development and maintenance of distributed Tuxedo applications for connectivity to Credit Unions using Socket C APIs.
Maintained RSA and LDAP based authentication and authorization services for both C++ code base and Java code base.
Perot Systems, Dallas, Texas
Managed client accounts and delivered projects according to schedule and budget requirements. Captured client expectations and proposed solutions to complex issues and processing systems.
Software Engineer(1998 to2001)
Oversaw financial and technical projects throughout the world and for various clienteles:
E Trade Corporation, Palo Alto, California: Re-engineered monotlithic legacy Stock Trading Application into client-server architecture using C/Java.
Tibco Corporation, Palo Alto, California:Development of file-to-message and message-to-file adapters and Conversion of SAP R/3 Data transformation module.
Cedel Global Services, an IT wing of Cedel Bank, Luxembourg: SWIFT - 98 Messages Processing System
SBC WDR, Stamford (USA): LU6.2 to MQI Migration
Swiss Bank Corporation, London: Euro Reconciliation - • Developed CICS transaction for capturing and maintaining changes in Bank’s NOSTRO currency details.
Tenet Healthsystems, Dallas, TX: Migration of IDMS COBOL batch systems to DB2
Contact this candidate