Bala Sankarasubbu

Royersford, PA ***** 267-***-**** adi60m@r.postjobfree.com US Citizen

Professional Summary

15+ years of IT professional experience and 12+ years specialized in the overall administration of Identity Life Cycle Management (IAM), Active Directory/Directory Services, and Privileged Access Management (PAM) Solutions that include design, installation, configuration, maintenance, system integration testing, and related hardware/utilities integrations. Proven success in leadership, operational excellence, and organizational development with a keen understanding of elements of IT.

Nominated for PSSA (Highest recognition for an Amtrak Employee) in Innovation Category for contributions as Identity and Access Management Team in 2019.

Technical Summary

3 + years of working experience with Privileged Access Management (Beyond Trust Password Management) Solutions.

9+ years of Identity and Access Management (SUN Identity Manager, Forge Rock, and SailPoint) Products.

4+ years of experience of LDAP Directory Server (Forge Rock) and with on-premises Active Directory/ AD Azure, MFA, App Proxy, and SUN Directory Server version 6.3/7.0.

Senior IAM Lead Technologist and outstanding performer in Identity and Access Management and Privileged Access Management within IT Security.

Skills

Identity and Access Management (SUN Identity Manager/Directory Server; ForgeRock (OpenIDM,OpenDJ); SailPoint (IdentityIQ and IdentityNow).

Privileged Access Management Products (Beyond Trust).

On-Premises and AWS cloud services.

Windows Active Directory Azure, MFA, On-Premises AD in creating group policies.

Azure Active Directory with O365 for email exchange provisioning and Microsoft Intune.

Risk and Compliance, Identity Governance Platform.

Upgrades Apply latest Microsoft Security patches.

Knowledge of F5 load Balancer and BIG IP Edge client and firewalls.

Knowledge of PowerShell scripts for automation process.

MS SQL Server experience

Sun Solaris, AIX, Windows NT, UNIX, Linux Operating systems

HTTP server, Apache IIS

Knowledge of Scripting Languages like Perl, KSH/BASH, PowerShell, JavaScript

IT Change management tools: ServiceNow, SCCD, Peregrine

Monitoring Tool: AppDynamics, LogRhythm, Wily

WebSphere 4.0/5.0/6.1, Knowledge in Web logic, JBOSS, and Tomcat Application Servers.

IBM, Enterprise, Tomcat

IBM WebSphere, Network, Trainer.

Education

Master of Software Engineering: 2004

Penn State University - Great Valley, PA

Bachelor: Electronics and Communications Engineering, 1999

KLN College of Engineering

Work History

IAM Lead Technologist, 04/2011 to 09/2020

AMTRAK – Philadelphia, PA

Major Projects:

Migration of SUN IDM Product to Forge Rock (2014).

Migration from Datacenter to AWS (2015).

IT Modernization- Migration from Forge Rock to SailPoint IIQ and IdentityNow (2016).

Implementation of Privileged Access Management (PAM) Solution – 2016.

Conversion of Contractor to Employee (2016).

Integrated with Financial Applications for Identity Governance (2016 -2017).

Integration with O365 (2017).

AD Bridging for Linux Systems – Migration of Local Accounts to Active Directory (2018).

Beyond Trust integration with RACF Mainframe system to access Shared privileged accounts (2018).

Automation of onboarding the newly built servers and new hires to Beyond Trust (2019).

Enable MFA in Azure for all the external-facing applications in Amtrak. (2018).

Infrastructure change from Active/Passive to Active/Active mode of Beyond Trust appliances (2020)

Projects Highlights:

Migration of SUN IDM Products to ForgeRock Stack:

Performed the migration of SUN Identity and Access Manager to Forge Rock Stack (OpenIDM/ OpenDJ/OpenAM) due to end of life Software support.

Performed Access administration and troubleshooting of IAM tools and applications, ensure appropriate access and meet internal and external data security requirements.

Provide 24/7 production support and on-call shifts.

Troubleshoot and resolved sev1 and sev2 incident tickets and service requests related to password malfunctions, password rotations, account creations, and account changes.

Provisioned Active Directory accounts (Primary) for all active users using IDM.

Approximately 6000 new accounts were provisioned using the IDM Code release.

This task has played a critical role in delivering the solution in a timely fashion and an example of collaborating with the Active Directory team for providing a better customer experience.

SOGR - Identity Suite - SOGR project to keep the identity system up to date and integrate with new designs as the need arises ForgeRock IAM Suite upgrade to the latest version.

Migration from Data Center to AWS Cloud:

Performed Lift and Shift solutions from on-premises to AWS cloud.

Created an AMI “golden image” version in AWS.

Migrated ForgeRock IAM Suite to AWS - Migrate all IAM servers from IBM datacenter to AWS.

IT Modernization- Migration from Forge Rock to SailPoint IIQ and IdentityNow:

Managed the strategy and roadmap implementation for Identity and Access Management Platform Tools.

Support migration of LDAP(OpenDJ) to Active Directory and SSO (OpenAM) to Azure as part of the IT Modernization effort.

Executed overall project plans and prepared timelines for key deliverables.

Defined Anchor platforms and migrated legacy applications to latest technology, solving business solutions.

Established operational standards and cross-train the peers on IAM/PAM suite.

Worked in SailPoint IdentityIQ by performing admin tasks like provisioning, de-provisioning, access certification, Approval workflows, compliance, password management, Self-service, and Audit/reporting.

Supported critical IIQ functions, including patching and upgrades based on the related modules.

Patched SailPoint Identity IQ from 7.1P3 to 7.1P4 to address a critical security vulnerability as a part of ongoing commitment to security.

Strong knowledge of Active Directory and Beyond Trust provisioning processes.

Effectively worked with IT teams, business contacts, and other third-party vendors (Forge Rock, SailPoint, Beyond Trust).

Knowledge of Azure AD and associated on-premises and off-premises technology.

Conversion of Contractor to Employee (2016):

Involved in the process of contractors to employee conversion by creating a PowerShell script.

Defined a Correlation Rule in IDM to run the PowerShell script to swap the old User Principle Name (UPN) with the New UPN in Active Directory.

Privileged Access Management – Implementation of the PAM system (Beyond Trust):

Deployed the Beyond Trust virtual appliance in AWS and integrated with the infrastructure for the 14 in-scope Financial audit systems.

Performed UAR (User Access Review) process with other application teams to review and certify the access to the servers, OS level, and databases and present it to the IT Infosec and Risk and Compliance team.

Configured Terminal Server setup as an enhancement to PAM Solution.

Worked with field leadership to facilitate management-level train-the-trainer: sessions.

Worked with corporate compliance and made sure the users were provided training and up to date on policies and procedures that affect their functional areas.

Experience with script development (PowerShell/Autoit) for automation and integration with other applications.

Involved in creating access policies and configured the approval workflows for privileged users.

Federated with other applications (RACF Mainframe/SQL Studio/LogRhythm with Beyond Trust for privileged access and session management.

Maintained the Virtual appliance directly by applying patches, general maintenance, and upgrades.

Involved in Change and Incident management, new integrations, and involved with releases with Beyond Trust.

App Dynamics Monitoring for IAM Infrastructure:

Worked with the App Dynamics Monitoring team to design monitoring solutions, alerts, and dashboards for IAM infrastructure involving IDM, AC, PAM, LDAP.

Integration with Office O365:

Worked closely with the Unified Communications team in introducing new licensing options using IDM and educate Service Desk on the new process of email provisioning.

Based on the recent Org Changes, conversion script has gained importance in handling many conversion requests in the least disruptive manner from contractors to employees retaining their current email address.

Expanded the capability of performing conversions to other IAM team members and train appropriately to provide world-class support to our customers.

Integrated with Financial Applications for Access Certification and Identity Governance:

Integrated IdentityIQ with applications: LENEL, Claims SAP (ECC, BW, EWM, GRC, BPC); RACF; Office365.

Project to find and implement an automated process to replace the manual User Access Review process.

Access Certifications Self Service Password Solution:

Installed SailPoint Identity IQ Password Interceptor on all Domain controllers to implement the Password Solution, which will enhance the customer experience.

Provide Self Service Password Reset solution through BYOD using Multi-Factor Authentication (MFA) with the help of IdentityNow Cloud solution in a highly secure manner.

AD Bridging with Linux Systems – Migration of Local Accounts to Active Directory:

Performed a successful migration of all the local IDs to Active Directory to unify products, reduce cost, and renovate IT software.

Responsible for gathering information about each application for analysis and assessment on Amtrak local IDs on the servers.

Actively worked with different application teams and with the IBM team by weekly meetings.

Completed this project within the given timeline.

Beyond Trust Integration with RACF Mainframe system to access Shared privileged accounts:

Configured Beyond Trust to integrate with RACF Mainframe application for the managed users to access the Shared Privileged Accounts.

Configured the Approval workflow for the users to access the shared account during Severity one and two scenarios.

Configured the session management workflow for the Reviewers/Managers as post review the sessions and submit "As Reviewed" for the RACF users.

Automation of onboarding the newly built servers and new hires to Beyond Trust:

Configured the automation of onboarding the newly built servers and new hires to Beyond Trust by enabling the nightly scan in Beyond Trust.

Infrastructure change from Active/Passive to Active/Active mode of Beyond Trust appliances:

Worked with the service providers to ensure that their in-scope technical solutions are consistent with the enterprise business strategy and architecture.

Responsible for changing the Beyond Trust infrastructure from Active/passive to Active/Active mode for full redundancy of the appliances if one goes down to use the alternative.

Documented the requirements specification, operational, and Maintenance support portfolios and submitted them to the Design Review Board for approvals.

Worked with vendors during the problem resolution process as needed.

Accomplished that the system is available for the users with “Always-On” mode availability and scalability.

Reviewed plans from architects and consulted with clients to understand project plans, constraints, and objectives.

Drove efforts to achieve short-term and long-term business goals by specifying optimal technology solutions for business needs and budget requirements.

LDAP and SIM Administrator, CNSI, 09/2008 to 04/2011

AMTRAK – Philadelphia, PA

Worked as a SIM/LDAP/WebSphere Administrator in the IAM team.

Upgraded the Sun Directory Server (LDAP) from 5.2 to 6.3 version.

Installed both Amtrak internal and external (Verisign) certificates for the Directory servers.

24X7 production support for both for SUN Identity Manager and Directory Server.

Created and Assigned users, groups, and applications to authenticate against Directory Server.

Configured replication to synchronize among the LDAP server clusters.

Sustained and maintained zero downtime for Directory Services.

Experienced in evaluating, testing, and performing upgrades of Directory Server with new software and patches.

Worked on performance-tuning testing and achieved 45% performance improvement via optimizing database and entry cache, indexing, and threads.

Created and managed the additions to Directory Tree, schema extensions, access control instructions.

Performed import and export of Directory Server databases using Sun utilities and Perl scripts.

Performed Backup and Restore of Directory Server databases.

Redesigned the LDAP Architecture by removing the Proxy servers, and all the requests hit directly to the Multi-Masters.

Successfully performed the Data Center migration geographically from Manassas to Raleigh by lift and shift process.

WebSphere Administrator, Admin, 03/2005 to 09/2008

Independence Blue Cross – Philadelphia, PA

Installed, Configured, and Administered IBM WebSphere Application Server 5.1/6.0.x and IBM HTTP Server on both Windows and Solaris/AIX platforms.

Troubleshoot errors for Application JVMs and analyzed heap/core-plus error logs tuned the JVMs for better performance.

Coordinated between different Application Support Teams for successful application release in Production.

Responsible for deploying enterprise applications in the WebSphere Admin console.

Configured Clusters and Instances for scalability and failover processes.

Utilized the Thread Analyzer to detect and analyze application issues.

Analyzed the scalability of applications with the help of tools like IBM Tivoli Site Analyzer.

Monitored Applications and WAS performance through Tivoli Performance Viewer and tuned the system caching, queuing, JVM parameters, DB Connection Pooling.

Involved in setting up JVM tuning parameters and enable garbage collection for analysis.

Attended weekly meetings on behalf of the Middleware Team & co-ordinate with different teams for task accomplishment.

Opened IBM Problem Management Records (PMR) to report WebSphere Application Server issues with the error logs and Thread dumps.

Analyzed run time log files to solve problems using debugging tools like Log Analyzer, First Failure Data Capture Tool, and Collector Tool.

Involved in architecting core-groups in the environment by logically separating related application JVM into a single core group to enhance performance.

Worked as a Policy Directory Admin to maintain IBM Tivoli Access Manager (TAM) version 6.0.

Assisted the users to log on to the site with their login account by resetting their password to default.

Created the Security roles for various applications and allowing the users to log in to the application based on those roles.

Configured the parameters for LDAP active user registry.

Used Network Dispatcher for load balancing.

Worked on SUN Solaris, Windows 2000, IBM WebSphere Application Server 3.5/4.0.x, IBM HTTP Server, Apache Web Server, LDAP, XML.

Course Completions:

Forge Rock OpenIDM FR-200 Open Identity Stack Essentials

Forge Rock OpenDJ FR-201 OpenDJ Implementaion and Administration

SailPoint: IdentityIQ Business Administration

SailPoint: IdentityNow Implementation and Administration

Beyond Trust Power Broker for windows

Microsoft Azure - AZ 900

Contact this candidate