Principal Consultant IAM
IBM (Contractor)
Total years of experience :18 years, 2 Months
Work Profile:
--------------------------
Member of IBM’s Security Services team, MEA.
▪
Working as a Principal Consultant IAM/ Senior IAM Solutions Architect for a Banking sector CIAM (Customer identity and Access Management) project to design, deploy and develop an authentication platform using IBM Security Verify Access product.
▪
Supervising a team of IAM engineers and IAM developers.
Part of SBM’s Integrated Technology services, Enterprise Security Solutions practice team.
▪
Provide technical support as a Senior IAM presales consultant throughout the sales cycle to drive business opportunities and closely working with Sales Team to develop customer relationship and assist in overall sales process.
▪
Previously worked in a role of Senior IAM Architect for a digital payment sector customer project with requirements for deploying the Identity & Access Management, Governance solutions and integrating business applications for user access provisioning, deprovisioning and a complete Single Sign-On experience for the user involving Windows SSO, SSO integrations for backend web applications using SAML federation, trust association, HTTP header, LTPA mechanisms.
▪
Worked as a Senior IAM Architect & Security Architect for a Government sector customer project involving various Security products from IBM, Imprivata, Gemalto, Seclore, Boldon James, Symantec etc. covering areas of Identity & Access Management, Strong Authentication, Data classification, protection, Cryptographic key management, Data Loss prevention, End point protection, Data center security etc.
Worked as a Senior IAM Architect for a privileged Banking sector customer for the deployment of Identity Management (IBM Security Identity Manager) and Governance solution (IBM Security Identity Governance and Intelligence) and integration of critical enterprise applications.
▪
Earlier profile involved working as a Security Consultant & Architect Analyzing Designing and Architecting the Microsoft Enterprise Mobility suite security solutions including Advanced Threat Analytics, Azure Information Protection, Azure Rights Management services and Azure Multi-factor authentication
▪
Previous roles and responsibilities include working as an IAM Solutions Architect covering Design & Architecture, project management, consulting, deploying and implementing Access Management & two factor authentication solutions using different Access management products like IBM Tivoli Access Manager, RSA Access Manager, Oracle Access Manager and two factor (Strong) authentication solutions using RSA SecurID/ Authentication Manager V7.1, 8.1
▪
Also was leading the Access Control Maintenance & support team at a Telecom customer site.
▪
Prior to all above mentioned roles, the earlier work profile involved administrating Identity Management solutions implemented using IBM Tivoli Identity Manager for a privileged Telecom customer.
Work Profile:
Part of Application Security, Enterprise Security Solutions practice team.
Implementing Identity and Access management solutions using different Identity and access management products.
Also given training on IBM Tivoli Access Manager for e business v6.0 to the new joiners of ESS Application security team.
Achievements:
Played a very critical role of Onsite Production Engineer during production roll out for one of the critical and very important IdM projects and received a very good Voice of Customer for the commitment and responsibility.
Understood the requirements for the custom certificate authentication implementation using IBM Tivoli Access Manager and proposed a High level design solution in one of the IDAM implementations.
Projects Handled:
Project: WaMu UAM Auto Implementation
Duration: April 2008 - Sep 4th 2008
Platform: Windows
Servers: BEA WebLogic
Tools: Sun Identity Manager
Project description:
The objective of this project was to give the end user the privilege to login into an E-Computer Access Request application and raise a request for an access to various applications. The requests can be tracked by an ECAR number by the requestor and managers or business analysts can approve the request to provide the required access to the requestor.
My contribution and responsibilities:
Joined the UAM Auto Implementation team as an Onsite Production Engineer.
Initial Installation, deployment and configuration of the ECAR application.
Entire setup of the application in the production environment which included application deployment, configuration, Initial data load, Reconciliation, Incremental Reconciliation.
Configure and generate various system reports.
Also worked on Employee to Non Employee, Non Employee to Employee conversion module.
Project: BP Identity and Access Management - Custom Certificate Authentication
Duration: June 2007 - April 2008
Platform: Solaris
Servers: IBM Websphere Application Server
Tools: IBM Tivoli Access Manager
Project description:
The objective of this project is to give the end user the privilege to provide client certificate for authentication. So, a custom certificate authentication mechanism was developed which could extract TAM user id from the subject alternate name field of the client certificate and return the TAM User Id to the WebSEAL for authentication.
Custom Certificate authentication - Authenticating users for giving access control on the target system is an important activity in Access management. There are different types of authentication mechanisms available. Authenticating users using their client certificates is a strong level of authentication. Tivoli Access manager supports client certificate authentication mechanism. But the basic Certificate Authentication mechanism available in Tivoli Access Manager does not support standard BP issued client certificates since the format of "subject alternative name" field from which TAM user id is fetched is in a different format which is not understood by TAM CA mechanism. So, a custom certificate authentication mechanism was developed which could extract TAM user id from the subject alternate name field and return the TAM User Id to the WebSEAL for authentication. Also there were many checks which were done while extracting the TAM ID such as regular expression check for validating the certificate issuing authority, checking the revocation status of certificate on OCSP server, checking the validity of certificate etc.
My contribution and responsibilities:
Understood the requirements for the custom certificate authentication implementation and proposed a High level design solution.
Performed all the required Tivoli Access Manager and WebSEAL configurations
Prepared the required system Integration test cases.
Work Profile:
Implementing Identity management solutions for GECF using Sun Identity Manager.
Understanding the processes to develop/modify Workflows, Forms, Rule Libraries, Configuration objects in Sun Identity Manager.
Writing, debugging, testing the XPRESS code, ensuring delivery of excellent quality and robust solutions.
Deploy applications on IBM Websphere application server and use Eclipse development environment as a CASE Tool for development, Version Control, building development, Staging and Production Environments.
Achievements:
Successfully finished IdM implementation for Oracle Financials within the specified timelines and received a very good Voice of Customer for the solution implemented.
Executed the enhancements and resolved bugs, within the assigned time limit.
Projects Handled:
Project: Password synchronization for applications managed by Resource Adapters
Duration: Jan 2007 - April 2007
Platform: Windows
Servers: IBM Websphere Application Server
Tools: Sun Identity Manager, Eclipse
Project description:
The objective of this project is to give the end user privilege to change password or synchronize same password for all the applications assigned which are basically managed by resource adapters.
The user can select multiple applications for which password needs to be changed in a single request. User can change password for applications like Active Directory, GE Corporate applications like SameTime, Email, SSO and other applications like Mainframes, Oracle Financials (APPS) etc…
Password will be changed on selected applications and user would receive email notification about the success or failure of password change on respective applications.
Project: Password reset for applications managed by Virtual Resource Adapters
Duration: Dec 2006 - Jan 2007
Platform: Windows
Servers: IBM Websphere Application Server
Tools: Sun Identity Manager, Eclipse
Project description:
The objective of this project is to give the end user privilege to reset password for all the applications assigned which are basically managed by virtual resource adapters.
The user can select multiple applications for which password needs to be reset in a single request.
Respective application administrators would receive email notifications to take the required action and set the password manually on the application assigned to the user.
All application administrators would log back in IdM to submit the confirmation about the password reset.
Delivery of passwords to end users through IdM.
Project: IdM implementation for GECF Australia Oracle Financials
Duration: May 2006 - Nov 2006
Platform: Windows, Websphere
Languages: Java1.4, JDBC, Xpress (xml based language)
Servers: IBM Websphere Application Server
Tools: Sun Identity Manager, Eclipse
Project description:
The objective of this project was to integrate Oracle Financials with IdM, management of end users. The implemented solution gave the privilege to the end users to make a choice to place a request for multiple modules with multiple responsibilities or a SAP (System Access Profile) request.
The implemented solution also had a feature to unlock the user’s account on the resource.
The implemented solution had many levels of approvals and multiple module owner approvals, SAP owner approvals required at same level for provisioning of user accounts on resource.
All the processes like Provisioning, Deprovisioning, Account unlocking were implement with Sun Identity Manager for Oracle Financials users.
My Roles and Responsibilities
To remain in constant touch with the customer to understand the requirements, technology & process to come up with new innovative ideas improvements & solutions.
Developed the use case for the required solution, creation of required forms, workflows, Rules, Email Templates, etc.
Implemented the end to end required solution to automate all the business processes for Oracle Financials end users.
Projects Handled:
Project: Tata Infotech Customer account portal development on Dot Net platform
Location: Tata Infotech Ltd, Pune
Duration: June 2005 - Aug 2005
Platform: Windows, VS.NET 2003
Languages: VB.NET, ASP.NET
Databases: MS SQL Server 2000
Servers/Tools: MS IIS, MS Visual SourceSafe 6.0, SQL Query Analyzer, SQL Server Enterprise
Manager
Project description:
The functional purpose of this portal was to manage all the projects related to different customers, integrating other systems and important modules/ features included integration of intranet portal.
The scope of this project included the study of Microsoft ASP.NET Portal Starter Kit VBVS and migration of the existing Tata InfoTech Limited Portal content into the Microsoft portal framework. Subsequently it was integrated with existing Standard Account portal modules.
Modifications and enhancements were done in the MS portal to integrate it with the Tata Infotech Limited standard Account portal modules.
New modules were developed where the existing Microsoft Portal modules did not fit in and were integrated into the Existing Microsoft Portal
My responsibilities as a team member:
Portal framework study.
Assigning authentication options using Windows/ forms based authentication.
R & D on design of controls.
Identifying requirements for the portal development and integration.
Database design, coding and testing.
Project: IBM Mainframe to Dot Net Migration
Location: Tata Infotech Ltd, Pune
Duration: May 2005
Project description:
Project was about migrating the Legacy systems to the current technologies, ensuring that the business functionalities were retained successfully.
It involved both tool-based and manual migration of COBOL code and the relevant application components.
In a team of 4 members, my tasks were testing CICS Screens in Mainframe and Windows / ASP.NET platform besides File Conversion using Fujitsu Net COBOL’s Data Converter and Data Junction tools.
This is a Post Graduate Diploma of Masters programme in Information Technology with specialization in Software development and management.
I did my graduation in Computer Science & Engineering.