Home

Khaleel - IAM Architect

[email protected]

Location: Irving, Texas, USA

Relocation:

Visa: Green Card

Khaleel Haqaique Hussain Contact: +1 254-273-4015 Email: [email protected] LinkedIn: Khaleel H Hussain | LinkedIn Professional Summary: I have successfully implemented identity and access management solutions that enhance organizational security and streamline user access. My expertise includes deploying multi-factor authentication (MFA) and single sign-on (SSO) across a variety of enterprise applications, enabling seamless and secure access while adhering to compliance standards. I have designed cross-domain trust relationships using federation protocols, integrating PingOne with on-premises and cloud-based applications for unified access control. Additionally, my work with API security has involved token management and access policy enforcement, optimizing secure API interactions. I have also automated user lifecycle processes in PingOne, ensuring compliance and operational efficiency throughout the identity management lifecycle. Key Accomplishments: Over 10+ years of experience in developing and administering web security products. My experi-ence includes working with various tools such as CA SiteMinder, Ping Federate, Ping Access, Pin-gID, Azure AD, and ADFS. I possess a deep understanding of the technical and domain knowledge of identity and access management principles. Expertise in installation, configuration, deployment, and maintenance of enterprise wide SSO so-lutions, like CA SiteMinder, Ping Suite on Windows as well as on Linux servers. High competency in SAML 2.0, Open ID connect and OAuth 2.0. Adept at setting up infrastructure for SiteMinder, ADFS 2.1/3.0/4.0 and Ping federate. Good Understanding of grant flows in Open ID connect. Full hands on with cloud solutions like Azure AD in integrating client facing applications with SAML and OAuth 2.0/ Open ID protocols. Designed and implemented PingOne Identity solutions to streamline user authentication and se-cure access to enterprise applications, ensuring alignment with industry compliance standards. Enormous Federation experience in SiteMinder, Ping and Azure AD. Configured federation between PingOne and partner applications, implementing cross-domain trust relationships and reducing redundant access controls. Finesse in providing solutions for peculiar SSO needed applications. Expertise in implementing ping federate enterprise wide and upgraded PF from 8.3.2 to 9.3x ver-sions. Expertise in configuring authentication policies on ping federate based on a variety of selector types. Ping One and ping federate integration for PingID MFA implementation. Installed and configured various adapters/integration kits on various versions of PF 8x/9.3/10.x. Experience in protecting API s using ping access. Designed and enforced MFA for various application types based on the cyber regulations and vari-ety of other criteria. Expertise in providing MFA capability for client facing applications integrated with Ping as well as Azure AD. Expertise in enabling MFA for SaaS applications and green field applications based on business requirement. Proficiency in analyzing Root Cause analysis, implementing solutions and documenting. Used to integrate PingFederate with Kerberos-based systems to allow users to authenticate using their Kerberos credentials without the need for a separate login. Enabled PingFederate to integrate with multiple authentication systems simultaneously using the composite adapter. Enabled users to authenticate using a reference ID that can be linked to their real identity only by a trusted third party. Experience in services like change management, knowledge of problem and incident management, proficient in tools like HPSM with a good understanding of ITIL concepts. High quality client facing and customer interaction skills with an enormous degree of learning ability. Technical Skills: IAM solutions PingOne, Okta, SailPoint, ForgeRock, AWS, Entra ID, CA Siteminder12.52 SP01/CR01, Web agent 12.52/12.x, SPS R12.52cr01, Ping Federate, Ping Access, PingID, Azure AD Web/Directory servers IIS 6.0/7/7.5, Apache 2.2/2.4, JBoss 5.x, 6.x, ODSEE 11g, Mi-crosoft AD, Ping Directory Application servers BEA Web Logic 8.1, IBM WebSphere 5.x, Tomcat 5.x-8.0, JBoss Programming and scripting Java, HTML, XML, SQL, Shell Scripting, Python Cloud IAM Solutions Azure AD, Azure MFA, Ping One, Okta, SailPoint, AWS Education: Bachelor's of Technology (CS) - Osmania University, Hyderabad, India - 2013 Professional Experience: DTCC, Dallas (On-site) June 2023 Present IAM Architect Responsibilities: Identity Consolidation: Led project implementing IGA tool and Virtual directory to streamline identity management. Owned and POC Lead: Held primary ownership (POT) and Proof of Concept leadership for identi-ty consolidation project, ensuring security and compliance. PingOne Identity Integration: Designed and implemented PingOne Identity solutions to streamline user authentication and secure access to enterprise applications, ensuring alignment with industry compliance standards. Password Management Strategy: Conducted current state assessment and created a strategic doc-ument for improved password security and user experience for CIAM. API Security and Token Management: Secured APIs by configuring token management policies in PingOne, establishing user access patterns with minimal disruption to user workflows. Pre-Hire Onboarding Automation: Tested and implemented PingOne DaVinci to automate Oracle HCM pre-hire onboarding for workforce users in a self-service capacity. Cross-Platform SSO Enablement: Integrated PingOne SSO with existing on-premises and cloud applications, leveraging SAML, OIDC, and OAuth 2.0 protocols to provide seamless and secure access. Risk-Based Access Control: Participated in PingOne Protect implementation for enhanced security posture. Vendor Evaluation: Actively evaluated IAM solutions with Okta, CyberArk, Ping Identity + ForgeRock, SailPoint and Radiant logic to address identity sprawl challenge. Federation and Cross-Domain Trust Establishment: Configured federation between PingOne and partner applications, implementing cross-domain trust relationships and reducing redundant ac-cess controls. Virtual Directory Management: Demonstrated skill in managing a virtual directory for improved user access control. PingOne MFA Deployment: Led the deployment of multi-factor authentication (MFA) using Pin-gOne, customizing policies for enhanced security across various application access points. PingOne Davinci Implementation: Successfully implemented PingOne Davinci for automated pre-hire onboarding workflows. IAM Vendor Knowledge: Possesses Knowledge of leading IAM solutions through vendor demos and evaluations. General Electric, Richmond, VA(Remote) April 2021 - June 2023 IAM Consultant Responsibilities: Design and implement identity and access management solutions using Ping Federate. Integrate Ping Federate with various identity providers (IdPs), service providers (SPs), and other systems using industry-standard protocols. Develop custom authentication workflows, policies, and rules based on specific business require-ments. Integrated PingOne SSO with existing on-premises and cloud applications, leveraging SAML, OIDC, and OAuth 2.0 protocols to provide seamless and secure access. Troubleshoot and resolve issues related to authentication, authorization, and federation. Collaborate with cross-functional teams to gather requirements, design solutions, and provide technical guidance. Integrated PingOne SSO with existing on-premises and cloud applications, leveraging SAML, OIDC, and OAuth 2.0 protocols to provide seamless and secure access. Develop policies and rules to enforce access control, authorization, and authentication. Integrate Ping Access with various web applications, APIs, and other systems using industry-standard protocols. Designed and implemented PingOne Identity solutions to streamline user authentication and se-cure access to enterprise applications, ensuring alignment with industry compliance standards. Secured APIs by configuring token management policies in PingOne, establishing user access pat-terns with minimal disruption to user workflows. Troubleshoot and resolve issues related to access management and authorization. Conduct performance tuning and optimization to ensure high availability and scalability of the Ping infrastructure. Responsible for Integrating complex SSO use case applications with ping federate. Federated web/native/hybrid applications with PingFederate using the Open ID connect protocol. Integrated third-party applications with various Single Sign On matrix like Open Token, Agentless and SAML based services. DSW, Columbus, Ohio Jan 2019 - Mar 2021 Sr. IAM Engineer Responsibilities: Used SAML and Open ID connect to implement Single Sign On for external and internal applica-tions and facilitated fine access control. Implemented many Oauth and OpenID connections based on the client requirements. Experienced in creating various adapters like Kerberos, HTML, PingID, composite. Created Multiple Authentication Policies using CIDR and connection set selectors in Ping Feder-ate. Configured multiple grant types based on the application protocols that are needed. Based on the requirement configured Implicit, Auth code, Client credential and ROPC grant types and resolved the issues surrounding it. Used Postman client to simulate the OAUTH flow and debugged the log files for any issues en-countered. Responsible for coordinating IAM team members, consultants, partners during project planning, execution Configured MFA with Citrix and CyberArk via PingID using Radius Authentication. Integrated Ping Federate with Office 365 to enable MFA. Experience in integrating Azure AD with various identity providers and service providers, includ-ing on-premises active directory and other cloud-based services. Experience in working with different protocols supported by Azure AD, such as SAML, OAuth, and OpenID Connect. HSBC, Hyderabad, India June 2016 - Dec 2018 IAM Engineer Responsibilities: Worked with PING Identity Solutions to facilitate Federation with 3rd party vendors and external applications. Worked on supporting and debugging issues with and implementing SSO solutions with Business Partners using PING identity solutions for the federation setup. Develop policies and rules to enforce access control, authorization, and authentication. Troubleshoot and resolve issues related to authentication, authorization, and federation. Conduct requirements analysis and solution design to meet customer needs. Develop custom authentication workflows, policies, and rules based on specific business require-ments. Collaborate with cross-functional teams to implement best practices and ensure successful project delivery. Provided support for single sign-on (SSO) across multiple Kerberos-based applications. Integrated PingFederate with Kerberos-based systems, such as Microsoft Active Directory. Designed the login form to match the look and feel of the organization's branding. Provided a unified authentication experience and designed custom authentication workflows for users across different applications using composite adapter. Net Cracker. Hyderabad, India Aug 2013 - May 2016 Cybersecurity Analyst Responsibilities: Upgraded CA SiteMinder 6.0 to SiteMinder R12 SP3 in the initial stages of my project start. Created Policies, Realms, Rules, and Responses in SiteMinder policy server to protect the applica-tions and validate the users to work under SSO environment. Design CA SiteMinder r12 Enterprise infrastructure and provide high availability by configuring Clusters across two different data centers. Coordinated with the Service providers and identity providers during the SAML Certificate up-grade and architectural changes. Installation and configuring SAML Federated security services and web services for enterprise ap-plications. Integrated many applications with ADFS as an identity provider. Used to troubleshoot SAML and WS-Fed related integrated application issues on ADFS by ena-bling debug logs on event viewer. Participated in the planning and implementation phase of the upgrade project and successfully worked through the implementation in the DEV, TEST and also the Production environment. Helped develop security policies, standards, and procedures to ensure protection of sensitive data and information. Participated in security awareness training programs on cybersecurity best practices and the im-portance of data protection. Worked closely with members of IT teams to ensure the security protocols are integrated into all aspects of organization s technology infrastructure. Provided technical support for security-related incidents and queries. Keywords: active directory information technology California Idaho Michigan Virginia