IAM ENGINEER
Resume:
Arun M.
Phone: +1-470-***-****
Email: ************@*****.***
Professional Summary:
●Overall 9+ Years of Experience in planning and providing Single Sign-On across enterprise-wide applications using Worked on Ping Identity and CA SiteMinder with improved technical efficiency in Identity & Access Management space.
●Designed and configured Ping Identity Solution for Web Access Authentication using PingAccess and Ping Federate.
●Experience in analyzing, debugging authentication/authorization related issues in PingFederate servers.
●Installed and Configured PingFederate Servers on both Windows and Linux environment as both engine and admin servers.
●Integrated Ping Access Server with PingFederate to protect the applications using PingAccess Gateway.
●Worked on OAuth Grant types to get Access Token in order to access Protected API’s.
●Worked on ID Token to get the user information from user info end point and send to OAuth client in the form of scope.
●Hands on in on boarding Ping OAuth Client IDs for REST Web services Authentication with Grant types: Client Credentials, Access Token Validation (Client is a Resource server).
●Installed and Configured PingFederate servers both in Engine and Admin node and worked on clustering environment.
●Worked on writing the OGNL expressions to meet different vendor requirements in the assertions and restricted the user access by writing OGNL expressions on the issuance criteria.
●Experienced in creating Polices using selectors in PingFederate to accomplish various business requirements.
●Experienced in configuring application in PingOne and creating policies on PingOne Docker for applications.
●Experienced with multiple PingFederate adapters, http adapter, token, composite adapters.
●Created OAUTH Grant types for the OAuth Clients to get the Access Token.
●Experience in using MFA Using PingID solution for the sensitive applications use cases.
●Experience in using multiple Ping Federate adapters http adapter, composite adapters.
●Experience providing federation solutions using SAML 2.0, Ping Federate and CA SiteMinder Federation Service. Enforced the Ping Access policies to authorize the user for a protected resource.
●Experience in enterprise security strategy, architectures, implementation, and production support for a wide variety of applications.
●Experience in services like change management, knowledge on problem and incident management, proficient in tools like ServiceNow and BMC Remedy.
●High quality client facing and customer interaction skills with an enormous degree of learning ability good understanding of Web Technologies like HTTP Protocol, fiddler, SAML Trace, HTML, Web-Form encoding. Involved in testing phases, troubleshooting process. Developed operational and administration manuals.
TECHNICAL SKILLS:
IAM Products
OKTA, PingFederate9.1. PingAcess, PingOne, PingID, CA SiteMinder.
Languages
Shell Script, Python, OGNL.
Operating Systems
IIS, Apache, Tomcat and JBoss
Directory
E-directory,Active Directory.
Incident Management Tools
ServiceNow, and Remedy
Education Details:
Bachelors in computer science & Engineering, JNTU, India.
Masters in computer science, Lewis University, IL.
Client: Freddiemac, Reston, VA July 2021 to till date
Role: Sr. IAM Engineer
●Worked on deploying new SAML,Proxy application using PING Federate and PING Access, OKTA
●Worked on PingFederate APIS and Ping Access APIS
●Worked on OGNL expressions to send the SAML assertion required by the SP.
●Experience in protecting the applications using the PingAccess.
●Responsible for resolving all user management issues.
●Configured Authentication policies for different authentication scenarios.
●Worked on OAUTH grant types to get the access token to access the protected API.
●Supported development with integration of Mobile Apps using OAuth/SAML in PingFederate.
●Experienced in application configuration with PingAccess and defining PingAccess Sites, Site Authenticators, Virtual hosts Policies and Rules.
●Responsible for migration of applications from SSO provider to PingFederate.
●Gather requirements from various application teams and integrate application with PingFederate for single sign on.
●Responsible for automation user creation and maintenance process for various applications.
●Worked on OAuth grant types.
●Worked on MFA PingID solutions for the sensitive applications.
●Worked on cloud PingOne Docker to host the URLS of the service provider and Identity provider applications and connected the PingFederate as the Identity Bridge.
●Experience in using debugging tools SAML tracer, fiddler trace.
●Worked on Restricting access to applications by configuring role attribute and group membership.
Client: City National Bank, Los Angeles, CA May 2020 – June 2021
Role : IAM Engineer
●Worked on migration of SAML and Proxy applications from legacy IAM to the New PingIdentity platform.
●Expertise in implementing SAML as both Identity Provider and Service Provider across multiple Platforms Using Ping Federate.
●Architecture and implementation of Identity and Access Management (IAM) solution Using PingFederate, Risk-based 2-Factor Authentication (using RSA Adaptive Authentication) and OAuth 2.0.
●Worked on Onboarding the Applications using Ping federate and Ping access.
●Onboarded Applications Patterns like SAML, Gateway header, Gateway Token, ROPC and OpenID.
●Experience in Configuring Virtual Hosts, Sites, web sessions, Identity Mappings, and applications to protect the Web resources.
●Experience in Using PingAcess and PING APIS.
●Implemented different grant types for enterprise applications based on application type. For server side implemented Auth Code flows for SPA implemented Implicit and Auth Code with PKCE.
●Experience implementing Client credential grant flow, Resource owner password grant flow.
●Design RBAC for internal customer’s applications in using Ping Federate.
●Worked on Troubleshooting Using Fiddler, SAML Tracer.
●Worked on Single Logout and Logout Redirection for SAML applications.
●Worked on OGNL Expressions as required to send to Service Provider.
●Worked on Splunk to find out logs for Troubleshooting.
Client: U.S.Cellular, Chicago, IL Feb 2018 – April 2020
Role : Security Engineer
●Worked on migration of SAML applications from legacy IAM to the New PingIdentity platform.
●Experience with most standard network security protocols (OAuth, OAuth2, OIDC, WS-Fed, SAML, LDAP).
●Installed and configured PingCentral.
●Created SAML and OAuth templates in PingCentral.
●Configured PingOne for Customers for GoPay.
●Configured PingOne PUSH MFA for native mobile app using PingOne SDK(Android and iOS).
●Configured Passwordless authentication and created a custom Passwordless login template.
●Worked on writing different policies on PingFederate for different use cases using with the help of different selectors.
●Worked on OGNL expressions to send the SAML assertion required by the SP.
●Experience in protecting the applications using the PingAccess.
●Worked on OAuth grant types (Implicit and Authorization grant) and OpenID connect as extension.
●Worked on MFA PingID solutions for the sensitive applications.
●Worked on cloud PingOne Docker to host the URLS of the service provider and Identity provider applications and connected the PingFederate as the Identity Bridge.
●Experience in using debugging tools SAML tracer, fiddler trace.
●Worked on Restricting access to applications by configuring role attribute and group membership.
●Worked on creating reverse proxy for the legacy applications with the help of PingAccess.
●Configured PingFederate and PingAccess logs to the Splunk.
●Created Adapters, Service Provider connections, replicating configuration archive, exporting Metadata, importing, and exporting SSL certificates using Ping Federate.
●Worked on Trouble Shooting with Saml Tracer, Fiddler Executing Procedures and validate the Http Flow from Identity provider to Service provider.
●Worked On multifactor authentication (MFA) for the secure Applications that required MFA By Using Ping ID Cloud application.
●Successfully upgraded Ping Federate Services from 8 to 9 and PingAccess 4.x to 5.x.
●Maintained both Test and Production servers for Ping Federate along with the cluster management and timely Replications to deploy changes to servers.
Client: Eureka IT Solutions, Hyderabad, India Jan 2015 – July 2016
Role : SSO Consultant
●Assigned as SiteMinder Engineer for upgradation, configuration, and deployments of CA SiteMinder policy server and support SiteMinder infrastructure.
●Successfully Upgraded Policy Server version).0 to version R12.51.
●Responsible to check and configure the integration of SiteMinder 6.0 policies to work with roles defined in Identity Manager 6.0
●Involved in the Upgrading of SiteMinder Policy Servers from version 5.5 to version 6.0 and SiteMinder Web Agents from version 5.5 to version 6.x
●Implemented SSO solution in multiple OS environments using Cookie Provider.
●Implemented a strong authentication and authorization framework for the well maintenance of the SSO environment by defining user policies and rules.
●Worked on installing, configuring, and administering CA SiteMinder R12, R12.52 and Sun One LDAP 11 (ODSEE) on Windows, and Linux Platforms
●Experience in installing, configuring SiteMinder policy server, Web agents, Integrity Transaction Minder, Active Directory server (LDAP), Sun One Directory Server and various Web & Application servers.
●Installed, configured SiteMinder policy server Web agents, Active Directory server (LDAP), ASA agents, Domino Agents, and various Web & Application servers.
●Installed and configured various web agents on Apache, IIS 7, IIS 8, and Sun one.
●Configured SiteMinder and PingFederate Environment for SAML Federated Authentication for users coming from partner sites by configuring ID Provider/Consumer using SAML 2.0 POST binding.
●Created policies, realms, rules, and responses to protect the applications and configure them to work under the CA SSO.
●Involved in troubleshooting and resolving the issues and implemented changes to enhance the performance.
●Assisted developers with integration of Mobile Apps using OAuth/SAML in PingFederate.
●Applied patches to SiteMinder infrastructure to meet business needs.
Client: Green Byte Technologies, Hyderabad, India Aug 2012 - Dec 2014
Role : System Engineer
Configured VMware on clustered environment, implemented Migration of Virtual Machines using vMotion, Storage vMotion.
Hot and Cold Cloning of Virtual Machines using VMware Converter.
Virtual Machine Cloning, Templates and Snapshots.
Implementation of Active Directory infrastructure and Network fundamentals, protocols (such as TCP/IP, DHCP, DNS), Group Policy and Profile Management.
Configured VMware HA, VMware DRS in acquiring higher efficiency for VMware Infrastructure.
Provided server and client support for all issues such as logon failures, account lockout, network connectivity and authentication issues.
Installed VMware vSphere 4 and created virtual machines on ESX 4.0 Servers. Created standard images and deployed servers from the images.
Designed and successfully implemented VMware ESX 4.0 servers for server consolidation.
Worked on vCenter Server to manage all the ESX hosts in the datacenter.
Creating and managing virtual machines and templates, worked with snapshots of Virtual Machines
Upgraded 100+ physical servers with latest firmware version.
Involved with designing and implementing VMware backup products and disaster recovery solutions.
Installed & configured VMware virtual center for production &DR site.
Involved in VMware updates manager to install & troubleshoot patches and updates on ESX hosts and virtual machines.
Involved in Installation, Configuration, and Maintaining of Microsoft Windows 2008/2003 Servers.
Worked on VMware Update Manager for updating or patching for all the ESX hosts and Virtual machines.
Integrated HP SAN volumes to the Virtual Infrastructure to store the Virtual Machine files.
Contact this candidate