Resume

Sign in

Aws Security

Location:
Plano, TX
Posted:
December 31, 2020

Contact this candidate

Resume:

Manikanta Durga Sampath Mattaparthi

adi14w@r.postjobfree.com

OBJECTIVE:

Looking for an opportunity in a challenging work environment that encourages continuous learning and creativity while providing exposure to new ideas and simulating personal & professional goals.

Summary:

Providing single sign on experience across enterprise application using Ping Federate, PingAccess, DUO and CA Single Sign on.

Used SAML, OIDC, OAuth, WAM protocols to provide better security for applications across the organization.

Experience with IT infrastructure components such as Unix / Linux/ Network /Load Balancers / WAF/ LADP/ Databases / Enterprise Monitoring and Access Management Solutions for Single-Sign-On.

Skilled in Security Compliance activities such as reviewing the project design and build documentation and providing consulting related to security risks and the mitigation activities to be performed.

Experience in collecting the business requirement from application teams and deciding the protocol and pattern for onboarding the application in to single sign on system.

Employment:

Client – Fannie Mae

Ping Engineer October 2018 to till date

Amsoft Corp

Integrated applications to enable Single Sign-On (SSO) / Federation login

Co-ordinating and understanding the requirements of internal Enterprise applications and ASP’s to be integrated with SSO environments

Configuring Enterprise applications and external vendor application service providers adopting Single Sign On solution in the integration environments

Co-ordinate client application migrations from Oracle Access Manager to Ping Federate and onboard new applications to Ping.Adoption includes Web SSO (Ping Access Agent) only app, Federation SSO (SAML integration) only app and Web and Fed SSO apps

Point of contact for Application and business teams who wants to integrate with SSO.

Configured Duo, Kerberos and HTML form login authentication mechanisms for end user login

Integrated both WAM and SAML 2.0 protocol to provide perimeter security.

Protected both Inbound and Outbound calls.

Integrating SAML 2.0 Profiles with different binding methods like POST, Redirect.

Used both IDP SSO and SP SSO for multi domain SSO

Used OIDC protocol for web application with api calls for end user authentication

Used OAuth 2.0 protocol for protecting REST Api calls between upstream and downstream services

Used Authorization code, Implicit, ROPC grants in OAuth for generating Access tokens

Configured reference access token and JWS access token.

Worked on Apigee project for token exchange functionality from Reference Access to JWS Access token at runtime level

Automate the process for adding redirect URI and SAML internal applications for SSO

Used WAM Protocol for protecting webserver for UI application and API based applications

Installed PingAccess IIS and Apache agents on web servers

Working on installation PingAccess runtime and admin servers in AWS EC2 servers

Working on PingAccess upgrades

Working on installation of PingFederate runtime and admin severs in AWS EC2 servers

Working on PingFederate upgrades.

Maintaining PingAccess and PingFederate servers in AWS N Virginia and AWS Ohio regions for high availability

Opened network connectivity between AWS N Virginia and AWS Ohio for fail over

Dynamic clustering is used for setting up servers in AWS EC2, so it can bring up new servers based on user traffic

Used round robin mechanism for handling user traffic

Integrated PingAccess, PingFederate and CA Single Sign on logs with Splunk

Working on CA Single sign on 12.52 for supporting legacy applications

Maintaining CA Single Sign on on-prem servers

Upgraded CA Single sign on from 12.5 to CA single sign on 12.8 using in-place method

Troubleshooting issues and providing resolution in SSO integration environments

Implement certificate change in Multi Data Centre production environment to renew the SSL certificate before the expiry date.

Storing logs in AWS S3 bucket.

Client – Fannie Mae

Cyber security Analyst August 2017 to October 2018

Amsoft Corp

Integrated applications to enable Single Sign-On (SSO) / Federation login in by coordinating with application development and business team

Configured Duo, Kerberos and HTML form login authentication mechanisms for end user login

Integrated both WAM and SAML 2.0 protocol to provide perimeter security.

Protected both Inbound and Outbound calls.

Integrating SAML 2.0 Profiles with different binding methods like POST, Redirect.

Used both IDP SSO and SP SSO for multi domain SSO

Used OIDC protocol for web application with api calls for end user authentication

Used OAuth 2.0 protocol for protecting REST Api calls between upstream and downstream services

Used Authorization code, Implicit, ROPC grants in OAuth for generating Access tokens

Configured reference access token and JWS access token.

Used WAM Protocol for protecting webserver for UI application and API based applications

Installed PingAccess IIS and Apache agents on web servers

Working on installation PingAccess runtime and admin servers in AWS EC2 servers

Working on PingAccess upgrades

Working on installation of PingFederate runtime and admin severs in AWS EC2 servers

Working on PingFederate upgrades.

Maintaining PingAccess and PingFederate servers in AWS N Virginia and AWS Ohio regions for high availability

Opened network connectivity between AWS N Virginia and AWS Ohio for fail over

Dynamic clustering is used for setting up servers in AWS EC2, so it can bring up new servers based on user traffic

Used round robin mechanism for handling user traffic

Integrated PingAccess, PingFederate and CA Single Sign on logs with Splunk

Working on CA Single sign on 12.52 for supporting legacy applications

Installed & Configured CA Single Sign on Policy Severs & Policy Stores, Integrated Policy Store with LDAP to use LDAP user repository

Maintaining CA Single Sign on on-prem servers

Creating and enhancement of scripts in Linux/Python and implementing the same in fail over disaster recovery zones (OOR). Silo-ing the traffic from one hub to another as part of maintenance.

Understanding complex issues at different levels like DMZ (WAF) network layer, Gateway Servers, GTM’s, LTM’s, cloud admin/runtime servers, on-prem involving unix, middleware, AutoSys, application and ECC teams.

Generating user login reports and server performance reports

Track user login activity for checking cyber-attacks.

Technical Skills:

Single Sign-On:

Ping Access 5.2, Ping Federate 10.1, PingAccess IIS Agent 1.3, PingAccess Apache Agent 2.2, CA Single Sign on 12.8

Operating System:

Red Hat Enterprise Linux 6.0/7.0, Windows Server

Directory Server:

Oracle Directory Server 11g

Programming languages and methodology:

Python, OGNL (Object-Graph Navigation Language), Linux scripting

Servers:

WebLogic, JBoss, IIS, Apache and Apache tomcat

Tools:

Catchpoint monitoring, Topaz Monitoring, Splunk, Kibana, Postman, CyberArk, WinSCP

Authentication Mechanisms:

Windows Native Authentication, Form Login, Basic Login, Multifactor Authentication

Amazon Web services:

EC2, Elastic Beanstalk, S3

Education:

Trine University

Master’s in Engineering Management Graduated – May 2017

Anna University

Bachelor of Engineering in Mechanical Engineering Graduated – April 2014



Contact this candidate