Sravani Batchu

Identity & Access Management Engineer

Sravani.cybersec@gmail.com
https://www.linkedin.com/in/sravani-b-62b22a268/

Professional Summary:
 Excellent experience in Information Technology in implementation and providing Single Sign on across enterprise applications
using Ping Federate, NetIQ's Access Manager, Active Directory Federation Service, CA Federation.
 Worked on Enterprise Users Single Sign On through browser and through services with third party application hosted in
enterprise or cloud using Ping Federate, Ping One.
 7 Years of professional exposure in Identity and Access Management (IAM) and diverse range of skills in the Information Security
Domain and have a very good record of implementation, administration, maintenance & support on IAM products.
 Worked on enterprise level Role mining, Role Based Access Control (RBAC), Multi Factor Authentication (MFA), Single Sign on
(SSO) and Identity Management.
 Well versed with the integration of administration, maintenance & support on IAM tools like SailPoint, Ping Federate, Ping
Access, Ping Directory, CA tools, Linux SAML spring servers, Azure AD, Active Directory, ADFS, and various identity as a service
tool (IDAAS).
 Experience with Implementation and Administration of SailPoint for large population of users.
 Extensive experience in financial and access management projects.
 Manage Identity Access management of Azure Subscriptions, Azure AD, Azure AD Application Proxy connectors, Azure AD
Connect, Azure AD Pass through Authentication, ADFS, ADDS, ADCS.
 Resolved Azure AD issues relating to Office 365, Active Directory to Azure AD, resolving the Sync issue Microsoft Managed
Services Service Provisioning Provider (MMSSPP).
 Participated in all SailPoint deployment activities - connector configuration, custom rule development, workflow configuration
and development, third party system integration.
 Experience on RBAC (Role Based Access Control) analysis and implementation.
 Worked with Active Directory, LDAP/UNIX groups, Networks, Human Resource systems for Identity and Access Management.
 Implementation of different direct/custom connectors to connect Mainframe (RACF), Teradata, UNIX and Oracle.
 Direct provisioning using direct connectors for integration of target applications Developed Custom java classes in IIQ.
 Excellent understanding and knowledge of Identity and Access Management (IAM) and Role Based Access Control (RBAC)
 Experience in IAM - related standards such as SAML, LDAP, Open-ID, and OAuth.
 Performed Integration with multiple applications such as AD, RDBMS, Flat File and LDAP. Upgraded SailPoint from 6.0X to 7.0X.
 Strong experience in RDBMS technologies like SQL, Sub Queries, Stored Procedures, Triggers, Functions.
 Excellent knowledge in profile-based security, structural authorizations, Central User Administration, Computer Aided Test Tool
(ECATT/SECATT), Segregation of Duties (SOD), SAP Governance Risk and Compliance, troubleshooting user level problems to
properly access the servers and managed security throughout the SAP landscapes.
 Hands on experience in development of SailPoint Identity IQ 6.x and 7.x workflow solution.
 Good working experience with deploying applications in Unix/Linux and using tools like Putty and WinSCP.
 Worked with Active Directory, LDAP/UNIX groups, Networks, Human Resource systems for Identity and Access Management.
 Created the Federation web Services Domain to use SAML 2.0 requests.
 Created and configured the SAML service Providers under the Federation Partners.
 Designed SailPoint deployment activities - connector configuration, custom rule development, workflow configuration,
development and third-party system integration.
 Experience with Implementation and Administration of Sail Point for large population of users
 Experience in SailPoint tool customization, Report Generation, Integration with end/target systems, SailPoint API's and
Application Development
 Installed and configured RACF SailPoint connector to integrate with Mainframe systems.
 Mainly responsible for custom written Java code connecting to a variety of systems via mechanisms such as SOAP and REST web
services, JDBC, custom API's etc.

Technical Skills:
SailPoint: Identity and Access Management (IAM), SailPoint IIQ 6.2, 6.3,6.4,7.0and 7.2 workflow solution.
Java&J2EETechnologies: Core Java, Servlets, JSP, JDBC, JNDI, Java Beans, Hibernate, spring, Tiles, Struts
Frameworks: MVC, Struts, Hibernate, Spring
Data Stores: Sun One LDAP, Active Directory, Policy Servers and Oracle Directory Server, CA Directory store.
Web Servers: Microsoft IIS 6.0/7.0, Apache 2.x, Tomcat.
Scripting Languages: Java, JavaScript, J2EE- JSP, JDBC
Operating Systems: Windows 2008/2012/2016, Windows 7/8/8.1/10, Solaris, Linux, and Unix
Applications: MS Office suite, Tomcat, Web sphere, Web logic
Networking & Frameworks: DNS, DHCP, SSO, SAML, NAT, PCI-DSS
Continuous Monitoring: Vulnerability Management, Web Application Scanning, Threat Protect, Cloud Agents, Asset Management,
Sourcefire, Nexpose, Forcepoint, Rapid7
Security Software: Nessus, Ethereal, NMap, Metasploit, Snort, RSA Authentication
Frameworks: NIST SP, ISO 27001/31000, HIPPA, HITRUST CSF, PCI DSS

Professional Work Experience:

UBS, Weehawken, NJ Aug 22 -Till date
Sr. IAM Engineer
 Experience in Identity & Access Management Solution including Single Sign On.
 Worked from technical specifications to independently develop test scenarios to test and verify Identity and Access
management solutions. Tested custom configuration of SailPoint Identity and out of box Workflows as per the business needs.
 Created Cloud Formation templates and deployed AWS resources using it.
 Upgrading from 6.4 to 7.0 and involved in the installation of SailPoint IIQ in various environments like UNIX and Windows.
 Involved in Provisioning RBAC Resource Groups in Active Directory and CyberArk Safe.
 Involved in Provisioning RBAC Resource Groups in the server Local Groups
 Configured Single Sign on (SSO) between applications that are deployed in different domains using SAML2.0.
 Expertise in utilizing almost the entire AWS stack (including EC2, ECS, ELB, Route53, S3, RDS, SNS, SQS and IAM) focusing on
high - availability, fault tolerance, and auto-scaling.
 Performed malware reverse engineering and behavioral analysis and Incidence Response handling.
 Improve the detection, escalation, containment, and resolution of incidents.
 Implemented SSO by Integrating on-prem applications with Okta Infrastructure using SAML, Open ID Connect (OIDC) and
OAuth 2.0 service.
 Connecting NPS servers to AD - Domain controllers for Azure extension to trigger MFA challenge.
 Perform on IAM/MFA development and solutions within Microsoft Azure and other cloud providers.
 Perform SSO connections in Azure AD technology standards with SAML 2.0 (SAML spring framework -backend coding)
 Execute with programming languages PowerShell scripting to pull data and force sync with Azure AD.
 Implementation on Access control, MFA, creating Active directory (cloud) for app services in azure management portal using
RBAC other protocols.
 Azure - Azure Active Directory (AAD) configuration and management, policies and provisioning, Azure AD Connect, Azure AD,
Multi-Factor Authentication, ADFS, AD DS, AD CS.
 Manage Role Based Access Control (RBAC) process lifecycle
 Manage SailPoint installation, integration, and provisioning with connectors such as Active Directory/Exchange, Delimited File,
XML, MSSQL Server, etc.
 Experience on setting up SAML applications in OKTA Installing AD / IWA agents on member domains, validating single sign-on,
user provisioning and troubleshooting password synchronization across multiple Okta platforms.
 Active Directory Federation Services (ADFS), SAML, web Single Sign-on (SSO), OAuth and related authentication technologies.
 Integrating new applications with SailPoint and ForgeRock as per requirements.
 Working with SAML 2.0 and OAuth 2.0 with open ID Connect for the federation.
 Operate, maintain, manage, and upgrade the entire agency PKI/PIV infrastructure.
 Hands on experience in Federation, SAML, OpenID, OAuth, Open ID based integrations and other industry standard
authentication/authorization solutions.
 Responsible for end-to-end single-sign-on OKTA implementation for integrations using SAML, SWA and OAuth.
 Configured and Deployed SailPoint IIQ Connectors for various target systems.
 Implemented Restful web services to connect the AC and SailPoint applications and fetch the data into portal application.
 Configuring various roles and policies in SailPoint.
 Assist with the coordination all PKI and PIV-I requirements across multiple internal and external stakeholders.
 Serve as internal liaison for RBAC/IAM issues wif representatives from application solution owners and Information Security
 Perform Tier 3 helpdesk support for PKI-related issues. Research and maintain proficiency in PKI policy, tools, and trends.
 Strong in design and integration, problem solving skills. Very strong in Java/J2EE, C/C++, Perl.
 Strong understanding of internal technicalities of SailPoint IIQ.
 Excellent communication skills and working on with SAML Trace, Server log files for trouble shooting the error from client end.
 Protected applications by integrating them to Okta through Modern Authentication Protocols like SAML, OpenID Connect.
 Implemented RBAC (Role Based Access Control) and Worked as a liaison between the Business, IT, and Testing teams
throughout the IAM RBAC project life cycle.
 Integrated the data from SAP to ServiceNow by using API, Web services and captured that data in Service Now by creating a
table.
 Work closely with SailPoint architect and engineers for design and solution architecture Implementation of Self-Service feature
of SailPoint IIQ.
  Experience in Database module analysis, design and development using SQL, PL/SQL, and other tools under Oracle, MySQL, and
SQL Server.
 Implementation of Password features (PTA, forgot password, Change Password) of SailPoint IIQ.
 Configured SAML single sign-on (SSO) instance for internal and external users, wherein external users and internal users
performed various administrative tasks.
 Worked on different Azure services such as Azure Storage, Azure Pipeline and Azure Application deployment
 Strong Knowledge on protocols such as SAML, OAuth, OIDC and Open ID
 Experience working with Azure Active Directory B2B and B2C environment
 Experience in deploying on-prem based applications in different Azure cloud zones.
 Integrated Workday using OKTA SSO.
 The framework for New Hire Onboarding and Off Boarding Process via Workday as a Master using Okta.
 Designing the framework for New Hire Onboarding and Off Boarding Process via Workday as a Master using Okta
 Managed day to day activities creating and managing OKTA policies and creating and managing OKTA application, including
SAML, and SWA applications.
 Experienced in the design and implementation of sign-on solution based on SAML and ODBC.
 Senior understanding of Active Directory, Azure Active Directory and ADFS

Allina Health, Minneapolis, MN Dec 21 to July 22

Information Security/ IAM Engineer
 Valuable experience in analyzing IAM logs, IAM application server logs, provisioning server logs to troubleshoot various
authentication/endpoint related issues.
 Worked from technical specifications to independently develop test scenarios to test and verify Identity and Access
management solutions.
 Responsible for access control requirements including: RBAC
 Responsible for access control requirements including: RBAC and ABAC policy frameworks, life cycle management, governance,
reporting, and auditing.
 Tested custom configuration of SailPoint Identity and out-of-box Workflows as per the business needs.
 Managed the day-to-day operations of CyberArk solutions including adding and deleting accts.
 Upgrading from 6.4 to 7.0 and involved in the installation of SailPoint IIQ in various environments like UNIX and Windows.
 Worked on O-Auth Integration using Ping Federate and Ping Access and implementing Federation SAML services to SSO into
third-party vendors.
 Microsoft Azure AD, Azure MFA, ADFS.
 Experience in integrating Web and mobile applications for single sign on using Azure AD.
 Work with Application teams in integrating their applications with Azure AD.
 Expertise in utilizing almost the entire AWS stack (including EC2, ECS, ELB, Route53, S3, RDS, SNS, SQS and IAM) focusing on
high - availability, fault tolerance, and auto-scaling.
 Strong knowledge in developing Web Services using SOAP, WSDL, REST, OAuth 2.0, SAML 2.0.
 Performed malware reverse engineering and behavioral analysis and Incidence Response handling.
 Improve the detection, escalation, containment, and resolution of incidents
 Integrating new applications with SailPoint and ForgeRock as per requirements.
 Configured and Deployed SailPoint IIQ Connectors for various target systems.
 Implemented Restful web services to connect the AC and SailPoint applications and fetch the data into the portal application.
 Demonstrate a working knowledge of identity and access standards and technology including SAML, OAuth, OpenID Connect.
 Hands-on with aggregation, workflows, tasks, rules, and roles.
 Configuring various roles and policies in SailPoint.
 Strong understanding of internal technicalities of SailPoint IIQ.
 Work closely with SailPoint architect and engineers for design and solution architecture Implementation of Self-Service feature
of SailPoint IIQ.
 Assign admin roles to NP (non person account)/service accounts in Azure AD.
 Grant AZURE AD permissions for web app registrations.
 AAD Connect synch/license related issue.
 Manage Azure AD Directory and Enterprise Applications integration
 Identified different SAML 2.0 issues and fixed the issue in NetIQ Access Manager 3.1. Worked on ping federate both inbound
and outbound calls using SAML 2.0.Migrated SAML and OAuth connections from NetIQ Access Manger to Ping Federate in
staging Environment.
 Implementation of Password features (PTA, forgot password, Change Password) of SailPoint IIQ.
 Configured SAML single sign-on (SSO) instance for internal and external users, wherein external users and internal users
performing various administrative tasks that included managing external and federated users Develop custom SailPoint Rules
and Workflows as per the business needs.
  Engineered and implemented password policies within the LDAP environments to comply with General Motor's technical
security information policy.
 Integrated ServiceNow with internal/ external systems and tools & worked on Cloud connections and credentials management
through ServiceNow.
 Reviewed the security architecture evaluation of new systems and create security test plans based on existing and planned
controls and recommendations.
 Migration of all organization users to MFA group for external applications to trigger MFA challenge.

RI-OUT Infotech, India Mar 2016 to May 2021

IT Security Engineer
 Identifying and implementing practices in security to enhance the operations of the clients.
 Configured Affiliate agents, RADIUS agents to provide federation of web services in the SSO environment providing
authentication & authorization to IDM. Microsoft FIM, SailPoint IIQ, Oracle IM, SAP IDM, NetIQ IDM ForgeRock OpenIDM and
CA Identity Manager.
 Development of infrastructure automation in AWS (EC2, DynamoDB, Lambda, EBS, RDS, Dynamo, ELB, EIP etc) with AWS Cloud
Formation.
 Worked on integration of federated CMDB through ServiceNow Mid-Server technologies, Incident Management, Problem
Management, Knowledge Management and Change Management workflows and respective customization.
 Developed Ansible playbooks/roles to deploy the applications/artifacts to Tomcat, Apache, WSO2 ESB and standalone jetty java
applications from dev to Prod Env using Jenkins-Ansible plugin.
 Design and implementation of Users database access provisioning, de-provisioning and password reset management using
SailPoint Identity IQ. Created and ran the aggregation task to bulk load authoritative source data from Active Directory,
Exchange and LDAP.
 Experienced in installing and configuring Server Administration, Attribute Mapping, SSO Connections, OAuth 2.0 Configuration,
Open ID Connect Configuration, Logfiles using PingFederate.
 Familiar with Access Governance and Compliance, with knowledge of engineering SODS.
 On boarded various applications like delimited file, AD etc.
 Tested build map rules, creation rules and customization rules to create Employee and Contractor user accounts in SailPoint
from their current application's exported feed files.
 Implemented provisioning, de-provisioning and other related functionalities for new application.
 Worked on ping federate both inbound and outbound calls using SAML 2.0.
 Configuration and development of SailPoint Life Cycle Events (LCM).
 Build and Configure SailPoint in-built tasks like aggregation, ID refresh, schedule tasks, correlation, etc.
 Successful outcomes for regulatory exams and audits focused on information security, technology risk management, and IT
general controls.
 Utilized IAM protocols such as SAML, O auth, OpenID.
 Understanding Existing SailPoint Environment 7.0 P3 components, and conducted an analysis to implement all the features
according to Client Requirements in the Latest versions of SailPoint IIQ
 Getting different log sources to send data to Splunk along with creating and tuning Technical Add-Ons for proper field
extractions using regex
 Performing Qualys Vulnerability scans and manage reporting of all infrastructure assets.
 Documentation regarding DLP administration, scanning, reporting, and remediation.
 Involved in both Sever System analyses and Security support on CyberArk as well as Support on Security on Windows servers
and Active Directory (LDAP).
 Involved in building, testing, supporting and determining SailPoint Identity IQ Solution design.
 Understood firewall hardening process and changes related to it and implemented certain changes.
 Identified critical incidents and validate to prove the incident is caused or not by Network Instability.
 Designed and deployed SailPoint Identity IQ to connect to data sources on diverse agency networks and integrated SailPoint IIQ
data with multiple external databases and applications.
 Worked on Out of the Box connectors provided by SailPoint IIQ and developed custom connectors using JAVA and Web
Services to integrate with target applications.
 Developed and Implemented Restful Web Services using Spring REST Framework.
 Designed and deployed SailPoint Identity IQ to connect to data sources on diverse agency networks and integrated SailPoint IIQ
data with multiple external databases and applications.
 Worked with multiple agencies to identity unique requirements and characteristics and translate them into the design of an
overall system.