Access Management Control
Resume:
Rojit Basnet
Email: *********@*****.*** Phone: 469-***-****
Professional Summary
Identity and Access Management (IAM) professional with over six years of expertise, specializing in SailPoint IdentityIQ, SailPoint IdentityIQ (IIQ), and other IAM platforms, delivering scalable and secure identity governance solutions for enterprise environments.
Strong understanding of identity lifecycle management (ILM), including user onboarding, automated provisioning, de-provisioning, certification campaigns, and role-based access control (RBAC), optimizing user access and minimizing security risks.
Extensive experience integrating IAM solutions with Active Directory (AD), Azure AD, LDAP, and cloud identity providers, ensuring centralized authentication and seamless identity synchronization across platforms.
Skilled in implementing authentication and access control mechanisms using SAML, OAuth, OpenID Connect, SCIM, WS-Federation, and Kerberos, enabling secure and frictionless access to business applications.
Proficient in configuring and managing SailPoint IdentityIQ connectors and IdentityIQ provisioning policies, allowing automated user access management across enterprise systems such as ServiceNow, Workday, SAP, and Oracle.
Expertise in writing and customizing SailPoint IdentityIQ and IIQ rules, workflows, and policies using Java, BeanShell, PowerShell, and Python, automating IAM processes to enhance operational efficiency.
Deep knowledge of Privileged Access Management (PAM), implementing CyberArk integrations to enforce least privilege principles and protect high-risk credentials from unauthorized access.
Hands-on experience with User Access Reviews (UAR), entitlement management, and audit reporting, ensuring compliance with security regulations such as SOX, GDPR, ISO 27001, HIPAA, and PCI DSS.
Experience in single sign-on (SSO) and multi-factor authentication (MFA) implementation, leveraging Okta, Ping Identity, and Azure AD to enhance access security while maintaining user convenience.
Strong background in IAM system performance tuning, high availability configurations, and security enhancements, optimizing IAM platforms for scalability and reliability.
Worked extensively with REST APIs, SOAP, and web services to integrate IAM solutions with external applications and develop custom connectors for unsupported platforms.
Experienced in cloud IAM strategies, supporting identity federation and authentication for SaaS applications like Office 365, Salesforce, AWS, and Google Workspace.
Proficient in compliance-driven IAM solutions, designing and implementing security policies aligned with business objectives to reduce risks and maintain audit readiness.
Skilled in IAM automation and DevOps integration, leveraging tools like Jenkins, Git, Docker, Kubernetes, Terraform, and Ansible to streamline identity provisioning and configuration management.
Technical Skills
Category
Items
IAM Platforms
SailPoint IdentityIQ, SailPoint IdentityIQ (IIQ), Okta, CyberArk (PAM), ForgeRock Identity Platform, Ping Identity, IBM Security Identity Governance and Intelligence, RSA SecurID
Directories & Authentication
Active Directory (AD), Azure AD, LDAP, OpenLDAP, Red Hat Directory Server
Security Standards
SAML, OAuth, OpenID Connect, SCIM, WS-Federation, WS-Trust, Kerberos.
Programming languages
Java, BeanShell, PowerShell, Python, Groovy, JavaScript, SQL, Bash
Web Technologies & APIs
REST APIs, SOAP, Web Services, J2EE, Java Servlets, Hibernate, GraphQL
Cloud IAM & Integrations
AWS IAM, Azure IAM, Google Workspace, Office 365, Salesforce, Workday, ServiceNow, Oracle Cloud
Compliance & Governance
SOX, GDPR, ISO 27001, HIPAA, PCI DSS, NIST
DevOps & Automation
Git, Jenkins, Docker, Kubernetes, Terraform, Ansible, Puppet
Professional Experience
Goldman Sachs – Dallas, TX Aug 2022 – Present SailPoint Developer/ IAM Analyst
Deployed SailPoint IdentityIQ as the enterprise IAM solution, optimizing identity lifecycle management (ILM), provisioning automation, and role-based access control (RBAC) to enhance security and operational efficiency.
Worked with IdentityIQ workflows, policies, and transform rules, utilizing Java, BeanShell, and PowerShell to automate user provisioning, de-provisioning, and access certifications with minimal manual intervention.
Established seamless Active Directory (AD), Azure AD, and LDAP integrations with IdentityIQ, enabling real-time synchronization and attribute-based access control (ABAC) for streamlined user authentication and governance.
Designed and enforced SSO and federated authentication frameworks using SAML, OAuth, and OpenID Connect, providing secure, frictionless access to enterprise cloud applications and SaaS platforms.
Spearheaded the automation of user access reviews (UARs) and certification campaigns, leveraging IdentityIQ's governance features to meet regulatory compliance mandates, including SOX, GDPR, and ISO 27001.
Led the integration of Workday, SAP, ServiceNow, and Oracle with IdentityIQ, automating HR-driven identity lifecycle processes to ensure dynamic role assignment and access consistency.
Designed predictive access analytics models to anticipate role changes and suggest access modifications based on user behavior, reducing helpdesk requests for access issues.
Deployed automated risk-based access reviews using machine learning algorithms, prioritizing high-risk entitlements for faster compliance resolution.
Designed and implemented custom SailPoint connectors to onboard legacy and third-party applications, expanding the scope of IdentityIQ provisioning while maintaining policy-based access governance.
Conducted in-depth IAM security assessments, identifying misconfigured access policies and vulnerabilities, then implementing automated remediation strategies to fortify identity security.
Managed Privileged Access Management (PAM) integrations by aligning IdentityIQ with CyberArk, enforcing just-in-time (JIT) privileged access requests and periodic access reviews for high-risk accounts.
Developed REST API-based integrations with external applications, extending IdentityIQ’s identity governance capabilities and enabling real-time access synchronization across multi-cloud environments.
Led containerized deployments of IdentityIQ infrastructure components, leveraging Docker, Kubernetes, Terraform, and Ansible to automate environment provisioning, scalability, and disaster recovery.
Diagnosed and resolved IdentityIQ provisioning failures, API synchronization issues, and policy misconfigurations, ensuring smooth end-user access experiences and eliminating account discrepancies.
Created and delivered technical documentation, knowledge transfer sessions, and IAM training programs for IT teams, driving enterprise-wide adoption of IdentityIQ capabilities and best practices.
Developed and optimized RBAC and dynamic role mining strategies, leveraging IdentityIQ's AI-driven insights to eliminate excessive access rights and enforce least privilege principles.
Worked on a full-scale migration from a legacy IAM system to SailPoint IdentityIQ, defining migration strategies, designing target access models, and executing a phased rollout that minimized business disruption.
Technologies Used: SailPoint IdentityIQ, Sailpoint Identity Now, Active Directory, Azure AD, LDAP, SAML, OAuth, OpenID Connect, Java, BeanShell, PowerShell, REST APIs, CyberArk, Workday, SAP, ServiceNow, Oracle, Docker, Kubernetes, Terraform, Ansible.
Magellan Health – Phoenix, AZ May 2020 – Jun 2022
SailPoint Consultant
Worked on SailPoint IdentityIQ (IIQ) implementations and upgrades, designing scalable identity governance solutions with automated provisioning, policy-driven access controls, and certification campaigns to improve security and compliance.
Developed and fine-tuned custom workflows, rules, and lifecycle event triggers in IdentityIQ, using BeanShell, Java, and PowerShell to automate user provisioning, entitlement assignments, and access remediation.
Implemented RBAC and ABAC in IdentityIQ, optimizing access policies to comply with SOX, GDPR, and HIPAA.
Integrated SailPoint IIQ with CyberArk PAM, implementing automated privileged access reviews based on user behavior analysis.
Integrated Active Directory, Azure AD, LDAP, and cloud-based identity stores with IdentityIQ, ensuring secure and seamless identity synchronization across hybrid enterprise environments.
Implemented IdentityIQ workflows for automated user onboarding and offboarding, reducing manual provisioning workloads and improving efficiency.
Developed customized connectors for integrating unsupported applications with IdentityIQ, expanding provisioning capabilities while maintaining governance and security best practices.
Managed Privileged Access Management (PAM) integrations, configuring IdentityIQ to enforce CyberArk-based privileged access requests, credential vaulting, and session monitoring for high-risk users and administrators.
Worked on comprehensive IAM risk assessments and security audits, identifying misconfigured access rights, dormant accounts, and excessive entitlements, then implementing remediation strategies to close compliance gaps.
Engineered SCIM-based provisioning solutions to automate identity lifecycle management for third-party SaaS applications, ensuring real-time access updates based on user attributes and role changes.
Migrated legacy on-prem IAM environments to SailPoint IdentityIQ, designing a phased implementation strategy that optimized security controls while minimizing operational disruptions.
Provided in-depth technical training and knowledge-sharing workshops for client IT and security teams, empowering them to manage IdentityIQ configurations, troubleshoot issues, and enforce IAM best practices.
Implemented CI/CD pipelines for IAM automation using Jenkins, Terraform, and Ansible, enabling seamless deployment of IdentityIQ updates and infrastructure-as-code (IaC) provisioning.
Developed and enforced IdentityIQ security policies, ensuring alignment with industry standards, corporate security strategies, and regulatory compliance requirements.
Conducted identity risk assessments and entitlement reviews, leveraging IdentityIQ analytics to detect unauthorized access patterns and enforce least privilege policies across critical applications.
Designed custom reporting dashboards within IdentityIQ, providing stakeholders with real-time insights into access trends, policy violations, and audit compliance metrics, ensuring proactive security governance.
Technologies Used: SailPoint IdentityIQ, CyberArk, Active Directory, Azure AD, LDAP, SCIM, REST APIs, Workday, ServiceNow, Java, BeanShell, PowerShell, Terraform, Ansible, Jenkins, SQL, Oracle, Unix/Linux, Docker, Kubernetes, AWS, Azure, GCP, JIRA, Confluence, Git, Maven.
USAA, Plano, TX. Sep 2018 – Apr 2020
Junior SailPoint Developer
Assisted in the design, development, and implementation of SailPoint IdentityIQ solutions, supporting automated identity lifecycle management, user provisioning, and access governance.
Developed custom rules, workflows, and provisioning policies in IdentityIQ, using BeanShell, Java, and PowerShell, enhancing automation and reducing manual intervention in access management processes.
Collaborated with senior developers to integrate Active Directory, Azure AD, LDAP, and enterprise applications with IdentityIQ, ensuring seamless authentication and access synchronization.
Helped configure SAML, OAuth, and OpenID Connect-based authentication mechanisms, supporting single sign-on (SSO) and federated identity management across cloud and on-premises applications.
Assisted in the implementation of IdentityIQ certification campaigns and user access reviews (UARs), ensuring compliance with regulatory standards such as SOX, GDPR, and ISO 27001.
Provided support for IdentityIQ troubleshooting and debugging, resolving provisioning failures, access request issues, and policy misconfigurations.
Contributed to the development of custom connectors for integrating third-party and legacy applications with IdentityIQ, expanding provisioning and access governance capabilities.
Created and maintained technical documentation for IdentityIQ configurations, workflows, and policies, ensuring clear guidelines for IT teams and auditors.
Assisted in performing role mining and role-based access control (RBAC) analysis, optimizing access policies and reducing excessive user privileges.
Worked on CyberArk integrations with IdentityIQ, enabling secure management of privileged accounts and enforcing least privilege access principles.
Supported the development of REST API-based integrations to extend IdentityIQ’s identity governance capabilities and improve interoperability with other IT systems.
Conducted unit testing and debugging of IdentityIQ workflows and rules, ensuring high-quality deployments and system stability.
Helped in deploying and configuring IdentityIQ application servers (Tomcat, WebLogic, JBoss), optimizing performance and scalability.
Participated in team meetings and collaborated with business analysts to understand IAM requirements and translate them into technical solutions within IdentityIQ.
Assisted in upgrading IdentityIQ environments by testing patches, applying configuration updates, and troubleshooting post-upgrade issues to ensure smooth transitions.
Technologies Used: SailPoint IdentityIQ, Active Directory, Azure AD, LDAP, SAML, OAuth, Java, BeanShell, PowerShell, REST APIs, CyberArk, SQL, WebLogic, Tomcat, JBoss.
Education:
Bachelor of Science in Information System, University of Texas at Arlington, Arlington, TX
Contact this candidate