Sandeep Malipeddi

Contact No: +1 856-338-8207

Email ID: [email protected]

Professional Summary:
 Professional 10+ years of experience in Information Technology, which includes demonstrated work
experience in the design, development, testing, and implementation of enterprise-wide security
applications using CA SiteMinder, PingFederate, Ping Access, Ping Directory, CA Directory, Active
Directory on Windows, Unix, and Linux.
 Expertise in Cyber Security & Information Assurance with deep Knowledge of Identity and Access
Management security, Application Security, Vulnerability Management, and Access Control Issues
related to Cyber Systems and Networks, AWS Cloud Security, Penetration Testing methodology,
Malware detection techniques, recommended Information Assurance Policies and Standards.
 Experience in OAM (Oracle Access Management), SSO, ForgeRock Open AM, and Open DJ. Involved in
various SiteMinder upgrades including Okta
 Experience as a security professional in installing, managing, and monitoring CyberArk Privileged
account security tool modules.
 Assist application teams with CyberArk Application Identity Manager Integrations and linked
accounts.
 Experience with designing and developing IAM products like SailPoint IIQ.
 Experience with coding in distributed computing domains using technologies Java, XML, etc.
 Installed, integrated, and deployed enterprise software in client environments.
 Developed product customizations in Java and Bean shell to meet customer requirements.
 Handling Joiners, movers, and leavers processes for high-risk business areas by provisioning, de-
provisioning, and amending accesses.
 Excellent understanding of the Agile Software Development Life Cycle (SDLC), STLC, and Agile
Methodologies. Developed projects for the design, and implementation of SailPoint, including
coordinating with vendor leadership, technical services leadership, and end users.
 Hands-on experience in Windows Active Directory administration, DNS, GPU, DHCP, LDAP.
 Implement Microsoft Active Directory (Access Controls, Group Policy, Kerberos Authentication,
naming standards, trust relationships, best practices, security policies, and standards).
 Experience in handling more than 3000+ mix of Windows servers, 400+ ESXi servers, Remote data
centers, Multiple vCenter
 Hands-on experience with customization of ForgeOps Connector development, writing scripts, and
building of ForgeRock workflows.
 Development of review access application (IdentityIQ), bug fixes, the addition of new certification
tools, and user interface changes on business demands.
 Strong knowledge of Web Access Management and SSO technologies (Okta, SAML, and OAuth)
 Experience in using SiteMinder Federation services and web agent option packs to build and maintain
Federation infrastructure to provide SSO functionality to external applications.
 Experience in setting up SAML applications in OKTA Installing AD / IWA agents on member domains,
validating single sign-on, user provisioning, and troubleshooting password synchronization across
multiple Okta platforms.
 Strong understanding of internal technicalities of SailPoint IIQ.
 Continuously improving and automating IAM technologies that consist of PingFederate, Ping Access,
Ping ID, Forge Rock, Okta, SiteMinder, and LDAP directories.
 Hands-on experience in IAM requirement analysis, implementation of Access Gateways and SAML,
OAuth, WS-Fed, and OpenID-based integrations using PingFederate
 Perform installation, configuration, and maintenance of Access Manager and policy agents.
 Expert in generating, and implementing SSL certificates in both IIS 5/6/7,8, Apache 2. x.
 Worked on Ping ID for Multi-Factor authentication in Dev and Production environments.
  Worked on Implementing OAuth Configuration with the Clients to get the Access Token to access the
web API’s

Education Details:
 Bachelor in computer science- JNTU-2013

Technical Skills:
Programming Languages: Java, Python, C#, JavaScript.
Operating Systems: Windows, Linux, macOS.
Frameworks: Spring Boot, Django, .NET Core, React, Visual Studio, IntelliJ IDEA, Eclipse, Android
studio, NetBeans, Visual Studio Code, Atom
Scripting Languages: Bash, PowerShell. IBM WebSphere, SunOne/iPlanet Webserver, BEA WebLogic,
JBoss, SunOne Application Server, IIS (Internet Information Services), Apache, Oracle, MySQL, PostgreSQL,
SQL Server, NoSQL, MongoDB and Redis
Single Sign-On (SSO) and Identity & Access Management: Ping Access 3.0/4.0 PingFederate 7.0/8.0/9.0/10,
Ping ID, Ping One, Shibboleth, ADFS (Active Directory Federation Services) 1.1/2.0/2.1/3.0, Azure AD (Azure
Active Directory), Okta, Azure MFA (Multi-Factor Authentication), CA SiteMinder r12.5x/12.52sp1, CA
SPS12.52sp1
Cloud IAM Solutions: Okta, InAuth, Azure AD, Azure MFA, Ping One

Professional Experience-1

Help Systems, Rochester, MN

Sep 2022 to Present
Role: Sr. IAM Engineer –ForgeRock
Responsibilities:
 Hands-on experience with IAM products (Aveksa, Sailpoint, Oracle IDM, IBM identity manager,
ForgeRock, Ping Identity, Courion, CA Identity)- Design and engineering experience, handling
updates & patches
 Implemented IGA frameworks to manage the entire identity lifecycle, including user onboarding,
role assignment, and deactivation, ensuring compliance with organizational policies.
 Supporting Cloud Applications such as Office 365, Google Apps, Salesforce, Workday, NetSuite, Box,
etc.
 Experience with AWS as a hosting platform.
 Designed and implemented identity lifecycle management processes, including provisioning, de-
provisioning, and reconciliation, using ForgeRock IDM.
 Designed and implemented OAuth2 authorization flows (Authorization Code, Implicit, Client
Credentials) in ForgeRock AM.
 Configured IGA policies for user entitlements and role-based access, automating provisioning and
ensuring only authorized personnel have access to critical systems.
 Developed and enforced IGA controls for privileged access management, reducing the risk of
unauthorized access and enhancing security.
 Worked on configuring Roles, Policies, and Certifications for governance compliance. Experience
with Axiomatics.
 Developed RESTful APIs for user provisioning, authentication, and authorization using the ForgeRock
Identity Platform.
 Designed and implemented RESTful services for integration with third-party systems and
applications.
 Experience in Radiant Logic RadiantOne or other LDAP directories
 Knowledge of solution protocols, including SSL/TLS, HTTP, SAML, Kerberos, S/MIME, SCIM, and
oAuth
  Implemented RBAC policies in ForgeRock IDM and AM to enforce access control based on user roles.
 Implemented OpenID Connect (OIDC) for single sign-on (SSO) and federated identity management
using ForgeRock AM.
 Designed and implemented GraphQL APIs to facilitate efficient and flexible data querying for identity
management solutions.
 Integrated GraphQL with ForgeRock Identity Gateway to provide seamless data access and user
experience.
 Integrated FIDO authentication standards (UAF, U2F, and FIDO2) into ForgeRock AM for strong,
passwordless authentication.
 Worked on Java & SOAP, with Powershell and other scripting languages to automate feeds and
processes
 Worked on the design of a Load Balanced dual OpenAM Infrastructure
 Worked on installation and configuration of OpenDJ
 Worked on OpenAM Integration into Google.
 Worked on building Joiner, Mover, and Leaver workflows to maintain user accounts
 Worked on implementing static/dynamic roles. Configured entitlements and policies
 Worked on application onboarding and assisted applications teams to get applications integrated to
SailPoint
 Experience with the ForgeRock suite of IAM products

Environment: Pingfederate 8. x, 7. x, 6. x,PingAccess 3. x, PingOne 2. x,CA IdentityMinder 12. x,

Netegrity/CA SiteMinder Policy Server 6.0/12.0, CA SiteMinder 5.X/6.X, JDK (Java Development Kit) 1.6/1.7,
J2EE (Java 2 Platform, Enterprise Edition), JDBC (Java Database Connectivity), XML (eXtensible Markup
Language), SAML 2.0 (Security Assertion Markup Language), Sun ONE Directory Server, Microsoft Active
Directory, Azure AD (Azure Active Directory), ADFS (Active Directory Federation Services) Application
Servers: IBM WebSphere Application Server 8. x, 7. x, 6. x, Apache 2.0

Performance Monitoring: Wily Introscope 7.0/7.2

Operating Systems: Solaris 8/9/10, Windows 2000/2003
Databases: Oracle 10g/11g, SQL Server 2005, 2008, 2012, DB2 8. x

Fannie Mae, Washington, DC

Feb 2020 to Aug 2022
Role: Sr. IAM Consultant- ForgeRock
Responsibilities:
 Worked on ping federate both inbound and outbound calls using saml2.0.
 Upgrading Cyber-Ark suite of products from 7. x to 9. x. (CPM, PSM, EPV, PVWA & AIM).
 Worked on Privileged Account Management with CyberArk PIM suite Administration.
 Worked with different teams to implement single sign-on using SAML 2.0, and OAuth 2.0.
 Actively involved in code reviews, discussions, and infrastructure reviews, interacted with internal
project teams and managers
 Experience with IAM products from ForgeRock (Open IDM, Open AM, and Open DJ) and building IAM
solutions implementing OAuth2 and ODIC specifications.
 Identifying distribution and packaging mechanism for the Python package of the solution
 Integrated IGA solutions with enterprise resource planning (ERP) and customer relationship
management (CRM) systems to maintain accurate and up-to-date user access data.
 Conducted IGA risk assessments to identify and remediate high-risk access, ensuring adherence to
regulatory requirements and internal controls.
 Developed IGA workflows for user access requests, including automated approval processes and
escalation procedures, to streamline access management.
 Directly engage with and advise clients on DIAM implementation to coordinate technical, security,
and process aspects of DIAM integration.
 Developed custom IGA connectors for integration with cloud and on-premises applications,
automating the synchronization of identity and access data.
 Worked from technical specifications to independently develop test scenarios to test and verify
Identity and Access management solutions. Tested custom configuration of SailPoint Identity and out-
of-box Workflow as per the business needs.
 Tested Employee and contingent workers provisioning, offboarding, onboarding, rehiring, and LOA
process in Identity and Access Management solutions as per customer requirements.
 Experienced in AWS EC2, EBS, ELB scaling groups, Trusted Advisor, S3, Cloud Watch, Cloud Front,
IAM, Security Groups, and Auto-Scaling.
 Configured OIDC providers and clients for secure authentication and authorization flows.
 Developed custom OIDC scopes and claims to support fine-grained access control.
 Integrated ForgeRock AM with external OIDC identity providers for seamless user authentication.
 Identifying distribution and packaging mechanisms for the Python package of the solution.
 Implemented authentication and authorization mechanisms within GraphQL APIs using ForgeRock
Identity Management (IDM).
 Configured OAuth2 clients, resource servers, and authorization servers for secure API access.
 Developed custom OAuth2 scopes and claims to enforce granular access control policies.
 Implemented OAuth2 token management, including issuance, introspection, and revocation.
 Conducted security assessments and applied best practices for securing GraphQL endpoints.
 Upgrading from 6.4 to 7.0 and involved in the installation of SailPointIIQ in various environments like
UNIX and Windows.
 Installation, integration, and configuration of Jenkins CI/CD, including installation of Jenkins plugins.
 Managed infrastructure of ForgeRock Open AM, Open DJ, and OpenIDM.
 Developed custom authentication nodes and trees in ForgeRock AM to support FIDO authentication
workflows.
 Integrating new applications with SailPoint and ForgeRock as per requirements.
 Integrated a technology risk management program with the company's enterprise-wide operational
risk management program
 Experienced in Cloud-based Identity and Access Management Solutions like OKTA and Ping One.
 Facilitated a balanced and rational set of risk-based IT general controls including formal risk registers
and SDLC checkpoints
 Installing, configuring, and customizing ForgeOps, and ForgeRock products (Open AM, Open DJ,
OpenIDM)
 Expertise in using J2EE technologies like JSP, Servlets, EJB, JDBC, Java Beans, JMS, RMI JNDI, XML, and
Web services (RESTful and SOAP).
 Working on different products from CA, IBM, Microsoft, Secure Auth, Okta, OneLogin, Amazon
PingFederate, Confidential, Centrify, CyberArk, and Beyond Trust.
 Has experience in implementing IAM solutions using ForgeRock Identity Stack (Open IDM, Open AM,
Open DJ).
 Having Knowledge in JavaScript frameworks, JavaBeans, which includes Angular JS,
 Work closely with SailPoint architect and engineers for design and solution architecture
Implementation of the Self-Service feature of SailPointIIQ.
 Implementation of Password features (PTA, forgot password, Change Password) of SailPointIIQ.
 Experienced in integrating various applications with Okta to provide SSO as well as user provisioning,
de-provisioning, and reconciliation.
 Engineered and implemented password policies within the LDAP environments to comply with
General Motor's technical security information policy.
 LDAP migration from open dap to Jump cloud as directory as a service
 Executed annual business continuity testing within LDAP environments.
  Presented LDAP schema extensions and custom ACIs to obtain approval from GM's governance
council.
 Actively involved in code reviews, discussions, and infrastructure reviews, interacting with internal
project teams and managers.
 Configured Affiliate agents, and RADIUS agents to provide a federation of web services in the SSO
environment providing authentication & authorization to IDM. Microsoft FIM, SailPoint IIQ, Oracle
IM, SAP IDM, NetIQ IDM ForgeRock OpenIDM, and CA Identity Manager.
 Design and implementation of User database access provisioning, de-provisioning, and password
reset management using SailPoint Identity IQ. Created and ran the aggregation task to bulk load
authoritative source data from Active Directory, Exchange, and LDAP. Design complex exclusion rules,
correlation, and data loading tasks in Identity IQ.

Environment: Windows Server 2003, Windows Server 2008, Windows Server 2012, MS SQL 2005, MS SQL
2008, Oracle 11g, Active Directory, JBoss 5.2, Apache 1.x/2.x, IIS (Internet Information Services) 6, IIS 7, IIS
7.5, JDK (Java Development Kit) 1.6, J2EE (Java 2 Platform, Enterprise Edition), EJB (Enterprise JavaBeans),
JSP (JavaServer Pages)

Novartis, Boston, MA
Jul 2017 to Jan 2020
Role: IAM Engineer- ForgeRock
Responsibilities:
 Experience in installing, configuring, and customizing ForgeRock products (Open AM, Open DJ,
OpenIDM)
 Responsible for installation, configuration, troubleshooting, and ongoing maintenance of ForgeRock
Identity and Access Management on the UNIX/Linux environment
 Involved in building, testing, supporting, and determining SailPoint Identity IQ Solution design.
 Involved in the complete implementation of SailPoint IQ 7.0 version.
 Development of Lifecycle Manager Workflows, Lifecycle Events, Certification Events, Custom Email
Templates and Task Definitions.
 Hands-on experience with IAM products (Aveksa, SailPoint, Oracle IDM, IBM identity manager,
ForgeRock, Ping Identity, Courion, CA Identity)- Design and engineering experience, handling updates
& patches
 Designed and deployed Forge Rock Open AM and Open IDM to migrate from CA Cloud minder. Multi-
Factor Authentication (RSA, DUO, Secure AUTH, ForgeRock, SailPoint, CA Arcto, Okta).
 Configured Organizational, Business, and IT roles for various application entitlements.
 Aggregation, Refresh of data from Authoritative, and non-authoritative applications to Identity IQ
using Direct Connectors like File Delimiter, JDBC, Active Directory, and LDAP.
 Integrate SailPoint IQ 7.0 technologies with in-house and third-party applications for birthright
provisioning, access request approval and fulfillment, and provisional, custom workflows.
 Custom SailPoint Rule library to provide role selection extensibility in custom SailPoint Forms
eliminating future code revision in workflows.
 Conducted interoperability testing and validation for FIDO authenticators and devices.
 Developed user interfaces and flows for FIDO device registration and management.
 Implemented FIDO attestation mechanisms to ensure the authenticity of user devices.
 Highly dynamic environment with sprint teams using agile methodology.
 Responsible for code implementation, SailPoint custom workflows such as LCM Joiner workflow,
Request Access, Self-Registration, and Remove Access workflow having multiple levels of custom
approvals with email notifications.
 Experience with OAM (Oracle Access Management) SSO (Single Sign-on), ForgeRock Open AM &
Open DJ.
  Improved Ansible with the use of EC2 for accessibility, running deck as a job scheduler, Jump Cloud as
directory service, Docker for containerization, and Nginx to provide container security
 Utilized IGA analytics to monitor and report on access patterns, identifying potential security risks and
ensuring compliance with access policies.
 Experience in working with Microsoft, Azure, and Okta to build custom integration for clients.
 Performed the task of onboarding UAR data into SailPoint. Responsible for implementing scoping,
and preparing reports, task definitions, and rules to facilitate this onboarding process.
 Provision user access, manage applications, and assign roles using LCM.
 Performed Access management and reporting using Compliance Manager, Key responsibilities
included assisting the client in their Role Based Access Control and Separation of Duties (SOD) policies
initiatives.
 Developed reports, and analytics using the Identity IQ provided role/user/audit search.
 Performs IAM technical support and development, including monitoring and responding to server
events, ensuring data replication, gathering IAM statistics and performing general maintenance by
working with Level 2 and/or Level 3 operations personnel.
 Used Rational Clear Case for check-in checkout and merging the various code versions.
 Implemented Access Certification, Automated Provisioning, and Governance aspects of IIQ.
 Develop complex workflows and service adapters in the SailPoint Identity IQ configuration interface.
 Experience in installing, configuring, and customizing ForgeRock products (Open AM, Open DJ,
OpenIDM)
 Managed client requirements and configured SailPoint connectors.
 Rewriting the workflows to encompass the new way of provisioning. Restructured the entire product
to reflect direct provisioning across a large number of applications.
 Responsible for managing the Administration functionality of the SailPoint such as loading data,
creating roles, creating policies, scheduling tasks and certifications, and reports.
 Included the improving Identity and Access Management (IAM) capabilities by controlling access to
applications and systems that contain critical and sensitive information.

Environment: CA API Gateway, CA SiteMinder R6/R12, CA IDM R12,Ping Federate 6.1

Sun Java System Directory Server LDAP 7.0, WebSphere Application Server 8.5, SSL (Secure Sockets Layer),
UNIX, LINUX, Solaris, IBM AIX, Windows

S&P Global, New York

Oct 2015 to Jun 2017
Role: IAM/PAM Consultant
Responsibilities:
 Designed the new parallel Environment for Access Management, which allows Single Sign-On
between the old and new environments.
 Worked with the deployment, architecture, and best practices regarding the CyberArk suite of
products.
 Upgraded SiteMinder Policy Server.
 Deployed SSO with SAP WS Agents and upgraded the SAP agent from R5.6 to R12.
 Implemented and supported SO for SAML-Based Federation using SiteMinder adapter and Ping
Federate.
 Worked on Single Sign using Ping Federate. Upgrade Federation servers from Ping Federate.
 Deployed the CyberArk Suite of products including Vault, Privilege Session Manager (PS), and
Privilege Threat Analytics (PTA).
 Performed discovery audits and presented findings to client management.
 Established both IDP and SP connections with third-party applications to allow users to SO using Ping
Federate
  Worked on different Ping Adapters to accept the credentials, cookie, and RSA token and generate the
SAML
 Integrated various LDAPs as user stores to Ping Federate to authenticate the user.
 Worked on OAUTH implementation to get the access tokens to access the protected APIs
 Designed and implemented User Directory changes from LDAP to AD.
 Implemented Directory Mapping and Authorization Mapping for Authentication on LDAP and
Authorization on AD
 Installed and Configured CA Business Intelligence R12 with CA SiteMinder.
 Advised the changes to Fujitsu Custom code to integrate with the new Active Directory and complied
against R12 SDK.
 Installed and Configured OneView Monitor for CA SiteMinder performance review.
 Documented end-to-end installation of SiteMinder, Web Agent, SAP Agent, Business Intelligence

Environment: IPlanet Web Server 6.0, Apache 1.x/2.x, IIS 6, 7, 7.5, Solaris (not explicitly mentioned but
typically associated with LDAP environments)
Ping Federate 6.0, Ping Federate 7, SiteMinder R6 SP6, SiteMinder R12 SP3, Ping Access, CyberArk, Planet
Directory Server 5.2, Active Directory, MS SQL 2005/2008, Oracle 11gSAP, Boss 5.2, Java Development (DK
1.6, J2EE, EJB, JSP), IPlanet Web Server 6.0, Apache 1.x/2.x, IIS 6, 7, 7.5

Genpact, Hyderabad, India

Role: SiteMinder Engineer
May 2014 – Nov 2014
Responsibilities:
 Worked in a SiteMinder engineering team providing services to design and implement CA SiteMinder
SSO and Federation integrations.
 Worked on upgrading the SiteMinder environment from R12.5 to R12.52.
 Worked on projects to design, develop, and enforce the Single sign-on multi-domain infrastructure.
 Worked on a project to add additional infrastructure capacity to increase the load-handling capability
in the Production environment by adding 4 new servers in the Production environment.
 Install and configure CA secure proxy server R12.5 and set up SiteMinder Federation services using
SPS.
 Assisted the team in upgrading SiteMinder policy servers, policy stores, and web agents on multiple
platforms as part of the SiteMinder upgrade project.
 Created policy server objects like ACO, HCO, Agents, Rules, Realms, Responses, and Policies, installed
web agents on various web servers, and configured agents to integrate existing and new applications
in SSO
 Co-ordinate the changes for an optimized plan to minimize downtime across the DEV, TEST, STAGE,
and PRODUCTION environment.
 Configuring and defining the policies of SAML Affiliate Agents whereas these policies can be followed
by partner sites federated authenticated users. Used SAML to implement single sign-on to external
web applications.
 Worked on day-to-day tasks including creation of SiteMinder configuration objects and working with
application teams to resolve issues.
 Worked on creating policy objects as required by the application teams to implement sound and
secure SSO solutions.
 Worked on integrating new applications with SiteMinder by creating the required realms, rules, and
policies as required.
 Completed the protection and provided support as needed.
 Worked on multiple projects to provide SSO with SiteMinder federation setup with 3rd party vendors
using the SAML protocol.
  Helped application teams design and implement the SSO solutions for both internal and external
applications.
 Responsibilities included attending the preliminary discussions and further working with the technical
teams to gather requirements and attend multiple calls to complete the integrations.
 Worked on a large corporate project from the initial stages to design and build the SSO solution to
support the project until it was pushed live.
 Provided support and troubleshooting facilities to existing SAML federation partners for issues and
quick fixes.
 Worked on a project with the CA core team to discuss and design health check suggestions to
improve the health and performance of the SiteMinder environment within the infrastructure.

Environment: CA Site Minder r12.5/r12.52 Sp1, CA Secure Proxy Server r12.5, Oracle Directory IIS 6.0/7.x,
Apache 2. x JBOSS app servers, IBM WebSphere Application Server (WAS) 7, Windows Server 2003/2008,
Red Hat Enterprise Linux (RHEL) 4/5, Splunk.

SHS Healthcare Solutions Inc., India

May 2013 –Apr 2014
Role: Application security support Engineer
Responsibilities:
 Uses Conduct Penetration testing on web applications, mobile applications, and web services to
ensure the compliance requirements are met.
 Work with the IAM Operations group to understand opportunities to automate provisioning needs in
the existing environment and migrate into IDM Solutions.
 Responsible for assessing the security controls of web applications to identify gaps DAST on Internal,
public-facing business-critical applications using Rapid 7 AppSpider.
 Experience in Single sign-on and MFA technologies using platforms such as ForgeRock, PingID
 Setting up SAML applications in OKTA. Worked on various authentication and authorization models of
applications to secure the User Access Controls of the Application., like OAuth, Okta, 2FA,
tokenization session management, etc.
 Contributes to the evaluation, selection, and configuration of IAM products, services, and processes
 Identifies opportunities and outlines action plans to improve existing IAM solutions and processes.
 Perform Static code analysis during the development phase to identify security issues before
deployment.
 Run internal and external Network Vulnerability scans at least quarterly after any significant change
in the network such as a new system component, installations, changes in network topology, firewall
rule modifications, and product upgrades.
 Internal Network Vulnerability Assessments to enhance the Information Security culture of an
organization through identifying, analyzing, and reporting the gaps that may be used to threaten the
CIA of information.
 Proficient knowledge in OWASP TOP 10 web applications like Injections, Broken Authentication and
Authorization, Business logic security bugs, etc.
 Perform periodic vulnerability scans on critical applications using industry-standard tools like Nessus,
Qualys, Rapid 7, and Veracode. Identify and fix sniffing network attacks, crack weak wireless
encryptions, hijack web and application servers, and hijack web applications.
 Knowledge of Security configurations for web, app, and DB using role-based, IP-tables, and firewall-
based Network segregations for building robust security models for applications in the cloud (IAAS)
infrastructure as per the application architecture and its requirements.

Environment: SAML, OKTA, Rapid 7, Veracode, Qualys, PingID, OWASP TOP 10.