Home

Karun P - IAM Engineer

[email protected]

Location: Irving, Texas, USA

Relocation:

Visa: Green Card

KARUN P Mail [email protected] Sr IAM Engineer Cell +1 254-273-4015 PROFESSIONAL SUMMARY Experienced Senior IAM Engineer and Security Consultant with extensive expertise in designing and implementing comprehensive Identity and Access Management (IAM) solutions, specializing in Ping Identity products. Proficient in integrating and configuring PingFederate, PingAccess, PingID, and PingOne DaVinci to deliver secure and seamless Single Sign-On (SSO), multi-factor authentication (MFA), and access management across large-scale enterprise environments. Skilled in setting up advanced security policies and workflows using Ping DaVinci s no-code platform, enhancing process automation, role-based access control (RBAC), and policy compliance. Demonstrated experience in troubleshooting complex authentication issues using tools like Fiddler and SAML Tracer, while leveraging OGNL expressions in PingFederate for dynamic attribute mapping. Hands-on expertise in configuring PingAccess Proxy Gateway and implementing OAuth, OpenID, and SAML protocols for secure API access and federated identity management. Proven ability to integrate and manage multi-protocol authentication flows for partner and external applications, working closely with CyberArk for privileged account management. Highly proficient in AWS, using Terraform and Jenkins for CI/CD, and deploying robust Zero Trust solutions incorporating device posture checks. Known for leading successful IAM migrations and upgrades, ensuring secure, compliant, and reliable access for organizations through Ping s suite and industry best practices. TECHNICAL SKILLS Federation PingFederate, OKTA, CA SiteMinder Federation Service Access Management CA SiteMinder 12.x 12.8x, Ping Access, PingOne, OKTA, CyberArk Identity Management OKTA, Sailpoint, CyberArk, Azure EntraID, Ping Identity Multi-Factor PingID, Okta Verify, Microsoft MFA. Web Server IIS 6.0/7/7.5/8/8.5, Apache2.2/2.4, iPlanet Web Server 6.x Directory Servers Microsoft Entra ID, CA Directory Servers R12.x/14.x, Sun ONE Directory Server 5.x, 6.x, Ping Directory, Okta universal Directory. Operating Systems Windows Server 2003/2008/2012/2016/R2, Red Hat Enterprise Linux 3-7, UNIX (AIX, Sun Solaris 7-10). Programming Core Java, Python and Shell Scripting. Databases Oracle, RDBMS, MySQL, MSSQL, NOSQL Databases. Cloud Technologies AWS, Azure and Google DevOps/CICD Git, Jenkins, Azure Devops, Kubernetes, CI/CD Pipelines. PROFESSIONAL EXPERIENCE CapitalOne, Wilmington, DE (100% Remote) Sr Security Consultant PING Sept 2022 Present Responsibilities: Designed and integrated new applications into PingFederate using secure OAuth/OpenID and SAML protocols, ensuring efficient and secure access management. Collaborated closely with application teams for seamless Single Sign-On (SSO) integrations, overseeing go-live processes to guarantee successful deployments. Provided extensive technical support on Ping Directory, assisting teams with troubleshooting, performance optimization, and ensuring efficient functionality. Used PingOne DaVinci s no-code platform to automate workflows, creating complex solutions to increase process efficiency and reliability. Leveraged PingOne DaVinci s extensibility to implement advanced access control methods, including RBAC, ABAC, and context-based authentication, enhancing compliance and security measures. Developed custom workflows in Ping DaVinci to address business-specific needs in user provisioning and deprovisioning, coordinating with IT and security teams to align with existing IAM structures. Applied Ping DaVinci s API integrations to create automated workflows, reducing manual work, improving operational speed, and ensuring more accurate data management. Skilled in establishing directory synchronization across varied systems and environments for smooth data and user attribute flow. Configured various Ping Access components such as sites, applications, and web sessions to enable streamlined and secure access. Executed a Zero Trust security proof of concept, incorporating device posture checks and risk-based scoring to adjust access dynamically and ensure secure authentication. Created a PingFederate Identity Provider (IDP) hub to facilitate federated integrations, establishing connections with multiple systems and onboarding applications for external partner federation. Developed custom adapters, selectors, and security policies to meet specific project requirements, carrying out thorough security testing for federated apps. Troubleshot SSO issues with tools like SAML Tracer and Postman, quickly resolving complex authentication challenges. Established secure Service Provider/Identity Provider (SP/IDP) connections using SAML 2.0 in PingFederate, ensuring efficient authentication across applications. Hands-on experience with AWS services, managing EC2, S3, IAM, VPC, and utilizing CloudWatch metrics for proactive monitoring of virtual environments. Upgraded PingFederate systems to the latest versions, following security recommendations to maintain a robust and secure environment. Built Terraform modules for provisioning AWS services, automating deployments using AWS Code Pipeline to ensure continuous delivery. Utilized AWS Load Balancer, Autoscaling, and Security Groups to improve scalability, reliability, and security on PingFederate-hosted servers. Configured Jenkins for automated builds and deployments, using plugins like EC2 and CloudFormation to streamline continuous integration. Managed PingID devices on PingOne, adding users via AD groups to ensure secure, centralized access management across applications. Proficient in tools like Jira, Confluence, and ServiceNow, efficiently handling ticketing and documentation processes. Southwest Airlines, Dallas, TX Dec 2019 Aug 2022 Sr. IAM EngineerPing / OKTA(CIAM) Responsibilities: Created scalable solutions using the Ping suite, including PingDirectory, setting up Service Provider (SP) and Identity Provider (IdP) connections with PingFederate for seamless authentication with external partners. Managed PingFederate upgrades to address security risks and maintain system integrity, ensuring compliance with regulatory standards and integrating CyberArk for enhanced security. Conducted agentless integrations and implemented SAML and OAuth protocols for legacy and modern applications, with CyberArk providing secure, centralized identity management for privileged accounts. Utilized different OAuth grant types in PingFederate to secure API access, obtaining access tokens for granular authentication, while CyberArk managed privileged API credentials. Designed and implemented Ping Identity solutions for web access authentication using Ping Access, PingFederate, and CyberArk to deploy highly available, secure systems for privileged user access. Applied OGNL expressions in PingFederate for dynamic attribute mapping, enforcing flexible policies, and integrating CyberArk to manage privileged identity lifecycles and role-based access. Developed comprehensive customer registration workflows in Okta and integrated CyberArk to ensure secure onboarding and privileged account management for high-risk applications and critical infrastructure. Configured self-service password reset features in Okta, enabling seamless integration with CyberArk to ensure privileged users followed stringent security protocols during credential resets. Integrated SCIM provisioning with Okta and CyberArk to automate user lifecycle management, ensuring privileged access provisioning and deprovisioning across multiple systems and applications. Created custom workflows in Okta to automate password reset link delivery, leveraging CyberArk to manage secure privileged password resets and audits for critical accounts. Deployed adaptive multi-factor authentication (MFA) in Okta, integrating CyberArk for high-security privileged user authentication, including biometric, OTP, and push notifications. Optimized registration and login processes in Okta and CyberArk for privileged users, improving security and efficiency by streamlining access control across high-risk environments. Implemented robust security and compliance measures within Okta and CyberArk frameworks, safeguarding customer data and ensuring regulatory compliance for privileged account management. ITC Infotech, Banglore, India (Associated Bank) Apr 2017 Oct 2019 IAM Engineer Responsibilities: Created and tailored Single Sign-On (SSO) policies within Okta to meet organizational security requirements, effectively balancing user convenience with stringent access controls. Developed a robust Identity and Access Management (IAM) architecture for a large enterprise, focusing on secure access and adherence to regulatory standards. Configured and managed web policies and rules in PingAccess, including CORS, session attributes, Groovy scripting, rewrite rules, and network range rules; adjusted rejection handlers as needed. Set up PingAccess Proxy Gateway to decode JWT tokens and integrated an agent on application servers to facilitate communication with PingFederate. Diagnosed SSO issues by analyzing PingAccess and PingFederate logs and utilizing tools like Fiddler for efficient troubleshooting. Utilized OGNL expressions in PingFederate to modify AD attribute values and selectively pass group information for secure user authentication. Integrated PingDirectory with other IAM systems to create a unified authentication and authorization framework for centralized access management. Supported application teams in migrating Apache/IIS webserver applications to the PingAccess gateway model, enhancing secure access through the latest configurations. Configured multiple OAuth grant types, including Implicit, Authorization Code, Client Credentials, and ROPC, aligning with application-specific protocols and requirements. Used tools like Postman to troubleshoot and resolve grant type configurations by simulating OAuth flows and interpreting log data for accuracy. Enhanced OAuth flow security by implementing policies for token expiry, revocation, and encryption, safeguarding sensitive data and improving process efficiency. Partnered with application and security teams to build OAuth-based authentication and authorization solutions via PingFederate, ensuring best practices and secure integrations. Stayed informed on evolving OAuth standards to apply industry best practices and maintain up-to-date solutions for seamless compliance. Led an L2 team in handling migrations and transitions, ensuring a smooth deployment process with minimal disruptions. Deployed PingID for organization-wide multi-factor authentication, strengthening user verification processes. Demonstrated expertise in identity standards such as SAML, OAuth, OpenID Connect, and integrated PingFederate with LDAP directories and relational databases. Contributed to code reviews, testing, and documentation processes to maintain high-quality standards for OAuth-related components and integrations. SynTech, Pune, India(TIAA) June 2014 Mar 2017 Security Engineer Responsibilities: Installed, Configured and Maintained SiteMinder Web Agents Used SiteMinder Policy Server which provides policy management, authentication, authorization, and accounting. Worked on Various authentication schemes like HTML, NTLM, Form based, Custom authentication. Worked on Directory integration involving LDAP, Active Directory and CA directories. Used SiteMinder which provides several caches that can be configured to maintain copies of recently accessed data to improve system performance. Used SiteMinder to ensure user ability to access information quickly and securely. Web Agents store contextual information about user access privileges in session cache. Worked on Optimizing performance by modifying the cache settings. Worked with Agent Resource Cache which stores a record of accesses resources, Agent User cache which maintains users encrypted session tickets. Enabled single sign-on across Web servers in a single cookie domain or across multiple cookie domains without requiring users to re-authenticate. Upgraded the Web Agents from v.4.5.1 to v5.x in all the environments. Installed patches on policy servers. Customizing the LDAP schema for the client needs Worked on creation of security policies for SiteMinder. Problem determination using local error logs and by running user traces and service traces. EDUCATION Bachelor s in Chaitanya Bharathi Institute of Technology Keywords: continuous integration continuous deployment sthree active directory information technology golang California Delaware Idaho Texas