Identity Access Management Information Security

Sunny Shrestha

****************@*****.***

SUMMARY:

Around 12 plus years of experience in IT field including Installation, Configuration, Development, Deployment, Administration, Trouble Shooting and network security, database systems, and Enterprise Document Management in large scale organizations.

Performing daily operations support and maintenance of all security technologies centric to Privileged Access related information security solutions.

Hands on experience with IIS, IBM IHS, Apache, Sun One Web servers and WebLogic and WebSphere Application servers in Identity and access management environment.

Worked with Active Directory, LDAP/UNIX groups, Networks, Human Resource systems for Identity and Access Management.

Designed SailPoint deployment activities - connector configuration, custom rule development, workflow configuration, and development and third-party system integration.

Experience with Implementation and Administration of SailPoint for large population of users

Experience in SailPoint tool customization, Report Generation, Integration with end/target systems, SailPoint API's and Application Development.

Expertise in creation of custom connectors, tasks and email templates in SailPoint.

Expert in designing and implementing customized solutions for Connectors, LCM workflows, Roles, Policies and Reports.

Designed and Implemented access request forms/workflows.

Determining Access Management and observing the activities of organization using incident management.

Proficient in creating and modifying workflows for implementing business flows as per the requirements.

Worked on Policy Enforcement: Risk-based approach prioritizes violations and reports on violations.

Implemented Life Cycle Manager Process automation reducing custom workflow coding eliminates the need to hard code end user request forms.

Strong working knowledge on LCM request configuration, LCM event configuration.

Good knowledge on REST, SCIM API’s and JSON Scripts.

Strong experience utilizing various XML parsers in J2EE solutions (DOM, SAX, and XSLT).

Strong knowledge in developing Web Services using SOAP, WSDL and XML.

Strong development knowledge on creating policies of data provision for different applications.

Strong understanding of IdentityIQ Console to troubleshoot the connectivity problems.

Debugging & Troubleshooting IIQ Application with the help of Debug feature of SailPoint.

Exposure in SailPoint IIQ (8.x).

Expertise in developing applications using Java, J2EE (Servlet, JSP and JDBC), HTML.

Expert in using Databases such as Oracle, My SQL, MS SQL Server etc.

Extensively used various application/web servers like Web Logic, Web Sphere, Apache-Tomcat.

Developed product customizations in Java and Bean shell to meet customer requirements.

Involved in to manage post implementation for user testing, debugging, support and maintenance.

Developed BuildMap rules, Pre-Iterate rules and Customization rules using Java.

Created custom form to create an identity manually and validated the form field values as per the requirement.

Rectified the error of creating duplicate entitlements for one application of type Delimited file by manipulating the Build Map Rule.

Work with identity solution, Forefront Identity Manager, SailPoint Identity IQ. This includes installation of software and managing the Windows Servers.

Technical Skills:

Identity and Access Management

SailPoint Identity IQ 7.0,7.1,7.2,7.3, 8.0,8.1,8.2,8.3, Okta, Identity Now(IDN), ISC

Directory Server

Microsoft AD, LDAP

Operating systems

Linux, Windows

Languages/Technologies

Java/ J2ee Technologies, XML, JSF, BeanShell

Databases

Oracle, MySQL, MS-SQL, DB2

Application/Web servers

Tomcat, WebLogic

Other Utilities

IDE Eclipse and NetBeans

PROFESSIONAL EXPERIENCE:

Atos/Eviden

IAM Sailpoint Engineer Remote

Responsibilities: May 2024 – Feb 2025

Analyzed the application before on boarding to get extract of application with the user unique ID, access levels and permission and do deep dive sessions.

Deployed several custom-developed Sailpoint connectors to connect various client systems.

Designed and implemented SailPoint build processes, code migration, and source control use.

Installed and configured RACF SailPoint connector to integrate with Mainframe systems

Provides provisional user access, manages applications, and assigns roles utilizing LCM.

Designed SailPoint deployment activities - connector configuration, custom rule development, workflow configuration, development and third-party system integration.

Designed and maintained NERM-specific policies within SailPoint to enforce security standards for external users accessing critical systems.

Participate in all SailPoint deployment activities - connector configuration, custom rule development, workflow configuration and development, third party system integration.

Installed and configured IAM solution components.

Integrated SailPoint ISC platform with enterprise systems (e.g., Active Directory, SAP, ServiceNow) for seamless identity synchronization and automation.

Implemented and configured SailPoint IdentityNow solutions to streamline identity governance processes and improve user access management across the organization.

Developed custom workflows and business rules in SailPoint IdentityNow to automate user access requests, approvals, and certifications.

Developed and managed NERM workflows in SailPoint IdentityNow, streamlining onboarding and offboarding processes for non-employee users.

Troubleshoot any system failures, identify root cause and fixed issues.

Exposure in Writing lifecycle events.

Integrated NERM policies with IAM platforms like SailPoint for automated provisioning and deprovisioning.

Exposure in Working on creating custom forms and workflows and rules.

Onboarded Application like webservice connector, JDBC, delimited, Active Directory, Salesforce.

Developed Composite Applications using SailPoint IIQ.

Installation and updates of the prerequisite databases and LDAP directory servers Created and modified workflows for implementing business flows.

Implemented Self-service feature, Password feature, Provisioning feature and policies in SailPoint.

Implemented CIEM solutions to detect and remediate excessive permissions and misconfigurations in cloud environments.

Ebay New York,NY

Sr. IAM Sailpoint Engineer Sept 2018- March 2024

Responsibilities:

Design, implemented a solution which manage the Identity lifecycle of almost all applications with the enterprise, without directly controlling the identity store within the application.

Development of identity federation connectors from SailPoint to target systems, along with subsequent access control by SecureAuth.

Ensure requirements gathered, processes defined, and use cases documented follow out of the box configuration vs. customization as much as possible

Develop SailPoint deployment and solution architectures.

Developed and implemented a comprehensive change and readiness plan in support of a SailPoint IdentityNow process and system Implementation.

Exposure in migration of identity governance solutions to SailPoint IdentityNow, ensuring a smooth transition from legacy systems while minimizing business disruption.

Integrated feature flags application within SailPoint's SaaS product IdentityNow.

Performed Sailpoint DR activities AWS infrastructure teams.

Involved in creating custom reports, certifications to cater various data feeds.

Build and Configure SailPoint IdentityNow in-built tasks like aggregation, ID refresh, schedule tasks, correlation, etc.Designed and implemented SailPoint build processes, code migration, and source control use.

Involved in approvals process workflow design and rule creations using bean shell and xml.

Achieved SOX and PCI compliance by building a flexible and scalable framework to provide authentication and authorization services while supporting rules/roles/languages requirements for various International countries.

Worked on the scrum team responsible for Ul components in Sailpoint IdentityNow, a cloud-based identity management and governance solution.

Worked on developing user provisioning and de-provisioning workflows, aggregation, tasks, rules and roles in Sailpoint IdentityNow.

Maintained user account workflows using form Joiner, Mover and Leaver.

Involved with existing Provisioning Team for the application in order to make it fit in to IIQ and to get the existing User Access Management (UAM) model.

On-boarded applications using Provisioning application’s requests in IIQ.

Implemented and Scheduled various type of User Entitlement Reviews for applications and databases in a timely manner to all the business areas across the organization.

Performed exhaustive audit of the Active Directory infrastructure via Windows PowerShell

To implement Change Requests in IIQ, Drawing Scheduling of Events and Shape of the weekend for Business check Outs.

Configured Federation services for the Applications single sign On in AWS .

Developed Role Model Templates based on the applications on boarding by getting engaged with various business people and TS also.

Used JSON for data exchange between browser and serve

Responsible for developing Docker Images to configure API Gateway, my sql and migrating gateway and joining individual images to make complete automation.

Developing Adaptor, Scheduler, Connector with the Help of API.

Developed LCM events Joiner, Mover, Leaver, Update, and Event based Certifications in SailPoint IIQ.

Involved in Configuring Gateway cluster and auto provision a Gateway.

Implementation of different direct/custom connectors to connect Mainframe (RACF).

Configured workflows and Integration for life cycle events.

Performance tuning and problem determination for IAM solution.

Worked with business and Analysts to document system requirements for IdentityIQ.

Demonstrated role based user provisioning that leads to implementation of IIQ. Centralized identity data, roles, business policy and risk modeling to support compliance initiatives and user lifecycle management.

Control over user access to sensitive applications data while streamlining the access request. Re-certification, Connector Development process using SailPoint Identity IQ.

Worked on Application connector configurations like delimited, JDBC, AD.etc.

Gathered requirements billing application back-end and creating business and technical documentation.

Customization of the SailPoint IIQ product to implement enterprise security and access control.

Developed workflows for life cycle events joiner and leaver.

Created the custom task to launch the business process (Work Flow) as per the requirement specification.

Citi Group Harvard,IL

Sr. IAM Engineer Dec 2015 - Aug 2018

Responsibilities:

Developed and arranged the Roles with access policies to procurement of clients in to the LDAP Groups.

Provided the capability of categorizing user access by job description for ease of user access provisioning.

Providing Role-based access control (RBAC) analysis, design and implementation expertise w/in the company's SailPoint IIQ access management system installation; collaborating w/lean purposed IAM software development team to improve + expand the adoption of a logical and functional RBAC framework.

Integrated SailPoint Identity IQ with multiple external databases and applications for provisioning and de-provisioning using Active Directory and LDAP.

Integrated application utilizing SailPoint IIQ Out of the Box connectors and custom connectors.

Worked on troubleshooting system software and hardware, particularly to investigate problems related to device drivers provisioned by the SailPoint IIQ Solution.

Configured and Deployed SailPoint Identity IQ for use in a multi-tenant network and security environment.

Involved in the development of design and security documentation for SailPoint IIQ components.

Provided use cases and business processes for support groups on role, entitlement, provisioning and de-provisioning.

Analyzed and implemented application data workflows by working with architecture and security access groups and created templates.

Worked on providing the capability of categorizing user access by job description for ease of user access.

Implemented Access Certification, Automated Provisioning and Governance aspects of IIQ. Develop complex workflows and service adapters in the SailPoint Identity IQ configuration interface. In the process of upgrading the IdentityIQ product from SailPoint 6.3 to SailPoint 7.0.

Performed Installation and configuration of SailPoint 7.0. Configured Flat files and JDBC connectors in SailPoint. Assist in updating (SailPoint IIQ) workgroups. Monitor SailPoint IIQ product functionalities.

Performed OOTB Integration with multiple applications such as AD, Exchange, LDAP, Delimited File, Workday File’s and Mainframe RACF.

Managed client requirements and configure SailPoint connectors. Responsible to manage Administration functionality of the SailPoint such as loading data, create roles, create policies, scheduling tasks and certifications and reports.

Worked on developing user provisioning and deprovisioning workflows, aggregation, tasks, rules and roles in SailPoint IIQ.

Worked on Out of the Box connectors provided by SailPoint IIQ and developed custom connectors using JAVA and Web Services to integrate with target applications.

Designed and deployed SailPoint Identity IQ to connect to data sources on diverse agency networks and integrated SailPoint IIQ data with multiple external databases and applications.

Worked with multiple agencies to identity unique requirements and characteristics and translate them into the design of overall system.

Administered user accounts and profiles and performed test planning and test activities for SailPoint Application post patch application.

Interacted with application teams that manage major user repositories and need to automate user access request process, to gather requirements, design and deliver solution to integrate with the existing IDM implementation.

Troubleshoot logon and access permission issues, to enable successful application and project timelines.

Truist Financial Corporation Atlanta,GA

Sailpoint Engineer April 2014 – Nov 2015

Responsibilities:

Highly dynamic environment with sprint teams using agile methodology.

Involved in the development of Solution Design Overview document and technical document.

Development of identity federation connectors from SailPoint to target systems.

Created Custom tasks, Custom Objects to update the entities in the system which are scheduled every week.

Built Joiner, Mover and Leaver workflows to maintain user accounts.

Involved in creating custom reports, certifications to cater various data feeds.

Participated in all SailPoint deployment activities - connector configuration, custom rule development, workflow configuration and development, third party system integration.

Analysis of the specifications provided by the client and help Project Manager to estimate the effort required.

Developed Rules like Build Map, Correlation, Exclusion, Policy Violation, Policy Formatting etc., as part of connector development.

Designed and implemented custom solution for end users to request Identity IQ capabilities following proper approval and auditing process. This feature is not available to end users by out of box.

Implementing the provisioning feature of SailPoint IIQ by using various connectors like LDAP, Workday, etc.

Involved in Configuration and development of SailPoint Life Cycle Events (LCM).

Configuring various roles and policies in SailPoint.

Implemented Restful web services to connect the AC and SailPoint applications and fetch the data into portal application.

Perform Installation and configuration of SailPoint IdentityIQ.

Develop custom SailPoint BuildMap Rules and Workflows as per the business needs.

Setup applications Active Directory, LDAP, Oracle and Flat Files.

Providing solutions for the changing business requirements.

Implement REST classes using SailPoint Rest Application.

Using IIQConsole for operations such as checkout, import, connector Debug etc.,

Used IQService as part Identity IQ for Active Directory (AD) provisioning.

Anthem Indianapolis,IN

IAM Engineer March 2013 – Feb 2014

Responsibilities:

Developed build map rule, creation rule and customization rule to create Employee and Contractor user accounts into SailPoint from their current application’s exported feed file.

Developed a custom form in the SailPoint UI so that various admins can create Employee/Contractor user accounts manually through UI and provision users.

Manage client requirements and configure connectors for 50+ applications.

Created and ran the aggregation task to bulk load authoritative source data from Active Directory, Exchange and LDAP.

Developed a creation rule to run update, terminate and rehire transactions on specified Employee and Contractor user accounts based on the feed file data.

Developed a scheduler using Java that will periodically run to terminate contractors on their specified contract end date.

Set up SailPoint IIQ policy server on 4 environments (Dev, QA, UAT & Production).

Developed build map rule, creation rule and customization rule to create Employee and Contractor user accounts into SailPoint from their current application’s exported feed file.

Developed a custom form in the SailPoint UI so that various admins can create Employee/Contractor user accounts manually through UI and provision users.

Created and ran the aggregation task to bulk load authoritative source data from Active Directory, Exchange and LDAP.

Developed a creation rule to run update, terminate and rehire transactions on specified Employee and Contractor user accounts based on the feed file data.

Developed a scheduler using Java that will periodically run to terminate contractors on their specified contract end date.

Developed a code that will send expiration notification to Contractors.

Developed a scheduler that would periodically check for Name change requests in the feed file data and will change the name of respective Employee account.

Developed a java code that will consolidate role details of user accounts into a CSV file and send to HR or Application Admin. The admin can then act upon the access of users accordingly.

Involved in design and implementation of IdentityIQ solution in FDIC, configuring Active Directory, and Shared Folders.

Established measures, metrics, and goals to drive performance as per business, security, and IT needs.

On boarded various applications like delimited file, AD etc.

Developed BuildMap rules, Pre-Iterate rules and Customization rules

Developed Delegation rules, customized certifications to send email notifications as per client needs.

Involved in creating custom reports, certifications in order to cater various data feeds.

Client form validations are done using HTML, Java Script.

Implemented and Customized Manage Access and Manage Identity modules as per customer requirements in SailPoint IIQ.

Provide SailPoint application consulting and development support to consumer applications as required.

Strategized venture checking and details reports to plainly convey the task guide Configuration and development of SailPoint Life Cycle Manager (LCM).

Education : Bachelor in Business Administration, Tribhuvan University, Nepal,2012

Contact this candidate