KAZI HAMIDULLAH

SUMMARY:

 Over 12+ years of IT experience, 3 years experienced in (SailPoint,SSO,PAM) 3+ years experienced in

IAM (Identity and Access Management).
 Extensive experience in financial and access management projects.
 Worked with Active Directory, LDAP/UNIX groups, Networks, Human Resource systems for Identity
and Access Management.
 Managed projects for design, configuration and implementation of SailPoint IIQ, including
coordinating with vendor leadership, technical services leadership, and end user customers.
 Understanding of directories (AD/LDAP) and group structures, policies etc, SAML 2.0, Frame set up
for enterprise level Role mining, Role Based Access Control (RBAC), Multi Factor Authentication
(MFA), Single Sign on (SSO), PAM (Privileged Account Management)/ (Privileged Identity
Management), Entitlement Management and Identity Management.
 Experience as a security professional in installing, managing and monitoring of CyberArk Privileged
account security tool modules.
 Part of Privileged Access Management (PAM) Remediation and Engineering team whose role is to
secure Web Based applications on user access and authorization.
 Strong working experience with Directories, SSO, Federation, Delegated administration, API gateways
(Layer 7).
 Experience in deploying SAML based highly available solutions using Ping Federate and other security
products.
 Extensive experience in client interaction and support maintenance engagement in security.
 Solid command over PKIX, PKCS,
 Designed and implemented Ping Identity Solution for Web Access Authentication using Ping Access
and Ping Federate.
 Administering DHCP Server creation of reservation and configuration of server options.
 Responsible for corporate Cryptographic tools Safenet Appliances and key management
processes/procedures.
 Prepare a plan for user communication to switch from ADFS to Okta SSO. Created a detailed
implementation and migration guide for Office 365 Okta SSO integration.
 Document detailed technical steps to be executed by administrator’s to accomplish federation
configuration switch from ADFS to Okta. Active member of PAM Team responsible for the
deployment of CyberArk Security Initiatives.
 Migrated Web Authentication solutions from CA Single Sign - On (SiteMinder) to Ping Access 3.
 Delivered strategic and tactical service and feature enhancements to end users, including Ping Federate
SAML & OAUTH SSO for over 25 connections and a services integration layer.
 Hands on working experience on LDAP products like Oracle ODSEE, CA Direction.
 Successfully upgraded Ping Federation Services from 6 to 7 and 7 to 8.
 Experience working with API Gateway solutions like: CA API Gateway (Layer 7), API Gateway.
 Working experience with CA Technologies API Gateway (Layer 7) and policy design.
 Experience in development and administration related tasks of CA API Gateway server.
 Experience in deploy, configure, tune and monitor API Gateways.
 Experience in configuring the multiple docker images and creating docker container to provide end to
end automation of CA API Gateways.
 Designed Custom reports for CA API Gateway, enabled client by providing trainings on CA API
Gateway.

 Worked on Integrating CA API Gateway with Ping Federate for Single Sign On.
 Requirements Gathering, Analysis, Designing, developing, testing, deployment and application support
of Identity and Access Management solutions.
 Experienced in all aspects of Identity and AccessManagement including, eDirectory, Access Control,
Audit, Single Sign-On, Privileged AccessManagement, Policy Designing, PKI, Firewalls and load
balancers.
 Implemented OAuth and OpenID for mobile and non-browser solutions using PingFederate.
  Experience working on all the PingFederate OAUTH grant types to get the access token for accessing
the protected API.
 Resolved user support tickets for all systems (Access Manager, Ping Federate, Adaptive
Authentication) Participated in meetings and discussions regarding the rebuild of the current IAM
infrastructure.
 Successfully implemented Web Access Management Solutions using Ping Access 3 and other security
products like CA Single Sign-On (CA Site Minder), migrated Web Authentication solutions from CA
Single Sign-On (Site Minder) to Ping Access 3.
 Designed and implemented Ping Identity Solution for Web Access Authentication using Ping Access
and Ping Federate. Experience in deploying SAML based highly available solutions using Ping
Federate and other security products.
 Experience in working on Pingfederate 5.1, 6.1, 7.1, 7.3, SAML 2.0, SAML 1.1, SAML 1.0, Oauth 2.0,
OpenID/Connect (OIDC).
 Prepare a plan for user communication to switch from ADFS to Okta SSO. Created a detailed
implementation and migration guide for Office 365 Okta SSO integration.
 Document detailed technical steps to be executed by administrator’s to accomplish federation
configuration switch from ADFS to Okta. Active member of PAM Team responsible for the
deployment of CyberArk Security Initiatives.

PROFESSIONAL EXPERIENCE:
IAM Consultant and Developer
Costco Travels

March-2017 to Oct 2022

Responsibilities:

 Design, implemented a solution which manage the Identity lifecycle of almost all applications with the
enterprise, without directly controlling the identity store within the application.
 Development of identity federation connectors from SailPoint to target systems, along with subsequent
access control by SecureAuth.
 Ensure requirements gathered, processes defined, and use cases documented follow out of the box
configuration vs. customization as much as possible
 Managed identity and access management (iam) roles and entitlements for both internal users and
existing customers.
 Develop SailPoint deployment and solution architectures
 Participate in all SailPoint deployment activities - connector configuration, custom rule development,
workflow configuration and development, third party system integration.
 Involved in creating custom reports, certifications to cater various data feeds.
 Achieved SOX and PCI compliance by building a flexible and scalable framework to provide
authentication and authorization services while supporting rules/roles/languages requirements for
various International countries.
 Configured and supported SAML based Identity & Service Provider connections.
 Administration experience of CyberArk vault with Safe creation, integration with LDAP and other
authentication methods. Mitigation of the risks using CyberArk, Aveksa and policy changes on servers.
 Worked with different teams to implement single sign on using SAML 2.0, OAuth 2.0.
 Identified different SAML 2.0 issues and fixed the issue in NetIQ Access Manager 3.2.
 Coordinated with the Service providers and identity providers during the SAML Certificate upgrade
and architectural changes.
 On boarding applications and configuration of privileged accounts in CyberArk.
 Produced policies, realms, rules, and responses to implement the single and dual factor authentication
using RSA Secure ID Token based on the business requirements.
 Applied Single Sign on using SAML 2.0 for Federation Applications.
 Resolved CyberArk issue's in CPM to communicate with a host to accommodate credentials.
  Use privilege access management (PAM)/ Identity and access management (Iam) to review user
access, establish least privilege principles.
 Provide subject matter expertise within the following realms of security: access control systems;
cryptography implementation; operations security; security architecture and models; network security,
security auditing and monitoring; application and Internet security; physical security, and development
of SOPs and security policies.
 Executed password policies for all the applications using SiteMinder Policy Server. Configured APS,
FPS, Rules, and Help Desk Functionality Replacement.
 Strong familiarity on UNIX administration, and networking concepts.
 Installed and configured CA Wily Monitoring Tool and created dashboards and metrics to monitor
Siteminder and LDAP Infrastructure.
 Provided access to users to put passwords in CyberArk through Private Ark and creating vaults.
 Determine operational objectives by studying business functions, gathering information, evaluating
output requirements and formats.
 Generating reports from CyberArk for checking the productivity.
 Define and implement security systems configuration, policies and hardening guidelines
 Involved in implementation, migration and expansion of the company’s identity access management
solution with the help of CyberArk PSM and Maintaining the User Keys.
 Implementing and configuring CyberArk in the environment and did troubleshooting of various
applications and vault servers.
 Maintenance of technical documentation for CyberArk platforms and services
 CyberArk Installation, Implementation and upgrade to latest versions 10.5, 10.8.

IAM Consultant

Highmark

Peoria, IL

Jan-2013 to Feb-2017

Responsibilities:

 Working on federation single sign on between third party vendors making both inbound and outbound
calls security exchanging the attributes in SAML both as identity and service provider.
 Worked on PingOne where all the applications are placed in the docker, authentication call will be
redirected to Federate server and depending upon the applications policies will be triggered
 Involved in CyberArk significant updates from 8x to 9x versions for domestic and worldwide clients.
 Good comprehension of policies in CyberArk Central Policy Manager (CPM) and (PSM).
 Resolved CyberArk issue's in CPM to communicate with a host to accommodate credentials.
 On-boarded Privileged Accounts and Super User IDs in the CyberArk Safes utilizing Bulk upload
utility.
 Part of Privileged Access Management (PAM) Remediation and Engineering team whose role is to
secure Web Based applications on user access and authorization.
 Implementation and create of web policies, password policies. Vault Back-up Management process,
AD Configuration (User to connect AD & Branches). Load Balancer architecture, Application Identity
Manager Design, On-Demand Privileges Manager Design.
 Break Glass Access Management Process, Integration with other Systems (email configuration).
Change Management Process Plan (OS, patch updates). Responsible for Create New User, Activate,
enable user, group and OU account in Active Directory.
 Architect and design the solution for reporting needs that requires custom development using PAM
Business objects (SDK), InfoStream ODBC, Export Modules, and by manipulating Data Tables.
 Develop the Extracts from PAM to data warehouse includes Security Master, Accounting Portfolios,
Security Transactions, Security Positions, and Income Earned etc.
 Develop and implemented solutions like Unrealized Gain loss, weighted average Book value, Security
Location information etc. to support Investment Accounting management decisions.
  Analyze and develop assets Cash information like Manager Cash, Cash Contributions/Withdrawal,
Bank Cash positions to support Operations and Portfolio manager’s decisions.
 Architected and Implementing Windows 2003 Active Directory Migration Prototype with both AD
integrated DDNS and Centralized Unix DNS for 2000+ user site.
 Installed and configured Enterprise Password Vault, Password Vault Web Access, Central Policy
Manager and Privileged Session Manager in Prod and DR environments
 Designed the safe structure for CyberArk authorization model
 Creating and assigning Safes, reconciling accounts, rotating passwords.
 Experience in supporting Microsoft Active Directory.
 Experience with Privileged Identity/access Products, Cyberark, NetIQ Identity Manager and
SecureAuth.
 Troubleshooting applications and scripts by accessing and analyzing logs on Windows servers.
 Good Experience with PVWA servers Managing Applications Credentials, Auto upload and User
Access Policy Management.
 Managing, monitoring and Supporting systems hardware, software, and applications.
 Resolving CyberArk issues, majority of the issue are with CPM related to change password and
reconciliation of credentials.
 Coordinating efforts with vendors for upgrades and system maintenance.
 Managed failed accounts synchronization and password rotations.

IAM Consultant

Highmark

Peoria, IL

Jan-2013 to Feb-2017

Responsibilities:

 Created Static and Dynamic roles, Provisioning policies based on the requirement
 Worked on user identity issues like password issues, inactive profile/accounts issues
 Documentation of TRD, BRD & DLD, analysis of current and future processes/systems
 Worked on Cyber Ark Enterprise Password Vault and PVWA.
 Installed and configured Private Ark to Client to manage Vault server.
 Managing, monitoring and Supporting systems hardware, software, and applications.
 Resolved CyberArk issues in CPM communicate with host to reconcile credentials.
 Researching, recommending, and implementing new solutions in support of project and business
requirements with focus on security and privacy.
 AIM to remove hard coded password from application and stored those credentials in Vault.
 Integrated Active Directory to the Vault Server to discover devices using bind account.
 Efficiently Managed Active Directory implementations across multiple domains.
 Worked on administering of User accounts, Group memberships, and Organizational Units using Active
Directory.
 Coordinating efforts with vendors for upgrades and system maintenance.
 Managed failed accounts synchronization and password rotations.
 Confirming that all projects and infrastructure are properly documented.
 Cyber Ark integration with SIEM tool Arcsight.
 Managed sessions in Privileged session management (PSM).
 Generated reports of the account and devices inventories in the Cyber Ark.
 Perform system, security, and application log and reports reviews following established procedures.
 Good understanding of policies in Cyber Ark Central Policy Manager (CPM) and (PSM) on boarding
windows and Linux accounts.
 Fallback from DR vault server to production in case of production vault server failure.
 Performed real-time proactive security monitoring and reporting on various security enforcement
systems, such as NITRO (SIEM), Anti-virus, Internet content filtering/reporting, malcode prevention,
Firewalls, IDS & IPS, Web security, Anti-spam, etc.
 Analyzed output from network vulnerability assessments and recommend mitigation strategies. Reviewed
and provided feedback on security plans and procedures regarding all aspects of LAN, WAN or MANs as
applicable. Worked with Cyber Ark utilities, PAR explicate, PACLI and PAR client.
 Responsibility includes maintenance of the system by installing and upgrading the application packages
for Siteminder Policy server, Web servers and LDAP.
 Involved in performance tuning activities for SiteMinder and Sun One LDAP Directory Server.
 Installed and configured Apache, Microsoft IIS and Sun iPlanet web servers, Weblogic application
servers, with Netegrity Siteminder authentication, and Sun One LDAP Directory Server.