Professional exposure in Identity and Access Management (IAM) and diverse range of skills in Information Security Domain and having a very good record of implementation, administration, maintenance & support on IAM products.

Well versed with integration of administration, maintenance & support on IAM tools like Ping Federate, Ping Access, Ping Directory, Okta, CA tools, Linux SAML spring servers, Azure AD, Active directory, ADFS, Radius Server (NPS)and various identity as a service tools (IDAAS).

Hands on experience in IAM requirement analysis, implementation of Access Gateways and SAML, OAuth, based integrations and web access management (WAM)

Implemented Multifactor authentication Azure MFA with NPS extension and writing conditional policies for single sign on. Users are generated on the fly using LDAP import with their corresponding role-based access. Worked on Dynamic, Static, Alt SAML ID, federation type of SP and IDP SSO connections.

Manage Identity Access management of Azure Subscriptions, Azure AD Application Proxy connectors, Azure AD Connect, Azure AD Pass through Authentication, ADFS, ADDS, ADCS.

Performed Requirements Gathering for a Proof of Concept to be implemented into their environment in development for Azure AD, PingFederate, Okta.

Worked on Single Sign on (SSO) to implement security polices and handle LDAP, Azure AD, ADFS, PingFederate and also maintenance of certificates RSA256, SecureID and OAEP Algorithm, load balancing methods, SSL certs, PKI, X-509 certs, persistence profiles, NAT IPs, client/server profiles while configuring VIPs and customizing them as per the applications needs.

Experience on Development and Modification of PowerShell Scripts.

Designed and implemented Okta SSO and Okta MDM from ground up with Oauth and SAML based Saas applications. Worked with more than 40 different groups to integrate their applications to SSO.

Streamlined and Automated the New Hire Onboarding and Off Boarding Process via Workday/Okta/AD.The framework also included Provisioning/Deprovisioning of SaaS base applications.

Intrgrate On Prem Active Directory sync to Okta.

configuration DC with Okta tenant for User provising, DC replication, authentication impltemation for Sass applications register on Okta.

monitor privileged access for Azure AD Privileged Identity Management (PIM)

configure Access Reviews, activate and configure PIM, Role assignment.

Technical Competencies:

Virtualization: VMWare

Active Directory Engineering: ADFS, Group Policy, PowerShell, SSO, SAML, Azure – AZ 500 certification.

Cloud Security: Azure AD, Azure MFA, Azure SSO, Azure User Migrations, Azure AD Self Service Password Reset

Professional Experience

Lincoln Financial Group, Greensboro, NC

October 2019 – Present

IAM Engineer/Analyst - Azure AD /ADFS

IAM engineer with experience in the implementation of the Microsoft cloud Azure multi-factor authentication solution to provide technical expertise and best practices guidance. This include Azure MFA configuration and the integration of the test environments for systems and services that currently use a two-factor authentication that client will be retiring, tools that we using is ADFS, Azure, Spunk, Quest, closely working with security team, we manage Infrastructure and Cloud Deployments.

Azure AD User Migrations and Sync Services. Administration of Azure MFA.

Author documentation for merger and acquisition technical guidelines.

Working closely with Architecture and designed SSO authentication solutions for internal and third-party applications and vendors supporting a 50,000-seat enterprise.

Enterprise ADFS SME managing over 300 SSO federations both IDP and SP initiated.

Experience on Office 365, ADFS, and SQL Server high availability in a multi-datacenter environment.

Active Directory administration and design: domain controller upgrades; DHCP clustering on Server 2012/R2

Office 365 and ADFS Farm implementation and design, to include Azure AD Connect in a distributed, multi-datacenter environment. Domain controller upgrade, migration, and managing replication schema.

National Grid, Waltham, Massachusetts

March 2019– September 2019

IAM Engineer/Analyst - Azure AD and Azure MFA - PingIdentity

Deliver web and application development, maintenance of Azure AD services Like single sign on (SSO) and multifactor authentication (MFA) and troubleshoot issues related to API web applications. Mainly focused on Azure MFA.

Responsible to onboard/Integrate new applications to Azure AD and PingIdentity, Okta.

Build and configured, maintenance and support on Network policy server (NPS) in Production for MFA with Azure AD. (Troubleshooting MFA issues with NPS logs)

Providing web applications, Single-Sign on and Federation technology with Azure AD using protocols like, SAML, OAuth, LDAP.

Connecting NPS servers to AD - Domain controllers for Azure extension to trigger MFA challenge.

Perform on IAM/MFA development and solutions within Microsoft Azure and PingIdentity, Okta.

Execute with programming languages PowerShell scripting to pull data and force sync with Azure AD.

Operations on Active directory management adding and configuring new workstations and adding up user accounts to provide authentication and authorization to web application.

Requirements Gathering for a Proof of Concept (POC) to be implemented into their environment in development on different components like Okta, Azure AD, NPS server.

Engagement with service owners and business owners and explain them about SAML and Multifactor authentication to protect their applications, and migrate all the users to MFA group to get MFA challenge from Azure AD.

Migration of all organization users to MFA group for external applications to trigger MFA challenge.

Sempra Energy/SDGE, San Diego, CA

October 2018 - February 2019

IAM Engineer-Analyst/ Directory services/Azure AD/

Deploying, configuring, implementing, integrate, customize rules of CA Etrust Directory products to meet customers’ requirements. Integrated Directory server’s version upgrade Federated major applications user policy store, key store and session stores.

Experience in setting up SAML, OAuth connections and working with app teams on deploying the apps, Experience in deploying SaaS application with AZURE AD and Okta.

Generating new CSR to get keypair, for SSL certificate from external vendor.

Troubleshooting crobjobs/logrotate to generate auto scripts of back up files to Atos and control M job agents.

Build a directory server on lower and Higher environments and connected to Management UI while integration with federation web agents. (CA/Ping/Azure Products)

Webservices migration on directory server’s versions migration upgrade paired on LB, standalone servers.

Certificate key-SSL, how to mainframe cert requests, mainframe cert requests, SSG Mainframe Certificate Refresh and Federation Services, manage Certificates and Private Keys.

Checking and running scripts to clean up High disk memory cleaning on server utilization of CPU usage, VLANS, hostnames on webservers and application servers.

Looking P1/P2 level issues on Web logic related issues, on DB servers and gateway related issues.

Installing Web server (Apache, Tomcat and IIS) agents & configuration, Policy, Rules, Realms, Response and Auth Schemes set up

Configure User Directory and Directory Mapping for Authentication and Authorization.

KPMG, Grand Rapids, MI

February 2018 – September 2018

Systems Engineer/Azure AD - IAM Analyst – PingIdentity (SSO/SAML)

Performed SSO connections in Azure technology standards with SAML 2.0 (saml spring framework -backend coding)

Configuring new SAML Federations for external clients, interact with client to test and support SAML SSO.

Providing support for login issues, check log files, work with client and Integrate SSO connections with SAML. Support to find RCA of SSO problems, gather accurate/useful information from end user for SSO issues

Integrated SAAS applications with SAML based connection in Jave spring servers. And certificate updates.

Expertise in Azure AD user provision, creating resources and groups under the directory role blade.

Worked on application Gateway while integrating SSO to Azure Portal (SSO header settings).

Hands on experience on understanding of SAML data flow, look for root cause analysis in gateway SAML logs to troubleshoot SSO problems.

Driven on Linux servers to check the gateway, Catalina and auth.logs, server logs and audit logs, admin logs for SSO troubleshooting.

Worked on Password vaulting for single sign-on with Application Proxy hosted on Azure.

.

Fidelity Investments, Smithfield, RI

April 2015 – January 2018

IAM Analyst / SSO Consultant/ Ping federate

Worked on the migration of legacy SSO connections (CASy) to Pingfederate technology standards

Convert business functional specifications into technology system design specifications.

Participate in the definition of functional and non-functional system requirements.

Updated requirements as per business user's feedback and changes in functionality of the applications.

Handling/Documenting IM tickets related to SSO, providing information to problem management to solve RCA(root Cause Analysis)

Worked on Token Generator and Token Processor to establish a connection between two web services from different Enterprises, JWT tokens to authenticate the user using Ping Federation.

Upgraded Ping Federate from lower to higher version both for Console and Engine server (7.3 to 8.3).

Integrated both IDP and SP initiated SSO using Ping Federate with external partners.

Experience in deploying SAML based highly available solutions using Ping Federate and other security products, can create and process the SAML to get tokens which can be processed by other Web Access Management Products.

Experience in collaborating with teams to determine systems requirements and functionalities needed in new or legacy LDAP. Migrated SAML Based SSO partners from old legacy servers to Ping Federate 8.3.3

Working as a part of SSO team, Protecting Web applications with Standard/Custom Authentication Schemes and educating the application team about the flow of SSO.Maintained both Test and Production servers for Ping Federate along with the cluster management and timely Replications to deploy changes to servers.

Acesoft Labs, Hyderabad, India

July 2012 – February 2015

Security Consultant – IAM Analyst

Responsibilities:

Executed platform upgrades for PingFederate Installation

Installation and configuration of Agent and Agentless plugin in PingFederate on different Webservers.

Analyze current network layout, services and resources to determine required access.

Determine user roles and responsibilities, classifying like users into groups to ease maintenance and rule

implementations controlling access to resources appropriate to user and group classifications.

Troubleshooting Web Agent and SiteMinder Policy Server issues.

Created Domains, Realms, Rules, Responses and Policies.

Created User Directory for LDAP and AD.

Provided complete L3 support for VMware virtual infrastructures.

Provisioning new servers, imaging; handling other daily routines; leading new deployments from

systems perspective by coordinating internal resources; performing systems backups and restore

Procedures. Handling the complete installation, configuration & maintenance of Microsoft Windows Servers;

designing the Backup Strategy for sites and ensuring scheduled/unscheduled Backups as per backup plan and restoration; managing Server, Domain, AD, User Rights, etc.…

Active Directory and Group Policy Management. Security, health, management and performance features. Windows System Center Configuration Management Server

Education:

Bachelor’s in computer science engineering from JNTU, Hyderabad, INDIA.

Master’s in computer information sciences from Campbellsville, KY, USA.

Contact this candidate