Home

Bhopal Singh Singh - IAM CYBER+OKTA+BUSINESS ANALYST+CLOUD ARCHITECT

[email protected]

Location: Sunnyvale, California, USA

Relocation: Yes Onsite

Visa: H1B

Bhopal Singh LinkedIn https://www.linkedin.com/in/bhopal-singh-cissp-70694a180/ Phone +1 (469) 300 4910 Email [email protected] Sunnyvale, California CAREER OBJECTIVE s CISSP Certified IT professional having 13 years of business-facing experience in the digital identity space. Looking for a challenging position in a company that values fresh thinking and provides room for advancement. I want to work for a company that offers a stimulating atmosphere where I can use my technical, collaborative, and management talents to advance the organization's success and broaden my understanding of new and developing trends in the digital transition. EDUCATION s MASTERS - (MBA-IT Sikkim Manipal University-India) Completed in Jan 2013 BACHELOR - (Bachelor OF Science Meerut University-India) Completed in Jan 2006 INTERMEDIATE - (Mathematics State Board-India) Completed in Jan 2003 HIGH SCHOOL - (Mathematics State Board-India) Completed in Jan 2001 CERTIFICATIONS AZ-900 Microsoft Azure Fundamentals Okta Professional Hands-on Configuration ISC2 CC-Certified in Cybersecurity ISC2 CISSP-Certified in Cybersecurity ss s SKILLS Identity Governance & Access Mgmt. Specialist. IAM, IGA, SSO (WSSO, ESSO, FSSO), MFA, SAML, SCIM, OAuth, OIDC, Web SSO, WSFED, WSTS, RBAC, ABAC, PAM, Employee and Customer Identity Mgmt. (CIAM), and Zero Trust. Implemented AI/ML capability of Identity solutions for continuous and automated protection against any external/internal threats. MSFT Azure AD/Entra ID SSO Integrations, user life cycle/groups/security, and conditional access policy mgmt. (On-Prem, Cloud, Hybrid (Active Directory, AD Connect)). Experience with Azure Security Center and Azure Sentinel for security monitoring and incident response. Okta SSO Integrations, user life cycle/groups/security, and conditional access policy mgmt. CyberArk (Identity, Safe-Vault Mgmt., PAM, V-PAM, SWS, DPA, EPM (Endpoint Privilege Mgmt.)). Implementing Device Trust and Compliance for company as well as user-owned (BYOD) devices. HR System Driven Identity Mgmt./LCM/Workflow. HYPR Password-less Authentication. Atlassian DevTool Suites (Jira, Confluence & Bitbucket). Azure & AWS Cloud Mgmt.. Oracle-PL/SQL & Linux Analytical and Critical Thinker. Project/Team Mgmt. Exp. ITIL Process Expert. Mentor & Coach. Business and IT Operation Support. Program Management. Leading the Solution. Project Deliveries & Solutioning. Cross Team-Collaboration EXPERIENCE IAM Architect. Employer = Singular Analysts Inc Client = Deloitte Touche Tohmatsu Ltd, San Jose (October 2023 Current) Led the Okta implementation to streamline access management and provide enhanced security. Implemented Verified User Registration, enforcing domain restrictions through Okta's domain whitelisting and identity validation tool to ensure a secure access environment. Established a centralized user and access management system, leveraging Okta's user lifecycle management capabilities and identity governance features for enhanced security and efficiency. Configured centralized events logging and monitoring mechanisms, utilizing Okta's event logging capabilities and SIEM (Splunk). Implemented event, user, group, and attribute-based provisioning, and de-provisioning processes, utilizing Okta's provisioning feature and access controls to optimize resource allocation and security protocols. Enforced stringent security policies throughout the implementation, configuring Okta's adaptive multi-factor authentication and role-based access controls to safeguard sensitive data and mitigate potential risks. Collaborated closely with business stakeholders throughout each project phase, including requirement gathering, Dev implementation, UAT, and go-live, ensuring alignment with business objectives, priorities, and timelines. Ensured visibility into project progress by providing regular updates and reports to stakeholders, fostering transparency and accountability throughout the implementation process. Protocols and features used - IAM, IGA, SSO, MFA, SAML, SCIM, OAuth, OIDC, Web SSO, RBAC, ABAC, PAM, and Zero Trust. IAM Consultant/Architect Deloitte Touche Tohmatsu Ltd, San Jose, CA (September 2022 Oct-2023) (Full Time) Member of the Central Digital Identity team, responsible for providing consulting, guidance, and troubleshooting services to our customers on various identity implementation/products (Okta, Azure AD/ Entra ID, LDAP, HYPR, CyberArk, PING, etc.) for employees as we as customers Identity (CIAM). Protocols and features used - IAM, IGA, SSO (WSSO, ESSO, FSSO), MFA, SAML, SCIM, OAuth, OIDC, Web SSO, WSFED, WSTS, RBAC, ABAC, PAM, Employee and Customer Identity Mgmt. (CIAM) and Zero Trust. HR and IT System Driven Identity Management, User Life Cycle Mgmt., and access control. Hands-on Exp in end-to-end setup, implementation, and integration of Identity access and governance and related products (Okta, Azure AD/ Entra ID, HYPR, CyberArk, PING, etc.) for employees as we as customers Identity (CIAM). Implemented Entra ID PIM (Privileges Identity Mgmt.) to protect critical resources/entities by granting schedular-based and approval-based workflow. Implementing Okta PAM (Privileges Access Mgmt.) to protect critical resources/entities by using the vaulting feature in Okta. Experience in Managing AWS IAM Solutions. Performed Identity platform migration from Okta to Entra ID (Leveraged Azure Landing Zone as part of this activity). Responsible for designing architecture, defining components involved, and providing POC before actual migration. Lead cross-team/department engagement and Dev to Prod efforts for Okta to Azure/EntraID migration. CIA (Confidentiality, Integrity, and Availability) Focused solutions. Utilizing AI/ML capabilities of the IAM solutions (Okta, Azure, etc.) for better, extended, and automated protection against humans as well as bots. Providing continuous and consistent protection. Implemented identity governance (IGA), Access reviews/certifications, and security policies (Access/Sign-On/Dynamic and Context-based Policies) i.e., RBAC, ABAC, Need to Know, Least-Privilege, and PAM, V-PAM, and DPAM, etc. for the large external customers (CIAM) and Internal workforce. Experience in architecting, implementing, and supporting identity and access management solutions and systems. Creating custom connectors and onboarding Cloud apps into IAM Solutions using SAML, OAuth, and OIDC protocols. Set up HYPR-Password-less Authentication and integrated it with Okta for seamless user migration. CyberArk- Identity and Identity Services Module, Safe-Vault Mgmt., PAM, V-PAM, SWS, DPA, EPM (Endpoint Privilege Mgmt.) configuration and integration. Configured Clients' AWS IAM stack as per organization needs/roadmap and adhering to Organizational security and compliance needs. Integrated client AWS IAM solution with AWS components like CloudWatch Event rules, and Lambda functions for a dozen targeted actions that can help you remediate compliance issues. Integrated IAM events with AWS Security Hub for Automated Response and Remediation of security and compliance issues. Lambda function was specifically used to connect with Jira and log a ticket. Deployed the workbook using AWS CloudFormation components. IAM log integration with SIEM (Spunk) tools for enhanced security monitoring and reporting. Threat Hunting: Setting up technical and administrative controls to proactively track, identify, detect, and neutralize any threat/security breach. Multiple IAM Platforms enhancement, migration, and operation experience/expertise. Experience with IDP/IDS solutions to mitigate and remediate any network/host-based security threat. Zero-trust-based solutions/implementations. Princ IT Developer-Identity and Access Solution Lead/Architect Veritas Technologies LLC, Santa Clara, CA (July 2017 - September 2022) (Full Time) End to End Implementation of Okta and Azure IAM/Entra ID solution for Veritas incorporating both security and business needs for employees as we as customers Identity (CIAM) as below: - Verified User Registration, Secured & Centralized user/access mgmt., Centralized events logging and monitoring of events, Secured and Audited self-service for end users, Notification workflow on defined events, event/user/group/attribute-based user provisioning/de-provisioning, security policy, MFA Content Translation as per user locale/geo, executive level reporting, etc. Working with business right from the Planning phase to ensure we have enough relevant info on business requirements to ensure that we provide the right and time-bound solution. Protocols and features used - IAM, IGA, SSO, MFA, SAML, SCIM, OAuth, OIDC, Web SSO (WSSO, ESSO, FSSO), WSFED, WSTS, RBAC, ABAC, PAM, Employee and Customer Identity Mgmt. (CIAM) and Zero Trust. HCM System (Workday) driven Identity Mgmt./LCM/Workflow. Setting up identity governance (IGA) and securing identities using security policies (Access/Sign-On Policies) i.e., RBAC, ABAC, Need to Know, Least-Privilege, and PAM, etc. Worked with Entra ID PIM (Privileges Identity Mgmt.) to provision the approval-based workflow to grant elevated permission for the scheduled task/timeframe. Implementing Okta PAM (Privileges Access Mgmt.) by vaulting the superadmin credentials.. Identity and Servicer Provider (IDP & SP) SSO integrations using OAuth, SAML, and OpenID connect protocols for large external customers (CIAM) and workforce base. Replaced in-house/legacy IAM solution with Azure IAM/Entra ID and Okta Cloud respectively. Migrated 15+ applications into Okta as part of in-house solution replacement with Okta or external customers (CIAM). Migrated 25+ Applications into MSFT Azure IAM/Entra ID Platform and onboarded 75+ applications following various IAM protocols in Hybrid mode (Components Involved - Active Directory, Azure/Entra ID and AD Connect). Built a custom solution to provide batched user migration from LDAP to Okta. Experience in managing and providing ongoing support for user life cycle management processes, SCIM, RBAC, ABAC, and Access reviews/certifications. Creating custom connectors and onboarding Cloud apps into IAM Solutions using SAML, OAuth, and OIDC protocols. Setting up SSO/MFA/Security policies for mobile apps (OIC, Workday, ServiceNow, etc.) via Intune (MDM). Setting up Okta workflow for required events. Enabling multi-tenancy in MSFT Azure AD/Entra ID env to support customers business needs of multiple domains. Setting up a dynamic access policy for a customer in MSFT Azure AD/Entra ID. Azure Security Center and Azure Sentinel for security monitoring and incident response. Clean up of the Customer MSFT and Okta directories. Setting up Branding, event notifications, and reporting for Customers in Okta. Working with the Infosec team to set up the Splunk (SIEM-Security Information and Event Management) tool for Okta logs/events to extend the monitoring and reporting capability. Supported mobility/device management in MSFT Azure AD/Entra ID. Primary resource to manage access/privilege and security for our Identity products (MSFT Azure AD/Entra ID, Okta Cloud) for Internal as well as external customers. Supporting MSFT Azure Active Directory (On-Prem, Cloud, Hybrid). Worked as Part of the compliance team- responsible for drafting, reviewing, and implementing the secured and robust user life cycle mgmt. policy. CyberArk Identity and Identity Services Module, Vault Mgmt., PAM, SWS, and DPA installation and configuration. Identity & Agile Tools Lead /Architect Employer = HCL America Inc. Client = Veritas Technologies LLC, Santa Clara, CA (September 2015 - July 2017) Working directly with businesses to Plan, Design, Schedule, and Deliver IAM Integrations/changes/customizations. Primary resource to manage access/privilege and security for MSFT Azure AD/Entra ID for Internal employees. Azure Security Center and Azure Sentinel for security monitoring and incident response. Hand-on experience in supporting Active Directory, Azure Active Directory/Entra ID, and AD Connect in a Hybrid Model. Manage operations related to application con g/certi cate management. SME for the agile suite of tools (Atlassian- Jira, Bitbucket, Con uence), Versioning tool (Perforce), and Localization tool (GMS). Deployment/Manage and upgrade Docker and Kubernetes-based applications. Performing regular maintenance, patching, and upgrades for the Agile suite of tools (Atlassian- Jira, Bitbucket, Con uence), Versioning tool (Perforce) Preparing Support Documents and Knowledge Base for the support team. Training, Coaching, and guiding new/junior team members. Technical Application Support Client = Symantec Inc, Mountain View, CA (April 2014 - June 2015) Employer = HCL America Inc. SME for the agile suite of tools (Atlassian- Jira, Bitbucket, Con uence), Versioning tool (Perforce), and Localization tool (GMS). Set up MSFT AD authentication for the Atlassian Tools to facilitate corporate login for Atlassian users. Performing regular maintenance, patching, and upgrades for the Agile suite of tools (Atlassian- Jira, Bitbucket, Con uence), and Versioning tool (Perforce). Preparing Support Docs and Knowledge Base for the Customer support team. Daily support tasks like Application health check, Inc queue monitoring, and application admin support activities. Analysis of the recurring issue and working for the permanent x following the Release Management Process. Working with cross-teams. Driving the P1/P2 issues call with all the dependent stakeholders Unix, Windows, DBA, network, rewall, and Storage teams and continuously updating Business Users. Production Support Specialist Client = Rackspace Hosting Inc, San Antonio, TX (March 2013 - December 2013) Employer = HCL America Inc. Responsible for Oracle-BRM (Billing and Revenue Mgmt.) tool deployment in Production and Non-production environments. Running and monitoring daily/weekly Billing and Revenue Invoices process using the BRM tool. Triage and fix BRM technical issues related to BRM Deployment, Billing Process, or Installer. Working with different teams (upstream/downstream) & and product vendors to ensure the sanctity and completeness of the data for billing. Daily production operations tasks like application admin support activities, and access mgmt. upgrade/patching etc. Driving the P1/P2 issues call with all the dependent stakeholders. Technical Support Analysts Client = Merck Inc, Rahway, NJ (October 2010 - December 2012) Employer = HCL Technologies Pvt Ltd India. Performing periodic data Refresh, ETL, and archiving using Oracle DB for the Merck LAB Team. Writing packages/procedures and triggers for various modules for the Merck LAB Team. Driving P1/P2 issues calls with content Merck research team and L2/L3 tech support. Providing technical support for Merck Internal applications like chemical disposal and compliance tools for Merck (Cosmic) and chemical/medical repository tool (ChemCart). Responsible for managing DB, Performing upgrades, and patching of the host systems. Keywords: artificial intelligence machine learning database active directory information technology golang procedural language Arizona California Delaware Idaho New Jersey Texas