Home

Faiz Mohd - IAM Engineer

[email protected]

Location: Irving, Texas, USA

Relocation:

Visa: Green Card

Faiz Mohd | Number: (254)-273-4015 Email ID: [email protected] LinkedIn: www.linkedin.com/in/faiz-mohd-56b077312 Objective: A highly motivated and skilled professional with extensive experience in enterprise security applications, specializing in SSO, MFA for CIAM and workforce IAM solutions such as PingFederate, Okta, and CA SiteMinder. Seeking a challenging role at an innovative organization where I can utilize my expertise in SSO, MFA, and identity management to enhance secure and efficient access management solutions. Professional Summary: Around 10+ years of hands-on professional experience in Security Products like PingFederate, Ping Access, Ping Directory, PingID, PingOne SSO, PingOne MFA, PingOne Advanced Services, Okta, Access gateway and SiteMinder. Experienced in creating various adapters like Kerberos, HTML, PingID, Composite, Reference ID and in implementing OAuth, OpenID Connect. Utilized all available PingFederate OAuth grant types to obtain access tokens for accessing secured APIs. Offered development assistance in integrating mobile applications seamlessly through OAuth/SAML within the PingFederate ecosystem. Experienced in troubleshooting and resolving issues related to PingID, including performance tuning, logging, and debugging of MFA flows. Expertise in delivering SSO solutions using Ping Federate and Okta to numerous web-based enterprise applications. Experienced in architecting authentication policies, utilizing selectors like CIDR and connection set selector for secure access controls in intricate network environments. Implemented and configured various OAuth grant types, including Implicit, Authorization Code with PKCE, Client Credentials, and Resource Owner Password Credentials (ROPC), aligning with specific application protocols and security requirements. Integrated PingFederate with Kerberos-based systems to allow users to authenticate using their Kerberos credentials without the need for a separate login. Successfully leveraged PingOne to deploy Single Sign-On (SSO) and Multi-Factor Authentication (MFA) for customer-facing applications, enhancing security and user convenience. Set up and managed LDAP Gateway to synchronize users from on-premise directories, ensuring seamless integration and up-to-date user data across systems. Configured pass-through authentication and implemented user migration processes to transition users seamlessly based on successful authentication, minimizing disruption and improving user experience. Created and enforced MFA and SSO access policies in PingOne to restrict user access based on geographic location, enhancing security and compliance with organizational requirements. Created and managed secure SAML, OAuth, and OpenID Connect (OIDC) connections in Okta, facilitating seamless integration with various applications. Successfully implemented the Proof Key for Code Exchange (PKCE) flow for single-page and mobile applications, enhancing security and preventing authorization code interception. Provisioned and synchronized users efficiently using SCIM-based connectors, ensuring accurate and up-to-date user data across connected applications. Developed and deployed password-related automation flows using Okta s inline hooks, streamlining password management and enhancing user experience. Configured and triggered event hooks to send real-time notifications and alerts, improving system monitoring and user communication. Set up event hooks to monitor critical events and trigger notifications, ensuring timely response to security incidents and operational issues. Implemented Single Sign-On using Site Minder on single/multiple cookie domains for Web applications and integrated SSO with Sun One LDAP and MS Active Directory and e-Directory. This also includes Federation both inbound and outbound using SAML 2.0. Technical Skills: IAM solutions CA Siteminder12.52 SP01/CR01, Web agent 12.52/12.x, SPS R12.52cr01, Ping Federate, Ping Access, PingID, Okta Cloud IAM Solutions Ping One, Okta Federation Ping Federate 10.x - 11.x, SiteMinder 12.x - 12.8x, PingOne, OKTA. Security Frameworks Windows security, Role-Based Access Control (RBAC) Authentication Protocols OAuth 2.0, OIDC, SAML, Kerberos Directory Server Netscape Directory Servers 4.x, SunOne/iPlanet server 5.x,6.x, MS Active Directory, Oracle Directory Server 11g, OUD 11g and iPlanet meta Directory Server 5.x., ADFS, PingOne Directory and Okta universal Directory. Multi Factor CA Advanced Authentication, Ping id, Duo, and Okta verify Database DB2, Oracle, SQL Server, RDBMS Programming Java, Python and Bash Education: Bachelor of Engineering Osmania University, Hyderabad, India. Professional Experience: Sr. IAM Engineer (PING) June 2023 - Present Client: Southwest Airlines, Dallas, Texas Responsibilities: Design and implement identity and access management solutions using Ping Federate. Integrate Ping Federate with various identity providers (IdPs), service providers (SPs), and other systems using industry-standard protocols. Based on the requirement configured Implicit, Auth code, Client credential and ROPC grant types and troubleshooted the issues surrounding it. Responsible for defining, recommending, monitoring and deploying SSO (Single Sign On) Access Management Solution on premise using different technologies, Federated Protocols (SAML, OpenID connect, OAuth, WS Federation) with cloud computing providers like Sales force, AWS, Service-Now, Google etc. Provided Architectural design and implemented enterprise-wide Identity and Access Management (IAM) solutions using PingFederate and PingID. Integrated third-party applications with various Single Sign On matrix like Open Token, Agentless and SAML based services and created both WS-Fed and SAML 2.0 protocol Service Providers endpoints using Ping Federate. Worked on PingFederate Clustering so that we can have multiple Engine servers to serve the requests in parallel and single admin server for a cluster. Deployed Single Sign-On (SSO) and Multi-Factor Authentication (MFA) for CIAM using PingOne for customer-facing applications, significantly enhancing security and user convenience. Set up and managed LDAP Gateway on PingOne to synchronize users from on-premise directories, ensuring seamless integration and up-to-date user data across systems. Streamlined user management processes in PingOne by configuring LDAP Gateway and pass-through authentication, facilitating secure and efficient access to resources. Implemented location-based MFA policies in PingOne, effectively restricting access to mitigate security risks and ensure compliance. Enabled secure user migration in PingOne directory based on successful authentication, ensuring seamless transitions and continuity in user access during system upgrades or changes. IAM Engineer March 2020 May 2023 Client: American Express, Phoenix, Arizona Responsibilities: Successfully integrated Okta SSO across multiple enterprise applications, streamlining user access and improving overall security. Configured Okta MFA to enhance security, ensuring that users are authenticated using multiple verification methods such as SMS, email, and mobile app. Enabled self-service password reset in Okta, allowing users to securely reset their passwords without IT intervention, thereby reducing helpdesk workload. Integrated Okta widgets into web applications to provide seamless login and authentication experiences, improving user convenience and security. Implemented inline hooks in Okta to create custom automation workflows, such as password validation and user attribute modification during authentication processes. Set up event hooks in Okta to trigger real-time notifications and actions based on specific events, such as user login attempts and profile updates, ensuring timely response to critical activities. Leveraged SCIM-based connectors in Okta to automate user provisioning and de-provisioning, ensuring accurate and up-to-date user information across integrated systems. Established and enforced access policies in Okta to control user access based on roles, groups, and contextual factors such as location and device, thereby enhancing security. Configured push group assignments in Okta to automatically assign users to relevant groups based on their attributes, ensuring proper access controls and streamlined group management. Developed and deployed custom Okta widgets to improve user interaction with the authentication system, providing a more tailored and user-friendly experience. Implemented comprehensive monitoring and auditing of security events in Okta, using event hooks to track and respond to unusual activities, ensuring robust security oversight. Utilized Okta s SCIM-based provisioning to streamline user lifecycle management, automating the process of onboarding and offboarding employees across multiple systems. IAM Consultant Dec 2017 Jan 2020 Client: Data Matics, Mumbai, India Responsibilities: Worked with PING Identity Solutions to facilitate Federation with 3rd party vendors and external applications. Implemented Ping Access to provide secure access to on-premises applications, enforcing granular authentication and authorization policies to protect sensitive resources. Spearheaded Single Sign-On (SSO) implementation, mastering SAML, OAuth, and OpenID Connect, and expertly managed Azure AD App registrations for enhanced authentication. Developed password credential validators that correspond to LDAP connections and created custom HTML login pages for SAML 2.0 protocol-enabled applications. Configured MFA with Citrix and CyberArk via PingID using Radius Authentication, enabling secure access management across different applications and systems. Integrated PingFederate with PingAccess as a token provider, streamlining authentication and authorization for enhanced security and user experience. Provided a unified authentication experience and designed custom authentication workflows for users across different applications using composite adapter. Created custom application templates in bulk for SAML and OIDC applications through postman as a super admin, streamlining the setup process. Monitored the ping directory on an ongoing basis, using tools such as logs, alerts, and performance metrics, to identify potential issues and address them proactively. Implemented PingDirectory to provide a scalable, high-performance directory service for storing and managing identity data. Managed data migration from legacy systems to PingDirectory, ensuring data integrity and minimal downtime during the transition. Designed and optimized directory schemas to support efficient data storage, retrieval, and management. Performed performance tuning and implemented monitoring solutions to maintain optimal directory performance and quickly identify potential issues. Cyber Security Analyst July 2014 Nov 2017 Client: Birla Soft, Pune, India Responsibilities: Configured policy servers and web agents, and enabled SiteMinder Federated Web Services to ensure robust security and seamless integration. Established SAML 2.0 partnerships with external applications for federated access, facilitating secure and efficient single sign-on (SSO) experiences. Created and managed policies, realms, rules, and responses in the SiteMinder policy server to protect applications and authenticate users in an SSO environment. Implemented Integrated Windows Authentication (IWA) and Form-Based Authentication (FBA) schemes to secure various vendor applications. Performed performance tuning for SiteMinder to achieve better response times, low latency, high availability, and maximum throughput. Collaborated closely with the Identity Management (IDM) team to assist with role-mining and design, and implemented role-based access control (RBAC) for all applications. Fostered positive relationships with internal and external business partners, identifying opportunities to enhance customer satisfaction and strengthen customer relationships. Developed and executed unit and system test scripts with high accuracy and completeness, and assisted the business team in creating User Acceptance Testing (UAT) plans and system test plans. Ensured compliance with industry standards and best practices in all implementations to maintain security and operational efficiency. Keywords: active directory information technology microsoft California Delaware Idaho