Shivram Sundaram

  • Senior Security Architect
  • New York City, NY
  • Member Since Apr 19, 2023

Candidates About

 

Shivram Sundaram

SUMMARY:                    Over 19 years of IT experience and 11 years of Application Security experience.  Over 10 years of extensive experience in Software Development including architecture, analysis, design, development, deployment and testing experience in B2C, B2B, Web Portal environments.  Over 11 years’ experience in architecting and deploying Identity Management, Access Management, LDAP Directories, Single Sign-On (SSO), Provisioning & Approval Workflows, RBAC (Role-Based Access Control), Compliance and Auditing Technologies, Identity Federation, Enterprise System Architecture, Security Infrastructure Design, Authentication and Authorization technologies, as well as custom-built security and technology frameworks. Good analytical & technical skills combined with good communication & inter-personal skills. Skilled in working as Team Lead as well as Team member. Proven technical leadership skills include the ability to manage teams, earn the respect of its members, led by example, and thrive in an entrepreneurial environment. Fast learner and able to understand unfamiliar areas independently. Very easily adaptable to new systems and tools. Can clearly express technical information and concepts to a non-technical audience and vice versa.  Persuasive verbal and written communication skills compliment a proven ability to multi-task, maintain an organized approach, and ensure success - even when faced with high-pressure or high-risk situations.

 

TECHNICAL

SKILLS:

 

  Identity Management: Oracle Identity Manager 9x/10g/11g/11gR2, Sun Identity Manager, Novell

Identity Manager 2.x/3.x, Novell DirXML 1.1a, Thor Xellerate 8.7.x

Access Management:     CA SiteMinder, Oracle Access Manager 10g/11gR1/11gR2, Sun OpenSSO Enterprise 8.0, Sun Access Manager, RSA Access Manager (Cleartrust), Web Agents, Policy Servers

Identity Federation:      RSA Federated Identity Manager 2.5/3.1, Netegrity SiteMinder Option Pack, CA Federation Manager R12, Oracle Identity Federation (OIF) 11g, PingFederate 5.3/6.0, Sun Federation Manager 7.0, Sun OpenSSO Enterprise 8.0

Directory Services:        Novell eDirectory, Sun ONE Directory Server 5.2, Microsoft Active Directory, Oracle Internet Directory 10g/11g (OID), Oracle Virtual Directory 10g/11g (OVD)

  Security Technologies: SAML 1.1/2.0, WS-Fed, OAuth, OpenID, WS-Security, Kerberos, PKI, LDAP,

General Cryptography, and Federated Identity Management

  Security Testing Tools: Tenable Nessus, IBM AppScan, nmap, snort, snoop, tcpdump

  Web/Internet

  Technologies:              ASP, ASP.NET, ADO.NET, J2EE (JSP, Servlets, JDBC), XML, XSL, XSLT, XL-FO, SAX/DOM, HTML/ XHTML/DHTML, CSS, JavaScript, VBScript, C#, Perl CGI.

  Web Servers:               IIS4.0/5.0/6.0, Apache, Tomcat, SunOne WebServer

  App Servers:                Weblogic Server 5.0/6.0/8.1/9.2, Oracle Application Server, Sun Glassfish Server, IBM Websphere, JBoss, Apache Tomcat

  Programming Lang.:    Visual Basic 5.0/6.0, Java 1.4.2/1.5,1.6, PL/SQL, Unix Shell Scripts.

  APIs:                           J2EE, J2SE, JDBC, JNDI, ODBC, Perl CLI for Netegrity SiteMinder, Java SDK for Netegrity SiteMinder, Novell NDK for eDirectory, Oracle Identity Manager API

  Standards:                   HTML, CSS, XML, SOAP, XSLT, XPath, LDAP, DOM, HTTP, PDF, UML

  Dev Tools/IDE:            Eclipse 3.2, Microsoft Visio, Microsoft Project, Oracle JDeveloper, Microsoft Visual Studio 6.0, Microsoft Visual Studio .NET, SQL Navigator, Quest TOAD, Allaire Homesite, Macromedia Dreamweaver, Microsoft Frontpage, , Softerra LDAP Browser, Microsoft ADSI Edit

  Databases:                   Oracle 10g/9i/8i, MS SQL Server 6.5/7.0/2000, MS Access.

  Source Code

  Control Sys:                 Visual SourceSafe, Rational ClearCase, Stellent ECM, SVN

  O/S:                           Windows XP/Vista/2000/2003, Linux, Sun Solaris

 

 

CERTIFICATIONS & TRAINING:  

                                    Oracle Access Management Suite Plus 11g – Implementation Specialist

Oracle Identity Manager: Develop Identity Provisioning

RSA ClearTrust 5.5 Installation and Configuration

RSA ClearTrust 5.5 Administration

 

 

EDUCATION:                 Bachelors of Engineering (Computers) – Mumbai University, INDIA

 

 

 

EXPERIENCE:

 

BIAS Corporation @Jet Propulsion Laboratory                                                                          6/15 - Present

 

Environment:  Oracle Access Manager 11gR2PS3, ODSEE, Oracle Internet Directory 11GR1, Oracle HTTP Server 11Gr1/12c, OAM WebGate 10g/11gR2PS3, EBS AccessGate, EBS 12.1.3, SharePoint

Role: Senior Security Architect

·         Architect/Build a new SSO infrastructure for high availability based on Oracle recommendations. This architecture was reviewed by Oracle and certified

·         Built an identical clone datacenter environment for failover using Oracle’s Multi Data Center (MDC) approach.

·         Helped resolve firewall/clustering issues after the stack was migrated over to a private VLAN with restricted access

·         Worked together with JPL’s Network engineer to implement & test uses cases for failover & switchback between datacenters. Typical failover/switchback times were under 5 minutes

·         Design/Implement SSO integration for about 9 DEA ADF apps that were hosted in a mix of 11g & 12c ADF/WebLogic environments

·         Worked on multiple POCs for SSO integration with SharePoint, consuming OAM OAuth tokens for authorization, Federation SSO for Django applications using pySAML, integration with JEMS (ColdFusion) application.

·         Provided detailed documents for all integrations that were deployed on the JPL wiki site

·         Played a key role in resolving issues with the EBS integration

·         Provided training & mentoring to DEA support team members

 

 

AurionPro Solutions @Activision                                                                                               9/14 – 6/15

Environment:  Oracle Access Manager 10g/11gR2PS2, Oracle Identity Manager 11gR1/11GR2PS2, SOA 11gR1, Oracle Internet Directory 10g/11GR1, Oracle HTTP Server 11Gr1, OAM WebGate, EBS AccessGate, EBS 12.2.3

Role: Senior Security Architect

·         Architect/Build a new SSO infrastructure with stable releases for the following IDM components OAM, OID, OIM, SOA, OHS

·         Draft detailed requirements specifications for SSO and Provisioning use cases based on discussions with key business stakeholders at Activision

·         Migrate existing SSO infrastructure to OAM 11gR2PS2 and the provisioning system to OIM 11gR2PS2

·         Provide seamless (zero signon) for EBS R12 and SalesForce (ServiceDesk) for users in the Activision/Blizzard network

·         Configure DIP Sync between Activision/Blizzard AD domains to populate users in OID for SSO

·         Implement SSO for EBS R12 with OAM as SP and ADFS as IdP

·         Implement SSO for ServiceDesk with OAM/ADFS as IdP and SalesForce as SP

·         Implement a HA architecture for the entire stack with no single-point-of-failure.

·         Provide DR guidelines and document the process.

·         Provide support for Cut-over and Post GoLive activities

 

Keste @Employers                                                                                                                    4/14- 7/14

Environment:  Oracle Access Manager 11gR2PS2, Oracle Internet Directory 11GR1, Oracle HTTP Server 11Gr1, OAM WebGate, EBS AccessGate, EBS 12.1.3, Oracle WebCenter Portal

 

Role: Solutions Architect – Oracle Fusion Middleware 

 

·         Provide a security assessment of the existing infrastructure and provide recommendations with regards to architecture, design, performance and high availability

·         Design, architect, implement a new infrastructure for SSO and Provisioning with the following products OAM, OIM, SOA, OVD, OID on Linux

·         Provide SSO integration for the Agency & Policy Holders portal with OAM.

·         Provide SSO integration with OAM for OIM user identity console

·         Design/Develop provisioning workflows for target systems like AD, MS Exchange, OID

 

Keste @Federal Aviation Administration (FAA)                                                                                    4/13 – 4/14

Environment:  Oracle Access Manager 11gR2, Oracle Internet Directory 11GR1, Oracle HTTP Server 11Gr1, OAM WebGate, EBS AccessGate, EBS 12.1.3

Solutions Architect – Oracle Fusion Middleware 

·         Install/Configure IDM suite 11.1.1.6 and IAM suite 11GR2 on Test and Prod Environments

·         Configure Federation SSO between the preferred authentication provider (eAuth which uses SiteMinder) and OAM

·         Integrate EBS R12 for SSO with OAM using AccessGate

·         Configure high-availability for IDM components & AccessGate

·         Devised a detailed DR migration plan for Production

 

DreamWorks Animation                                                                                                            12/12 -3/13

                                                                                                                                                3/14 – 7/14

Environment: Oracle Access Manager 11g, Oracle Internet Directory 11g, EBS R12.1.3

·         Architect & Design an SSO infrastructure OAM, OID

·         SSO enable users by synching their AD accounts in OID using DipSync

·         Develop custom login page for SSO based on Dreamworks templates

·         Provide SSO integration for EBS R12 using AccessGate with OAM

·         Implement SSO for OBIEE

·         Implement SSO for other home grown applications (DevNet, LOCUpdate & OPUS) at Dreamworks by using webgate/mod_wl plugins

·         Design Highly Availability for SSO infrastructure

 

 

Keste @JDS Uniphase Corp                                                                                                               01/13 – 3/13

Environment: Oracle Access Manager 10g, Oracle Identity Federation 10g, Oracle Internet Directory 10g, EBS 11i, Oracle WebCenter Portal 11g

Solutions Architect – Oracle Fusion Middleware

·         Architect an SSO solution using OAM/OVD/OID

·         Integration WebCenter Portal with OAM 10g for SSO

·         Implementaed federation SSO for SalesForce as SP with OIF 10g/OSSO IdP

 

Keste @Agilent Technologies                                                                                                           01/13 – 3/13

Environment: Oracle Access Manager 10g, Oracle WebCenter Portal

Solutions Architect – Oracle Fusion Middleware

·         Provided a detailed security assessment report on the existing implementation. The report mainly focused on addressing performance issues as well as common security vulnerabilities

·         Integrated WebCenter Portal for SSO with OAM 10g

 

Keste @Aramark Uniform Systems                                                                                            05/12 – 12/12

Environment:  RHEL 5, Windows 2003/2008 Server, Oracle Access Manager 11g, Oracle Virtual Directory (OVD) 11g, Oracle Internet Directory (OID) 11g, Oracle Identity Manager 11g (OIM), Oracle Webcenter Suite 11g, Oracle SOA Suite 11g, Oracle eBusiness Applications R12

 

Solutions Architect – Oracle Fusion Middleware

·         Architected, designed and led the implementation for SSO for Oracle E-Business Suite, Oracle Webcenter, Oracle UCM, Oracle SOA & OBIEE.

·         Architected, designed & implemented OVD to act as an Identity store for all SSO applications. OVD was integrated with the corporate AD as well as OID. Application roles were provisioned using OID

·         Architected, designed & implemented a secure solution so that external customers can access their invoices in UCM content manager.

·         Conducted a POC on mobile device fingerprinting/provisioning using Oracle Adaptive Access Manager (OAAM)

 

Keste @C & S Wholesale Grocers

Environment:  Oracle Webcenter, Oracle UCM, SAML 2.0

Solutions Architect – Oracle Fusion Middleware

·         Implemented Federation SSO for Oracle Webcenter using SAML2.0. Identity Provider was SiteMinder

·         Developed custom Java code for the IdentityAsserter Mapper function to properly map attributes from the SAML assertion

 

 

Keste @Tekelec

Environment: EBSR12 SSO with OAM 11g, OIM 11g

Solutions Architect – Oracle Fusion Middleware

·         Provided architecture design for a highly available solution for EBS R12 SSO. Implemented SSO for EBS R12.1.3 using AccessGate

·         Architecture lead on Oracle Identity Manager 11g (OIM) design and implementation Helped implement connectors to common IT systems such as Active Directory, Exchange, EBS R12, OID

·         Architecture lead on Oracle Identity Manager 11g (OIM) design and implementation project

·         Architected a clustered OIM implementation for high availability & failover.

·         Helped implement connectors to common, commercial systems such as Active Directory, Exchange, EBS R12, OID and other custom applications running on a wide variety of technologies.

·         Provided training and knowledge transfer to permanent staff on OIM

 

Keste @National Academy of Sciences                                                                                     07/11-10/11

Environment:  Oracle Webcenter 11g, Oracle OAM 11g

Solutions Architect – Oracle Fusion Middleware

·         Architected, designed and led the implementation for SSO for Oracle Webcenter Portal

·         Integrated homegrown timesheet application for SSO in OAM 11g

 

 

Kaiser Permanente, Pleasanton, CA                                                                                          04/11 – 07/11

Oracle Fusion Middleware Engineer

 

  • Environment: Windows 2003/2008 Server, Oracle Access Manager 10g, Venafi Director, OAM 11g, OID/OVD 11g
  • Worked on the Simple Cert Remediation project that involved consolidation of SSO application simple certs into Venafi Director for future monitoring
  • Created an automated Java tool that provides a report of WebGates/AccessGates communicating with access servers and work with application teams on the import process in Venafi
  • Worked on migrating SSO infrastructure to OAM 11g

 

 

Synergy Seven at Intel Corp, Folsom, CA                                                                                  04/10 – 04/11

SSO Engineer

 

  • Environment: Windows 2003/2008 Server, CA SiteMinder R12/6.x, Radiant VDS, Microsoft ADFS 2.0, Microsoft SQL Server, SiteMinder SDK, CA Federation Manager R12, CA Secure Proxy Server, Windows Identity Foundation (WIF) Applications
  • Analyzed existing SSO infrastructure and provided recommendations for performance enhancements.
  • Worked on a POC for Federating to WIF applications using Claims Based Authentication and SiteMinder as an Identity Provider.
  • Also completed a POC to provide Claims based Trust to SharePoint 2010 with SiteMinder acting as STS.
  • Automated policy migration using XPS Tools, SiteMinder Perl CLI. Created a Perl CLI application to migrate SAML Service Provider(s) & WS-Fed Resource Partners.
  • Also created a Java application for automated migration of policy domain objects.
  • Worked on various Federation SSO (SAML/WS-Fed) implementations with Intel Business Partners using a variety of SP endpoints such as OpenSSO, PingFederate, CA Federation Manager, OpenSAML, Microsoft ADFS, etc.
  • Developed custom assertion plugins using SiteMinder Java SDK to pull in data from proprietary CPM Web Service

 

 

Oracle ACS at AOC, Santa Ana, CA                                                         02/10 – 04/10

Consultant – Fusion MiddleWare Applications

 

  • Environment: Solaris, Oracle Access Manager 10g, Oracle Internet Directory 11g, Oracle Virtual Directory11g, Oracle Identity Federation 11g, MS AD 2003
  • Worked with the QA/Stress team to conduct stress analysis for the Fusion Middleware stack and identity components that needed performance tuning
  • Provided performance tuning recommendations for the Fusion MiddleWare stack for components such as OAM, OID, OVD, OIF, etc
  • Implemented/Designing Federation infrastructure using OIF 11g. Demonstrated Proof Of Concept to enable SSO between portal application and other third party apps. Configured OIF cluster for failover.
  • Implemented OID to use SSL. OID was used as the policy store for SSO Apps by OAM
  • Worked with Oracle Support for resolution of various SRs

 

 

Oracle ACS at HRA, New York, NY                                                          11/09 – 02/10

Consultant – Identity/Access Management

 

  • Environment: Solaris, Oracle Access Manager 10g, Oracle Internet Directory 10g, MS AD 2003
  • Implemented/Designing synchronization between OID 10g & AD using DIP profiles.
  • The synchronization was from AD to OID.
  • The import profiles in OID addressed user activation/de-activation/termination in AD as well as synchronized other user attributes from AD to OID
  • Implemented Oracle Password Filter in AD Domain Controllers to synchronize user passwords with OID.
  • The SSO apps at HRA NYC used OID as the user repository

 

 

Oracle ACS at CSX, Jacksonville, FL                                                       10/09 – 11/09

IDAM Consultant

 

  • Environment: Red Hat Enterprise Linux (RHEL) 4, Oracle E-Business Suite Release 12.1.1, Oracle Single Sign-On 10g (OSSO), Oracle Internet Directory 11g (OID), OID Directory Integration Platform (DIP)
  • Demonstrated Proof Of Concept to enable SSO between Oracle E-Business Suite Apps (Financial Pack) & IBM Tivoli Access Manager.
  • OSSO acted as an authentication gateway between IBM TAM and the E-Business Suite.
  • OSSO, IBM TAM, and E-Business Suite formed a chain of trust.
  • OSSO delegated authentication to the TAM server.
  • Setup integration between OSSO & Tivoli Access Manager. Also set up bi-directional synchronization between the Tivoli user stores (IBM LDAP) & OID to sync multiple user nodes (internal, suppliers).
  • This was done using Directory Integration Platform components in OID
  • Provided detailed deploy document to CSX

 

 

Oracle ACS at ClearWire, Bellevue, WA                                                    09/09 – 10/09

IDAM Consultant

 

Environment: Solaris, Oracle Identity Manager Version: 9.1.0.2, Oracle Internet Directory 10g, Oracle Access Manager 10g, Microsoft Active Directory, IBM Tivoli Access Manager 6.1, IBM Directory Server

  • Implemented Password Sync Module to propagate password changes from Microsoft Active Directory to Oracle Identity Manager (OIM)
  • Recommended changes to the User Management Connector to facilitate bi-directional password synchronization with Microsoft AD Domain Controller.

 

 

MullinTBG, Century City, CA                                                                   01/08 – 09/09

Security Applications Consultant

 

  • Environment: Sun Solaris, Windows 2003 Server, RSA FIM Server 2.5/3.1, SunOne LDAP, RSA Cleartrust 5.5, Microsoft IIS 6, BEA Weblogic 8.1, FIM APIs, Eclipse 3.2, Ping Federate 5.3/6.0
  • Implemented RSA Federated Identity Management 3.1.2 using SAML 1.x protocol to provide authentication, attribute and authorization portability across autonomous security domains for TBG alliance partners and customers.
  • Designed/Developed custom Attribute & Subject plug-ins using RSA FIM Java APIs on the Relying Party (MullinTBG) to facilitate Federation with other business partners.
  • Directly responsible for the architecture and design process for migrating to PingFederate from the RSA Federation solution to Ping Federate 5.3 & later in the upgrade to Ping Federate 6.0
  • Implemented various SSO connections with business partners using SAML profiles

 

 

Horizon Blue Cross Blue Shield, Newark, NJ                                         11/08 – 01/08

Federation SME

 

  • Environment: Sun Solaris, Windows 2003 Server, Sun Access Manager 7.1U1, SAMLv2 Plugin for Access Manager, Sun Federation Manager 7.0, Sun Open SSO Enterprise 8.0, SunOne Directory Server 5.2, Microsoft IIS 6, IBM Websphere 6.1, OpenSSO/Access Manager/SAMLv2 Plugin APIs, Eclipse 3.2
  • Directly responsible for the architecture and design process for implementing Sun Open SSO Enterprise 8.0 with session failover & load-balancing for high-availability
  • Develop custom IdP & SP Attribute Mappers.
  • Demonstrate POC with SAML1.x, SAML2.0 use cases with Horizon acting as an IdP & SP.
  • The use cases also demonstrated signing & encryption of SAML Responses.
  • Proposed architecture design changes to protect Access Manager components from users.
  • This involved introducing a reverse proxy architecture using Sun WebServer acting as a Reverse Proxy

 

 

Toyota Financial Services (BTS), Torrance, CA                                      11/06 – 11/08

Team Lead/Security Applications Architect

 

  • Environment: Sun Solaris, Thor Xellerate 8.7.4, Oracle Identity Manager (OIM) 9.0.1.3, Microsoft Active Directory, RSA Cleartrust 5.5, SunOne Webserver 6.1, BEA Weblogic 8.1, Eclipse 3.2
  • Directly responsible for the architecture and design process, as well as the overall implementation.
  • Led a team of two developers on this engagement and served as the day-to-day lead for the engagement.
  • Planned and ran upgrade implementation of Oracle Identity Manager (OIM) 9.0.1.3 from Thor Xellerate
  • 8.7.4. Created high level and technical project plans.
  • Worked with Database COE & QA Teams to coordinate respective activities.
  • Working with various BTS application teams/departments and replacing home grown provisioning system with provisioning/approval workflows in Sec1.
  • Developed provisioning/approval workflows for various target systems like Active Directory User Management/Password Sync, Novell eDirectory, Windows/Unix servers, Oracle Databases, IBM Lotus Notes, Employee Reconciliation with PeopleSoft
  • Worked with the business to define the role governance process and business process for modification, approval and removal of roles.
  • Vetted architectural diagrams for Provisioning systems & SSO.
  • Provided recommendations for improvements in the SSO architecture.
  • Conducted an impact analysis on the migration of the Sec1 system to a new Datacenter.
  • This involved analyzing the architecture diagrams to identify SSO applications that would be impacted.
  • Also had to ensure that the existing provisioning systems operated smoothly and target systems were available.
  • Helped integrate BTS applications to the SSO framework using RSA Cleartrust.
  • This involved installation & configuration of RSA Web Agents, setting up entitlements using Entitlements manager for authentication/authorization, bulk loading users into the user store.
  • Upgraded Cleartrust servers & Web Agents with recommended patches from RSA
  • Own Sec1 / SSO Infrastructure related production issues, incident reports & defects queue. <li