Senior Identity and Access Management Consultant

• Sep 2022 - Present

Senior Computer Programmer Analyst

• Jul 2017 - Sep 2022

Senior Computer Programmer Analyst

• Jan 2017 - Jun 2017

TAM 6.1.1 to ISAM 9 migration and Implement TOTP based Two Factor AuthenticationObjective of this project is to do migration of existing TAM 6.1.1 infrastructure to ISAM 9 and implement TOTP based two factor authentication services for one of the US State.Environment: Tivoli Access Manager for Web 6.1.1, IBM Security Access Manager 9, TDS6.3, SDS 6.4, Db2 10.5.Duties & Responsibilities: • Requirement gathering.• Assisted in Architecting and designing solution with Architect.• Developed sequence diagrams.• Setup sand box for POC’s.• Configure advances access control module.• Configure TOTP authentication service.• Demonstrated the proof of concept to customer. Show less

Senior Computer Programmer Analyst

• Jun 2016 - Dec 2016

Advanced Access Management (AAC) Implementation The objective of this project is to implement advanced access management solution for insurance agents, independent agents, employees and third party mass quoting applications for the reputed insurance firm based out in USA.Environment: IBM Security Access Manager 8 Web and Mobile, Active Directory, Java, J2EE.Duties & Responsibilities: • Requirement gathering.• Architecting and designing solution.• Developed sequence diagrams.• Demonstrated the proof of concept to customer.• Development of authentication mechanism extension point to integrate with Symantec two factor authentication web service using Apache libraries.• Development of external authentication interface (EAI)• Enhancement of legacy EAI application and bug fixing.• Enhancement in webseal configuration for AAC solution.• Fixing integration issues.• Deployment of solution on Dev, Staging, TPT, PT, UAT and Prod environments. Show less

Senior Computer Programmer Analyst

• May 2016 - May 2016

ISIM Solution Enhancement and Bug FixingThe objective of this project is to enhance current ISIM implementation and do the bug fixing.Environment: IBM Security Identity Manager 6, IBM DB2, IBM Directory Server, Tivoli Directory Integrator, Active Directory, IBM Security Access Manager, Lotus Notes Adapter, AD Adapter, iSeries Adapter, ISAM Combo AdapterDuties & Responsibilities: • Study existing infrastructure.• Requirement gathering for enhancement.• Modified person transfer, person modify workflow.• Modified isam and lotus notes accounts add and modify workflow.• Implemented lotus notes account transfer functionality.• Presented design to state security department personnel’s.Fixed following issue: New notes groups not in sync with ISIM. Data is not flowing from person form to notes account and AD/Winzone account properly Reconciliation based on company name issue. Timing on SAM account creation is off. When transferring a user from one OU to another, SAM account is not updating OU attribute (DN) correctly. Iseries initial program attribute value is getting sent incorrectly. View extranet AD groups Show less

Senior Computer Programmer Analyst

• Jan 2016 - Apr 2016

Identity Management for Citizens The objective of this project is to develop solution for user lifecycle management for citizens of USA based state.Environment: IBM Security Identity Manager Virtual Appliance 7.0.1, IBM DB2 10.5, IBM Directory Server 6.3.1, Tivoli Directory Integrator 7.1.1.4, Active DirectoryDuties & Responsibilities: • Requirement gathering and analysis.• Architecting and designing solution.• Presented design to state security department personnel’s.• Developed sequence diagrams.• Setup sand box for POC’s.• Developed TDI based adapter to manage DB2 tables.• Demonstrated proof of concepts. Show less

Senior Computer Programmer Analyst

• Aug 2015 - Dec 2015

Design and ImplementationThe objective of this project is to manage identity life cycle of wealth management portal users and implement federated single sign on solution to the personal financial management platform (service provider) for a financial services company headquartered in Dallas, Texas.Environment: IBM Security Identity Manager Virtual Appliance 7.0.0.2 with Interim Fix 2, Tivoli Federated Identity Manager 6.2.2.15, IBM WebSphere 8.5.5.6, IBM HTTP Server 8.5.5.6, IBM Directory Server 6.3.1 with FP 10, IBM Db2 10.1 with FP4, Tivoli Directory Integrator 7.1.1.4Duties & Responsibilities: • Requirement gathering and analysis.• Architecting and designing solution. • Technical discussion with client and business partner.• Deploy Tivoli Federated Identity Manager in various environments (DEV, QA, PROD )• Deploy IBM Security Identity Manager in various environments (DEV, QA and PROD)• Deploy middleware components on various environments (Dev, QA and PROD)• Configure peer to peer replication topology.• Customize ISIM and target resource LDAP schema.• Create custom person object.• Create provisioning and identity policy.• Modify custom person add and modify operation workflow.• Modify LDAP account operation workflow.• Modify custom person and ldap account form design.• Develop code for custom password policy.• Develop code to change password for accounts using ISIM Web Service.• Import around 2.5 K users to ISIM using CSV feed.• Customize LDAP adapter for handling custom attributes.• Create ACI’s and Views for support team.• Configure WebSphere with Federated repository.• Configure WebSphere to generate domain based LTPA cookie.• Configure TFIM with WebSphere as point of contact with Identity provider role.• Develop custom STS module for identity mapping.• Integrate Wealth Management Portal with TFIM. Show less

Senior Computer Programmer Analyst

• May 2015 - Jul 2015

TFIM USC CustomizationCA DMV currently has a user registration/self-care application implemented in Java (running in WebSphere Application Server) which leverages IBM Tivoli Identity Manager (ITIM) to provision the user to the Tivoli Access Manager (TAM) LDAP Server. They want to migrate existing system to IBM Tivoli Federated Identity Manger User Self Care (TFIM USC) for following featuresThe design principles upon which USC is based are simplicity and customizability. TFIM 6.2.1 USC will not provide some of the sophisticated capabilities provided by other solutions such as Tivoli Identity Manager and will, instead, emphasize being lightweight and flexible.Environment: TFIM 6.2.2.12, WebSphere 8.5.5.5, ISAM ApplianceDuties & Responsibilities:• Installing TFIM 6.2.2, TFIM USC and the middle ware components.• Create Design Documents.• USC Configuration for supported self care operations• Custom STS module development for User Enrollment, User Profile Management, User Change Password, User Forgotten ID and User Forgotten Password functionalities.• Develop mapping rule and HTML Code • USC integration with WebSEAL server• Migrating USC configuration to Staging Environment.• Email Templates Integration.• Documenting approach followed for the solutions developed• Creating different user guides enlisting the steps to be followed for both the administrators & the end users.• Providing solutions to the reported issues for operational activities in live system.• Managing issues arising out of Post Implementation. Show less

Team Lead

• Mar 2015 - Apr 2015

GoogleApps to Enterprise Portal SSOObjective of this project is to implement the SSO solution from google apps to enterprise portal using openID connect API.Environment: IBM Security Access Manager (ISAM 8.0), OpenID Connect, WebSphere 8.0Duties & Responsibilities: • Requirement gathering and analysis.• Architecting and designing solution. • Developing code using JAVA and J2EE• Implementation and testing.

Senior Computer Programmer Analyst

• Jan 2014 - Feb 2015

Design and Implementation Phase1: The objective of this project is to migrate legacy WAM/Ping federate infrastructure for eService application to ISAM/TFIM infrastructure.Environment: Tivoli Federated Identity Manager 6.2.2.9, IBM WebSphere 8.0.0.8, IBM HTTP Server 8.0.0.8, IBM Directory Server 6.3 with FP 24, IBM Security Access Manager(ISAM 7.0 with FP 3), DB2 9.7 Fp8Duties & Responsibilities: • Requirement gathering and analysis.• Architecting and designing solution. • Technical discussion with business partners.• Deploy Tivoli Federated Identity Manager in various environments (DEV, QA, PROD )• Deploy IBM Security Access Manager in various environments(DEV, QA and PROD)• Customize ISAM ldap schema.• Implement step up authentication (3-levels)• Customize STS module for just in time provisioning.• Implement two-factor authentication using TFIM OTP.• Implement User Self Care feature of TFIM.• Migration of 1.3 million end users from WAM repository to ISAM repository.• Configure federations with the business partners to enable single sign on using SAML• Deploy Common Audit Service(CAS) and Tivoli Common Reporting(TCR) on Dev• Integrate CAS with TCR to generate out of the box reports. Show less

Senior Computer Programmer Analyst

• Jan 2014 - Feb 2015

Phase2:The objective of this project is to implement access and identity management solutions for fepdirect applications and its sub applicationsEnvironment: IBM WebSphere 8.5.5.1, IBM Directory Server 6.3 with FP 24, IBM Security Access Manager (ISAM 7.0 with FP 3), IBM Security Identity Manager 6.0.0.3, DB2 9.7.0.8 Duties & Responsibilities: • Requirement gathering and analysis.• Architecting and designing solution. • Customize ISIM and ISAM ldap schema.• Customized ISAM Combo adapter.• Deploy IBM Security Access Manager in Dev environment.• Deploy IBM Security Identity Manager in Dev environment.• Create custom person object.• Create provisioning policy.• Implement SSO between ISIM and ISAM using ETAI.• Implement SSO between ISAM and Cognos Business Intelligence.• Deploy Tivoli Common Reporting(TCR) on Dev.• Integrate TCR with ISIM DB2 to generate out of the box reports.• Configure Webseal password warning functionality.• Configure TDS password Policy.• Configure Reverse password synchronization • Configure TDS tree access management using ACI.• Migrate user from legacy LDAP to ISAM ldap. Show less

Team Lead

• Mar 2013 - Dec 2013

Design and Implementation (USA based client) Description: The objective of this project is to federate identities from client environment to various business partners.Environment: Tivoli Federated Identity Manager 6.2.2, IBM Web Sphere 8.0, IBM HTTP Server 8.0, IBM Directory Server 6.1, Tivoli Access Manager(TAM6.1.1), RAD, Core Java, SAML 2.0.Duties & Responsibilities: • Requirement gathering and analysis.• Architecting and designing solution. • Technical discussion with business partners.• Deploy Tivoli Federated Identity Manager in various environments (DEV, QA, PROD )• Configure federations with the business partners to enable single sign on using SAML Show less

Module Lead

• Jan 2013 - Feb 2013

Deployment of IBM Federated Identity Manager – (UK based client)Description: The objective of this project is to build a federation with a single business partner.Environment: Tivoli Federated Identity Manager 6.2.2.4, IBM Web Sphere 8.5, IBM HTTP Server 8.5, IBM Directory Server 6.1, Tivoli Access Manager(TAM6.1.1), RAD, Core Java.Duties & Responsibilities: • Requirement gathering and analysis.• Architecting and designing solution. • Technical discussion with business partners.• Deploy Tivoli Federated Identity Manager in various environments (DEV, PROD)• Configure federations with the business partners to enable single sign on using SAML• Written Java based custom mapping rule that in addition to mapping identities inserts GUID, Username and Expiry into DB. Show less

Module Lead

• Sep 2012 - Dec 2012

Deployment of IBM Tivoli Identity ManagerDescription: The Objective of this project is to demonstrate client with capabilities of ITIM for various POC’s.Environment: ITIM 5.1, TDS 6.2, IBM WebSphere 6.1, Tivoli Directory Integrator 7.1, DB2, Java, JavaScriptDuties & Responsibilities:Worked on following activities for ITIM 5.1:• Installation and configuration of ITIM 5.1• Creation of provisioning policy, identity policy, password policy and Adoption policy.• Creation of Custom Person object and Life Cycle rule.• Designing and writing the ITIM Workflows.• Designed and developed IBMJS and Workflow extensions.• Implementation of ITDI Feed using File System Connector, JNDI Connector, JDBC Connector.• Working with ITIM administration API.Deployment of IBM Federated Identity Manager Description: The Objective of this project is to demonstrate client with capabilities of IFIM for various POC’s.Environment: TFIM 6.2.2, TAM eBusiness 6.1.1, TDS 6.2, IBM WebSphere 6.1, WebSEAL 6.1.1Duties & Responsibilities:Worked on following activities for IFIM 6.2.2: Installation and configuration of TFIM 6.2.2 Configuration of FSSO using SAML2.0. Configuration of TFIM User Self Care. Show less

Module Lead

• Sep 2012 - Dec 2012

Deployment of Tivoli Access Manager Description: The Objective of this project is to demonstrate client with capabilities of TAM for various POC’s.Environment: TAM eBusiness 6.1.1, TDS 6.2, IBM WebSphere 6.1, WebSEAL 6.1.1, Java, JSP, Servlets, JavaScript.Duties & Responsibilities:Worked on following activities for TAM eBusiness 6.1.1:• Installation and configuration of TAM 6.1.1 base environment and WebSEAL 6.1.1. • Creation of ACL, POP and Authorization Rule.• Configuration of different WebSEAL authentication methods: Basic, form, client side certificate based authentication, step-up authentication.• Development and Configuration of External Authentication Interface.• Configuration and working with standard and transparent junctions(TCP and SSL)• Configuration of WebSEAL Single Sign On: LTPA cookie, Form based SSO, Global Sign On.• Configuration of TAM for High Availability.• Configuration TAM to present different SSL certificates for different junctions.• Working with Failover cookies.• Working with pdadmin and WPM.• Working with TAM administration and authorization API. Show less

Module Lead

• Sep 2012 - Dec 2012

Smart Meter Texas - USADescription: Smart Meter Texas i.e. A very Smart Way for Texans to manage electricity. In Texas, electricity is de-regulated. Customer can register and login to SMT portal to monitor the electricity consumption.The Objective of this project is to manage the life cycle of SMT customers using ITIM and protect access to SMT portal web application and ITIM console using ITAM.Environment: IBM Web Sphere 6.1, IBM Directory Server 6.1, Tivoli Identity Manager(TIM 5.1), Tivoli Access Manager(TAM6.1.1), RAD, Core Java, TDI 6.1.1Duties & Responsibilities: • Gather requirements from client.• Written operational workflow.• Written IBMJS extension to fetch list of person dn’s which satisfying following criteria Users who have not logged in for 13 months and more Users who have not logged in for 12 to 13 months.• Written LCR to delete users who have not logged in for 13 months and more.• Written LCR to send notification to users who have not logged in for 12 to 13 months.• Written AL to analyze production data. Show less

Module Lead

• Apr 2011 - Aug 2012

OAM 11g and OES 11g integration POCDescription:This POC is to demonstrate OAM and OES integration wherein OAM is used for authentication and OES is used for authorizationEnvironment: OES 11g, OAM11g, JSP, Servlet, LinuxUse cases for demonstration: Create a simple JSP based web-app. Deploy this app on Oracle Web Logic. Front end Oracle Web Logic with Apache Web Server as Reverse Proxy. Deploy OAM WebGate on the Apache Web Server. Create policy in OAM to protect this web page so that only authorized users get access to the page. Create authorization policy in OES for fine-grained access control to the individual resources on the web page Use OAM identity asserter and make sure that OES security module is able to consume OAM’s SSO cookie. Accomplishments:Successfully demonstrated the above use case to client.Migration of ODSEE 11g to OUD 11g POCDescription:This POC is to demonstrate the migration of ODSEE 11g to OUD 11g using OUD 11g replication gateway.Environment: ODSEE 11g, OUD 11g, LinuxDuties & Responsibilities: Requirement gathering & client interaction Design Implementation Documentation Demo to clientAccomplishments:Successfully migrated ODSEE 11g environment to OUD 11g and demonstrated to client.Migration of OID 10g to OID 11g POCDescription:This POC is to demonstrate the migration of OID 10g to OID 11g. Environment: OID 10g/11g, LinuxDuties & Responsibilities  Requirement gathering & client interaction Design Implementation Documentation Demo to clientAccomplishments:Successfully migrated OID 10g environment to OID 11g and demonstrated to the client. Show less

Module Lead

• Apr 2011 - Aug 2012

OIM11g – PeopleSoft Integration POCDescription: This POC was for one of our prospective client to demonstrate integration between PeopleSoft system with OIM 11g and user provisioning based on access and approval policy.Environment: OIM 11g, PeopleSoft, LinuxUse case for demonstration: PeopleSoft was configured with OIM 11g for Incremental Reconciliation After reconciliation, an access policy gets triggered in for provisioning to AD resource. Provision only happens when approval policy was satisfied.Duties & Responsibilities: Requirement gathering & client interaction Design Implementation Documentation Demo to clientAccomplishments:Successfully demonstrated the above use case to client. Content level access management using OES 11g POCDescription:This POC is to demonstrate how the web application can consume fine-grained entitlement policies defined in OES.Environment: OES 11g, JSP, Servlet, Linux Use cases for demonstration: Configure OES to pick up identity data and groups defined in an LDAP server. Develop a simple JSP based web application and run it within a WebLogic container. Embed OES security module in it.  Demonstrate how the J2EE based web application can consume fine-grained entitlement policies defined in OES.Duties & Responsibilities  Requirement gathering & client interaction Design Implementation Documentation Demo to clientAccomplishments:Successfully demonstrated the above use case to client. Show less

Module Lead

• Apr 2011 - Aug 2012

Intertek – OIM 11g Password Reset Portal Description:The objective this project is to develop a Password Reset Portal web application that bypasses OIM 11g inbuilt forgot password, reset password and set challenge questions functionalities. Environment: OIM 11G, Microsoft AD, Java, Linux.Duties & Responsibilities: Requirement gathering & client interaction Written business logic code in Java that interacts with OIM server for custom web application. Implementation Documentation Demo to clientAccomplishments:Successfully deployed and tested the Reset Password Portal application.OIM 10g/11g – AD Integration:- Description: The Objective of this project is to develop a process adapter to do group membership task and an event handler to provision to group.Environment: OIM 10/11g, Microsoft AD, Java, LinuxUse-Case for achieving group membership: Created a customized resource which will be used by end-user of anorganization for achieving group membership in AD. Created 1 level approval workflow where end-user requests for customizedResource then approval will be sent to beneficiary’s manager for approval & once approved customized resource gets provisioned to user & group membership is achieved.Use-Case for group provisioning & de-provisioning: Created post-process event handler, so once any role is created in OIM it will be provisioned in AD. Created pre-process event handler so once a role is deleted in OIM it will getdeleted from AD.Duties & Responsibilities:  Understanding the current deployment environment.  Designed the proposed requirement, implementation and deployment. Created a ready to use package for deployment on OIM 11g. Documentation for deployment.Accomplishments:Successfully developed and tested process adapter to do group membership and an event handler to provision to group. Show less

Module Lead

• Jan 2007 - Mar 2011

Thales nCipher InteroperabilityDomain: SecurityDescription: nCipher protects critical enterprise data for many of the world's most security-conscious organizations. nCipher enables businesses to identify who can access data, to protect data in transit and at rest, and to comply with the growing number of privacy-driven regulations. nCipher Delivers the Solutions in the areas of Identity Management, Data protection, Enterprise key management, Cryptographic Hardware. nCipher's cryptographic hardware platforms allow organizations to Software based security techniques to secure encryption and signing keys, Protect sensitive application code, Prove the authenticity of documents and Integration with numerous commercial security applications to Accelerate the SSL Operations. Also Support custom applications and embedded deployments.Role/Responsibilities: • Involved in Configuring the nCipher HSM’s and Software with third party products on different operating systems.• Interoperability Testing of Hardware Security Modules with Third party products on different Operating Systems like Windows Server 2003, Windows Server 2008, Linux, Solaris, IBM-AIX, HP-UX.• Understanding the Test Requirements for the new features.• Written the test cases for the New Features/Applications for the new Builds.• Written test design docouments.• Test Data preparation.• Conducting the performance testing of the HSM’s.• Involved in the Security testing related to the nCipher products.• Involved in the Execution of the Scripts using Python.• Involved in Reporting the bugs found in testing process using Defect tracking tool.• Handling Conference calls.• Mentoring resources. Show less

Software Engineer

• Nov 2006 - Dec 2006

InnopathDomain: TelecommunicationDescription: The iMDM Server Platform hosts applications that allow subscribers, customer care representatives, and administrators to perform a wide range of mobile device management tasks. The iMDM Carrier Suite can even perform management tasks automatically, based on rules, without the direct involvement of anyone. All of the tasks are performed over-the-air (OTA), removing the need for subscribers to bring the devices into an office.Role/Responsibilities: QA Engineer• Learnt basic architecture of iMDM carrier Suite.• UI Testing. Show less

AMTS

• Jul 2006 - Oct 2006

PIMAP Conformance Test AutomationDomain: TelecommunicationDescription: The objective of this project was to study the P-IMAP protocol and build a test automation framework for testing any server for P-IMAP compliance.Role/Responsibilities: • Studied about P-IMAP Protocol.• Written Test Plan for conformance testing of P-IMAP Server.• Written scripts for conformance testing of P-IMAP Server in Java and XML.• Written scripts for performance testing of P-IMAP Server in Java. Show less