Active Directory Access Control
Resume:
Ramesh Luitel
**** ***** ****, #***, ******* VA *2031
Email: ad25bl@r.postjobfree.com
Professional Experience:
CyberArk Engineer/Administrator, Atlanta Georgia 06/2023 – Present
NCR Corporation
On-board Privileged Accounts & Super User IDs in the CyberArk Safes using Bulk upload utility.
Provide L2/L3 support for CyberArk to continually improve the rollout of the project timelines.
Implementing & Managing Master Policy, Directory Mapping, LDAP integration, Platform and Safe via Private Ark client & PVWA.
Administration experience of CyberArk vault with Safe creation, integration with LDAP and other authentication methods.
Extensively work on PAM operational tasks, defining access control, user entitlements, management of Applications Credentials and User Access Policy.
Work on Privileged Access Reviews, Compliance Reporting, Access Control Processes, and other associated tasks with Privileged User Management.
Create safes and add users and groups to them for privileged access in CyberArk.
Work on administering of User accounts, Group memberships, and Organizational Units using Active Directory.
On-board the bulk accounts using Password upload utility.
Use Password upload utility to create the safes. Configuration and/or installation of CyberArk components, like Vault, PVWA, PSM, AIM or CCP.
Upload the privileged accounts to CyberArk using Auto Detection, and Accounts Discovery.
Work to create the documentation of CyberArk. Skilled on PowerShell scripts and API.
Tatitlek Federal Services, Inc. Washington DC 08/2022 – 04/2023
CyberArk Engineer
Implemented and installed Cyber Ark 9.8 v and latest implementation of CyberArk 10.4. and CyberArk 11.3 v.
Integrated ServiceNow Ids with CyberArk AIM for programmatic access.
Worked with users to resolve multiple issues regarding access to CyberArk.
On-boarded Privileged Accounts & Super User IDs in the CyberArk Safes using Bulk upload utility.
Provided L2/L3 support for CyberArk to continually improve the rollout of the project timelines.
Implementing & Managing Master Policy, Directory Mapping, LDAP integration, Platform and Safe via Private Ark client & PVWA.
Collaborated with cross-functional teams to design and implement robust security policies, emphasizing the importance of strong authentication practices.
Stayed abreast of industry best practices and emerging trends in password management and authentication technologies, contributing to continuous improvement initiatives.
Participated in the evaluation and selection of authentication technologies based on organizational needs, ensuring alignment with security policies and industry standards.
Documented and maintained comprehensive records of password management and authentication configurations, ensuring audit readiness and compliance with regulatory requirements.
Implemented and managed Password Manager Solutions, including Vault, CyberArk, and PM Pro, ensuring secure and efficient storage of sensitive credentials.
Expertise in configuring and maintaining multiple authentication methodologies such as LDAP, OIDC, and SAML to enhance the security posture of authentication processes.
Successfully integrated and customized Password Manager Solutions to meet organizational security requirements and streamline access management.
Proficient in troubleshooting and resolving issues related to password management systems and authentication protocols, ensuring uninterrupted access for users.
Administration experience of CyberArk vault with Safe creation, integration with LDAP and other authentication methods.
Extensively worked on PAM operational tasks, defining access control, user entitlements, management of Applications Credentials and User Access Policy.
Worked on Privileged Access Reviews, Compliance Reporting, Access Control Processes, and other associated tasks with Privileged User Management.
Created safes and added users and groups to them for privileged access in CyberArk.
Worked on administering of User accounts, Group memberships, and Organizational Units using Active Directory.
On-boarded the bulk accounts using Password upload utility.
Used Password upload utility to create the safes. Configuration and/or installation of CyberArk components, like Vault, PVWA, PSM, AIM or CCP.
Upload the privileged accounts to CyberArk using Auto Detection, and Accounts Discovery.
Monitored CyberArk reports and responded to failed password verification alerts and work with system account owners to resolve failure alerts.
Create CyberArk Safe's and add system and application id's to specified Safe vaults.
Retrieve CyberArk system/application password's and assist Database, Linux, Wintel, and Core Application Support teams when passwords are needed.
Performed PAM Operational tasks defining Access Control, User Entitlements, Management of Applications Credentials and User Access Policy Management.
Administration experience of CyberArk vault with Safe creation, integration with LDAP and other authentication methods.
CSL Behring, King of Prussia, PA 10/2020 – 08/2022
Sr. CyberArk Security Engineer
Maintained Active Directory groups and policies, in CyberArk.
Experienced in Privileged Access Management solutions particularly CyberArk, network security and administration.
Installed and configured of CyberArk Vault, Password Vault Web Access (PVWA), Central Password Manager (CPM) and Privileged Session Manager (PSM) in Prod and DR.
Troubleshot and maintenance Password Vault, Central Password Manager (CPM), Privileged Session Manager (PSM), DR Vault in DR Server.
Configurations including AD integration and Management of Cyber Ark Enterprise Password vault.
Managed Safes and Server/ host addresses in EPV. Resolved issues with CyberArk's CPM to communicate with hosts to reconcile credentials.
Administration experience of CyberArk vault with Safe creation, integration with LDAP and other authentication methods.
Patched & Monitored Vault, Central Password Manager, Two-factor authentication, Privileged Session Manager, Password Vault Web Access servers and services.
Provided one-on-one end-user problem resolution over the phone.
Performed daily operations, support, and maintenance of all security technologies centric to Privileged Access related information security solutions.
Implemented & integrated of PAM solutions (CyberArk, Password Auto Repository)
Provided input into engineering and the architectural design of Access Control, User Entitlements.
Application Credentials, User Access Policy Management, enhancing security related to Privileged Access Management, High availability, and Disaster Resiliency.
Coordinated with business and environment management team to make system ready for business users.
Monitored and followed up for business and developer to test properly and sign off for production move.
Installed Vault Server (CyberArk Vault server and Private Ark client), Web server (CPM and PVWA).
Checked CyberArk logs on servers to fix the service id issues.
Experienced with Application Identity Manger (AIM) which provides the solution to eliminate need of hard-coded credentials from application, scripts, or configuration files.
American Water, Camden, NJ 04/2018 – 09/2020
CyberArk engineer
Deployed and Implemented Privileged Identity Management (PIM), LDAP directories, Privileged Access Management (PAM).
Resolved CyberArk issue in CPM to communicate with a host to accommodate credentials.
Troubleshooting and maintenance of the Password Vault, Central Password Manager (CPM), Privileged Session Manager (PSM), Application Identity Manager (AIM), DR Vault in DR Server.
Experienced in day-to-day operational support in adding and deleting accounts, applying policies, assigning safes, synchronizing failed accounts, Password rotations.
Administration experience of Cyber Ark vault with Safe creation, integration with LDAP and other authentication methods.
Worked on multi factor authentications in CyberArk using LDAP, PKI, RSA SecurID, RADIUS, and Oracle SSO.
Experienced with Application Identity Manger (AIM) which provides the solution to eliminate need of hard-coded credentials from application, scripts or configuration files.
Coordinated LDAP combination with AD and system security group to open firewall ports.
On-boarded privileged accounts and application ids with CyberArk Password upload utility or PVWA.
Experienced in ticketing systems like Service Now, SMTP, SIEM, NTP integration.
Experienced in performing Privileged Account Management with fair understanding of the underlying business processes.
On boarded windows and Linux accounts.
Worked on active Directory (AD) and group policy Management (GPO).
ATOS, Remote 11/2015 – 03/2018
CyberArk Engineer
Worked on Privileged Account Management with CyberArk PIM suite Implementation.
Installed and configured of the EPV components (Central Policy Manager, Password Vault Web Access, High Availability Vault Cluster, Secure Zone Access, SAN storage, SSL certificates and Load Balancing.
Configured platforms, master policies, created Safes & On-Boarded 1000's of Privileged Accounts, connection components, transparent components, access control through AD Group Nesting's
Daily administration and maintenance of company's E-Directory
Created policies and reports in PVWA.
Administration experience of CyberArk vault with Safe creation, integration with LDAP and other authentication methods.
Integrated with Active Directory (LDAP), 2 Factor Authentication (RADIUS).
Defined, developed, and documented IDAM services including Single Sign-on, Self-Service registration, workflows, user management, management dashboard, Role Base Access Control (RBAC), Attribute Base Access Control (ABAC), resource and business layers Provisioning, credentialing, federation, and auditing.
Involved in application-to-application credential management.
Defined user account settings through Active Directory and used Active Directory to create, modify, and manage user, computers, and group accounts.
Experienced in performing Privileged Account Management with fair understanding the underlying business processes.
Responsible for determining the target Privileged Session Management (PSM) audience. Determine what infrastructure and systems PSM will target (servers, virtual servers, database)
Performed internal configuration of PSM to the vault itself.
Installed, configured disaster recovery Vaults and DR services.
Maintain development, testing, and production systems.
Coordinated maintenance with support teams.
Perform Penetration testing and vulnerability assessment to improve application security.
Utilization of F5 LTM & GTM for the Privilege User's Single-Sign- On
Bank of America, Austin, TX 10/2014 – 11/2015
System Engineer
Implemented the application of standard operating procedures and systems security in support of the organization's IT architecture and business needs.
Configured, managed & maintained Windows, Linux systems (Windows 2008, RHEL, Centos), Active Directory, LDA.
Analyzed and mitigated security related threats. Monitored and assessed traffic & running reports.
Provided post-implementation Network management, maintenance and support services, specifically on Cisco Switches and Routers.
Planned and documented the process and the New Servers Builds in the environment.
Provided 24x7 System Administration support for Red Hat Linux 3.x, 4.x servers and resolved trouble tickets on shift rotation basis.
Provided the support of building the server, patching, user administration tasks, deployment, software installation, performance tuning and troubleshooting.
Administering performance, tune-up kernel parameter, adding /removing /administering hosts, users, disks on DNS / NIS domain.
Configuration of Hardware and Software RAID on Digital & Sun Servers
Installed and Configured Send Mail Utility on UNIX Servers. Administering NFS Mounts.
Analyzed technologies, recommended vendors to address specific threat vectors such as Disk and Data encryption against physical theft and improper access, anti-malware to protect against malicious software and providing deep network control.
Evaluated and recommended the implementation of and dissemination of IT security tools, procedures, and practices to protect information assets.
Responsible for setting up Web Application Firewalls (WAF) like SQL injection, http conversation.
Configured VLAN, spanning tree, VSTP, SNMP on Juniper EX series switches, checkpoint firewall layers securing existing Data Center infrastructure.
Responsible for the Windows environment, including backup, disaster recovery and network Security.
Education:
Master’s in computer information system
Strayer University, Washington D.C.
Certification:
CyberArk SENTRY Certified ID 302120893
CyberArk Defender Certified ID 302120893
Microsoft certified IT professional ID E322-7851
CCNA Cisco ID 226002833
Boyd Trust, SailPoint Taning experience working base environments.
Technical Skills: Technical Skills:
Primary skill: CyberArk 8.x,9.x,10.x, 11.x, 12.x
Programming: HTML, Java, PowerShell
Operating System: Windows, Unix, Linux.
Directory: Active Directory, LDAP
Database: Oracle, MySQL databa
Contact this candidate