IAM Engineer

SAKCHHAM SHRESTHA

Irving, TX 469-***-**** ***************@*****.*** LinkedIn

PROFESSIONAL SUMMARY:

• Over 6+ years of hands-on experience in Identity and Access Management (IAM), specializing in SailPoint IdentityIQ

(IIQ), SailPoint IdentityNow, Okta, and CyberArk.

• Skilled in automating identity lifecycle operations, such as provisioning, de-provisioning, and role management, ensuring operational efficiency.

• Proficient in integrating IAM platforms with enterprise systems like Active Directory, Azure AD, ServiceNow, and databases for seamless identity synchronization.

• Expertise in scripting languages like Java, Bean Shell, PowerShell, and Python for workflow customization and task automation.

• Strong knowledge of security protocols like SAML, OAuth, OpenID Connect, SCIM, and TLS/SSL to secure authentication processes.

• Designed custom workflows to provision privileged accounts in CyberArk directly from SailPoint, improving governance and reducing risk.

• Implemented advanced auditing capabilities in CyberArk for privileged account access, ensuring adherence to compliance standards.

• Developed SailPoint connectors for CyberArk integration, enabling real-time provisioning and access reviews of privileged accounts.

• Demonstrated ability to design role-based access control (RBAC) frameworks and enforce Segregation of Duties (SoD) policies for compliance.

• Managed repositories to track, review, and deploy SailPoint configurations, custom rules, and workflows.

• Automated build and deployment processes for SailPoint IdentityIQ using CI/CD pipelines integrated with Azure DevOps.

• Experienced in implementing privileged access management solutions using CyberArk to secure critical resources.

• Adept at creating dashboards and generating compliance reports for streamlined audit readiness and governance.

• Knowledgeable in API integrations and custom connector development to enhance IAM system capabilities.

• Experienced in upgrading and patching IAM systems to maintain their security and performance.

• Proficient in compliance frameworks like PCI DSS, SOX, GDPR, HIPAA, and NIST Cybersecurity for secure identity governance.

• Known for resolving complex IAM challenges and aligning security practices with organizational goals.

• Skilled in conducting role mining activities to refine RBAC structures and reduce access control violations.

• Effective in collaborating with cross-functional teams to address IAM issues and drive process improvements.

• Experienced in training and mentoring teams to improve proficiency in IAM tools and frameworks. EDUCATION:

Southeast Missouri State University, Cape Girardeau, Missouri Master of Science in Cybersecurity

(Info Security and Assurance, Information Security in System Admin, Comp Network Security & Def, Web Application Security, Computational Cryptography)

TECHNICAL SKILLS:

IAM Platforms: SailPoint IdentityIQ (IIQ) (versions 7.2, 8.0), SailPoint IdentityNow, Okta, CyberArk, ForgeRock, Ping Identity, RSA SecurID.

Directories and Authentication: Active Directory, Azure AD, LDAP, AWS IAM, Google Workspace Identity. Security Protocols: SAML, OAuth, OpenID Connect (OIDC), SCIM, TLS/SSL, Kerberos, WS-Federation. Programming and Scripting: Java (REST API development), BeanShell, PowerShell, Python, JavaScript, SQL, XML, JSON, YAML.

Compliance Frameworks: PCI DSS, SOX, GDPR, HIPAA, NIST Cybersecurity, ISO 27001, CCPA. Cloud Platforms: Microsoft Azure, AWS, Google Cloud Platform (GCP). Tools and Technologies: ServiceNow, Apache Tomcat, Kubernetes, Docker, Azure DevOps, Jenkins, Git, JIRA. PROFESSIONAL EXPERIENCE:

Harbor Freight Tools Calabasas, CA April 2022 – Present IAM Engineer / SailPoint Consultant

• Implemented SailPoint IdentityNow for managing cloud-based identities and SailPoint IdentityIQ for on-premises governance, automating the processes of user provisioning and de-provisioning.

• Integrated SailPoint IdentityNow with ServiceNow, automating cloud-based access requests and incident management.

• Designed certification campaigns to improve access reviews, boosting audit efficiency and compliance.

• Automated group management in Active Directory using PowerShell scripts for IdentityIQ and leveraged IdentityNow cloud connectors for provisioning tasks.

• Implemented CyberArk to secure privileged accounts, reducing risks associated with unauthorized access.

• Developed real-time dashboards to monitor IAM system performance and address potential issues proactively.

• Collaborated with compliance teams to enforce SoD policies across both platforms, ensuring alignment with PCI DSS standards.

• Conducted role mining activities to establish RBAC frameworks, improving governance.

• Configured API integrations to enhance communication between IAM platforms and enterprise applications.

• Automated user lifecycle workflows to secure offboarding processes and reduce security vulnerabilities.

• Onboarded diverse applications into IdentityNow and IdentityIQ using connectors such as Active Directory, JDBC, web services, and flat files, ensuring seamless integration.

• Designed custom workflows within SailPoint IdentityNow to support automated ServiceNow ticket creation and resolution.

• Implemented SAML and OAuth protocols in Okta for federated identity management in both environments.

• Developed custom connectors and APIs for data synchronization and process automation across both platforms.

• Performed updates and patches for IdentityNow and IdentityIQ to maintain system security and operational reliability.

• Designed multi-region synchronization workflows for consistent identity data management globally.

• Provided training to teams on workflows and IAM best practices for both platforms, enhancing operational expertise.

• Conducted post-implementation reviews to optimize configurations and improve system performance. Technologies Used: SailPoint IdentityNow, SailPoint IdentityIQ, Active Directory, PCI DSS, RESTful APIs, TLS/SSL, CyberArk, ServiceNow, PowerShell, JavaScript, XML, SCIM APIs, SQL Server. Centene Corporation St. Louis, MO November 2019 – March 2022 SailPoint Developer

• Designed and implemented provisioning policies in SailPoint IdentityIQ for Active Directory, improving access control and resource allocation.

• Automated user provisioning and data aggregation using advanced PowerShell scripts, reducing manual effort and increasing efficiency.

• Validated and tested existing workflows in development and QA environments, ensuring high reliability and performance prior to deployment.

• Configured Single Sign-On (SSO) using SAML for Non-Employee Risk Management, improving security and simplifying access management.

• Developed SCIM API integrations to enable real-time updates and automated lifecycle events in IGA platforms.

• Customized branding and themes for Non-Employee Risk Management sites to align with organizational guidelines.

• Executed platform updates using the SailPoint IdentityIQ API with JSON inputs (GET, POST, PUT, DELETE), enabling efficient system modifications.

• Designed out-of-the-box solutions in SailPoint IIQ to automate access certifications and identity refresh tasks.

• Collaborated with stakeholders to design IAM solutions that align with organizational goals and enhance operational effectiveness.

• Provided Level 3 support through ServiceNow, managing and resolving IdentityIQ related issues.

• Documented configurations, integrations, and workflows for SailPoint IdentityIQ deployments, to ensure repeatable and compliant processes.

• Led the development of custom workflows, rules, and lifecycle workflows for business-specific requirements, collaborating with Privileged Access Management teams.

• Conducted knowledge transfer sessions and post-production support to maximize client understanding and system utilization.

Technologies Used: SailPoint IdentityIQ, Active Directory, ServiceNow, SAML, SCIM APIs, Java, PowerShell, JDBC, JSON, Okta, REST APIs, Oracle Database, Python, XML, CyberArk, Azure Identity Protection, Kubernetes, YAML, SQL Server, JavaScript.

AIG Innovation Hub Brookhaven, GA July 2018 – October 2019 IAM Analyst / SailPoint Consultant

• Implemented SailPoint IIQ to automate access provisioning for healthcare staff, reducing errors and onboarding efficiency.

• Customized workflows using BeanShell scripting to address specific identity management scenarios.

• Integrated Active Directory and Oracle with SailPoint to achieve real-time identity synchronization.

• Designed and executed access certification policies tailored to HIPAA regulations.

• Developed Role-Based Access Control (RBAC) models to ensure least privilege access and streamline user roles.

• Configured SoD policies within SailPoint IIQ to prevent conflicting access privileges across critical business applications.

• Managed Azure AD integration with SailPoint, enabling secure and automated identity synchronization across 500+ user accounts.

• Automated SailPoint server monitoring and database management using Azure tools.

• Conducted comprehensive role mining to refine access control lists and align with organizational least privilege principles.

• Created SoD violation reports to improve governance and proactively mitigate compliance risks.

• Built user role hierarchies to enhance RBAC implementation, aligning with organizational standards.

• Delivered detailed audit reports, ensuring adherence to HIPAA compliance requirements and passing external audits.

• Utilized GitHub and Azure DevOps to manage and version control SailPoint IIQ configuration files and custom workflows.

• Automated the deployment of SailPoint configuration updates using CI/CD pipelines in Azure DevOps.

• Maintained source code repositories for custom connectors and integration scripts in Git and Bitbucket.

• Conducted code reviews and maintained repository standards to ensure security and compliance within IAM systems.

• Streamlined user lifecycle workflows to manage onboarding, transfers, and terminations efficiently.

• Collaborated with compliance teams to design access policies aligned with HIPAA and security standards.

• Performed system patches and updates to maintain IAM solution stability and security.

• Enhanced governance by developing advanced analytics and compliance reporting tools.

• Trained junior team members on IAM tools and methodologies, improving team effectiveness.

• Integrated applications with ServiceNow, improving incident management and operational workflows.

• Partnered with business analysts to translate business requirements into detailed technical specifications for implementation.

Technologies Used: SailPoint IdentityIQ, ServiceNow, Active Directory, Oracle, Bean Shell, Azure AD, RBAC, RESTful APIs, HIPAA, Joiner, Mover, Leaver, Custom Connectors.

Contact this candidate