| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidate AJESH CyberArk Delivery EngineerPhone No: PHONE NUMBER AVAILABLEEmail ID: EMAIL AVAILABLESUMMARY Experience of working as a CyberArk Engineer for 7 years, working on designing, building, testing, and deploying policies to manage least-permissive role-based access on end-user windows and Mac devices. Install and use IAM and PAM tools and software s such as CyberArk, Okta, Centrify etc. Integrated and managing Microsoft Azure, O365 and AWS servers and privileged accounts in CyberArk. Good experience in installation, Integration, Implementation of PAM products like CyberArk and Thycotic. Worked on different components of CyberArk [Vault, PVWA, CPM, PSM, PSMP, PTA, AAM, Conjur and Alero] Have developed many custom connectors and plugins using CyberArk. Experience with Installation, Upgradation and Migration of PAM tools. Have implemented many scripts to automate basic regular Operational work, Supported Privileged Account administration of Windows, UNIX, LDAP and Database accounts using CyberArk. Worked on integrations of different applications like Tibco, Pega, Informatica, Java and .Net with CyberArk. Worked on Integrating AD, PUTTY, WINSCP and Chrome with CyberArk. Worked on installing PSM and PSMP servers in order to record the sessions that are performed on the Privileged accounts and servers.
Integrated Splunk with CyberArk for tracing and monitoring the error logs. Worked on getting the CyberArk solutions like CONJUR for Cloud environment. Performed Reconciliation, Change and verify operations on different privileged accounts and servers which are on boarded for different targets. Experience in, Privilege Identity and Access management solutions, in PAM, IAM, PAS, IDAAS and End Point Security Solutions using tools such as Thycotic Secrets Server Cloud, Thycotic Privilege Manger Cloud, CyberArk, OKTA and on AWS Cloud, Azure Cloud, SASS, PASS, IAAS, Hybrid and On-Prem Solutions and integrating and Securing SASS Cloud solutions to Privilege Identity and Access management administration solutions.
Demonstrated experience in Installation, Configuration, Implementation, Maintenance & Troubleshooting of Thycotic Secrets Server, Thycotic Privilege Manger Cloud and PASS, OKTA, CyberArk solutions on On-Prem and Cloud. Implemented SAML 2.0 based integration of Okta Identity cloud with Thycotic and Various other SASS products ServiceNow Cloud, Salesforce Cloud, Workday integration, Splunk Cloud. Demonstrated experience with involvement in core Day-to-Day activity to assist in Design, implementation, and process documentation of a Privileged Account Management (PAM) solution, Secrets creation, Password Vault Creation and management, IBM (Thycotic) Secret Server for a phased deployment in an enterprise environment. Security Infrastructure Design, Authentication and Authorization, and in Password Less authentication solutions. Patching & Monitoring Vault, Central Password Manager, Privileged Session Manager, Password Vault Web Access servers and services. Strong understanding of DevOps principles and practices, including continuous integration, continuous delivery, and continuous deployment. Experience in implementing best practices for secrets management, CI/CD processes, and infrastructure automation. Implemented & Managed Master Policy, Directory Mapping, LDAP integration, Platform and Safe via Private Ark client & PVWA as per the Project requirement. Monitoring of services for CyberArk services. Experience in writing scripts to facilitate the integration of CyberArk Conjur with CI/CD tools and workflows. Expertise in configuring pipelines to dynamically retrieve secrets from CyberArk Conjur. Performing Compliance checks, Activity Log & Privileged Accounts Inventory reports on CyberArk. Provide third-level support for incident resolution related to CyberArk infrastructure through Service now tickets. Onboarding & modifying privileged IDs and Safes on CyberArk with Password Upload Utility. Have installed, configured and used AIM in both local credential provider as well as central Credential provider for several applications on various Windows and AIX platforms. Co-ordination with respective stakeholders for the services which has an impact on CyberArk service. Upgrade CyberArk from 9.7 to 10.4.1 and 10.4.1 to 11.4 within the organization. Involved in the Disaster recovery exercise which is performed within the organization twice a year. Expertise in Administration of Tivoli products like Tivoli Access Manager 6.1.1, Tivoli Directory server and knowledge on Tivoli Federated Identity Manager 6.2.2. Worked on SSH key manager component of CyberArk which helps in storing the SSH, RSA, API and NOTARGET keys in CyberArk. Knowledge on Concepts like SSO using CyberArk, Okta using OAuth 2.0, Open ID Connect, SAML. Configured SSO and integrated several Applications into Okta Cloud Portal. Extensive knowledge on API security using OAuth and JWT s for securing RESTful Web services. Experienced with configuring IDP initiated and SP-initiated SAML profiles with different bindings like POST, Artifact and Redirect as per the custom business and security requirements. Prepare reports that document security breaches and the extent of the damage caused by the breaches. Conduct penetration testing, which is when analysts simulate attacks to look vulnerabilities in their systems before they can be exploited. Research the latest information technology (IT) security trends. Develop security standards and best practices for our organization. Recommend security enhancements to the Leadership. computer sciencecollaborationTECHNICAL SKILLS: Deploys tools, processes, documentation, and technologies, and defines success criteria for their effective usage Supports user life cycle processes including, but not limited to, on-boarding and off-boarding of all types of user accounts Supports IAM Password Management processes and processing of system access requestIntegrates accounts for Windows & Unix/Linux servers and other accounts associated with domains and directories and ApplicationPROJECT EXPERIENCE____________________________________________________________________________________Client: EQUIFAX, GA Dec 2022 Till Now
Job Title: Cyber Security/ CyberArk ConsultantResponsibilities Monitor our organization s networks for security breaches and investigate a violation when one occurs. Install and use software, such as firewalls and data encryption programs, to protect sensitive information. Install and use tools, such as CyberArk, Office 365, Splunk etc. to protect sensitive information. Prepare reports that document security breaches and the extent of the damage caused by the breaches. Conduct penetration testing, which is when analysts simulate attacks to look for vulnerabilities in their systems before they can be exploited. Research the latest information technology (IT) security trends Develop security standards and best practices for our organization Recommend security enhancements to the Leadership. Supported the CyberArk implementation, operationally, and for making modifications that will mature its use. Upgraded CyberArk Version from 10.4.1 to 11.4.1. The core day-to-day activity involved in design, implementation, and process documentation of a Privileged Account Management (PAM) solution; IBM (Thycotic) Secret Server for a phased deployment in an enterprise environment and report directly to the lead PAM Architect but engaged with both project management and key client stakeholders to support customer success. Installation, configuration, and maintenance of the Thycotic Secret Server PAM environment and responsible for documenting, designing, and administering the PAM infrastructure in alignment with the overall IT strategy. Responsible for the support of application integrations as required and Served as the subject matter expert (SME) for the Thycotic Secret Server PAM toolset. Provide overall direction and oversight into the PAM functions across the organization, including Password Vaulting of elevated user and application service accounts. Integrated Conjur with Ansible playbooks to manage secrets used in configuration management and infrastructure provisioning. Configured and integrated CyberArk Conjur with CI/CD tools like Jenkins. Deployed Kubernetes secrets securely with CyberArk Conjur, ensuring encrypted communication and access controls. Integrated CyberArk Conjur into the CI/CD pipeline to securely manage and rotate secrets and credentials. Implemented Conjur policies and configured Conjur authentication for Jenkins, Docker, and Kubernetes. Conducted thorough testing in a staging environment to validate the integration and functionality. Gradually rolled out the changes to production environments to minimize impact. Assist application/business unit teams with privileged accounts on-boarding into Thycotic Secret Server. Worked on installation of CyberArk agents on the both Windows, UNIX, Linux and AIX Server. Supported for Privileged Account administration of Windows, UNIX and Database servers using CyberArk. Worked on integrations of different servers and application accounts with CyberArk. Configured Kubernetes pods to fetch secrets from Conjur at runtime, ensuring that sensitive information like database credentials and API keys were securely injected into the containers. Implementing & Managing Master Policy, Directory Mapping, LDAP integration, Platform and Safe via Private Ark client & PVWA as per the Project requirement. Monitoring of services for CyberArk services. We deployed the Conjur server on a Kubernetes cluster, ensuring high availability and scalability. Defined security policies using Conjur's policy-as-code approach. These policies specified which applications and services could access specific secrets. Configured Jenkins jobs to retrieve secrets from Conjur dynamically, reducing the need to hard-code credentials within the pipeline scripts. Have installed, configured and used AIM as the local credential provider for several applications on various UNIX and Windows server platforms. Created different groups in AD and synced them up with CyberArk for the required users to work on their privileged accounts and servers. Performing Compliance checks, Activity Log & Privileged Accounts Inventory reports on CyberArk. Reported and Visualized Threats by CyberArk, windows & UNIX platform. On-boarded and Managed Accounts, Servers and Safes. Performed Reconciliation, Change and verify operations on different privileged accounts and servers which are on-boarded for different environments. Support for current and future CyberArk projects. Integrated and managing Microsoft Azure, O365 and AWS servers and privileged accounts in CyberArk. Integrating TOAD, WINSCP and Website (Chrome user) with CyberArk to get rid of direct access from the user. Upgrading the 19c database in the organization resulted in onboarding the multiple users in CyberArk to login to TOAD. Generating different kinds of reports from PVWA as per auditor/user request. Safe creation and Management. Defining Policy\Platform and Management. Performed directory mapping. Performed compliance checks on CyberArk for IT security safes and to Provide alerts and reports appropriately. Provide third-level support for incident resolution related to CyberArk infrastructure through ServiceNow tickets. Worked on Integrating PUTTY, WINSCP, Chrome with CyberArk. Integrated Splunk with CyberArk for tracing and monitoring the error logs. Manage Maintenance of License in CyberArk. Worked on installing PSM and PSMP servers in order to record the sessions that are performed on the Privileged accounts and servers. Worked with CyberArk authentication process for all kinds of accounts. Patching & Monitoring Vault, CPM, PSM, PSMP, PVWA servers and services. On boarding & modifying privileged ID on CyberArk with Password Upload Utility. Co-ordination with respective stakeholders for the services which has an impact on CyberArk service. Migrate user accounts into password vaulting tool. Troubleshooting and maintenance of the password vaults. Provide user support for CyberArk when necessary. Worked on getting the CyberArk solutions like CONJUR for Cloud environmentEnvironment: python 2.7, JDK 1.4/1.5, SAML 1.0, 2.0 CyberArk 12.6, CyberArk PVWM, Conjur, CPM, PSM, AIM, CA SiteMinder 5.X/6.X/12.x, Sun ONE Directory Server 5.X/6.X, Tomcat 5.5, Apache 2.0, Wily Introscope 7.0/7.2, Solaris 8/9/10, Windows 2000/2003, Oracle 10g/11g, SQL Server 2005, DB2 8.Client: UHG, AZ Dec 2021 Nov 2022Job Title: CyberArk/CA IDM EngineerResponsibilities Primary responsibilities include Installation and configuration of CyberArk Vault, Vault Client, Active CPM, Network load balanced CyberArk PVWA, Clustered CyberArk PSM and PSM SSH proxy and design and creating a new application on board is documented and implemented. Developed and Implemented complete CA IAM solution which includes Federation, Host Access Management, Password Management, Single Sign-On, User Provisioning and Web Access Management. Configuration of multiple Privilege accounts across the organization and Administration of CyberArk, Integration of window accounts, Unix accounts, Database, Network and Security Device and Migrate user accounts into Password Vault using Bulk upload utility. Monitor CyberArk reports and respond to failed password verification alerts and work with system account owners to resolve failure alerts. Experienced in day to day operational support in adding and deleting accounts, applying policies, assigning safes, synchronizing failed accounts, Password rotations. Implementation and create of web policies, password policies, Vault Back-up Management process, AD Configuration (User to connect AD) & Branches). Extensive experience with CyberArk's security products such as Enterprise Password Vault, Privileged Identity Management, Application Identity Management including design and implementation of Disaster Recovery hot-site and development of the BCP plans using LDRP. Load Balancer architecture, Application Identity Manager Design, On-Demand Privileges Manager Design, Break Glass Access Management Process, Integration with other Systems (email configuration), Change Management Process Plan (OS, patch updates). Responsible for Create New User, Activate, enable user, group and OU account in Active Directory and Analyzed and discovered privileged and functional user accounts for risk, ownership and access appropriateness using various CyberArk tools or platforms. Reconciliation, Password Synchronization, Service definition for Target System, Workflows and Integration of various target system privilege account integration. Managing User Accounts, Server Space & other Log files on servers and Maintaining Mail Accounts in Microsoft Office Outlook & Backup of Emails. Helping organization target architecture for infrastructure privileged access and the high-level requirements for the privileged access management solution.Environment: power shell, python 2.7CyberArk Privileged Account security 8.2, XML, SAML 2.0, Active Directory, Sun ONE Directory Server 5.X/6.X, CA Identity Manager r8/r12, Ping Federate 5.x/6.x/7.x, Tomcat 5.5, Apache 2.0, Solaris 8/9/10.Client: Barclays, India April 2017 July 2020Job Title: CyberArk ConsultantResponsibilities Installed CyberArk components in lower environments and in Production. Supported the CyberArk implementation, operationally, and for making modifications that will mature its use. Install and use software, such as firewalls and data encryption programs, to protect sensitive information. Install and use tools, such as CyberArk, Office 365, Splunk etc. to protect sensitive information. Prepare reports that document security breaches and the extent of the damage caused by the breaches. Worked on both PUSH and PULL architectures involved in CyberArk. Supported for Privileged Account administration of Windows, UNIX, LDAP and Database accounts using CyberArk. Worked on integrations of different applications like Tibco, Pega, Informatica, Java and .Net with CyberArk. Implementing & Managing Master Policy, Directory Mapping, LDAP integration, Platform and Safe via Private Ark client & PVWA as per the Project requirement. Monitoring of services for CyberArk services. Have installed, configured both local credential provider (AIM) as well as Central credential provider for several applications on various UNIX and Windows server platforms. Performing Compliance checks, Activity Log & Privileged Accounts Inventory reports on CyberArk. Reported and Visualized Threats by CyberArk, windows & UNIX platform. Onboarded and Managed Accounts and Safes. Performed Reconciliation, Change and verify operations on different privileged accounts which are on boarded for different targets. Support for current and future CyberArk projects. Worked with LDAP Authentication. Generated different kinds of reports from PVWA as per auditor/user request. Worked on SSH key manager component of CyberArk which help in storing the SSH, RSA, API and NOTARGET keys in CyberArk. Configuration of reconcile accounts. Safe creation and Management. Defining Policy\Platform and Management. Performed directory mapping. Performed compliance checks on CyberArk for IT security safes and to Provide alerts and reports appropriately. Provide third-level support for incident resolution related to CyberArk infrastructure. Manage & Maintenance of License in CyberArk. Worked with CyberArk authentication process for all kinds of accounts. Patching & Monitoring Vault, CPM, PSM, PVWA servers and services. On boarding & modifying privileged ID on CyberArk with Password Upload Utility. Co-ordination with respective stakeholders for the services which has an impact on CyberArk service. Build/Rebuild/Decommission servers and post-Installation tasks. Migrate user accounts into password vaulting tool. Troubleshooting and maintenance of the password vaults. Provide user support for CyberArk when necessary. Using CyberArk services, adding, delete and modify users, groups and group Memberships.Environment: CyberArk Privileged Account security 7.1, XML, SAML 2.0, Active Directory, Sun ONE Directory Server 5.X/6.X, CA Identity Manager r8/r12, Ping Federate 5.x/6.x/7.x, Tomcat 5.5, Apache 2.0, Solaris 8/9/10.Client: DXC, India Jan 2016 March 2017Job Title: CyberArk ConsultantResponsibilities: Working on federation single sign on between third party vendors making both inbound and outbound calls security exchanging the attributes in SAML both as identity and service provider. Worked on Ping One where all the applications are placed in the docker, authentication call will be redirected to Federate server and depending upon the applications policies will be triggered. Implemented Thycotic secret server and Thycotic privileged manager for version 10.6. Primarily in providing problem resolution to authentication issues to passwords and LDAP accounts and directory sync problems., restricting privileged access within an existing Active Directory environment. Worked on PingID (MFA) for the sensitive applications and people who are accessing any application from outside the network Worked on protecting PingFederate with Ping Access; enabled sticky sessions on the Ping Access so that transaction will be served to the same Federate server Worked on writing different OGNL expressions to meet the SAML assertion requirement for the vendor s and also restricted the user groups by writing OGNL in the issuance criteria Worked on creating reverse Proxy for the applications; rewriting the headers, rate limiting, setup from HTTP to HTTPS. Worked on application configuration with Ping Access and defining Ping Access Sites, Virtual hosts, Policies and Rules. Integrated and deploy Thycotic products in client environments. Building the Zone servers, Module servers which are essential for the Tanium application .and most essentially the Database servers for both the applications Deployed several PingFederate integration kits for Apache, Coreblox, Atlassian, Java, PHP, Symantec VIP, Agentless, IWA etc., to establish the "first- and last-mile" implementation of a federated-identity. Implemented OAUTH using different Grant Types to get the Access token and access the protected Restful API's. Worked on ROPC Grant Type to fetch the Access Token for Native Mobile Applications to call the third-party API's. Worked on ID Token to get the user information using user info endpoint and send as part of scope along with Access Token. Developed and Performed SailPoint deployment activities - connector configuration, custom rule development, workflow configuration and development, third party system integration. Participated in and/or User Acceptance Testing and bug-related reengineering efforts Performed OOTB Integration with multiple applications such as AD, Exchange, LDAP, Delimited File, Workday File s and Mainframe RACF etc. Developed custom workflows and rules for Password synchronization between target applications and IdentityIQ. Developed Custom LCM Configuration and UI s separately according to their user capabilities Developed Identity mappings and account mappings with custom attributes to maintain correlate identity data and service accounts across applications using custom rules Implemented CyberArk Privileged Identity management suite and session management suite for version 9.7.Prime in providing problem resolution to authentication issues to PVWA and directory sync problems. Worked on Cyber Ark Enterprise Password Vault and PVWA. Designed and deployed Identity & Access Management solution to improve user experience, meet compliance, and reduce costs. Installed and configure PingFederate on windows and configure Ping access and ping one for new POC based applications for cloud SASS apps. Experience in Implementation, installation and maintenance of CyberArk 9.6 & 9.8 PIM Suite, Experience in implementing application account management by CyberArk on Windows, Data bases and Linux servers using AIM module. Involved with the Access Control Management team managing the Single Sign-On environment in a mixed environment comprising of Windows, Solaris and Linux environments using SiteMinder r12/12.52 with Sun One and Active Directory for policy and user stores. Experience in CyberArk PAS suite which includes Enterprise Password Vault, Password Vault Web Access, Central Policy Manager, Privileged Session Manager, Proxy and PACLI. Managed CyberArk Security that offers wide range of services and support including implementation, consulting, training, maintenance, online support and vault. Ability to install, configure and support identity and access management related tools such CA SiteMinder, CA Identity Manager (IDM), and Oracle Internet Directory (OID). Created the Federation service between SiteMinder federated web services to Ping federate for classic migration of applications that are SAML and WS-FED based applications. Created standard Business Requirement Document template per application type to onboarding applications in SailPoint. Created standard Questionnaire Document which will be leveraged to understand about the business application, it s technology, number of users and its security platform. In process of onboarding various types of applications such as Active Directory, LDAP, JDBC. Performed Requirement Gathering, Analysis & Management by actively discussing and exploring the current state of user access management with the IDM team. Coordinate the end-to-end process on onboarding applications through different phases of SDLC.Environment: OIM (Oracle identity manger), Splunk, Ops view 6.0, Thycotic secret server 10.6, Tanium 7.2.314.3518, Nagios4.4.5, Windows Active Directory, PowerShell, Single sign on, SAML 2.0, SOL server 2016, SiteMinder r12/12.52, CyberArk 12.6 &12.6 PIM Suite.Job Description ****Note: Passport 3+ years CyberArk administration Bachelor s degree in Computer Science, Information Technology, Information Security or related major with 8+ years relevant experience; or equivalent experience Experience with break glass solutions and implementations Experience with cloud credential/secret management solutions such as Conjur and/or Hashicorp Strong verbal and communication skillsResponsibilities Works on cybersecurity problems that may be diverse and highly complex, with particular emphasis on security operations Selects methods and techniques for identifying and advocating effective security solutions Specializes in security operations in one or more areas, including network, host, database, application, event management, cloud, cryptography, identity, and other emerging technology Participates in reviews of available tools, technologies, and processes to secure all aspects the enterprise Maintains and optimizes tools, processes, documentation, reporting, and technologies, and defines success criteria for their effective usageIdentity Manager (AIM) integration Generates reports to measure the IAM service against key performance indicators Troubleshoots IAM and related processes and escalate as required Works with Application/System Managers as required assisting with reporting requirements and serving as subject matter expert for processes Serves as point person to operation team members including training and mentoring |
