Manikanta Durga Sampath Mattaparthi
adi14w@r.postjobfree.com
OBJECTIVE:
Looking for an opportunity in a challenging work environment that encourages continuous learning and creativity while providing exposure to new ideas and simulating personal & professional goals.
Summary:
Providing single sign on experience across enterprise application using Ping Federate, PingAccess, DUO and CA Single Sign on.
Used SAML, OIDC, OAuth, WAM protocols to provide better security for applications across the organization.
Experience with IT infrastructure components such as Unix / Linux/ Network /Load Balancers / WAF/ LADP/ Databases / Enterprise Monitoring and Access Management Solutions for Single-Sign-On.
Skilled in Security Compliance activities such as reviewing the project design and build documentation and providing consulting related to security risks and the mitigation activities to be performed.
Experience in collecting the business requirement from application teams and deciding the protocol and pattern for onboarding the application in to single sign on system.
Employment:
Client – Fannie Mae
Ping Engineer October 2018 to till date
Amsoft Corp
Integrated applications to enable Single Sign-On (SSO) / Federation login
Co-ordinating and understanding the requirements of internal Enterprise applications and ASP’s to be integrated with SSO environments
Configuring Enterprise applications and external vendor application service providers adopting Single Sign On solution in the integration environments
Co-ordinate client application migrations from Oracle Access Manager to Ping Federate and onboard new applications to Ping.Adoption includes Web SSO (Ping Access Agent) only app, Federation SSO (SAML integration) only app and Web and Fed SSO apps
Point of contact for Application and business teams who wants to integrate with SSO.
Configured Duo, Kerberos and HTML form login authentication mechanisms for end user login
Integrated both WAM and SAML 2.0 protocol to provide perimeter security.
Protected both Inbound and Outbound calls.
Integrating SAML 2.0 Profiles with different binding methods like POST, Redirect.
Used both IDP SSO and SP SSO for multi domain SSO
Used OIDC protocol for web application with api calls for end user authentication
Used OAuth 2.0 protocol for protecting REST Api calls between upstream and downstream services
Used Authorization code, Implicit, ROPC grants in OAuth for generating Access tokens
Configured reference access token and JWS access token.
Worked on Apigee project for token exchange functionality from Reference Access to JWS Access token at runtime level
Automate the process for adding redirect URI and SAML internal applications for SSO
Used WAM Protocol for protecting webserver for UI application and API based applications
Installed PingAccess IIS and Apache agents on web servers
Working on installation PingAccess runtime and admin servers in AWS EC2 servers
Working on PingAccess upgrades
Working on installation of PingFederate runtime and admin severs in AWS EC2 servers
Working on PingFederate upgrades.
Maintaining PingAccess and PingFederate servers in AWS N Virginia and AWS Ohio regions for high availability
Opened network connectivity between AWS N Virginia and AWS Ohio for fail over
Dynamic clustering is used for setting up servers in AWS EC2, so it can bring up new servers based on user traffic
Used round robin mechanism for handling user traffic
Integrated PingAccess, PingFederate and CA Single Sign on logs with Splunk
Working on CA Single sign on 12.52 for supporting legacy applications
Maintaining CA Single Sign on on-prem servers
Upgraded CA Single sign on from 12.5 to CA single sign on 12.8 using in-place method
Troubleshooting issues and providing resolution in SSO integration environments
Implement certificate change in Multi Data Centre production environment to renew the SSL certificate before the expiry date.
Storing logs in AWS S3 bucket.
Client – Fannie Mae
Cyber security Analyst August 2017 to October 2018
Amsoft Corp
Integrated applications to enable Single Sign-On (SSO) / Federation login in by coordinating with application development and business team
Configured Duo, Kerberos and HTML form login authentication mechanisms for end user login
Integrated both WAM and SAML 2.0 protocol to provide perimeter security.
Protected both Inbound and Outbound calls.
Integrating SAML 2.0 Profiles with different binding methods like POST, Redirect.
Used both IDP SSO and SP SSO for multi domain SSO
Used OIDC protocol for web application with api calls for end user authentication
Used OAuth 2.0 protocol for protecting REST Api calls between upstream and downstream services
Used Authorization code, Implicit, ROPC grants in OAuth for generating Access tokens
Configured reference access token and JWS access token.
Used WAM Protocol for protecting webserver for UI application and API based applications
Installed PingAccess IIS and Apache agents on web servers
Working on installation PingAccess runtime and admin servers in AWS EC2 servers
Working on PingAccess upgrades
Working on installation of PingFederate runtime and admin severs in AWS EC2 servers
Working on PingFederate upgrades.
Maintaining PingAccess and PingFederate servers in AWS N Virginia and AWS Ohio regions for high availability
Opened network connectivity between AWS N Virginia and AWS Ohio for fail over
Dynamic clustering is used for setting up servers in AWS EC2, so it can bring up new servers based on user traffic
Used round robin mechanism for handling user traffic
Integrated PingAccess, PingFederate and CA Single Sign on logs with Splunk
Working on CA Single sign on 12.52 for supporting legacy applications
Installed & Configured CA Single Sign on Policy Severs & Policy Stores, Integrated Policy Store with LDAP to use LDAP user repository
Maintaining CA Single Sign on on-prem servers
Creating and enhancement of scripts in Linux/Python and implementing the same in fail over disaster recovery zones (OOR). Silo-ing the traffic from one hub to another as part of maintenance.
Understanding complex issues at different levels like DMZ (WAF) network layer, Gateway Servers, GTM’s, LTM’s, cloud admin/runtime servers, on-prem involving unix, middleware, AutoSys, application and ECC teams.
Generating user login reports and server performance reports
Track user login activity for checking cyber-attacks.
Technical Skills:
Single Sign-On:
Ping Access 5.2, Ping Federate 10.1, PingAccess IIS Agent 1.3, PingAccess Apache Agent 2.2, CA Single Sign on 12.8
Operating System:
Red Hat Enterprise Linux 6.0/7.0, Windows Server
Directory Server:
Oracle Directory Server 11g
Programming languages and methodology:
Python, OGNL (Object-Graph Navigation Language), Linux scripting
Servers:
WebLogic, JBoss, IIS, Apache and Apache tomcat
Tools:
Catchpoint monitoring, Topaz Monitoring, Splunk, Kibana, Postman, CyberArk, WinSCP
Authentication Mechanisms:
Windows Native Authentication, Form Login, Basic Login, Multifactor Authentication
Amazon Web services:
EC2, Elastic Beanstalk, S3
Education:
Trine University
Master’s in Engineering Management Graduated – May 2017
Anna University
Bachelor of Engineering in Mechanical Engineering Graduated – April 2014