From: route@monster.com
Sent: Friday, May 06, 2016 1:32 PM
To: hg@apeironinc.com
Subject: Please review this candidate for: Cloud
This resume has been forwarded to
you at the request of Monster User xapeix03
|
|||||||
|
|||||||
|
|
|
||||||
|
||||||
|
Vivo vivojitendra@gmail.com(775) 964-8251 Preferred location Irving,
TX- Open to Dallas area in Texas and Bay Area in California. My rate is $150/hr on W2
or C2C. I do provide expert
consultancy for security based initiative. I prefer email
before phone call. Recruiters
please note I will not do only development work, but I am hands-on
Architect. Summary: Vivo has been
instrumental in providing architectural leadership in the security domain for
a cloud’s initiative for a Security Based Company in San Jose. He was
specifically hired for his expertise in Security OASIS stack using SAML 2.0,
XACML 2.0, WS-Security 1.1 and WS-Trust 1.4. He helped partner with other
companies for federation of its identities. In a short span of 3 months he
delivered a solution using open source based products such as OpenAM.
Eventually, he designed the authorization solution for the customers in the cloud
using XACML based open-source JBoss PicketBox. Provided a specification for
securing services using REST based services using the SAML Profile. He also
provided security architectural leadership to health care startup which deals
with managing privacy of patients and management of health records. In this
tenure, he implemented the WS-Trust 1.4 Challenge Response implementation
which was not available in any products. During his tenure at Charles Schwab
delivered security STS solution using IBM DataPower in a short span of 5
months. Experience: · Vivo has over 16 years of experience in developing
business application and currently specializing in security architecture and
identity management · He has worked as Principal Security Architect for the past
5 years and was a Senior Security Engineer prior to that. · Thorough knowledge of OASIS security standard such as SAML
2.0, XACML 2.0, WS-Trust 1.4 and WS-Security 1.1 · Experience in federating with different clients using
WS-Trust 1.4 and WS-Federation 1.2 · Strong experience with SAML 2.0 profile for XACML 2.0 · Ability to implement Security Gateway using XML
accelerators such as IBM DataPower v 3.6.1 · Experience in consistently applying/fusing design pattern
and UML technologies in the projects · Very strong programming experience in Java, J2EE,
Servlets, JSP, Enterprise Java Beans (EJB), Struts, Spring Framework and Web
Services. · Expert in .NET 4.0 WCF and WIF (Windows Identity
Foundation). · Has the knowledge and experience to create a STS system
for any company · Ability to develop and deploy J2EE web components on
different application servers such as Websphere , Glassfish, JBoss. · Effectively used leadership qualities for doing
negotiations in federating with partners like UHG and Care Core. · Creative in developing re-usable solutions by developing
frameworks for the project so as to increase the productivity of the
deliverables. · Specialized in developing prototype model for evaluation
of technology and perform performance test on it to provide statistical
analysis to management. · Used AAA framework of DataPower to perform Authentication
and Authorization. Authentication using SAML assertion and Authorization
using XACML. · Provided leadership in OAuth Security Module for mediating
tokens from SAML 2.0 to proprietary OAuth Access Token. Defined the format
for the OAuth Access Token not available in OAuth 2.0 specification. Awards and
Contribution · Received “Charles Schwab Business Excellence Award” for
migrating 200 UNIX boxes with 16 DataPower devices for Security Gateway
Repurposing project. · Received “Charles Schwab Key Contributor Award” for
providing solution in the security space. · Received “Cisco Security Green Belt Ninja” Award. · Key inventor for one of the patent filed in the SSO
domain. · Voting member for OAuth UMA Specification group
· Languages:
Java, C#, C, C++, XML, XSLT, .NET · Operating Systems:
Windows XP Professional, Windows Vista, UNIX and Macintosh, IBM DataPower
v.3.7.1 · JAVA Technologies: -
Servlets 2.3, JSP 2.0, EJB 3.0, Web Services, REST Based Service. · Dot Net Technologies: C# 4.0, WCF 4.0, ADO.NET, Web Services, XML, WSDL. · Servers:
Apache Tomcat 7.0. Jboss 6.0, Websphere 6.1, IIS 6.0 · Identity Management Servers: OpenAM 10.0.0, JBoss PicketLink 2.1.8, ADFS. · OASIS Security Protocols: WS-Security 1.1, WS-Trust 1.4, SAML 2.0, XACML 2.0 · LDAP: OpenDS, OpenDJ,
openLDAP. · Middleware: -
TIBCO, JMS, IBM MQSeries · Other Tools: -
Rational Rose, VSS, CVS, SoapUI 3.6.1, TOAD, Fitnesse · Testing Tool:
Fitnesse, JUnit, NUnit · Build tools:
Ant, Maven Education: Bachelors in Engineering, Computers Science
from Mumbai University, India CISSP certification in Progress (To be completed
28th May, 2014) Professional
experience: Cloud Based ProviderJuly 2011 – Present Role: Cloud Security Architect The cloud based provider is providing initiative
for the health care industry to host services which will allow the physician
community to be able to access the components of the application without
needing to be part of the respective health care network. The physicians of a
specific health care industry will be able to federate with the others by
establishing a circle of trust in the cloud. The authentication in the cloud
is achieved using SAML 2.0 standard. There are multiple profiles supported to
enable different clients to securely communicate with different service
providers. The profiles supported were POST profile, Artifact Profile and
Attribute Resolution Profile. Authorization was provided using XACML 2.0.
Partner Profile was created to realize the attributes from various sources
which eventually was useful in the creation of XACML Request and fed to the
XACML PDP engine to perform Authorization Decision. The Partners in the cloud
were provided a REST Based API for uploading the XACML Policy. Responsibilities · Providing architectural direction for providing security
to the Cloud Based Platform. · Providing Road Map for the Security Development Effort in
the Cloud Based Platform. · Enable federating partners like UHG, CareCore, Axelatto to
agree upon set of attributes for SAML based Authentication. Provided key assertive behavior to make partner
confirm to the standards defined by the company. · Designed the partner profile framework for authorization
and implement it using XSPA Profile. · Mentored the developers and testers to understand
different security profiles. · Drive the customer facing business people to understand
the pros and cons of different profiles and help them select the profile best-suited for their requirement · Enable productionalizing the cloud based security
environment. · Performed Security Token Mediation for adapting token from
one format to another using WS-Trust 1.4 specification · Instrumental in getting other enterprise departments to
use the Security Products developed by the team. · Created the mediation profile from converting SAML 2.0
tokens to OAuth 2.0 Access Token. · Used JOSE Specification for JWT for signing the JWT Access
Token using JWS and encrypting the same using JWE. ·
Mediating OAuth Tokens from one
provider to another. Environment: Linux, OpenShift, SAML 2.0,
XACML 2.0, OAuth 2.0, LDAP, Apache Tomcat 7.0 Client: Private Access, Irvine CA
March 2010 till June 2011 Role: Principal Security/Solution Architect The current application helps to control the
health information by deciding who can see the health information and the
condition under which the health the permission is granted. Apart from it,
there are other has other services such as RecruitSource and TrialsFinder.
RecruitSource provides dynamic search engine for our database of people who
are interested in participating in clinical trials and research studies.
Trials finder helps advocacy groups identify and publish the studies that are
most relevant to people with the diseases and conditions that they serve.
The key challenge is to be able to exchange authentication and authorization
data between these different applications. The Identity Provider is created
to provide electronic identity to the entity. The core functionality of the
Identity Provider is to provide message identity, message confidentiality and
message authenticity. WS-Security 1.1 for SAML Token profile was used to
provide the same. IDP STS used WS-Trust 1.4 specification for issuing,
renewing and validating security token. One of the challenges in issuing a
SAML Assertion token was to implement a WS-Trust 1.4 Negotiation Challenge
Profile. There was no commercial implementation available for the same
available at that time. Hence, designed and implemented the complete end to
end profile for WS-Trust 1.4 Challenge Negotiation Profile. The client was a
WCF .NET client. Also, WS-Trust 1.4 Challenge Negotiation was not available
in WIF. Hence, overridden the WIF WSTrust13Channel and defined the requisite
methods to perform challenge negotiation. Authorization was implemented using
XACML 2.0 specification. This project also involved exposing the API's
developed in .NET to the outside world. To implement the same I designed the
Gateway to work as policy enforcement point(PEP) and a router. Responsibilities: ·
Provide
leadership for the security architecture using OASIS standards. ·
Evaluate various
protocols and products to suite the company business requirement and budget. ·
Provide
technical expertise for setting up the infrastructure for implementing IDP at
the hardware and the software level ·
Creating
Architectural design for the IDP and documenting the same ·
Designed a
highly efficient gateway using XSLT driven approach instead of conventional
approach. ·
Initiating the
development environment and setting it up for the developers ·
Mentoring the
developer and tester for the IDP. ·
Hands-on with
the development, coding and testing framework of the IDP. ·
Created the
complete SOAP UI groovy script for WS-Trust 1.4 client to automate the
Negotiation Challenge profile testing as well. Environment: Java,
CentOS, JBoss 5.1, Eclipse, JBoss PicketLink, WCF 4.0, WIF 1.0 Charles Schwab, San Francisco
April 16, 2007 till Feb 2010 Schwab DataPower Intermediary. Enterprise Security Architect The DataPower
Intermediary receives soap request from different service requestor, performs
different various operation and then sends the message to the requisite
service provider environment. The different operations performed by the
Router were:- A. Discovering the
service and appropriately invoking the requisite service. B. The requisite
service defines multiple things in the registry viz., routing policy,
security policy, logging strategies, timeout parameters to be implemented by
the client side and the server side, record system state which it receives
from a MQ based system. C. Enforce Security
Policy a.k.a. PEP (Policy Enforcement Point) The
web service security is provided using SAML 1.1 specification. The different
domain requester components generates SAML request which gets embedded in the
web service header and than sent to intermediary. The intermediary than
performs AAA (Authentication, Authorization and Auditing). The authentication
of the user happens by validating the SAML Assertion using the public key of
the CAM which is the Identity Server. Also, the PEP converts SAML request to
XACML request to perform authorization using XACML 1.1 specification.
Authorization is performed using 2 components PDP (Policy Decision Point) and
PIP (Policy Information Point). The XACML policy to authorize a particular
web service request is installed on the PDP component. Using this XACML
policy, XACML request and a DataPower XACML engine, we check if a particular
subject is authorized to perform a specific action against a resource. If the
XACML response is a “PERMIT”, then it performs post-processing to create a
SAML response. Responsibilities:
· Received “Charles Schwab - Business Excellence Award” for
this project. Environment:
Java, J2EE, Websphere DataPower, Rational Rose, EJB 3, Web services,
Spring, IBM MQ Integration Module Framework for WCF components The goal of this project is to provide
transparent Service Oriented Architecture Framework to enable service
requester to invoke a service offered by any service provider in any
environment using industry standard mechanism. It encapsulates the recurring
task of implementing SOA such as service discovery, service context
encapsulation, security, routing and logging services. This integration
module has 2 parts · Requester Module. · Provider Module. The work of requester module is to discover a
service using Schwab’s proprietary Registry Module, creation of security
token and invocation of business services by passing the required service
context information. Security token is implemented using 3DES encrypted
binary security token and using SAML Assertion. The work of provider module
is to validate the request using 3DES decryption logic and authenticating the
SAML Assertion and than finally executing the required service. It was tested
using Fitnesse framework of .NET and using ASP.NET clients. There were fixtures
and wiki pages written for repeated automated testing. Responsibilities: · Involved in discovery of service. · Creation and validation of binary security token for the
web service using 3DES cryptography. · Creation of Automated test using Fitnesse fixture. Environment: .NET 3.5, WCF, Visual Studio 2008,
C#, ASP.NET Rest of the experience will be available upon
request. Reference will be provide only after interview,
however I will provide my linked recommendation at submission. |
|
|
||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
|