Home

SRIKANTH - CYBER SECURITY ENG, IAM

[email protected]

Location: Richmond, Virginia, USA

Relocation:

Visa: H1B

Employer : [email protected]; [email protected]; (609) 778-4215 ext 1000 SRIKANTH SUMMARY Around 10 years of professional experience in the various phases of SDLC adopting Waterfall, Agile, WOW and DevOps. Ability to understand requirements in various business domains like telecommunication, financial (Payments, Mortgage). Experience with IT Infrastructure components such as Unix/Linux/Wintel Servers, Networks, load balancers, Web Logic, LDAP, AD, Databases, Enterprise Monitoring, Identity and Access Management Solutions for Single-Sign-On. Good Problem Analysis, Troubleshooting and Resolution skills by making use of logs and monitoring tools. Experience on AWS cloud services of EC2, EB, S3, cloud watch, ES (open search), lambda, Kinesis, Route53, SNS, SM, RDS, Target groups, AWS secret manager, ECS. Decent experience in developing application framework and debugging using python. Experience in System Administration, Troubleshooting, Security, Disaster Recovery, Performance Monitoring. Experience in on-boarding and troubleshooting applications (SOX, FHFA, COTS, SAAS, Homegrown in PING (SSO). Strong experience in monitoring tools DynaTrace , Splunk and Extrahop. Experience in configuration of CyberArk Vault, Password Vault Web Access (PVWA), Central Password Manager (CPM) and Privileged Session Manager (PSM). Strong experience in Linux administration and Enterprise Server Integration. Installed, created and implemented policies CyberArk EPM. Developed and implemented processes for on-boarding users and Privilege Accounts to CyberArk. Integration of Event Notification Engine (ENE) & Service now ticketing system to CyberArk in PVWA. Experience in creating custom PSM and CPM custom plugins for CyberArk. Good at understanding and communicating CyberArk's role in the privileged account security space. Scripting experience for automation of the processes by using bash, python for minor daily tasks. 24x7 on-call production support and troubleshooting problems arising in production for mission critical and enterprise level applications. Experienced in generating reports (technical findings, feedback, resolution steps), performing root cause analysis. Involved in process improvement initiatives. Experienced in implementing the best practices and implementation of high availability, failover, replication, backup and recovery for different scenarios. Knowledge on vault technology- Hardening, privileged access management, DDoS attacks and detection. Good knowledge on OSI model and OWASP top 10 (SQLi, XSS, CSRF, SSRF). Conversant with system and application security risks, threats and vulnerabilities. Knowledge of key technical concepts such as network design, cloud platform architecture and understanding of information security governance programs and Cybersecurity control framework concepts such as NIST. Decent knowledge on all eight domains of CISSP and PCI DSS requirements. A can-do attitude, drive, and motivation to recognize enhancement opportunities and complete complex tasks. Received Certificate of appreciation in recognition of above and beyond service. EDUCATIONAL QUALIFICATIONS Master s in Electrical & Computer Science Engineering May 2015 New York Institute of Technology (NYIT), Manhattan, New York. GPA: 3.32 Bachelor of Engineering in Electronics & Communication Engineering May 2013 Jawaharlal Nehru Technological University (JNTUH), Telangana, India. GPA: 3.50 Monitoring Tools Dynatrace, Splunk, ExtraHop, SiteScope, Topaz, Kibana, AWS Cloud watch, Visor, Catchpoint Reporting Tools SEIM Splunk, Tableau, SAS EG 7.1, Base SAS Database Tools Toad Data Point/Oracle , SQL Developer - Oracle 10g/12C, SQL server Management studio(2008), AWS RDS- PostgreSQL IAM Tools Ping (SSO, PF,PA,PD), Siebel, SiteMinder, CyberArk(SWS), SailPoint Servers (App/Web) Apache Tomcat, Oracle Weblogic10/12, Apache HTTP webserver, IIS Tools/Frameworks SAML Tracer, Postman, Putty, Tectia, WinSCP, Service Now, Jira, Lightweight Directory Access Protocol, Active Directory, Autosys, MFA DUO SQL plus, JMS, EAST, WNA Kerberos, Excel, Ping federate, Ping Access, Ping Directory, Privileged Access Management Languages LINUX, SQL, Python, SAS Repositories GitHub, Bitbucket Collaboration Tools Confluence, SharePoint, Subversion Deployment Tools Jenkins, AWS CodeDeploy, Urban code deploy Scripting Languages XML, Python, bash Operating System Windows XP, Windows 7, Windows 8, Linux Red Hat, Linux SUSE Unix Protocols SAML 2.0, OIDC, IdP initiated, SP initiated, OAuth, ROPC, MFA, APIGEE Network Protocols TCP , IP, FTP, HTTPS, HTTP TECHNICAL SKILLS Experience: Access Management and Infosec September 2018 Present CyberSecurity developer/ Production Support Fannie Mae Reston, VA Responsibilities: Experienced in cross functional work mode to triage and fix the issues by troubleshooting access, audit and server logs in linux, splunk, kibana on various platforms and monitoring tools. Understanding complex issues at different levels like DMZ (WAF) network layer, Gateway Servers, GTM s, LTM s, cloud admin/runtime servers, on-prem involving unix, middleware, network, application and emergency teams. Experience with scheduling jobs such as autosys and cronjobs. Assisted management on different internal and external audits by generating reports and evidence needed. Team player with all the BAU activities for SSO and PAM solutions. Ensure by testing that all Identity and access management services like Role Based Access- RBAC are secure, available, efficient and meet defined corporate services levels. Follow the corporate security controls policies. Single-sign- on Authentication and Authorization (PING, PINGONE, PINGDIRECTORY) Responsible for supporting, migrating customer facing applications into Ping SSO from existing systems such as Siebel, SiteMinder and conventional home grown authentication systems involving different gateways like B2B, XML. Experience with access/opaque token, refresh tokens, session tokens, JSON web tokens, selectors, adapters, token mappings, policies and procedures, SAML tracer and Postman for troubleshooting Ping application involving REST API S security. Reviewed multiple cloud and on-prem applications base to onboard them on to PING. Experience leading IDP/SP/JWT certification renewals. Updated SSL certificates for the different supported applications. Good experience is Fail over and fail back of most of the ping products (Ping Federate, Access, Directory) and it s respective REST services. Privileged Access Management (CyberArk Custom CPM, PSM plugins ; Secure Web Sessions) To develop custom PSM connectors using Plugin Generator Utility (PGU) and document the process. To develop custom CPM plugins, implement new flow for social media accounts and document the process. To build and test out of box PSM and CPM connectors as per the client needs. Good knowledge on Secure-Web-Sessions . Secure Web Sessions is an add-on to CyberArk Identity Single Sign-On and serves as an authentication factor for accessing protected web applications. Web sessions are recorded and accessible through the portal for validated users. Responsibilities include Installation and configuration of CyberArk Vault, CPM, CyberArk PVWA, AIM, PSM and PSM SSH proxy Architecture and design. Experience in CyberArk Privileged Account Security product suite Enterprise, Password Vault, Password Vault Web Access, Central Policy Manager, Privileged. Supported 300 applications which are using Cyberark AIM credential provider to access the credentials. Create AD users and groups for safe delegation and updates for least privilege user access, access automation methods. Conduct workshops with application and infrastructure teams about on-boarding privileged accounts. On-board privileged accounts and application ids with CyberArk upload utility or PVWA. Assist application teams with CyberArk application Identity Manager Integrations and linked accounts. Configured Jenkins to run automated jobs for the health of the components. Developed few scripts to automate reports for day-to-day duties. Maintain PSM recording and check the session recorded and the log. Knowledge of PKI encryption and decryption functionalities in the Vault and EPV. Maintain EPV for password authentication. Maintain Central Policy Manager (CPM) where all account resides. Experience with PAM operational tasks using cyberark i.e., creating safes, defining access control, policies and procedures, platforms, user provisioning and entitlements, managing application credentials and user access policy management. Involved on writing power shell scripts for health check of the vaults. Experienced with different connectors such as Active Directory, Oracle Database Direct, JDBC and Delimited File. Knowledge on Roles, Life Cycle Manager, Policies and Reports. Setup conjur and PTA in the POC. Experienced with Identity and access management/governance concepts as Password Management, Self-Service, Authorization, and Authentication. MY T-Mobile May 2018 August 2018 Application Developer/Production Support T-Mobile, Seattle, WA Responsibilities: Configured dashboards in Splunk for CyberArk application. Ensure ongoing CyberArk system Maintenance is scheduled and completed on time. Ensure that all Identity and access management services are secure, available, efficient and meet defined corporate services levels. General managing of Cyber-Ark Security that offers any enterprise a wide range of services and support options to making digital vault solution a success; these services include implementation, consulting, training, maintenance, online support and vault scripting, SIEM. Contribute to security procedures/controls/policies within established guidelines Worked on installing, configuring splunk on linux, solaris servers, to enable log, port monitoring of servers, applications, escalating issues to the particular teams. Configured Security group for EC2 Windows and Linux instances. Implementing network security, authentication, protocols and & encryption procedures. Deployment of Privileged Identity Management (PIM), LDAP directories, Privileged Access Management (PAM). Resolved CyberArk issue's in CPM to communicate with a host to accommodate credentials. Implemented CyberArk Policies and supported customers who are having issues accessing. Troubleshooting and maintenance of the Password Vault, Central Password Manager (CPM), Privileged Session Manager (PSM), Application Identity Manager(AIM). Experienced in day to day operational support in adding and deleting accounts, applying policies, assigning safes, synchronizing failed accounts, Password rotations. Maintain PSM recording and check the session recorded and the log. Maintain Central Policy Manager (CPM) where all account resides. Worked on multi factor authentications in CyberArk using LDAP, PKI, RSA SecurID, RADIUS, and Oracle SSO. Experience with Application Identity Manger (AIM) which provides the solution to eliminate need of hard-coded credentials from application, scripts or configuration files. Coordinated LDAP combination with AD and system security group to open firewall ports. On-board privileged accounts and application ids with CyberArk Password upload utility or PVWA. Good experience in ticketing system like Service Now, SMTP, SIEM, NTP integration. Experience in performing Privileged Account Management with fair understanding the underlying business processes. On boarding windows and Linux accounts. Utilization of Active Directory, LDAP and different servers for troubleshooting customer s problems. Perform daily health checks in line with Standard Operating Procedures (SOPs), Policies, and Work Instructions (WIs) Swift and Neft API Transactions January 2018 April 2018 System Administrator Deutsche Bank Responsibilities: Responsible for maximum uptime of the support application/system in both Production and UAT during hours of operation and off hour production emergencies and deployments making use of Jenkins CI/CD among various others. To participate in fail over disaster recovery (OOR) activities. Silo-ing the traffic from one hub to another as part of maintenance and LT02 LTO3 activities. Creating and enhancement of scripts in bash and Python for various smooth background business operations. As part of production release flipped AWS blue stack servers (Pre-production servers) to green stack servers (Real existing production servers ). Perform network/system troubleshooting to analyze/resolve problems at user and system levels via Incidents and ITSRs. Coordinate and manage Problem/Change/Release management on application configurations changes and all other activities between internal and external in support of Service Management framework. Worked on installing, configuring splunk on linux, solaris servers, to enable log, port monitoring of servers, applications, escalating issues to the particular teams. Participate in release process/program and debug/troubleshoot the issues. Edit & Estimation Subsystem January 2016 December 2017 Programmer Analyst U.S. DEPARTMENT OF LABOUR Responsibilities: Developed and deployed AutoSys jobs, modifying the JIL files for scheduling daily and monthly job runs. Responsible for maximum uptime of the support application/system in both Production and UAT during hours of operation and off hour production emergencies and deployments making use of Jenkins CI/CD among various others. Responsible for the maintenance, configuration, and reliable operation of computer systems, network servers, and virtualization. Responsible for migrating SQL codes and data across the servers, within the server and in subversion tool and JMS Java Messaging Service. Enhancements of existing bash shell scripts according to new business requirements. Create, develop, and track solutions to application errors reported at different platforms like databases, Middleware and network layer areas. Programmer Analyst Sanofi Pasteur, Swiftwater, PA June 2014 - December 2015 Responsibilities: Application development and support using SAS based tools. Develop new functionality as designed applications, reports, interfaces and Conversions. Create technical specification documentation based on functional Specifications. Create and deliver project documentation, status reports and training. Gained knowledge on servers consolidations and cloud servers environment. . Keywords: continuous integration continuous deployment sthree active directory information technology Pennsylvania Virginia Washington