Sunny Bangotra

  • CyberArk Administrator
  • Jersey City, NJ
  • Member Since Apr 14, 2023

Candidates About

 

Sunny Bangotra

Professional Summary:

  • CyberArk Certified Administrator with extensive experience in Designing, deploying and configuring CyberArk in customer’s environment.
  • CyberArk Certified Custom plugin creator.
  • Worked on various CyberArk components like Vault, CPM, PVWA, PSM, PSMP and AIM.
  • Have hand on experience in CyberArk version 7, 8 and 9.
  • Created number of custom plugin and PSM connectors for different tools.
  • Qualys guard certified engineer with in-depth experience in Vulnerability management and compliance monitoring using Qualys Guard.
  • Have worked on a number of tools for Identity and access management like Sailpoint IIQ and Safeword.
  • Experience in SSO using OKTA, Oracle ESSO and Etoken.
  • Experience in PKI and Cryptography using Hardware security module (HSM) for crypto operations and Key management.
  • Writing Technical documents for clients and team members in order to make sure security standards are complied with.
  • Doing POC for new security tool before deploying them in customer’s environment.
  • Assisting in RFP’s and any new security engagements with clients.
  • Experience in Two factor authentication using Safeword and RSA tokens.

 

 

 

Technical Skills:

 

Security Tools

CyberArk, QualysGuard, Symantec ESM, Sailpoint IIQ, ESSO, OKTA, Datasecure, Safeword, etoken.

CRM Tools Used

Remedy, Onyx, Microsoft Dynamics 4.0

Datacenter

Technologies

Active Directory, SQL 2005 & 2008, MS-Access

Virtualization

VMware

Networking

 

Radius, TCP/IP, DHCP, DNS.

Security Concepts

Cryptography, Identity and Access Management, PCI and SOX Compliance, Application Security, System Security, SSL, PPP.

Operating System:

Windows 2003/2008/2012/XP/vista/7 and UNIX.

Language

java and C#

      

Scripting Language

PowerShell

PKI concepts

Symmetric & Asymmetric Encryption, PKI Model, SSO.

 

Certifications:

 

# Qualys Guard Vulnerability Management Certified Specialist.

# CyberArk Certified Adminstrator.

# CyberArk certified custom plugin creator.

# SANS SEC 401 Trained.

# VMWARE Certified Associate.

# Windows 2012 Microsoft trained professional.

# Safeword certified Engineer (Identity and Access management)

# Datasecure Certified Engineer (Hardware Security Module)

# Pursuing CISSP

 

 

EMPLOYMENT and PROJECTS:

 

 

Experience Summary (Nov 2017 – Till Date)

JPMorgan Chase & CO.

 

Currently working with JPMorgan Chase & CO. as Associate in Global Identity and Access Management domain.

 

JOB PROFILE:

·         Designing and implementing Privilege Access Management Architecture.

·         Running Vulnerability scans and further removing vulnerabilities found.

·         Keeping track of Vulnerability using Information technology Risk Control portal.

·         Writing Web-services code for CyberArk in order to integrate with different applications

·         Performing bug fixes and providing new releases for the security solution as per requirement.

·         Performing POC for any new implementations.

·         Writing technical documents.

·         Deploying and managing security solutions and providing L3 support on day to day issues.

 

 

 

Experience Summary (Nov 2015 – Nov 2017)

Infosys Ltd

 

Currently working with Infosys Ltd as Senior Consultant in Enterprise Security and Risk Management domain.

Infosys Limited  is an multinational corporation that provides business consulting, information technology, software engineering and outsourcing services.

 

JOB PROFILE:

·         Security solution responses of RFP/RFI for global customers and providing the corresponding effort estimations.

·         Designing and implementing CyberArk for various clients

·         Writing Web-services code for CyberArk in order to integrate with different applications

·         Designing and implementation of various components of CyberArk - EPV, PVWA, CPM, PSM, PSMP, AIM, PTA and Viewfinity(endpoint privilege manager).

·         Designing and deployment of Security applications and tools Like  Sailpoint IIQ, OKTA, Enterprise Single sign on (SSO) in clients environment.

·         Performing bug fixes and providing new releases for the security solution as per customer’s requirement.

·         Performing POC for any new requirements.

·         Writing technical documents for clients.

·         Providing in house training to other teams dealing in security domain.

·         Deploying and managing security solutions and providing L3 support to clients for any day to day issues.

 

 

Project Title

CyberArk Design, Installation and Configuration

Position

Tech Arch

Responsibilities

  • Architecture design and deployment of CyberArk in Clients environment.
  • Configuration and installation of CyberArk Vault, CPM, PVWA, PSM, PSMP and AIM.

 

 

Project Title

CyberArk integration with Third party tools.

Position

Team Lead

Responsibilities

  • Integration of CyberArk with third party tools like Symantec DLP, Checkpoint, Blue Coat, Palo Alto, F5 load balancer, Qualys Guard, Radius, HPOVO, SIEM(Qradar and Splunk), etc.
  • Creating Custom CPM plugin and PSM connectors for third party tools that not supported out of the box.

Project Title

CyberArk AIM integration with applications

Position

Team Lead

Responsibilities

  • Installation and configuration of AIM solution.
  • Writing custom code for CyberArk SDK in order to integrate it with other applications.
  • Further customizing the code as per different application requirements.

 

 

 

 

Experience Summary (July 2013 – Nov 2015)

STMicroelectronics PVT Ltd

 

Worked with STMicroelectronics Pvt Ltd as a Senior Information Security Engineer.

STMicroelectronics is global leader in providing semiconductor solutions and is known as one of the world’s largest semiconductor companies.

 

JOB PROFILE:

·         Deploying and managing CyberArk PIM solution within ST environment to cater to World Wide datacenter.

·         Looking after the Security of the Infrastructure of the Company especially windows environment and removing Vulnerabilities from the environment.

·         Running regular Vulnerability scans using QUALYS GUARD in order to make sure all vulnerabilities are captured and changes are made accordingly.

·         Designing new security solutions for different Projects in order to make the applications more secure.

·         Making sure that the servers are PCI and SOX Compliant using Qualys GUARD Policy Compliance module.

·         Implementing Privilege Identity management (Using CyberArk) and Multifactor authentication (using Safeword token) within ST environment.

·         Performing Security Hardening of servers as per security guidelines.

·         Doing POC for any new security product before they are implemented in the environment.

·         Writing Technical documents for employees within the company in order to make sure Information security Standards are complied with.

 

 

 

Project Title

CyberArk Privilege Identity Management Deployment

Position

Team Lead

Responsibilities

  • Designing the Architecture for the solution with assistance with CyberArk Professional Services team.
  • Setting up servers for CPM, PSM, PVWA, PSMP and vault.
  • Deploying the solution within ST environment and onboarding of the servers into the solution.
  • Setting up the delegation model for CyberArk administrators at different sites.

 

 

 

Project Title

CyberArk solution Administration/ Customization

Position

Team Lead

Responsibilities

  • Managing CYberArk environment which includes looking into day to day incident and providing L3 support
  • Creating new Policies and safes as per the requirement from the business.
  • Using Password Upload utility to onboard accounts into vault.
  • Adding new customization to the tool like modifying the webpage adding new hyperlinks, using Auto IT to make scripts for F5, Url authentication etc.

 

 

Project Title

Vulnerability assessment and Management through Qualys Guard

Position

Team member

Responsibilities

  • Creating and implementing Qualys Guard policies for the Domain.
  • Running Scans through the whole Infrastructure and capture all the Vulnerabilities available.
  • Removing those Vulnerabilities from the environment and making sure all servers/Network are robust.

 

 

 

Project Title

Compliance monitoring through Qualys Guard tool

Position

Team member

Responsibilities

  • Creating and implementing Policies adhering to security compliance (SOX and PCI) using Qualys tool.
  • Removing any anomaly in case of alert is being raised by the tool.
  • Modifying the policies and environment as per the business requirement.

 

 

 

 

Project Title

PKI based Authentication

Position

Individual Contributor

Responsibilities

  • Laying out the Architecture for the Solution
  • Mitigating any security flaws within the design.
  • Validated the whole Solutions in the POC environment.
  • After successful validation implementing the same in Live environment.

 

Project Description

There was a requirement from the Business to implement PKI based authentication between Windows and Linux machines. I was able to achieve the same using Opensh. This allowed important data transfer between Windows and linux machines and Vice versa using scripts without the need of embedding the Passwords in scripts.

 

 

 

Project Title

Domain Login (Two Factor Authentication)

Position

Individual Contributor

Responsibilities

Implementing use of one time passcode (event based and time based) for users so as to log onto their workstation.

 

  • Integrating Safeword with Microsoft active directory
  • Setting up ACL’s In order to implement delegation.
  • Measuring enforcement of security policies.

 

Project Description

The SafeWord Domain Login Agent (DLA) provides strong authentication for Windows Domain access using workstations or Terminal Services. The DLA Supports Windows XP/2003/2008/Vista.The Domain Login Agent (DLA) can be configured using the Active Directory Group Policy Object Editor (GPOE). The DLA requires that all domain users configured to use SafeWord and only log on to their workstations using Safeword passcode .Along with their passcode they would be entering their domain username and password. The agent also provides support for group configurations such as nested groups, Active Directory Group-based Host Exclusions/Inclusions (those not requiring SafeWord strong authentication). We can specific group of user under a domain who should be only allowed to log in incase they have their Safeword one time passcode.

 

 

Project Title

Handling Security Aspect of Windows environment

Position

Team member

Responsibilities

·         Managing the Security Aspects of AD environment of the company.

  • Creating and managing Group policies in order to implement Security standards and other requirements.

·         Created a standard document for server hardening for all the servers within the environment.

·         Make sure before any server is rolled out it goes through all the steps and is vulnerability free

  • Applying all the Security patches on the server in order to make it secure.

 

 

Experience Summary (May2009 to July2011; Oct 2012 to July 2013):

 

SAFENET INFOTECH PVT LTD

 

Have worked in Past with Safenet InfoTech Pvt Ltd as Information Security Engineer. SafeNet is into providing Information Security solutions to its global clients on embedded and enterprise technologies.

 

 

JOB PROFILE:

·         Integrating Information Security products into different customer’s environment. These products would be based on technologies like PKI, Two factor authentication (Safeword,RSA) ,Cryptography, Multifactor authentication including certificate based PKI usb authenticator(Etoken),Content filtering etc.

·         Creating sample codes in JAVA and C# for the customers so that they can use their application with our products.

·         Creating Customer release notes for new builds and assisting Engineering team in bug reporting and fixing them.

·         Working as Administrator and setting up customer’s environment so as to implement different integrations.

·         Integrate customer’s applications (Citrix Applications, Microsoft Outlook Web Access (OWA), Microsoft IAS, VPNs from Cisco, Checkpoint, Juniper and others) for multiple level of authentication to enhance security.

·         Over three year of experience in customer interfacing, security consulting, pre sales and solution designing.

 

 

Work Profile:

 

• Writing technical documents and integration guides on PKI, Radius and two factor authentication.

• Researching and holding discussions with Engineering for proposing product enhancements.

• Help sales people to derive the business.

• creating sample codes in C# and java so as to integrate HSM(Hardware security module) in        customers environment.

• Providing in-house training to internal and external customers.

• Preparing release notes for new builds and updating customers about the same.

• Managing Incidents through the CRM (Onyx) and providing resolution to the customer with in stipulated time frame.

 

 

Projects Handled in Safenet:

 

Project Title

Integration of Datasecure(HSM) at application level

Position

Team member

Responsibilities

  • Understanding customer’s environment and accordingly writing sample codes for them in C# and Java. Through these sample codes the customer would be able to fetch keys from the datasecure device and perform crypto operations (encrypt/decrypt).
  • Integrating our API’s to customer environment so as to use all functions provided by our API’s.
  • Replicating the scenario on reporting of Bugs and fixing them.

 

Project Description

Datasecure is a Network attached encryption server that performs crypto operations and also act as a key store. In this project customer’s application are integrated with datasecure device so that all the encryption is done at the application level and the data that transferred to the database is already encrypted. This allows customers to get rid of any security threats that could have access to database.

 

Project Title

Database level Integration of datasecure(HSM)

Position

Team member

Responsibilities

  • Integrating customers database (SQL,Oracle,DB2) with datasecure server so that the data that resides in database is in encrypted format.
  • Creating Views and triggers on the column that are encrypted.
  • Making enhancements to the customer’s environment as requested.
  • Interacting with the Engineering team in case a bug is reported.

 

Project Description

Datasecure is a Network attached encryption server that performs crypto operations and also act as a key store. In this project customer’s database is integrated with datasecure device so that all database that is stored is in encrypted format. The encryption is done at column level and customer can encrypt any column in any table they want. This allows customer to make sure that the sensitive data is secure. The keys that encrypt data are stored on the datasecure server and can be accessed only through an authorized user.

 

 

 

 

Project Title

Single Sign On

Position

Team member

Responsibilities

Implementing use of Single Sign On (SSO) for windows logon, application logon, Web logon.

  • Integrating Etoken SSO with Customers Environment.
  • Replicating the scenario on reporting of Bugs and fixing th