Venkata Sai Sandeep Vennam

Contact:+1(951-344-1234)
Email:[email protected]
LinkedIn: linkedin.com/in/vennam-s-72b6b6299

PROFESSIONAL SUMMARY
 Over 10 years of expertise in designing, implementing, and managing Identity and Access Management (IAM) solutions.
 Proficient in IAM systems including SailPoint, Okta, CyberArk, PlainID, Ping, and CA SiteMinder.
 Extensive experience in cloud security, compliance, role-based access management (RBAC), federated access management, and
advanced authorization solutions.
 Skilled in leading teams, managing projects, and providing operational support for large-scale environments.
 Strong problem-solving and communication skills with a focus on process improvement and customer satisfaction.
 Extensive experience in configuring and managing public and private cloud infrastructures utilizing AWS, GCP, and Azure.
 Demonstrated ability to develop custom authentication and authorization policies to meet business needs and compliance
requirements.
 Experienced in implementing OAuth, OpenID Connect (OIDC), and SAML for secure user authentication and authorization.
 Proficient in conducting security assessments, risk analysis, and developing mitigation strategies to protect against cyber threats.
 Committed to continuous learning and staying updated with the latest IAM technologies and best practices.
 Certified Information Systems Security Professional (CISSP) with additional certifications in AWS, Azure, and CyberArk.
 Recognized for delivering high-quality solutions and ensuring customer satisfaction through effective communication and
collaboration with stakeholders.

WORK EXPERIENCE

IEEE · Contract | Aug 2019 - Present

Senior Identity & Access Management Engineer
Location: New Jersey, United States · Remote
 IAM Ownership and Maintenance:
o Build IAM Security Solution with PingOne.
o Designed and implemented IAM security solutions using PingOne to centralize and streamline identity management.
o Developed custom authentication and authorization policies.
o Conducted security assessments and implemented best practices to ensure compliance.
o Integrated PingOne with existing IAM infrastructure.
o Configured PingOne Federation for SSO and secure access.
o Integrated Ping Directory with PingOne for unified directory service.
 Build IAM Security Solution with PingOne
o Designed and implemented IAM security solutions using PingOne to centralize and streamline identity management
across the organization.
o Developed custom authentication and authorization policies to enhance security measures and user access controls.
o Utilized PingOne's advanced features to create a scalable and flexible IAM infrastructure that supports both on-premises
and cloud-based applications.
o Conducted security assessments and implemented best practices to ensure compliance with industry standards and
organizational policies.
o Integrated PingOne with existing IAM infrastructure to provide seamless and secure access to applications and services.
 Setup PingOne Federation and Ping Access
o Configured PingOne Federation to enable single sign-on (SSO) and secure access to multiple applications using a single
set of credentials.
o Deployed Ping Access to provide secure access to web applications and APIs, ensuring robust access control and policy
enforcement.
o Established trust relationships between identity providers and service providers, facilitating secure federated access.
o Implemented OAuth and OpenID Connect (OIDC) protocols to support secure and seamless user authentication and
authorization.
o Conducted thorough testing and validation of federation configurations to ensure reliability and security.
 Integrate Ping Directory with PingOne
o Integrated Ping Directory with PingOne to provide a unified directory service for managing user identities and attributes.
o Configured synchronization between Ping Directory and other identity repositories to ensure data consistency and
integrity.
 o Implemented custom schema extensions and attribute mappings to support specific business requirements and enhance
directory functionality.
o Developed and maintained scripts and automation tools to streamline directory integration processes and reduce
administrative overhead.
o Monitored and optimized directory performance to ensure high availability and responsiveness.
 SAML, OAuth, and OIDC Application Onboarding
o Onboarded applications using SAML, OAuth, and OIDC protocols to enable secure and standards-based access control.
o Configured service providers and identity providers for SAML-based single sign-on (SSO) to ensure seamless user
experience and secure access.
o Implemented OAuth flows for authorization and resource access, leveraging PingOne's capabilities to manage access
tokens and scopes.
o Developed custom OIDC configurations to support dynamic client registration, token introspection, and userinfo
endpoints.
o Provided technical support and troubleshooting for application onboarding processes, ensuring smooth integration and
operation.
 Conducted in-depth technical research, assessments, and performance analysis.
 Led scalability and performance planning for future IAM and PAM needs.
 Reviewed and adjusted IAM processes to align with industry best practices.
 Provided guidance and support for non-human account management.
 Served as SME on IAM, partnering with all business lines to manage identity repositories.
 Led operational and strategic planning for new authentication tools and systems.
 Implemented SailPoint IdentityIQ solutions, managing identity lifecycle processes, and performing regular health checks and
maintenance.
 Integrated Okta for SSO and MFA, enhancing security and user experience across multiple applications.
 Developed and enforced Okta policies and workflows.
 Implemented CyberArk Privileged Access Security solutions, conducting privileged account discovery and onboarding processes.
 Implemented and configured the PlainID Authorization Platform, collaborating with clients' IT teams.
 Provided advanced technical support and troubleshooting for complex issues related to PlainID implementations.
 Developed and maintained technical documentation, including installation guides, configuration instructions, and troubleshooting
procedures.
 Led and guided support teams in resolving complex issues and architecting effective solutions.
 Stayed up-to-date on the latest PlainID features, updates, and best practices.

USAA · Contract | May 2017 - Jul 2019

Senior Identity & Access Management Engineer
Location: Tampa, Florida, United States · Remote
 Created role-based access policies and risk profiles for applications.
 Conducted business analysis to ensure solutions met business and risk organization requirements.
 Worked with internal audit to develop certification campaigns and attestations.
 Developed cost-benefit and risk analysis models for new development efforts.
 Implemented technologies for discovery, reporting, and control of confidential data.
 Developed least privilege models for Active Directory and critical applications.
 Customized workflows and connectors to integrate with various systems, ensuring seamless identity management.
 Configured and managed Okta for seamless SSO and MFA across enterprise applications.
 Automated the onboarding of privileged accounts and maintained regular audits to ensure compliance.
 Deployed PlainID solutions for advanced authorization, enhancing security and compliance.

Tech Mahindra · Full-time | Jun 2014 - Apr 2017

Identity & Access Management Engineer Mid
Location: Mumbai Metropolitan Region · On-site
 Coordinated between IT and audit teams for IAM services management.
 Managed password management, SSO, Active Directory, and authentication services.
 Provided thought leadership in IT strategy, operations, and innovations.
 Conducted research into new IAM technologies, tools, components, and frameworks.
 Implemented and managed identity governance processes, ensuring compliance with regulatory requirements.
 Deployed and maintained Okta solutions, enhancing user experience and security posture.
 Conducted risk assessments and implemented mitigations for privileged access security.
 Integrated PlainID for advanced authorization management, improving policy enforcement and auditing capabilities.
EDUCATION
Bachelor's Degree in Computer Science | VIT University | 2010-2014

PROFESSIONAL SKILLS
 Identity & Access Management: SailPoint, Okta, CyberArk, PlainID, CA Identity Manager, Varonis, Avkesa, Microsoft MFA,
ForgeRock, Ping, Active Directory, Azure Active Directory, Radiant Logic Virtual Directory Service (VDS)
 Communication: Excellent verbal and written communication skills, good customer liaison skills
 Problem-Solving & Decision-Making: Strong problem-solving skills, decision-making abilities, experimental mindset to drive
innovation
 Operating System Administration: Cross-platform operating system administrative skills
 Security Protocols and Standards: Proficiency in LDAP, SAML, OpenID, OAuth, MFA, risk-based authentication, privileged
access management
 Programming: Advanced Java knowledge for custom plugin development, Bean Shell, JavaScript, Java (including JSP
programming), web-based applications, REST APIs, JSON, RDBMS databases, SQL code
 Cloud Infrastructure: Solid understanding of cloud concepts, hands-on knowledge of Azure/AD or other cloud identity
environments, AWS, Google Cloud Platform, IDM integration across domains
 Project & Team Management: Proven ability to lead teams and manage projects
 Integration & Configuration: Demonstrated experience integrating data sources/applications into VDS, configuring VDS data
access views and permissions, correlating and synchronizing identities
 Development Tools: Experience with development tools like GitHub and Eclipse
 Additional Skills: Knowledge of IAM governance and compliance, familiarity with DevSecOps practices, understanding of Zero
Trust security models, knowledge of incident response and threat management

CERTIFICATIONS
 Certified Information Systems Security Professional (CISSP)
 Microsoft Certified: Azure Developer Associate
 Microsoft Certified Identity and Access Administrator Associate
 AWS Certified Solutions Architect - Associate
 AWS Certified Security - Specialty
 CyberArk Defender Access (ACC-DEF)
 CyberArk Defender EPM (EPM-DEF)
 CyberArk Defender PAM (PAM-DEF)
 Okta Certified Consultant

PROJECT HIGHLIGHTS
 Detection of DDoS Attacks Using Machine Learning Techniques: A Hybrid Approach
o Developed a hybrid model to detect DDoS attacks, enhancing network security and mitigating potential threats.
o Integrated PlainID to manage dynamic authorization for the model, ensuring secure and efficient access control.
 Evaluating the Model Resilience Against Cyber Threats
o Assessed various models' resilience against cyber threats, contributing to the development of more robust security
protocols.
o Utilized PlainID for dynamic authorization management, ensuring only authorized access to sensitive datasets and model
resources.
 Intelligent Sand Pushcart Project
o Led the design and implementation of an intelligent sand pushcart, integrating smart technologies for improved efficiency
and user experience.
o Deployed PlainID for granular access control, ensuring secure data exchange and system integrity.
 Optimizing Delivery Speeds for Enhanced Customer Satisfaction Through Enhancement of AI/ML Models
o Improved AI/ML models to optimize delivery speeds, resulting in increased customer satisfaction and operational
efficiency.
o Implemented PlainID for policy-based access control, enhancing security and compliance.
 Smart Traffic Signal System
o Developed a smart traffic signal system to manage traffic flow more effectively, reducing congestion and improving
urban mobility.
o Integrated PlainID to manage dynamic authorization, ensuring secure and efficient data access and control.
ADDITIONAL EXPERIENCE
 User Acceptance Testing (UAT) and System Integration Testing (SIT)
o Led UAT and SIT sessions for end-users to ensure seamless integration and functionality of implemented solutions.
 Oracle E-Business Suite (EBS) Customizations
o Developed form rules within the Preventive Controls Governor to restrict manual entry of Internal Sales Orders for Sales
and Quick Sales Order Forms.
o Created form rules to limit the reopening of accounting periods within the Accounts Payable module.
o Established form rules to prevent users from copying Sales Order IDs.
o Proposed strategies to resolve intra-role and inter-role Segregation of Duties (SoD) conflicts.
 Identity and Access Management (IAM) Services Management
o Managed IAM services including Authoritative Source Identity Management, Provisioning, Authentication,
Authorization, Monitoring & Certifications, Auditing & Reporting.
 Delinea Services Implementation
o Delivered Delinea services by installing, configuring, and customizing Delinea Software.
o Led the implementation of Delinea solutions in client environments, adhering to best practices.
o Integrated Secret Server with on-premise Active Directory, Azure AD, ServiceNow, and SIEM tools.
o Migrated privileged accounts from third-party password applications.
o Managed the migration of Secret Server from on-premise setups to the Secret Server Cloud.
 Oracle Identity Governance Suite Implementation
o Implemented the Oracle Identity Governance Suite for a major financial organization in France.
o Bypassed the Oracle Identity Manager (OIM) approval process for specific responsibilities.
o Integrated Secret Server with Azure AD, ServiceNow, and SIEM, including SCIM Connector integration with SailPoint.
o Managed privileged account migrations and onboarding.