Access Management Active Directory
Resume:
Stony Mernacaj
Sr. IAM Engineer ****************@*****.*** Professional Summary:
Around 10 years of experience configuring and customizing business processes, workflows, and identity provisioning across multiple systems using tools like SailPoint IdentityIQ and CyberArk.
Proficient in configuring account aggregation, connectors (Active Directory, LDAP, Database), and developing custom rules and email templates in SailPoint IdentityIQ.
Experience in deploying, configuring, and troubleshooting CyberArk’s Privileged Account Security suite, including Enterprise Password Vault, Privileged Session Manager, and Privileged Threat Analytics.
of enterprise applications using Ping Federate, CA SiteMinder, and Okta. Expertise in configuring federation protocols such as SAML, OAuth.
Strong hands-on experience with cloud-based IAM solutions such as Okta and PingOne, configuring policies, and managing user provisioning and de-provisioning.
Experienced in configuring web servers (IIS, Apache) and application servers (WebLogic, WebSphere) for secure access management, including integration with identity management
Hands-on experience in managing Identity and Access Management solutions across both on-premise and cloud-based systems, ensuring secure and compliant user access to applications and resources.
Collaborated with business, application, and infrastructure teams to gather requirements, design IAM solutions, and implement identity lifecycle management processes..
Designed, developed, and deployed identity and access management solutions, including SailPoint IIQ, CyberArk, and PingFederate.
Coded and customized IAM solutions using Java, BeanShell, and other scripting languages, ensuring smooth integration of third-party systems.
Managed privileged access security using CyberArk and implemented strict access control policies for sensitive systems. Oversaw compliance-driven projects
Administered Windows Server environments (2003-2016) and managed Active Directory, DNS, DHCP, and LDAP configurations for large-scale organizations.
Implemented Azure Active Directory (Azure AD) and integrated it with other IAM solutions like PingFederate and Microsoft AD for seamless cloud access management.
Automated identity governance processes, including user lifecycle management, using SailPoint IIQ and CyberArk to enhance security and operational efficiency.
cross-functional teams in the design, development, and deployment of IAM solutions, ensuring clear communication with stakeholders. Delivered training and knowledge transfer sessions on IAM processes.
Technical Skills:
Skills
Technologies/tools
Operating Systems
Linux, Solaris, Windows (2000/2003/2008/2012 R2, XP, Vista, 7/8/10), Red Hat Enterprise Linux, Oracle Enterprise Linux, AIX, HP-UX, Ubuntu
Programming Languages
Java, C, C++, Perl, Shell Scripting (Bash, Korn), Python, PHP, JavaScript, SQL, HTML, XML, Visual Basic
Databases
Oracle (8i/9i/10g/11g/12c), MySQL (4/5), MS SQL Server (2000/2005/2008/2012), DB2, Microsoft Access
Identity and Access Management
SailPoint IIQ (6.1, 6.2, 6.3, 6.4, 7.0, 7.2), Okta, Ping Identity (PingFederate, Ping Access, Ping One), ForgeRock (OpenAM, OpenDJ, OpenIG), CA SiteMinder, CyberArk
SSO & Federation
SAML 2.0, OAuth, OpenID, CA SiteMinder (R12.7, R12.6, R12.5, 6.7), PingFederate, Ping Access, Okta SSO, Oracle Access Manager, Tivoli Access Manager
Directory Services
LDAP (Microsoft Active Directory, Sun One/iPlanet DS, CA Directory, Oracle OID, OpenDJ), eDirectory, IBM Tivoli Directory Server, ODSEE, OUD
Web Servers
Apache (2.0/2.2), IIS (5.0/6.0/7.5), Tomcat (4/5/6/7), WebLogic, WebSphere, iPlanet Web Server, SunOne Web Server
Application Servers
BEA WebLogic, IBM WebSphere, Oracle Application Server (OAS), JBoss, Apache Tomcat, Sun One App Server
Security & Encryption
CyberArk Privileged Account Security, CA API Gateway, Tivoli Federated Identity Manager, Okta MFA, CA AuthMinder, CA RiskMinder, FIDO, Secure Proxy Server
IGA / Governance
SailPoint, Saviynt, Okta Identity Governance, Microsoft Entra, IBM Security Verify
Emerging Technologies
Zero Trust, SSI (Decentralized Identity), AI-agent identity controls
Education Details:
Bachelors in Data Science from University of North Carolina at Chapel Hill, NC, 2013
Masters in Computer Science from University of Alabama, AL, 2015
Certification Details:
Certified Okta Professional
Certified SailPoint Identity Now Engineer
Certified CompTIA Security+
Professional Experience:
Nebraska Department of Health, NE Feb 2024 - Present
Sr. IAM Engineer
Responsibilities:
Implemented a federation solution using PingFederate to allow third-party applications to integrate with Marriott as the Identity Provider (IDP), with vendors acting as Service Providers (SP).
Google Cloud Platform and cloud services, including role-based access control, multi-factor authentication, Privileged Session Manager, and federated SSO..
Migrated SAML-based SSO partners from CA Single Sign-On federation to PingFederate 7. This migration improved scalability and enhanced security for user authentication.
Gained hands-on experience managing CA SiteMinder's security operations, handling policies for authentication and authorization. Managed realms, rules, and responses for diverse applications.
Deployed and created dynamic SAML changes using the Ping API to establish secure federated relationships. Configured authentication requests and responses to maintain security across integrated applications.
Worked on designing security networks with CA Single Sign-On, optimizing user access while maintaining a high level of security across systems. Implemented strategies to secure sensitive data
Integrated Ping Access and PingFederate using OAuth to secure web APIs. Worked directly with clients to implement OAuth configurations, facilitating the generation of access tokens.
Worked with OAuth grant types to generate access tokens for users to access protected APIs. Configured various OAuth flows to meet client requirements for secure communication between services.
Integrated OAuth with Ping Access to protect RESTful APIs, establishing a secure communication channel.
Utilized ID tokens to extract user information from the user info endpoint and send it to OAuth clients in the form of scopes..
Developed web service federation solutions using SAML to establish secure communication between two web services.
with Ping Access to integrate secure token-based authentication across web services. Improved cross-enterprise communications by leveraging Ping Federate and JWT tokens for user verification.
Configured and supported SAML-based Identity Provider and Service Provider connections, troubleshooting issues related to SAML assertions and authentication requests.
Implemented OpenID and OAuth solutions within PingFederate, enhancing secure authentication and authorization for clients. Integrated these protocols to ensure seamless user access across platforms.
Replaced traditional HTTP header-based security configurations with JWT tokens for enhanced security and scalability. Configured JWT tokens for streamlined user authentication and authorization.
Developed a custom adapter to replace the SiteMinder 3.0 Identity Provider adapter with PingFederate, improving scalability and security.
Performed a proof of concept for OpenAM, Ping Access 3, and CA Single Sign-On R12.52 to evaluate the best solution for enterprise security needs.
Supported mobile app integration with OAuth and SAML using PingFederate, ensuring secure authentication for mobile users.
Developed a custom Ping Agent using the Ping SDK and implemented SAML protection with digital signatures. This ensured the integrity of authentication requests across federated applications..
Configured PingFederate clusters and implemented PingOne Desktop for cloud-based Single Sign-On (SSO). Ensured high availability and resilience by deploying clustered PingFederate instances.
Enterprise Directory Services Lifecycle & Restructuring. Lead planning, deployment, maintenance, decommissioning, and restructuring of complex enterprise directory environments.
Contribute to IAM strategy through staffing recommendations, system design documentation, and cross-functional collaboration to address production escalations.
Environment: PingFederate 10.1, CA SiteMinder R12.52, Ping Access 7.4, OAuth 2.0, SAML 2.0, OpenID Connect (OIDC), JWT (JSON Web Tokens), CA API Gateway/Layer 7 12.6, Docker 20.10.5, MySQL 8.0, PingOne Desktop 7.3, OpenAM 14.6, Ping SDK 10.0, Apache HTTP Server 2.4, Nginx 1.22, Terraform 1.4, Ansible 2.9,
CME Group, IL Jul 2022 – Jan 2024
IAM CyberArk Engineer
Responsibilities:
Implemented CyberArk Privileged Identity management suite and session management suite for version 9.7. Prime in providing problem resolution to authentication issues to PVWA and directory sync problems.
Responsible for system maintenance and adherence to compliance rules and also check the user level accesses via SailPoint. Privileged User Management working experience on CA PIM/PAM, CyberArk.
Involved in gathering technical requirements and establish clear definition of clients CyberArk’s responsibilities and Maintenance.
Providing technical assistance and support ongoing CyberArk’s maintenance. Monitor reports on daily/weekly basis for audit and compliance.
Involved in gathering AOR PAM (Advisory Obstruction AL Requirements) for implementing CyberArk solution to control and audit access to privileged.
Strong experience in onboarding & integrating various applications into SailPoint IdentityIQ including Active Directory, Delimited files, LDAP, ServiceNOW & JDBC applications.
Deploy and support CyberArk components including CPM, CCP, and Vault for password management, reconciliation, and privileged access.
Create and modify BI Publisher reports; manage and audit roles, attributes, and entitlements across systems like Workday, PeopleSoft, and LDAP, while leveraging APIs for scalable IAM operation.
Experienced in configuring various platform policies in PVWA such as for privileged accounts, service accounts, UNIX (AIX, RHEL, LINUX) and Oracle DB platforms.
Very good experience in working all three modules of IIQ which is Governance, Compliance, LCM, also worked on, Integration with end/target systems and SailPoint.
Designed and deployed Identity & Access Management solution to improve user experience, meet compliance, and reduce costs.
Hands-on experience in configuring multiple privileged accounts across the organization. Integration of various Windows, Unix, database, endpoint security network
Experience in CyberArk PAS suite which includes Enterprise Password Vault, Password Vault Web Access, Central Policy Manager, Privileged Session Manager, Proxy and PACLI.
Hands on experience with configuring IDP initiated and SP initiated SAML profiles with different bindings like POST, Artifact, and Redirect as per the custom business and security requirements.
Ability to install, configure and support identity and access management related tools such CA SiteMinder, CA Identity Manager (IDM), and Oracle Internet Directory (OID).
Created IDP and SP connections for SharePoint apps, Java frame work, API based applications, jive-based applications, and ADFS enabled apps, O365 integration
Document governance processes, configuration, and validation procedures for trusted reconciliations; perform both automated and manual testing across SIT/UAT environments.
Automation & Custom Integrations. Develop advanced PowerShell scripts and leverage API integrations including Microsoft Graph API and REST API
Prepare a plan for user communication to switch from ADFS to OKTA SSO. Created a detailed implementation and migration guide for Office 365 OKTA SSO integration.
Experience with Installation and Configuration of CyberArk security components EPV, CPM, PVWA, AIM, PSM, PACLI, Private Ark client.
Installed, configured, and integrated Web servers (plug-in file), SiteMinder agents and LDAP user directory with Web Logic Server V10..
Enabling services and applications with ADFS and SAML using CA API Gateway. Design, Implement and troubleshoot Layer 7 application API Gateways for Company wide application services.
Environment: CyberArk PIM Suite 9.7, 9.5, 10.4, CyberArk EPV 9.7, 9.9.6, CyberArk PVWA 9.7, 9.9.6, 10.4, CyberArk CPM 9.7, 9.9.6, 10.4, CyberArk PSM 9.7, 9.9.6, 10.4, CyberArk AIM 9.7, 9.9.6, 10.4, CyberArk Private Ark Client 9.7, 9.9.6, 10.4, SailPoint IdentityIQ 7.4, 8.6, SailPoint IIQ Governance, Compliance, LCM 7.5, 8.4, SiteMinder
Comerica, TX Jun 2021 – Jun 2022 SailPoint Engineer
Responsibilities:
Implemented and customized SailPoint IdentityIQ’s Manage Access and Manage Identity modules based on client requirements, ensuring seamless integration and user lifecycle management across various applications.
Identified and assessed business and technology risks, recommending internal controls to mitigate risks and enhance opportunities for improvements in the control environment.
Designed and developed web applications using Java Server Faces (JSF) and Struts frameworks to support enterprise-level functionality and improve system interaction.
Onboarded flat file applications, including HR-Employees, into SailPoint, streamlining user access management and ensuring smooth integration with existing systems.
Developed a custom ServiceNow connector for SailPoint, enabling seamless ticket tracking and status reporting between the two systems for efficient issue resolution.
Collaborated with clients to gather detailed requirements and provide tailored IAM solutions, ensuring alignment with business objectives and security protocols.
Developed custom approval workflows for Role-Based Access Control (RBAC) provisioning, enhancing security and compliance with user access controls.
Created certifications and custom reports to meet business needs, providing visibility into user access and entitlements across various data feeds.
Establish and maintain federated identity using PingFederate, PingAccess, and Azure AD B2C. Manage certificate authority, PKI, and certificate renewal processes.
the global rollout of phase-wise recertification for applications, ensuring compliance with internal and external regulations.
Integrated web service-based applications with SailPoint IIQ for user authentication and authorization, enhancing security protocols and access management.
Added direct connectors for Active Directory, LDAP, Exchange Online, Box, and UNIX to SailPoint, expanding its capabilities for identity and access management.
Migrate SiteMinder and ADFS protected apps to Okta. Implementing Self Service password capabilities enterprise wide with Okta Multi factor Authentication.
Tested and validated SailPoint build map, correlation, and creation rules to automate user account provisioning from application feed files, improving operational efficiency.
Customized SailPoint connectors, workflows, forms, rules, and policies to meet client-specific requirements and improve system flexibility.
Maintained detailed audit communications, metrics, and recertification artifacts, ensuring transparency and compliance with governance standards.
Created rules like build map, correlation, and manager correlation to automate identity correlation processes and improve account management
Developed automation scripts to send expiration notifications for contractor accounts and periodically check for name change requests in feed file data.
Designed and implemented role-based templates and worked with business teams to define access policies for various applications, ensuring alignment with business processes.
Architected and integrated CyberArk products to securely manage privileged credentials and prevent unauthorized access, enhancing security across enterprise systems.
Led SailPoint IIQ installation, configuration, and provisioning for multiple applications, including Active Directory, PeopleSoft HRMS, and flat files, ensuring robust identity governance.
Environment: SailPoint IdentityIQ 7.3, ServiceNow 3.14, Active Directory 2019, LDAP 2.4.53, Exchange Online 2021, Box 2.0.0, UNIX 7 (Red Hat Enterprise Linux 7), Java Server Faces (JSF) 2.3, Struts 2.5, CyberArk 12.3, Java 11, EJB 3.2, JMS 2.0, JSP 2.3, HTML5, CSS3, JavaScript ES6, SQL Server 2017.
Lumen Technologies, LA Oct 2019 – May 2021
IAM SSO Engineer
Responsibilities:
Implemented a fully API-based SSO architecture integrating CA SiteMinder, CA IDM, PingFederate, and Radiant Logic Virtual Directory Server
Configured CA API Portal and CA API Management tasks, implemented REST-based security policies, and developed comprehensive testing strategies.
Integrated SiteMinder with PingFederate using OAuth tokens to bridge the SSO gap between systems protected by each platform, ensuring consistent user authentication across applications.
requirements gathering, development, integration, and testing processes for enabling SSO across a variety of internal and third-party applications.
Support Oracle IAM stack (OIM 12c) environments with configuration and testing of WebLogic, connectors, provisioning, and reconciliation
Successfully integrated a wide range of internal and SaaS-based applications using industry-standard protocols such as SAML 2.0, SAML 1.1, WS-FED, and OAuth 2.0.
Provided solutions for complex application technology research integrations using CA SiteMinder and PingFederate, overcoming challenges related to legacy systems and enhancing security.
Integrated SiteMinder with third-party internal applications like Clarity, Good for Work, and ServiceNow to enable seamless and secure authentication.
Gained hands-on experience in CA API Management, including configuring CA API Gateway and securing REST APIs.
Successfully completed upgrades of CA API Gateway from version 8.6 to 9.2 and Sun One Directory Server from versions 4.x to 5.1, and 5.1 to 5.2, ensuring greater performance and compatibility.
Contributed to integration services, including API Gateway (Layer 7), ADFS, and external federation, enabling secure communication between various platforms.
Wrote policies for CA API Gateway (Layer 7) to enforce security rules and access control, ensuring API integrity.
Created STS IDs for SOAP web services authentication, facilitating secure communication between services via SAML tokens.
Designed and developed best practices, standards, and guidelines for API management platforms and security policies.
Conduct security monitoring, log analysis, and incident response for IAM events and anomalies in IT infrastructure.
Federated over 50 applications as an Identity Provider (IdP) with PingFederate, using SAML 2.0 to provide seamless authentication and SSO for users.
Perform evaluate and communicate thorough quality assurance at every stage of systems development
Determine and develop user requirements for systems in production to ensure maximum usability
Partner with other stakeholder teams across business units i.e. sales finance security compliance to develop necessary analysis and documentation
Evaluate analyze and communicate systems requirements on a continuing basis and maintain systems processes including the delivery of monthly status reports to all appropriate parties
Author and update internal and external documentation and formally initiate and deliver requirements and documentation
Conduct daily systems analytics to maximize effectiveness and troubleshoot problem.
Environment: CA SiteMinder R12.52, CA IDM 14.2, PingFederate 9.2, pingaccess 5.0, Radiant Logic Virtual Directory Server 7.2, CA API Gateway 9.2, Sun One Directory Server 5.2, ADFS 2016, OAuth 2.0, SAML 2.0, WS-FED, REST API 2, Apache 2.4, Tomcat 9.0, JBoss 7.4, Java 8, Shell Scripting (Bash), OpenAM 13.5, DUO Security Integration Kit 2, Splunk 7.3
Tenet Healthcare, TX Sep 2017 – Sep 2019
SiteMinder Admin
Responsibilities:
Integrated a wide range of applications into SiteMinder Policy Server by creating custom policies, ensuring that access controls and security measures were tailored to meet organizational needs.
Installed and configured SiteMinder Web Agents on both Windows and Unix-based systems, facilitating secure communication between web servers and Policy Server. Worked to ensure
Developed and implemented custom authentication schemes and responses, providing tailored security solutions for a variety of enterprise applications..
Implemented and enforced comprehensive password policies for all integrated applications within the SiteMinder environment.
Created, managed, and optimized SiteMinder policies, realms, rules, and responses to protect applications and enable their seamless operation within a Single Sign-On (SSO) environment.
Configured advanced load balancing and failover mechanisms for various SiteMinder components, ensuring high availability and performance under heavy traffic conditions.
Managed the upgrade of SiteMinder Policy Server from version 6.0 SP1 to 6.0 SP5, improving performance, security, and overall functionality.
Oversaw the maintenance and configuration of nearly 60 SiteMinder Policy Servers across production environments, ensuring the security of sensitive enterprise systems.
Configured and managed multi-master replication for SiteMinder Policy Servers, ensuring consistent data synchronization across multiple data centers.
Configured and managed User Authentication Stores and Policy Authorization Stores using LDAP, improving the organization’s identity management capabilities.
Installed and configured MDHA Authentication Servers to further enhance security for enterprise applications. This installation added an additional layer of security for sensitive systems
Deployed SiteMinder Web Agents on IIS Web Server and IBM HTTP Server (IHS), ensuring seamless protection of web-based applications.
Worked with LDAP systems to fetch user attributes from multiple data sources, improving the accuracy and consistency of user profiles.
Implemented WS-Trust Federation, enabling Single Sign-On (SSO) between various web services to improve the user experience.
Worked with Token Generator and Token Validator to ensure secure SSO functionality for web services, facilitating safe data exchanges through STR and RSTR protocols.
the signing of SAML assertions using digital certificates to ensure the integrity and security of federated authentication transactions.
Configured SAML encryption and decryption for financial clients, ensuring that all sensitive authentication data was securely transmitted.
setup and configuration of IAM components including Policy Servers, Web Agents, Secure Proxy Server, and Federation
Played an instrumental role in upgrading SiteMinder Policy Server from version 6.0 SP5 to R12, contributing to improved scalability and security features.
Configured and managed SiteMinder Web Agents (version 12.0 SP3 CR08) across various platforms, ensuring that the latest security patches were implemented across the infrastructure.
Security Controls & Risk Mitigation. Implement identity security controls, enforce role-based access control, and manage privileged access systems.
Develop cloud applications and IAM microservices using GoLang, Python, PostgreSQL, and Linux platforms. Utilize containerized environments with Docker, Kubernete.
Environment: SiteMinder Policy Server - Version 6.0 SP1 to 6.0 SP5, SiteMinder Web Agent - Version 12.0 SP3 CR08, MDHA Authentication Server - Version 6.0, SiteMinder Report Server - Version 12.0, PingFederate - Version 9.x, SAML - Version 2.0, WS-Trust Federation - Version 1.4, LDAP - Version 6.0, IIS Web Server - Version 10.0, IBM.
Siemens Medical Solutions, IL Aug 2014 – Aug 2017
Middleware Administrator
Responsibilities:
Developed J2EE components including Servlets and JSPs to support dynamic web functionality and user interaction.
Created intuitive user interfaces using Java Applets, integrating them with backend logic to deliver interactive components.
Installed, configured, and maintained WebLogic Application Server 7.1 to support enterprise-grade Java applications.
Wrote and maintained robust Shell Scripts to automate Unix system backups on monthly, yearly, and annual schedules.
Implemented creation and management of server groups and clusters within WebSphere Application Server for load balancing and failover support.
Designed and implemented standard backup procedures budgetary for application databases to safeguard critical enterprise data.
Regularly backed up configuration files for WebLogic and WebSphere servers to preserve customizations and operational stability.
Applied patches and hotfixes to WebLogic Application Server environments to address security vulnerabilities and performance issues..
Installed and configured iPlanet Web Server to serve static and dynamic web content for multiple applications. Tuned server settings for optimal performance and SSL support.
systems development through the entire product life cycle, from user requirements to deployment. Oversee the decommissioning and migration of legacy IAM and risk systems
Collaborated closely with software developers during feature design, ensuring technical feasibility and alignment with product goals.
Designed and executed detailed test plans based on feature specifications to validate application behavior and functionality.
Worked with developers to identify and resolve software bugs, verifying fixes through regression testing. Used debugging tools and logs to trace root causes.
Gained cross-platform experience by testing and deploying applications on nine different operating systems. Ensured consistent performance and functionality across environments.
Utilized ColdFusion runtime code and JavaScript extensibility in Dreamweaver Ultradev to test dynamic content and interactive features.
Wrote custom JSP tag libraries to simplify data exchange between the backend and frontend. These libraries promoted code reusability and modular design.
Incident Response & Continuous Improvement. Provide escalation support and collaborate on incident response activities.
Developed a user-personalized dashboard feature that allowed users to save reports and add contextual notes. Enhanced user engagement by providing a customizable workspace.
Administer and support Fraud Prevention and IAM applications such as ForgeRock, ThreatMetrix, FeatureSpace; manage components like policy servers, directories
Optimized application performance by implementing multithreaded data caching and refresh mechanisms. This reduced load times and improved responsiveness.
Designed and tested server-side helper classes to support servlet functionality and modular architecture. Reduced redundant code and improved maintainability. Assisted in performance profiling and tuning.
Deploy and support CyberArk components including CPM, CCP, and Vault for password management, reconciliation, and privileged access.
Environment: WebLogic Server 12c 12.1.3, WebSphere Application Server 8.5, iPlanet Web Server 7.0, Java SE 7, Java SE 8, J2EE 1.5, J2EE 1.6, JSP 2.1, Servlets 2.5, Servlets 3.0, JavaScript ES5, ColdFusion 10, ColdFusion 11, Dreamweaver UltraDev 4, Unix Solaris 10, Unix Solaris 11, Shell Scripting Bash 4.x, Oracle Database 11g, Oracle Database 12c, Apache Tomcat 7, Apache Tomcat 8, JVM 1.7, JVM 1.8
Contact this candidate