Senior Security Analyst
Ibm - India
Total years of experience :5 years, 4 Months
● Granted access to privileged accounts to specific to AD groups, roles and access required.
● Granted VPN and its subnet access according to the account type if required single-sign on will be added to the user.
● Worked using kyndryl credentials and granted access to the privileged accounts with kyndryl, on-boarding, off-boarding process, adding and removing privilege access done for all kyndryl users/ clients.
● Provide general direction of all IAM team members assignments in creating and maintaining up-to-date documentation related to provisioning processes, including on-boarding, off-boarding, role management, user access reviews (attestation), report generation and compliance processes.
● Access granted to users on SoftLayer portal to all the VPN subnets and device access based on the type of privileged account requirement.
● Worked with Security Assertion Markup Language(SAML).
● Strong knowledge on open ID connect.
● Knowledge on REST API with PAM accounts which includes GET, PUT, POST and DELETE.
● Worked on granting access to the servers based on the user requirements, servers include (wintel team server, basic user, VPN and subnets)
● Handled request on User Administration Tool (UAT) tool based on priority the tasks are done.
● Worked on on-boarding and off-boarding users according to the business requirement.
● Experience on auditing the receiving request has been done as per requirement and built a report on that.
● Handled client accounts UK, Canada, Australia, which includes personal user ID creation, removal of user ID, adding requested privileged access like roles, user group in AD, application access.
● Request completed within Service Level Agreement (SLA).
● Knowledge on IBM Security Identity Governance and standards.
● Provision new firm accounts through Active Directory as part of the firm on-boarding process.
● Experience with LDAP Directory Administration or other enterprise directory required.
● Troubleshoot access control issues with applications such as email, VPN and single-sign on.
● Granted Splunk access and created a Splunk user group to users/ resources.
● Worked on ISELL, Centiro, MHS, IPOS and secured the correct level of systems access related to service.
● Experience on Cognos user group creation and granting level of access to required users\resources.
● Experience on oracle databases creating users, roles and tables.
● Create and modify domain user accounts, system accounts, mailboxes, distribution lists, MS outlook, webmail, groups and organizational units of Active Directory users.
● Exchange shared mailboxes and distribution lists.
● Experience in granting access to ACI payment tools.
● Knowledge on QlikView to access the in-built report within Management.
● Experience with Identity and Access Management domains including Identity Management, Access Management, directory management, Single Sign-On, federation, and role based access systems required.
● Strong knowledge on Identity as a Service( IDaas), Software as a service( SaaS), Platform as a service(PaaS).
● Provide general direction of all IAM team members assignments in creating and maintaining up-to-date documentation related to provisioning processes, including on-boarding, off-boarding, role management, user access reviews (attestation), report generation and compliance processes.
● Provision and deprovision access for all systems, applications and operating systems supported by the department of Identify Access Management within a service level agreement of 48-hours.
● Managing user, group and computer objects in Active Directory.
● Troubleshooting application authentication and authorization errors.
● Assist users in defining their access rights and privileges.
● Worked on firewall issues, network bandwidth, Internet Protocols and Port Numbers (PN)-DMZ.
● Worked on SailPoint IIQ, CyberArk.
● Assisting users with application and server access with authentication required.
● Worked on end-user server for Active Directory, VPN (for each Subnet access).
● Execute and track security process related activities including user ID management.
● Gained knowledge on networking OS basic, IP gateway identification, networking equipment-hubs, switch, router, DHCP server and services - HTTPS, DNS, FTP. types of address, bridges, Server Set Identifier (SSID), VOIP, VPN.
● Proven ability to multitask and prioritize based upon the business requirements.
● Responsible for doing administrative tasks in the CyberArk password vault system.
● Experience on ForgeRock Access Manager(AM) and Identity Manager (Idm).
● Worked on HP Service Manager, sail point, and Identity Manager.
● Responsible for user account Administrative Tasks (like creation of user accounts, resetting passwords, unlocking user accounts, enabling and disabling user accounts, rename user accounts in all requested web applications and Active Directory).
● Create and modify domain user accounts, system accounts, mailboxes, distribution lists, MS outlook, webmail, groups and organizational units of Active Directory users.
● Resolving application access issues through phone calls and chat.
● Responsible for work on MOD and EOD reports for project managers and clients’ managers.
● Conduct weekly meetings with SME (Subject Matter Experts) to identify the risks and problems to help and resolve them.
● Supporting the group to ensure Identity and Access Management (IAM) related services are delivered to meet customer business needs and expectations.
● Responsible for training new resources and sharing updates with the Team.
● Providing L1, L2 support.
● Following ITIL standards during UAM activities for better customer satisfaction.
courses: Access Management (PAM). •Experience in Active Directory (AD). •Certification done on security framework NIST 800-53, ISO 27001, CSC, PCI DSS. •Experience on IAM tools such as ForgeRock, CyberArk, SailPoint, ping identity. •Handled incident management - BMC remedy ITIL tool. •Worked on salesforce, interact, V net. •Competence in granting access to Active Directory (AD) groups, server access. •Worked on de-provisioning and terminating access privileges in PROD Environment, AD and server. •Worked on Ikea Management Utility (IMU) tools to enable the server access to users. •Knowledge on Lightweight Directory Access Protocol (LDAP).
Graduated B.E. Computer science and engineering