Cloud Security Architect
Sitecore
مجموع سنوات الخبرة :13 years, 6 أشهر
• Collaborate with Head of Product Security to improve the product security roadmap
• Create security architecture roadmap and oversee the implementation of security tools and technologies
• Developed DevSecOps model to automate security scans in CI/CD pipeline
• Established Security by Design framework and planned activities to secure SDLC
• Created metamodel for Security Architecture using NIST 800-53 controls list
• Designed & developed solution architecture for Security Operations Centre (SOC)
• Conduct security architecture reviews of planned cloud migration initiatives and produce high quality Threat models for cloud environments clearly articulating risks
• Assess, design, implement, automate, and document solutions leveraging Azure Cloud & other third-party solutions
• Provide strategic direction for migration of cloud workloads, infrastructure, business units, business processes and external suppliers for information security risks, identify the potential threats and exposures
• In-depth knowledge of tools and technologies being used in the cloud environment to provide security controls and assessments of the applications
• Educate and communicate cloud security requirements, policies, standards, procedures to business/internal stakeholders as it relates to projects and strategic initiative
• Defined Security by Design framework to embed security activities as part of SDLC
• Worked alongside hardware and software engineers and with IT, acting as the security advisor and providing guidance on security architecture
• Interfaced directly with CTO & CISO organization
• Defined High Level & Low-level systems architectural design expertise to managers and technical staff for the security solutions
• Performed threat modelling for the proposed solutions
• Assisted the development, revision, and maintenance of Standard Operating Procedures and Working Instructions related to IT Security
• Reviewed and completed detailed risk assessments on new technologies and solutions
• Reviewed new security technologies, help select third party suppliers, and create solutions to effectively mitigate security threats/risks
• Automated security scans using DevSecOps practices to perform SAST, SCA, DAST etc.
• Provided mentoring and cross training
• Worked within the CISO team to improve the overall Cybersecurity plans
• Worked with project teams to define & provide guidance on security controls
• Architected digital access management solution for Commercial Banking mobile / web app consumed by 1 million users
• Assessment, Architecture, Design and implementation of identity and access management solutions in large enterprise environments using Transmit Security & ForgeRock OpenAM
• Prepared Architecture, High Level and Low-Level Design Documents
• Managed development team for solution implementation
• Guided development team for building custom connectors to support FIDO authentication
• Developed central authorization platform using ForgeRock OpenIDM to manage entitlements
• Developed an automated pipeline using Jenkins to deploy the identity platform
• Provided technical guidance for the development team to on-board applications to central identity platform
• OAuth2 & SAML Implementation using OpenAM & Transmit Security
• Implemented Omni-Channel user authentication with Transmit Security
• Socialized the access management solution through technical & business forums
• Led the work stream to on-board different types of applications to Identity IQ by engaging with various business operations lead, business analysts and development teams to mitigate the risks associated with IAM processes
• Built Joiner, Mover and Leaver workflows to maintain user accounts
• On-boarded applications into automated provisioning platform
• Developed creation rule and customization rule to create Employee and Contractor user accounts into SailPoint from their current application’s exported feed file
• Created and ran the aggregation task to bulk load authoritative source data from Active Directory, Exchange, and LDAP
• Collaborated with business analysts, developers, and technical support teams to define project requirements and specifications
• Established and monitored the defined KPIs and KRIs as part of IAM migration project
• Participated in triage calls to mitigate the application issues and conducted root cause analysis
• Led a team of 54 people worldwide across identity and access management space to manage IAM operations
• Participated in building an in-house automation tool for access provisioning
• Automated user account provisioning/de-provisioning workflows using in-house tool (APT)
• Involved in requirements gathering, proof of concepts, design and implementation of Identity and Role Management solutions at Application level
• In-charge for application auditing, user access certification, entitlement certification campaign
• Worked with various mainframes and distributed processing platforms: Mainframe, PCs, Novell, Citrix, and other remote access security products
• Handled backend setup for 150 applications in BMC tool for requests raised by the users in web-based tool
• Implementing centralized Authentication systems for Various Applications
• Managed team performance and progress by delivering agreed KPIs
• Performed risk assessment on systems and trained individuals accordingly
• Identified project risks and dependencies and recommended corrective actions