Zeeshan Ansari

Sr. IAM / SailPoint Engineer

Contact: (470) 396-0139
Email: [email protected]

PROFESSIONAL SUMMARY:

 Overall 9+ years of Extensive Experiences in Identity Access management (IAM) tools with, PAM,
SailPoint, LDAP, Active Directory, PowerShell, SQL, SMAL, OpenID, SSO, CyberArk.
 Extensive experience in Privileged Access Management tools like CyberArk.
 Reviewed layout and setup of Enterprise Password Vault solutions on client site including Privileged
Identity Manager and Thycotic Secret Server.
 Experience in Identity/Compliance Management Solutions, Lifecycle Manager and User
Provisioning.
 Provided ITIL based support of multiple legacy applications of my Access IAM system.
 Experienced with ITSM & PAM Operational Tasks - defining access control, user entitlements and
user access policy management.
 Designed and configured SailPoint IdentityIQ 6.3 to manage the identity and access of users to on
premise apps.
 Working on creating batch jobs using Autosys as the job scheduler and technologies like SQL
Invoker, UNIX shell scripting and core java. Integrate LDAP/S, Active Directory, oracle
authentication methods using CyberArk.
 Experience in Identity and Access Management project (IAM) and Role Based Access Control
(RBAC) implementation.
 Tested custom configuration of SailPoint Identity and out of box Workflows as per the business
needs.
 Experience as a configuration administrator to protect web applications using CA SiteMinder.
 Demonstrated experience in Installation, Configuration, Implementation, Maintenance &
Troubleshooting of SailPoint IIQ, Saviynt, OKTA, CyberArk, Thycotic, HYPR IAM solutions
 Monitors connectors for federated systems and Active Directory access to ForgeRock LDAP
 Excellent understanding and knowledge of Identity and Access Management (IAM) and Role Based
Access Control (RBAC)
 Expertise in designing and implementing Enterprise Single-Sign-On SSO, Identity and Access
Management solutions including Federated SSO using SAML.
 Migrated on premise servers, hard drivers and web applications to azure leveraging on PowerShell.
 Created SSIS packages to import the data into SQL server.
 Good understanding of Web Technologies like HTTP Protocol, fiddler, SAML Trace, HTML, Web-
Form encoding. Worked on OAuth2.0 Grant types to get Access Token to access Protected API's.
 Integrated OAuth2.0 with Ping federate to protect RESTful API's.
 Protected multiple applications both webs based, and API based using Ping Access and Ping
Federate.
 Worked on OAuth Integration using Ping Federate and Ping Access and implementing Federation
SAML services to SSO into third-party vendors.
 Implemented OAuth to access the protected API with Access Token by using Different OAuth Grant
types.
 Excellent working experience on all three modules of SailPoint, Including Compliance, Governance,
and Life Cycle Manager (LCM). Worked on out of box connectors such as JDBC, delimiter, LDAP,
AD, SAP, RACF etc.
 Implemented Hashi Corp tools like Vagrant, Terraform, Consul, Vault. Creating Docker containers
for managing the application life cycle.
 Developed tools using Python, Shell scripting, XML to automate some of the menial tasks.
 Develop core features for global wealth management group including Membership provider, Role
provider, Templated user controls, Security Token, Federation, Config encryption/decryption, FA
Simulation/Impersonation, Control Test, Provider Test, and Federation Test applications for Online
Banking.
 Experience with SSO and federation using SAML 2.0, OAuth 2.0, OpenID connect (OIDC) and WS-
Federation.
 Expertise in Azure infrastructure management (Azure Web Roles, Worker Roles, SQL Azure, Azure
Storage, Azure AD Licenses, Office365).
 Good working experience on client-side programming like HTML, XHTML, Java Script and CSS.
 Implemented dual factor authentication system for privileged access credential management.
 Deployed and Designed Identity Management, LDAP Directories, Single Sign-On (SSO), Provisioning
and De-Provisioning Identity Workflows, Access Management, RBAC (Role-Based Access Control),
Authentication and Authorization as well as Custom-built Security and Technology Frameworks.

TECHNICAL SKILL:

Identity Application: IAM, CyberArk, Identity Now etc.

Access Management Platforms: IAM, CA Single Sign On (Site Minder), CA AUTH minder, CA Risk minder,
Ping Identity Ping Federate, CA API Gateway, CA Secure Proxy Server, CyberArk.
Open Standards: OAuth2.0, OpenID, Fast Identity Online (FIDO), SAML
LDAP directories: Microsoft Active Directory, CA directory, Oracle RDBMS, MySQL, IBM DB2, Sun Java
Enterprise System (JES) Directory Server, Oracle Virtual Directory. BOSS 4.1, I Planet, Sun One, Tomcat 6.
Programming and Markup Languages: Java, Bean shell, PHP, Perl, Unix Shell (Bourne, Bash, Korn/ksh),
HTML/XHTML, XML/XSL, JavaScript, C/C++, SQL, Oracle PL/SQL, Python, Visual Basic.
Web Technologies: Apache web server, IBM HIS, ASP.NET, C#, VB.NET, Web Services, JSP, JAVA, HTML /
DHTML, XML, SAML, OAUTH WebLogic and WebSphere.

PROFESSIONAL EXPERIENCE

Spectrum, CT Jun 2022 – Present

Sr. IAM/ SailPoint Engineer
Responsibilities:
 Involved in design, Migration and implementation of multiple enterprise level Identity & Access
Management (IAM) solutions.
 Administration experience of CyberArk vault with Safe creation, integration with LDAP and other
authentication methods.
 Assist the Specialist with design and implementation of the Thycotic Secret Server PAM Product.
 Involved in Configuration and development of SailPoint Life Cycle Events (LCM)
 Authentication and Authorization of Privilege users working with CyberArk and Access
Management.
 Setup applications Active Directory, LDAP, Oracle, and Flat Files.
 Installed, configured and administered Netegrity/CA SiteMinder Policy Server 6.0/12.0 and Son One
LDAP Directory 5.2/6.x/7.0 and Sun Identity Manager 7.x/8.x for multiple projects.
 Assist in updating (SailPoint IIQ) workgroups and Monitor SailPoint IIQ product functionalities.
 Implemented OAuth2.0 and OpenID for mobile and non-browser solutions using PingFederate.
 Good Experience in Server-side Framework like Node.js & Java script libraries like React.js and
Redux
 Designed and implemented Enterprise Password Vaults including Thycotic Secret Server and
CyberArk Privileged Identity Manager (PIM) Suite.
 Adept at OIDC, OAuth 2.0 flows and helped organizations move from legacy protocols to modern
authentication.
 Configured AWS IAM and Security Group in Public and Private Subnets in VPC. Docker
infrastructure for Service oriented architecture (SOA) applications.
 Implementation of different direct/custom connectors to connect Mainframe (RACF), Teradata,
UNIX and Oracle. Implemented Access Certification, Automated Provisioning and Identity
Governance aspects of IIQ.
 Installed and configured RACF SailPoint connector to integrate with Mainframe systems.
 Contributed to a method with Hashi corp Packer to test new AWS AMIs before promoting it into
production. Excellent experience in Writing bean shell script.
 Worked with Azure Active Directory and IAM. Worked on Azure AD, Azure AD Connect, and
Federated SSO to control access to various cloud services and components.
 Serve as internal liaison for RBAC/IAM issues with representatives from application solution owners
and Information Security.
 Enabled MFA options based on requirement currently using DUO for sensitive groups like Director
and above and Google Authenticator for rest of the users.
 Configure Saviynt system and custom integrations of the toolset with end user systems and
applications to accomplish Provisioning, De-Provisioning scenarios for internal and external users.
 Implemented POCs using ForgeRock Open AM and ForgeRock OpenIDM. Secured the web
applications under Guide well connect using Open AM.
 Familiar with Access Governance and Compliance, with knowledge of engineering SODS.
 Experienced in designing and deploying migration of SAML partner connections from Oracle
Identity Federation & Simple SAML systems to PingFederate.
 Develop complex workflows and service adapters in the SailPoint Identity IQ configuration interface.
 Developing PowerShell Script files to automate office 365.
 Expert level skills in Java Multithreading, JSP, PHP, Java Script, Enterprise Java Beans and XML
related technologies.
 Experience with Java server side and enterprise applications using JSF, Servlets, Web logic
Application Server, JBoss, XML.
 Previous experience with modern authentication protocols including SAML, OpenID
Connect (OIDC), and OAuth.
 Strong involvement in Service Oriented Architecture (SOA) and distributing and AMI, IAM through
AWS Console and API Integration and Elastic Search.
 Secured Data is stored in MySQL. Vault (by HashiCorp) secures, stores, and tightly controls access
tokens and passwords used by the overall platform, started in the AWS cloud and currently
integrates with several services like: AWS AIM, Amazon.
 Hands on experience in IAM requirement analysis, implementation of Access Gateways and SAML,
OAuth2.0, WSFed and OpenID based integrations using PingFederate.
 Protected Restful API’s using OAuth2.0 in PingFederate so that it can be accessed only with Access
Tokens.
 Hands on experience with IIS, IBM IHS, Apache, Sun One Web servers and WebLogic and
WebSphere Application servers in Identity and access management environment.
 Worked on Access Hub (Saviynt / SailPoint) Developer
 Migrated all SSO Apps configured currently in CA Site Minder to Okta Platform to leverage the
combination of SSO and Contextual MFA.
 Expertise in administrating OKTA and providing support to OKTA clients. Integrate CyberArk with
Okta Platform for SSO & MFA. Integrated more than 25+ applications with Okta to provide SSO &
MFA.
 Experience in creating AWS AMI, have used Hashi corp Packer to create and manage the AMI's.
 Involved in adding direct connectors for Active Directory, LDAP, Exchange Online, Box and UNIX.
 Responsible for improving overall performance of IAM tools through system tuning.
 Working on federation single sign on between third party vendors making both inbound and
outbound calls security exchanging the attributes in SAML both as identity and service provider.
 Developed PowerShell scripts for automating tasks and troubleshooting configurations issues.
 Implementation of Password features (PTA, forgot password, Change Password) of SailPoint IIQ.
 Responsible for mapping requirements to IAM capabilities, SOX controls and PCI controls
 Implemented OAuth2.0 to access the protected API with Access Token by using Different OAuth2.0
Grant types.
 Configuration of Roles, Policies and Certifications for governance compliance and configure
business processes to manage ongoing changes. Developed custom rules and workflows using Bean
Shell and Java.
 Created the IdentityIQ Quick links, Forms, Rules, and Custom Objects to design the workflows.
 Created and trained the model using Artificial Neural Network (ANN) with Python, exposed the
functionality with Python, Django, and REST endpoint.E4EEEEE
 Has experience in implementing IAM solution using ForgeRock Identity Stack (Open IDM, Open AM,
Open DJ).
 Experience in SailPoint tool customization, Report Generation, Integration with end/target systems,
SailPoint APIs, and application Development.
 Identified IAM functional areas in scope and involve in Trusted Third-Party market analysis for IAM.
 Design network for the implementation of Thycotic Secret Server Enterprise Password Vault
solution.
 Administration of Active Directory (AD), DHCP, DNS and various other Infrastructure services.
 worked on the upgrade of IAM technology stack from ITIM 5.1 to ISIM 6.0
 Expert in installation of Okta from scratch with directory integration MFA and SAML integration

Cox Automotive, Atlanta, GA Oct 2020s to

May 2022
Sr. IAM/ SailPoint Engineer
Responsibilities:
 Worked on Provisioning use case development, building to meet compliance and IAM governance.
 Implementation & installation of CyberArk 9.8 v & latest implementation of Cyber-Ark 10.4. &
CyberArk 11.2 v.
 Experience with Oracle Fusion Middleware products
including WebLogic Server, WebLogic Portal, WebLogic SOA Suite, WebCenter Content WCC.
Managed client requirements and configure SailPoint connectors.
 Experience with supporting IAM (SAILPOINT/ SAVIYNT)
 Installed and Configured CA SiteMinder Web Agent on IIS 6.x/7.x, Apache 2.x, Sun One Web
Servers.
 Developed custom PowerShell script to tie into the file system watcher .net class.
 Upgrading CyberArk suite of products from 7.x to 9.x. (CPM, PSM, EPV, PVWA & AIM).
 Build and Configure SailPoint in-built tasks like aggregation, ID refresh, schedule tasks, correlation,
etc.
 Configured and administer Thycotic Secret Server Vault & Cyber-Ark PIM Suite/Enterprise
 Led the successful customization of ISIM based IAM solution for the client's specific requirements.
 Knowledge in IAM-related standards such as SAML, SOAP, LDAP, Open-ID, and OAuth2.0.
 Upgrading from 6.4 to 7.0 and involved in installation of SailPoint IIQ in various environments like
UNIX and Windows.
 Worked on Service Oriented Architecture (SOA) and distributing and AMI, IAM through AWS
Console and API Integration and Elastic Search.
 Implemented Hashi Corp tools like Vagrant, Terraform, Consul, Vault. Creating Docker containers
for managing the application life cycle.
 Having Experience Configuring and managing Azure AD Connect, Azure AD Connect health,
Microsoft Azure Active Directory.
 Experienced in Cloud based Identity and Access Management Solutions like OKTA and PingOne.
Experienced in installing PingFederate and Ping.
 Implemented ForgeRock Open DJ for LDAP data store for internal user data. Implemented data sync
between Active Directory and LDAP using ForgeRock.
 Responsible for enhancing, modifying, providing continuous support, and maintaining the existing
system built using Java Technologies.
 Created the IdentityIQ Quick links, Forms, Rules, and Custom Objects to design the workflows
 Experienced in Token Generator and Token validator as part of STR and RSTR.
 Involved in Signing the SAML using digital certificates
 Worked on SAML Encryption and Decryption for certain financial clients.
 Involved in Provisioning RBAC Resource Groups in Active Directory and CyberArk Safe
 Created scripts using windows PowerShell to automate identity lifecycle managements.
 Involved in adding direct connectors for Active Directory, LDAP, Exchange Online, Oracle and UNIX.
 Handling Identity, Access and Privilege management (Centrify, Thycotic) operation escalations.
 Hands on experience in SailPoint product upgradation (From 7.1 to 7.2).
 Designed and developed web-based software using Java Server Faces (JSF) framework, Spring MVC
Framework and Spring Web Flow.
 Experience with Hashi Corp tools (Terraform, Packer, Vault). Used Terraform to provision the
instances on AWS Cloud. Solid experience in Writing bean shell script.
 Worked on Connector like LDAP, AD, JDBC, Delimited File, RACF Custom Connector based on Web
service APIs, Delimited parse rule, Service now Ticketing system.
 Involved end to end Okta architecture workflow and deployed Okta (SSO, MFA & Provisioning)
Confidential Vistara energy.
 Configuration of Roles, Policies and Certifications for governance compliance and also configure
business processes to manage ongoing changes.
 Experience in integration wif OKTA and Worked on Multifactor Authentication Using OKTA
 Worked on installing, configuring and upgrading/migrating SailPoint IIQ IAM solution components.
 Using IIQ Console for operations such as checkout, import, connector Debug etc.
 Experience in installing Okta’ s Lightweight agent to integrate with Active Directory.
 Troubleshooting issues related to SSO, authentication and authorization, as well as troubleshooting
LDAP issues. (TID, LID mapping methods). Worked on out of box connectors such as JDBC,
delimiter, LDAP, AD, SAP, RACF etc.
 In-depth knowledge on various AWS Services including EC2, VPC (NAT, Peering, VPN), IAM, EC2
Container service, Elastic Beanstalk, Lambda, S3, Cloud Front, Glacier, RDS, DynamoDB, Elastic
Cache, Redshift, Direct Connect, Route 53, cloud watch, Cloud Formation, Cloud Trial, Upwork’s,
Amazon Elastic Map Reduce (EMR), AWS IoT, SNS, SQS, Lambda, API Gateway, AWS Alexa etc.
 Created a run book based on - Okta deployment process, AD installation and Troubleshooting guide.
 Experience monitoring, troubleshooting, and backup and recovery processes; Solid Understanding
of SAML, OIDC, OAuth, Agent, and REST APIs with java. Used Ping API to deploy and create SAML
changes.
 Excellent Programming skills at a higher level of abstraction using Scala, Java and Python.
 Integrated Ping Access and Ping Federate using OAuth2.0. Worked on Implementing OAuth2.0
 Configuration with the Clients to get the Access Token to access the web API’s.
 Worked on OAuth2.0 Grant types to get Access Token to access Protected API’s.
 Integrated OAuth2.0 with Ping Access to protect Restful API’s.
 Secure transformation of PAM and IAM services to Azure Cloud Systems and Services
 Solid experience in implementing IAM solution using ForgeRock Identity Stack (OpenID, Open AM).
 Designed and implemented Enterprise Password Vaults including Thycotic Secret Server and Cyber-
Ark Privileged Identity Manager (PIM) Suite. Design of full PAM system for On Premise and Data
Center PAM, CPM, PVWA
 Installing and Upgrading Okta Agents (Active Directory, Radius and LDAP Agent) on a regular basis.

Financial Technology Partners, CA July 2017 to

Sep 2020
Sr. IAM/ SailPoint Engineer
Responsibilities:
 Improved Identity and Access Management (IAM) capabilities by controlling access to applications
and systems that contain critical and sensitive information.
 Experience providing federation solutions using SAML 2.0, Ping Federate and CA
SiteMinder Federation Service. Developed custom rules and workflows using Bean Shell and Java.
 Designed and deployed SailPoint Identity IQ to connect to data sources on diverse agency networks
and integrated SailPoint IIQ data with multiple external databases and applications.
 CyberArk Deployment and engineering of PAM and IAM Solutions.
 Migrated SAML Based SSO partners from Ping Federate 6.x to Ping Federate 7.x.
 Developed custom Ping Agent using Ping SDK and Implemented SAML Protection with Digital
Signature.
 Very good working experience on all three modules of SailPoint, Including Compliance, Governance,
and Life Cycle Manager (LCM). Created the IdentityIQ Quick links, Forms, Rules, and Custom
Objects to design the workflows
 Experience working on administering various AWS Services using AWS Console, AWS CLI.
 Having Experience Resolving Azure AD issues relating to Office 365, Active Directory to Azure
AD and CAIDM to Active Directory.
 Used Hashi crop Packer to create and manage the AMI's and automated whole AMI creation process
using Jenkins jobs.
 Integrated PAM MFA using RADIUS, SAML (SSO) using Azure, Syslog’s over TCP/UDP/TLS and
ENE for notifications.
 Configured MFA polices and MFA Factors to application access such as Okta verify, SMS
Authentication & Voice call authentication
 Experienced in performance testing the Ping Engine servers depending on the min and max threads,
depending on that we used to scale the number of engine servers per cluster.
 Protected Restful API’s using OAuth2.0 in PingFederate so that it can be accessed only with Access
Tokens.
 Created and trained the model using Artificial Neural Network (ANN) with Python, exposed the
functionality with Python, Django, and REST endpoint.
 Implemented OAuth2.0 to access the protected API with Access Token by using
Different OAuth2.0 Grant types.
 Developed dynamic Emails using JavaScript, and hand coding of HTML/HTML5 and CSS.
 Responsible to create RBAC template for Windows, SQL, Oracle and UNIX platforms
 Worked on Open Token Adapter to establish SSO between two native applications.
 Assist application teams with CyberArk application Identity Manager Integrations and linked
accounts.
 Implemented data sync between Active Directory and LDAP using ForgeRock OpenIDM.
 Perform Installation and configuration of SailPoint IdentityIQ.
 Developed Java classes confirming J2EE design patterns, JNDI, packaged with J2EE specifications
 Involved in POC to evaluate CA PAM and CA Identity Manager Product.
 Excellent understanding and knowledge of Identity and Access Management (IAM).
 Enterprise level web applications using CA SiteMinder integrated with Sun One LDAP, Active
Directory.
 Develop custom SailPoint Build Map Rules and Workflows as per the business needs.
 Configured and administer Thycotic Secret Server Vault & Cyber-Ark PIM Suite/Enterprise
 Responsible for improving overall performance of IAM tools through system tuning.
 Worked on Privileged Account Management with CyberArk PIM suite Administration.
Capital Health, NY Jun 2015 to Jun
2017
IAM/ SailPoint Engineer
Responsibilities: -
 Configuring and troubleshooting multi-customer ISP network environment.
 Involved in network monitoring, alarm notification and acknowledgement.
 Implementing new/changing existing data networks for various projects as per the requirement.
 Troubleshooting complex networks layer 1, 2(frame relay, ATM, Point to Point, ISDN) to layer 3
(routing with MPLS, BGP, EIGRP, OSPF and RIP protocols) technical issues.
 Providing support to networks containing more than 2000 Cisco devices.
 Performing troubleshooting for IOS related bugs by analyzing history and related notes.
 Carrying out documentation for tracking network issue symptoms and large-scale technical
escalations ProxySG
 Managing the Web Gateway service request tickets within the phases of troubleshooting,
maintenance, upgrades, fixes, patches and providing all-round technical support.
 Deployed Next-Generation Firewall ASA-X, SonicWALL, Palo Alto and Fortinet.
 Expertise with Cisco network equipment and LAN and WAN technologies such as switching, routing,
load balancers, TCP/IP, QoS, multicast, network security, and network management. Develop and
maintain documentation of network environment.
 NOC Technical Support to administer, evaluate, install, maintain, and provide overall support for
LANs and WANs, including backbone components such as routers and switches. Perform planning,
cost analysis, and all aspects of large-scale projects.
 Knowledge of Design, test and implement interface programs, develop security procedures, and
regulate Web Gateway usage. Configuration and maintenance experience with Fortinet FortiGate
physical firewalls.
 Experience of Design, testing, and implementing large scale LAN and WAN network applications
and troubleshoot problem areas.
 Used and Maintained Routing Protocols BGP, TCP/IP, BGP, ISIS, OSPF, MPLS, RSVP, and VRRP in a
dual-stack IPv4/6 environment.
 Diagnose and troubleshoot complex data/cellular, Wi-Fi, wireless interfaces with customers,
network, and other technical issues. Commissioning and Decommissioning of the MPLS circuits for
various field offices.
 Preparing feasibility report for various upgrades and installations.
 Installation and maintenance of new network connections for the customers.
 Implemented 8x8 VOIP solutions on site and ran network diagnostics test and network assessment
test.