Cloud Security Directory Services

Location:

Riverside, CA

Posted:

May 28, 2025

Contact this candidate

Resume:

Sridevi Vydha

: ***********@*****.***

: +1-502-***-****

Summary:

●Around 15+ years overall in IT, 10+ years of extensive experience as a LDAP/Directory Services, PingOne, Ping Access and Identity, PingOne for Customers, PingDirectory, PingFederate, ISIM, PIM, Microsoft Identity Management MIM, ISAM 9, Sailpoint IdentityIQ, RadiantOne, CIAM technologies like Ping/ForgeRock, Okta, Workday IAM, PlainID IAM, GCP, CIC [OKTA Customer Identity Cloud], Tivoli Identity, Azure AD cloud, Google cloud Security, Oracle - (Identity, Access, Unified Directory), CASiteminder, TWS (Tivoli Workload Scheduler), Active Directory by handling all the aspects of administration tasks such as day-to-day site Monitoring in OEM could control and Maintenance as well as J2EE development.

●Experience in PingDirectory, LDAP/Directory Services IBM SDS 6.4 domain specializing in RedHat/Oracle/Sun One Java Enterprise Directory Server, ODSEE 6.3.1/greater

●Working experience in ISVA: IBM Security Verify Access, PingAccess, ISVG: IBM Security Verify Governance, SDI: IBM Security Directory Integrator

●Excellent integration experience with external systems (OAM, PingFed, Azure, Google cloud security)

●Worked in IBM cloud to avail the computing services of IBM – SaaS, PaaS and IaaS

●Work experience with Ping Identity and PingAccess, Postgres, CosmosDB, SQL databases

●Skilled in maintenance and support of LDAP Directory Services in Ping, RedHat Linux, UNIX/Solaris and Windows based environments

Educational Details : Master of Computer Applications, Osmania University, India, 2002

Certifications: Sun Certified Java Programmer 1.5

Professional Experience:

IAM Architect Jan 2025 - Till date

Cognizant - FlagStar Bank

●Develop and architect scalable, secure IAM solutions for an organization's infrastructure.

●Establish role-based access control (RBAC) and least privilege principles.

●Integrate IAM solutions with existing applications, databases, and cloud environments.

●Ensure IAM solutions align with security standards, regulations, and industry best practices.

●Oversee identity federation and SSO (Single Sign-On) across systems.

●Continuously monitor IAM systems for anomalies, security risks, and performance.

●Design secure authentication systems, including multi-factor authentication (MFA).

●Assess and mitigate security risks associated with user access and authentication.

●Work with security, IT, and development teams to align IAM strategies with overall enterprise CIAM technologies like Ping/ForgeRock, Okta

●Architecture.

●Monitoring experience include Server health, Tasks and custom processes related to SailPoint IdentityIQ

●In SailPoint IdentityIQ managed (Access, Resource, Identity, Application) related setup, operations tasks, also MyTasks and MyWork related tasks

●On SailPoint IdentityIQ side, worked with (Warehouse, Correlation, RiskModel, Operations) Identities side

●On SailPoint IdentityIQ side, worked with (Definitions, Rapid Setup, Entitlement Catalog, Application Risk Model and Activity Target Categories) Applications side

●On SailPoint IdentityIQ side, worked with (Advanced Analytics, Reports, Identity Risk Scores, Application Risk scores) Intelligence side

●On SailPoint IdentityIQ side, worked with (Certifications, Roles, Policies, Alerts, Tasks, Groups, Business processes, Lifecycle events, Batch requests) Setup side

●Offer expertise and training on IAM concepts and best practices to other teams and users.

●Support multi-domain Active Directory environments in a hybrid configuration to Azure Cloud, involving Identity Integration through Azure AD Connect.

●Administer and support Azure Active Directory (Azure AD) for cloud-based identity and access management.

●Manage Azure AD users, groups, and devices, and support existing conditional access policies.

●Monitor and review AD and Azure AD logs and alerts to identify and resolve potential issues before they impact system performance.

●Troubleshoot and resolve authentication and authorization problems across both AD and Azure environments.

●Implement security controls to protect Active Directory and Azure AD environments, ensuring they comply with internal policies and regulatory requirements.

●Assist in audits and security assessments, addressing vulnerabilities and maintaining secure configurations, Experience in remediation for SOX/PCI/HIPAA compliance auditing.

●Work closely with other IT teams to implement and integrate AD and Azure services with various enterprise applications.

●Document processes, procedures, and configurations for both Active Directory and Azure AD systems.

Web Analyst and Ping IAM Architect or Oracle Solution Architect Jan 2024 - Dec 2024

TCS - NYL (New York Life Insurance)

●Worked with CMDB (configuration management database) as part of IT Service Management (ITSM) and IT Operations

●in PingDataGovernance context usually means grouping of application-specific entitlements such as LDAP groups, application privileges, account attribute values that match a specific PingAccess control list and so on.

●in PingDataGovernance context the roles are processed differently. Role definition has to be processed before the user logs into the system for the first time.

●In an PingDataGovernance role means that the account will be associated with (made member of) a particular LDAP group or application privilege at the time when the role is assigned to user (a.k.a. "just in case" approach), long before the user logs in.

●Used as a centralized repository for storing information about configuration items (CIs) in an IT infrastructure. This includes hardware, software, network devices, and services.

●IT jobs often involve tracking and managing IT assets throughout their lifecycle. CMDB helps maintain accurate records of asset configurations, locations, ownership, and other relevant details.

●CrowdStrike Falcon was installed in both (Windows and Linux) servers to meet Google cloud security standards

●For secure connection, coordinated with stake holders and updated the certifications SP side and got the update done idP side

●Strong expertise in editing, managing, and troubleshooting XML policy and configuration files.

●Provide production support, monitoring and maintenance to PlainID policies.

●Provide support to PlainID policies in all environments.

●Analyze PingAccess Management Policy requirements for PlainID implementation.

●Perform PlainID Policy migrations between environments (Dev, Test, UAT, Stage, Production and Training)

●Monitored, maintained, troubleshoot, patchwork, updates required of PingFederate8 in all environments starting from Dev to Prod and also for the Linux OS servers, iPlanet Web Servers, IBM MDM/IIS, Oracle WebLogic Application, Portal Servers, Windows Servers on-prem and on the cloud.

●Integration of the new applications with CIAM technologies like Ping/ForgeRock, Okta PING FEDERATE or Ping Suite of product

●Writing custom policy in Azure B2C, GCP, implanting Federation with Azure AD, managing the entire details in the cloud models of (IAAS and PAAS)

●Macros were used while Automating Repetitive Tasks, Data Manipulation and Cleaning, Generating Reports, Custom Functions and Calculations, Interactive User Forms

●PingOne user management, cloud resources, and account usage monitoring.

●Managed workspace identities, PingAccess control, settings, and features for individual workspaces in the account.

●Managed PingDirectory, Active Directory infrastructure, including user accounts, groups, and organizational units.

●Managed identity lifecycle processes, including provisioning and de-provisioning of accounts in active Ping directory and PingOne

●Implemented security measures, including PingAccess controls and permissions in active directory

●Conducts regular audits of AD permissions and PingAccess logs to ensure compliance, Experience in remediation for SOX/PCI/HIPAA compliance auditing.

●Develops and manages backup strategies for Active Directory data and configuration.

●Monitors AD performance metrics, such as replication health and login times.

●In Identity Gateway, enables Single Sign-On (SSO), allowing users to authenticate once and gain PingAccess to multiple applications or systems without needing to re-enter credentials. Ensures that user credentials (e.g., username, password, multi-factor authentication) are validated against an identity provider, granting secure PingAccess to various systems within an organization.

●In Identity Gateway managed role-based PingAccess control (RBAC) or attribute-based access control (ABAC), checking if the authenticated user has the correct permissions based on their roles, attributes, or other criteria.

●In Identity Gateway supports protocols like SAML (Security Assertion Markup Language), OAuth, and OpenID Connect to allow seamless authentication and authorization between disparate systems, helping users to authenticate once and gain PingAccess to external systems or partner resources.

●In Identity Gateway It synchronizes user identities between directories, applications, and systems, ensuring that users have the right PingAccess at the right time. For example, when a user joins or leaves an organization, their access rights and accounts are created or revoked across multiple platforms.

●In Identity Gateway It tracks and logs authentication events, PingAccess attempts, and system activities to ensure compliance with security standards and regulations (e.g., GDPR, HIPAA). The data collected can be used for auditing purposes, monitoring suspicious behavior, or generating reports for compliance checks. These roles ensure that an Identity Gateway can provide robust security, seamless user experience, and regulatory compliance across enterprise IT environments.

●Operations Experience with CyberArk or similar privileged access management tool.

●Experience managing users and groups for Openldap, git, Jenkins, etc.

●Experience in Install and Maintain Directory services like AzureAD, OpenLDAP, creating, managing, monitoring, the entire details in the cloud models of (IAAS and PAAS)

●B2C (Business-to-Consumer), Design and Implement Customer Identity Flows, Create and manage secure, user-friendly registration, login, password reset, and MFA flows for consumers.

●B2C (Business-to-Consumer), Integrate IAM Solutions with Consumer-Facing Apps, Implement IAM platforms (e.g., Auth0, Azure AD B2C, Okta) with web/mobile applications.

●B2C (Business-to-Consumer), Manage Authentication and Authorization Policies, Define rules for how users authenticate and what they can access post-login.

●B2C (Business-to-Consumer), Ensure Security and Compliance, Apply best practices for secure token handling, data privacy, and regulatory compliance (GDPR, CCPA).

●B2C (Business-to-Consumer), Monitor, Troubleshoot, and Optimize IAM Services, Maintain availability, log access events, monitor for suspicious activity, and optimize performance.

●Installation and Configuration of F-5 / BIG IP Load Balancer to work with Weblogic Server

●As a SQL Administrator, focusing on performance, availability, and data integrity

●As a SQL Administrator, Database Installation and Configuration of SQL Server, PostgreSQL, CosmosDB

●As a SQL Administrator, Set up server instances, storage configuration, and initial security settings.

●As a SQL Administrator, Monitor slow queries, CPU/memory usage, and I/O bottlenecks, Optimize indexes, queries, and execution plans.

●As a SQL Administrator, Apply patches and updates to address security vulnerabilities, set up maintenance plans (index rebuilds, statistics updates, consistency checks).