Access Management Security Specialist

Mohammad Hammad Sawleh- Sr. Security Specialist

Email- **********@*****.*** Phone- 469-***-**** US CITIZEN

Location: - Aubrey Texas

Professional Summary: -

Highly skilled and results-driven Identity and Access Management (IAM) Engineer with over 9 years of experience in the cybersecurity domain, specializing in designing, implementing, and managing IAM solutions across large, complex organizations.

Expertise in IAM tools including Okta, SailPoint, CyberArk, ForgeRock, Saviynt, and Ping Identity, with a proven track record of successful deployments and system integrations in financial, healthcare, and security sectors.

Demonstrated proficiency in implementing Single Sign-On (SSO), Multi-Factor Authentication (MFA), Identity Governance and Administration (IGA), and Privileged Access Management (PAM) solutions to enhance security and operational efficiency.

Experienced in working with both on-premises and cloud-based identity management systems, with deep knowledge of integrating IAM platforms with Active Directory, LDAP, cloud environments (AWS, Azure), and business applications.

Extensive experience in designing and enforcing Role-Based Access Control (RBAC) policies, access reviews, and ensuring compliance with industry standards such as SOX, HIPAA, GDPR, and NIST frameworks.

Skilled in automating user provisioning, de-provisioning, and access request workflows using various IAM tools and scripting languages such as PowerShell, Python, and RESTful APIs.

Proven ability to lead the implementation of IAM solutions from design to execution, working collaboratively with cross-functional teams to ensure successful project delivery on time and within budget.

Strong understanding of identity lifecycle management, including the automation of onboarding, offboarding, and entitlement management processes.

Experience in implementing identity and access management for both internal users and external customers, ensuring secure, seamless access to applications and systems.

Adept in risk management, performing detailed security assessments, audits, and continuously improving access management processes to minimize vulnerabilities and reduce organizational risk.

Proficient in implementing identity monitoring and auditing solutions to detect unauthorized access, ensure compliance, and provide real-time reporting and analysis.

Excellent communication skills with the ability to engage with senior leadership, technical teams, and end-users, ensuring smooth coordination and understanding of IAM initiatives.

Dedicated to staying current with the latest industry trends, technologies, and best practices in IAM and cybersecurity to deliver innovative and secure identity solutions.

Technical Skills

IAM Tools: Okta, SailPoint, CyberArk, ForgeRock, Saviynt, Ping Identity, Microsoft Azure AD, IBM Security Identity Governance

Protocols & Technologies: SAML, OAuth, OpenID Connect, LDAP, SCIM, RESTful APIs

Programming & Scripting: Java, Python, PowerShell, Shell Scripting, SQL

Platforms: Windows, Linux, AWS, Azure

Security Frameworks & Standards: NIST, ISO 27001, SOC 2, HIPAA, GDPR

Authentication: Multi-Factor Authentication (MFA), Single Sign-On (SSO), Conditional Access, Adaptive Authentication

Sr. Security Engineer Fifth Third bank, Cincinnati, OH Mar 2023 to Present

Responsibilities: -

Led the implementation of Okta for Single Sign-On (SSO) and Multi-Factor Authentication (MFA) for over 50,000 users across multiple departments.

Designed and deployed SailPoint's identity governance modules, including access certification and policy enforcement.

Conducted detailed security assessments and integration of third-party applications with Okta’s Identity Cloud.

Designed and executed IAM solutions using Okta API to automate user provisioning and de-provisioning workflows.

Integrated Active Directory with enterprise IAM tools for centralized authentication and authorization.

Developed custom workflows in SailPoint to automate approval processes for user access requests and role changes.

Configured Single Sign-On (SSO) for enterprise applications using Entra ID to streamline access and improve user experience.

Configured Okta Lifecycle Management to automate user account creation, modification, and deactivation processes.

Integrated Okta with internal directory services (Active Directory, LDAP) to synchronize user identities and roles across platforms.

Conducted regular audits and access reviews of Active Directory to ensure compliance with security policies.

Designed role-based access control (RBAC) policies and configured access rights based on user roles.

Worked with the CyberArk team to ensure privileged access management (PAM) is tightly integrated with Okta for enhanced security.

Implemented continuous identity monitoring using Okta’s system logs and auditing features to track suspicious activities.

Managed user lifecycle processes in Active Directory, including provisioning, de-provisioning, and access reviews.

Integrated third-party SaaS applications with Entra ID using SAML and OpenID Connect protocols for secure authentication.

Configured Okta Universal Directory to provide a central repository for user profiles and permissions.

Optimized access management processes for internal and external applications using Okta API integrations.

Conducted access reviews and certifications in Okta to comply with audit requirements and reduce security risks.

Implemented MFA for critical applications, ensuring compliance with industry standards and regulatory requirements.

Developed and maintained detailed documentation for IAM policies, procedures, and configurations.

Enhanced the security of cloud applications through the integration of Okta Adaptive Authentication.

Supported the migration of legacy identity management systems to Okta, improving overall efficiency and user experience.

Managed Conditional Access Policies in Entra ID to enforce multi-factor authentication and reduce unauthorized access risks.

Implemented role-based access controls (RBAC) and group policy enforcement using Active Directory.

Implemented automated reporting to provide real-time insights into identity access trends.

Created policies for conditional access and risk-based authentication for users in sensitive roles.

Managed user access reviews and ensured compliance with internal audit standards.

Assisted with troubleshooting and resolving IAM-related issues across Okta and other integrated applications.

IAM- Security Engineer- HCA Healthcare Nashville, Tennessee Jan 2019 to Mar 2023

Responsibilities: -

Spearheaded the implementation and management of SailPoint IdentityNow for automated user provisioning and governance.

Integrated Azure AD with identity governance solutions like SailPoint and Saviynt for access reviews and compliance.

Integrated SailPoint with HCA’s Active Directory, Workday, and other HR systems to automate the onboarding and offboarding processes.

Configured SailPoint to manage role-based access controls (RBAC) and ensure that only authorized users had access to sensitive data.

Supported integration of SailPoint with third-party applications (e.g., SAP, Oracle) for centralized identity management.

Automated user account management and group membership tasks in Active Directory using PowerShell.

Managed user access reviews and certifications in SailPoint to ensure compliance with HIPAA and other healthcare regulations.

Supported incident response and forensic investigations involving Active Directory compromise scenarios.

Optimized user provisioning processes, reducing manual tasks by 40% and improving operational efficiency.

Provided ongoing support for the SailPoint solution, including troubleshooting and issue resolution.

Developed detailed documentation and best practices for using SailPoint’s identity governance tools.

Led the deployment of SailPoint’s IdentityNow reporting features to enhance visibility into user access patterns.

Implemented self-service password reset and account unlocking features in SailPoint for improved user experience.

Implemented Azure AD Single Sign-On (SSO) to streamline secure access across enterprise applications.

Integrated SailPoint with CyberArk for privileged access management, ensuring that high-privileged accounts were properly secured.

Conducted audits of IAM processes and configurations, ensuring full compliance with internal policies and external regulations.

Managed Azure AD Conditional Access Policies to enforce Multi-Factor Authentication (MFA) and risk-based access controls.

Migration from legacy IAM systems to SailPoint, ensuring a smooth transition and minimal disruption to operations.

Monitored and analyzed Active Directory logs for anomalous activity and potential security threats.

Worked closely with compliance teams to ensure that all IAM policies adhered to SOX and GDPR requirements.

IAM-Security Engineer Goldman Sachs, Hunt Valley, MD June 2016 to Dec 2018

Responsibilities:

Configured and deployed CyberArk’s Privileged Access Management (PAM) solution to manage and monitor privileged accounts across critical systems.

Developed and maintained secure, auditable processes for managing privileged accounts and access to sensitive systems.

Enforced least privilege access principles within Active Directory environments using fine-grained delegation.

Implemented secure authentication mechanisms using CyberArk and multi-factor authentication (MFA) technologies.

Integrated Azure AD with SaaS and on-premises applications using SAML, OAuth, and OpenID Connect.

Designed and maintained secure Active Directory trust relationships in multi-domain and multi-forest environments.

Managed user access reviews and certifications for both standard and privileged accounts to ensure compliance with security policies.

Assisted in setting up ForgeRock for managing external customer identities and enabling secure user authentication.

Configured Azure AD Privileged Identity Management (PIM) to enforce just-in-time (JIT) privileged access.

Worked on improving identity lifecycle management by automating account provisioning and deactivation workflows using Ping Identity.

Conduct migration and restructuring efforts of Active Directory to align with organizational IAM frameworks.

Conduct the integration of Ping Identity for Single Sign-On (SSO) and user authentication across multiple business-critical applications.

Performed forensic analysis on IAM incidents to track unauthorized access and mitigate future risks.

Assisted with implementing Saviynt for Identity Governance and Administration (IGA) across multiple business units.

Developed and deployed IAM-related automated workflows, reducing manual access management tasks.

Education: Bachelor’s in computer science from University of Central Punjab, Pakistan in 2005.

Contact this candidate