RAMYA KOTHA

IAM Consultant

Email: adtqvg@r.postjobfree.com

Phone: 469-***-****

SUMMARY

IAM consultant with nearly 8+ years with significant support, administration and development experience of Identity and Access Management(IAM) and Privilege Access management (PAM) projects.

Always meets client demands by understanding the request and taking action accordingly and develops good long-term customer relationships.

Installation and configuration of AD Agent to integrate AD as profile master to OKTA.

Configured delegated authentication in AD.

Imported all users and groups to OKTA from AD.

Configured SSO for internal applications using SWA, SAML methods.

Troubleshoot SAML applications using SAML Tracer.

Provisioned end user accounts to internal applications using OKTA.

Customized attribute mapping using expression language as per requirements.

Assigned administrator roles to multiple users based on requirements.

Installed and configured Integrated Windows Authentication for Desktop SSO as a POC.

Configured multi-level Access Request Workflow for user accounts provisioning as per requirements.

Configured Group based Password policies and Sign On policies based on requirement.

Setup new SAML federations and partners using TFIM to establish Single Sign on with the business partners

Deploy TFIM configuration JAR file on the Webseal servers in test and production environments

Work with business partners to update the security certificates for applications to make sure that certificates doesn't expire and cause any outages

Install the fixpacks for TFIM which fixes a variety of problems in the components that compose the TFIM 6.2.2 product and upgrade to new version

Troubleshoot applications running on Tivoli Federated Identity Manager services.

TECHNICAL SKILLS

Key Skills

IBM Tivoli Suite (ISAM 9.0.7, TFIM, ITIM), TDI, Active Directory Federation services, Okta

Operating Systems

Windows, AIX, Linux

Languages

JavaScript, Shell Script, HTML/XML, Java 1.8

Tools

HTTPWatch, Splunk Enterprise, VersionOne, MS-Office, MS-OneNote

Databases

Oracle DB 12, IBM DB2, SQL Server 2005

Application Servers

IBM WebSphere Application Server (5.1, 6.1, 7.0, 8.5)

Directory Servers

LDAP, Active Directory

Enterprise Infrastructure Skills

Single Sign On, SAML, Federated Identity, MFA

WORK EXPERIENCE

Client: Verizon, Harrisburg, PA September 2019 – Present

Role: Senior IAM Consultant

Responsibilities:

●Install IBM Security Identity Manager (ISIM), IBM Security Access Manager (ISAM), and IBM Security Directory Server (ISDS) appliance setup on AWS Cloud

●Implement Email, SMS, and Push notification as an MFA method to access the Portal

●Work with external vendors to onboard new SSO integrations

●Resolve SSO issues related to integrations with JIRA, JAMA, Tableau, Splunk, etc.

●Work with DataPower and hosting team to renew the certificates for portals and internal IAM components

●Automate Monitoring of IAM servers at the system level and at the internal component level

●Setup External ISAM Servers to expose the Portal to the internet

●Externalize ISAM runtime database to SDB2 to improve storage and performance

●Automate the BVT (Build, Verify, and Test) process by implementing the MFA Bypass process

●Work on P1 (Priority 1) issues

●Resolve high/medium/low-risk vulnerabilities in MES IAM servers

●Upgrade ISAM to 9.0.7.1 and installed fix packs to make sure the environment is updated

●Support ongoing operations and maintenance activities.

●Implement SSO to Azure applications using ODX credentials. This will provide access to O365 applications such as Exchange, OneDrive, Azure, OfficeOnline, OWA, SharePoint, Skype, Visio, Project, Teams, Delve, OneNote

●Implemented MFA functionality with both SMS and E-Mail options. Users will receive the OTP on their mobile phone or work e-mail when trying to do SSO and use that code to access to applications.

Environment: IBM Security Identity Manager (ISIM), IBM Security Access Manager (ISAM), IBM Security Directory Server (ISDS), IBM Database2 (DB2), IBM Security Privileged Identity Manager (ISPIM), IBM DataPower

Client: CJ Energy Services, Houston, TX August 2017 – June 2019

Role: IAM Consultant

Responsibilities:

Responsible for managing the following tools:

Cloud-Based Single Sign-On(OKTA), Saviynt, Privileged Access Management tool (OneIdentity Safeguard),ZScaler and Service Now Ticketing tool.

Exposure on Access Management on platforms like OKTA including understanding of application integration with SSO, Federation via SAML, OAuth, OIDC, Configure Groups and MFA.

Experience in identity lifecycle and all JML process

Experience on Saviynt which is used for JML process and user provisioning.

Integration and Testing experience in Identity Access and Role Management solutions.

Excellent team player with good motivation, inter-personal skills and able to express the technical issues.

Experience in Role based access control, Password policies and resolving issues with their existing LDAP, HR, AD and other IGA connectors.

Capable of working with project team to recreate and resolve bugs.

Enabling Single Sign-On Using SAML 2.0 and Oauth.

Experience with multi-factor authentication

Works closely with application developers to maintain custom extensions of IAM environment

Monitoring the teams trouble ticket and escalation queue for new incidents and working to resolve and/or escalating to senior engineers

Generating and/or designing application-level reporting for management and client

Document, maintain and communicate the strategy related to the products and services provided.

Creating and Managing Safes, platforms and Owners, Policy specification, End User management.

Worked with users for resolving network issues, configuring operating systems and using remote desktop connections to provide immediate support

Routing customer impact/issue with technical personnel to initiate system implementations.

Environment: IBM Security Directory Server (ISDS), IBM Database2 (DB2), IBM Security Privileged Identity Manager (ISPIM), IBM Security Identity Manager (ISIM), IBM Security Access Manager (ISAM), and IBM DataPower

Client: Resolution group, Bangalore August 2015 – April 2017

Role: IAM Consultant

Responsibilities:

Created Functional Requirements Document (FRD) for on boarding target applications onto Sailpoint IIQ and Azure AD.

Created detailed use cases for an application on boarding onto Sailpoint IIQ and Azure AD.

Created requirements traceability matrix (RTM) for IGA and access manager use cases.

Implemented SSO using SAML2.0 Protocol with Azure AD in Non-production and production environments.

Worked with application’s stake holders to gather requirements to integrate application with Azure AD for application Single-Sign on.

Created IDP Connections, SP connections, Adapters, export meta data, import/export ssl certificates using Azure AD.

Worked with the developers to configure application definition and test connections in Sailpoint IIQ.

Integrated SailPoint with Azure AD, SuccessFactors, Salesforce with SailPoint for role-based provisioning.

Configured periodic access certifications for SOX critical applications (AD/DB/Disconnected applications).

Implemented RBAC/Attribute based/Ad-hoc based provisioning to the applications.

Implemented centralized user store for users and systems.

Migrated Identities and assisted developing the various business process in Sailpoint IdentityIQ implementation.

Enabled the pass-thru authentication via AD authentication.

Enabled self-service features like password change, password reset.

Dealt with large amount of data and ran multiple queries in SQL.

Documented User Acceptance testing (UAT) test cases to verify and validate each system specification and requirement with system design.

Environment: IBM Database2 (DB2), IBM Security Privileged Identity Manager (ISPIM), IBM Security Directory Server (ISDS), IBM Security Identity Manager (ISIM), IBM Security Access Manager (ISAM), and IBM DataPower

Client: Telstra, Bangalore August 2013 – July 2015

Role: IAM Consultant

Responsibilities:

Deployed Oracle IAM suite on AWS (PaaS) with Multi regions for DR.

Configured SoD/Least privilege access to AWS services, and on-premise applications.

Configured MFA for end user’s AWS accounts to access AWS services.

Deployed internal/intra facing web applications with SSO agents on AWS with network isolation.

Configured Multi Master Replication over SSL and Configured WNA Authentication to achieve Zero SSO.

Integrated OAM and OAAM to provide fraud detection and support KBA based authentication.

Configured WNA/Forma Based/X509/Custom Authentication schemes to provide flexibility to customers to choose variety of SSO.

Implemented SSO with the Apps which are hosted on IIS/Apache/OHS/Web Sphere/Web logic.

Configured network/app elastic load balancers, route 53 configuration, updated A & C-Name records.

Configuration segmentation/micro segmentation at web/app layers.

Trained administrators on IAM/AWS administration and provided run book with detailed steps to taken at the time of incidents/issues.

Implement SSO and MFA between ODX and DODD

Create technical design document for the ISAM Access Management functionalities.

Prepare the test plans for testing the use cases for SSO and MFA.

Environment: IBM DataPower, IBM Database2 (DB2), IBM Security Privileged Identity Manager (ISPIM), IBM Security Identity Manager (ISIM), IBM Security Access Manager (ISAM), IBM Security Directory Server (ISDS).

Contact this candidate