Kal is available for hire

Kal Biswas

Verified Expert in Engineering

Solutions Architect and Developer

Maidenhead, United Kingdom

Toptal member since October 12, 2022

Expertise

LDAP SSO Engineering System Security OKTA Cybersecurity SAML Cloud Architecture Database OAuth AWS MongoDB Node.js DevOps Linux C

Bio

Kal is an architect with 28+ years of experience in a broad spectrum of technologies, including information security and identity and access governance and management domains. He has profound skills in identity as a service (IDaaS), protocols for federated identity such as OIDC and SAML, and biometric multi-factor authentication. Kal also specializes in next-gen technologies, verifiable credentials, self-sovereign identity, DevOps, IaC, and CI/CD patterns.

Portfolio

Self Employed

AWS IAM, AWS Managed Microsoft AD, AWS IAM Identity Center, AWS Lambda, Auth0...

Keyless

OpenID Connect (OIDC), SAML-auth, Xcode, iOS SDK, Node.js...

DXC Technology

OpenID Connect (OIDC), SAML, TOGAF, COBIT, Confluence, Jira, Azure...

Experience

LDAP - 20 years
Security - 20 years
IBM Tivoli Access Manager (TAM) - 20 years
Identity & Access Management (IAM) - 19 years
SAML - 18 years
Amazon Web Services (AWS) - 7 years
Okta - 6 years
Azure - 4 years

Preferred Environment

Linux, MacOS, Visual Studio Code (VS Code), Xcode, Docker Compose, Kubernetes, MongoDB, Amazon Web Services (AWS), Azure, Okta

The most amazing...

...thing I've run is a POC to secure a tax portal for a European government covering 20 million tax-paying entities, simulating a peak load of 20,000 sessions.

Work Experience

Cloud Security Architect

2024 - 2026

Self Employed

Architected and delivered B2B identity broker solution covering multiple business entities acting as application providers as well as application consumers via standard federation protocols like SAML and OpenID Connect (OIDC).
Built and managed an Auth0 private tenant for a highly regulated industry (HRI) scenario involving multiple system integrators (SIs) and UK Government agencies.
Designed and implemented API security in a machine-to-machine authorisation scenario going across disparate business entities.
Delivered operational model for the production phase of the project.
Developed integration patterns for future onboarding of new providers of applications and identities to expand the ecosystem of providers and consumers.
Integrated identity providers like Azure Entra ID and AWS IAM Identity Center for the identity broker architecture.
Created test plans for end-to-end integration testing, covering multiple providers and consumers.

Technologies: AWS IAM, AWS Managed Microsoft AD, AWS IAM Identity Center, AWS Lambda, Auth0, Auth0 API, ServiceNow, Adobe Experience Platform, TypeScript, Python, Boto3, Parquet, AWS Identity and Access Management, AWS IAM Access analyser, AWS Security Hub, High-level Design (HLD), Low-Level Design (LLD), Microsoft Entra ID, OAuth 2, OpenID Connect (OIDC), SAML, AWS Secrets Manager, AWS Certificate Manager

Senior Solutions Architect

2021 - 2022

Keyless

Integrated and documented Keyless biometric MFA solution for Salesforce and a host of IDaaS vendors: PingOne, ForgeRock Identity Cloud, OneLogin, Amazon Cognito, and Auth0.
Created public documentation and instructional videos about Keyless solutions.
Ran multiple projects to integrate Keyless MFA solutions to customer applications using mobile SDK for iOS and Android and OIDC and SAML protocols.

Technologies: OpenID Connect (OIDC), SAML-auth, Xcode, iOS SDK, Node.js, Amazon Web Services (AWS), Azure, DevOps, Kubernetes, TOGAF, Amazon Cognito, IT Security, Single Sign-on (SSO), Swift 5, Multi-factor Authentication (MFA), Security, Agile DevOps, Identity & Access Management (IAM), Confluence, Duo, Active Directory Federation, OAuth 2, User Authentication, Active Directory Synchronization, Web Security, Web App Security, Mobile App Security, Web Application Architecture, Authentication, iOS Authentication, React Native, Cloud, APIs, Cloud Architecture, DevSecOps

Advisor Solution Architect

2020 - 2021

DXC Technology

Implemented MFA for a bank in the UK to enable access via Cisco AnyConnect VPN.
Contributed to a solution architecture proposal that was part of an RFI response for a government client to leverage verifiable credentials and SSI technologies for citizens' access.
Delivered a cyber maturity review for a client in the defense industry and privileged access to IT resources for employees.
Played a key role in building an IDaaS solution for workforce IAM for a client in the insurance industry.
Contributed to an identity governance solution leveraging SailPoint IdentityIQ for a client in the defense industry.

Technologies: OpenID Connect (OIDC), SAML, TOGAF, COBIT, Confluence, Jira, Azure, Amazon Web Services (AWS), Agile DevOps, Okta, SailPoint, Jupyter Notebook, Security, Identity & Access Management (IAM), Single Sign-on (SSO), OAuth 2, User Authentication, Active Directory Synchronization, Architecture, Security Architecture, Web App Security, Web Application Architecture, RADIUS, Application Security, Cybersecurity, Cloud Architecture, DevSecOps, Active Directory (AD)

Architect

2015 - 2020

Self-employed

Migrated an on-premise CIAM solution to an insurance client's virtual appliance-based infrastructure.
Delivered an access management solution, workforce IAM, for a major client in the transportation sector, leveraging the IBM Access Management suite of products.
Migrated workforce IAM to IDaaS solution in Okta for a client in the insurance industry.

Technologies: Amazon Web Services (AWS), SAML, OpenID Connect (OIDC), IBM Db2, LDAP, IBM WebSphere, IBM Tivoli Access Manager (TAM), Identity & Access Management (IAM), TOGAF, COBIT, Multi-factor Authentication (MFA), Security, Swift 5, Agile DevOps, Confluence, Single Sign-on (SSO), OAuth 2, User Authentication, Web Application Architecture, Web App Security, Web Application Firewall (WAF), Authentication, Cloud, APIs, Objective-C, Application Security, Cybersecurity, Cloud Architecture

Senior Solutions Architect

2012 - 2014

RSA

Oversaw the architecture and deployment of an identity governance solution for a bank in Belgium, starting from a proof of concept and pilot-to-production rollout using Aveksa and RSA Identity Governance products.
Contributed to an identity governance solution for a bank in Germany.
Worked actively on an identity governance solution for a pension fund in the Netherlands.

Technologies: LDAP, Oracle 9g, Aveksa, IBM WebSphere, JBoss, MuleSoft, TOGAF, COBIT, Security, Identity & Access Management (IAM), Security Architecture, Data Governance, Cloud, Authentication, APIs, Cybersecurity, Application Security

Senior Consultant and Architect

1998 - 2012

IBM

Used the federated identity manager to work with early users of identity federation protocols SAML, WS-Federation, WS-Trust, and OpenID.
Contributed to access management and CIAM solutions for a few major European banks based in Belgium, Norway, Denmark, Spain, Sweden, Germany, and Turkey.
Built an identity provisioning and management solution on the IBM Security Identity Manager product suite for a few European customers from Denmark, the UK, Belgium, Turkey, and Spain.

Technologies: IBM Tivoli Access Manager (TAM), IBM Tivoli Identity Manager (TIM), IBM Db2, IBM DataPower, IBM WebSEAL, IBM WebSphere, Java, Enterprise Java Beans (EJB), TOGAF, COBIT, Single Sign-on (SSO), SAML, Multi-factor Authentication (MFA), Security, Identity & Access Management (IAM), Active Directory Federation, OAuth 2, User Authentication, Security Architecture, Web App Security, Web Application Architecture, RADIUS, Web Application Firewall (WAF), Database Security, Data Security, Authentication, Cloud, APIs, C++98, C++, Cybersecurity, Application Security, PKI, Active Directory (AD)

Experience

Passwordless Biometric MFA for Salesforce

Earlier in 2022, the Salesforce platform made it mandatory to enforce multi-factor authentication to access the Salesforce portal. This solution was built to showcase how passwordless authentication technology from Keyless that is used to provide Salesforce users with a frictionless authentication experience. Keyless performed biometric authentication using facial recognition technologies. This specific solution was built using a SAML identity provider to send SAML assertion to Salesforce about a successful biometric authentication performed on the Keyless platform, i.e., Keyless mobile authenticator and its back-end SAML identity provider service.

Biometric Passwordless Authentication for Gaming Industry

It provides the ability to perform facial recognition-based biometric authentication to a mobile (iOS and Android) gaming platform to reduce friction without compromising security, enhancing security posture using a mobile SDK.

Identity Broker Implementation

An identity broker solution to authenticate users across multiple identity providers to authenticate applications that traverse multiple host organizations leveraging identity federation protocols SAML and OIDC implemented on top of Auth0.

Education

1997 - 1998

Master's Degree in Computer Science

Johns Hopkins University - Baltimore, MD, USA

1990 - 1992

Master's Degree in Business Administration, Information Systems, and Manufacturing

Indian Institute of Management - Ahmedabad, India

1986 - 1990

Bachelor's Degree in Computer Science

Indian Institute of Technology Bombay - Mumbai, India

Certifications

FEBRUARY 2025 - FEBRUARY 2028

AWS Certified AI Practitioner Early Adopter

Amazon Web Services

NOVEMBER 2023 - PRESENT

AWS Certified SysOps Administrator

Amazon Web Services

OCTOBER 2023 - PRESENT

Certified Calico Operator: Level 1

Tigera

JULY 2023 - JULY 2026

AWS Certified Security - Specialty

Amazon Web Services

MAY 2023 - MAY 2026

AWS Certified Developer – Associate

Amazon Web Services Training and Certification

MARCH 2023 - MARCH 2026

AWS Certified Solutions Architect – Associate

Amazon Web Services Training and Certification

Skills

Libraries/APIs

Node.js, RADIUS, Auth0 API, Auth0 Management API v2

Tools

IBM WebSEAL, Docker Compose, Xcode, Confluence, Jira, SailPoint, IBM DataPower, Amazon Cognito, Auth0, AWS IAM, Amazon SageMaker

Languages

SAML, C++98, C, Java, Swift 5, Objective-C, C++, TypeScript, Python

Paradigms

Web Application Architecture, DevOps, DevSecOps, Object-oriented Programming (OOP)

Industry Expertise

Cybersecurity

Frameworks

OAuth 2, iOS SDK, TOGAF, COBIT, React Native

Platforms

Amazon Web Services (AWS), Azure, Linux, MacOS, Visual Studio Code (VS Code), Kubernetes, IBM WebSphere, Jupyter Notebook, JBoss, MuleSoft, Duo, AWS Lambda, iOS, Adobe Experience Platform

Storage

MongoDB, Databases, IBM Db2, Oracle 9g, Database Security, Azure Active Directory, Microsoft Entra ID

Other

Okta, OpenID Connect (OIDC), SAML-auth, LDAP, IBM Tivoli Access Manager (TAM), Identity & Access Management (IAM), Security, Single Sign-on (SSO), Multi-factor Authentication (MFA), User Authentication, Security Architecture, Application Security, IT Security, Architecture, Cloud Architecture, Active Directory (AD), Distributed Software, Decision Support Systems (DSS), Programming, Agile DevOps, Aveksa, IBM Tivoli Identity Manager (TIM), Enterprise Java Beans (EJB), Active Directory Federation, Active Directory Synchronization, Web Security, Web App Security, Mobile App Security, Web Application Firewall (WAF), Data Security, Data Governance, Authentication, iOS Authentication, Cloud, APIs, PKI, Project Calico, AWS IAM Identity Center, AWS Managed Microsoft AD, Generative Artificial Intelligence (GenAI), Amazon Bedrock, ServiceNow, Boto3, Parquet, AWS Identity and Access Management, AWS IAM Access analyser, AWS Security Hub, High-level Design (HLD), Low-Level Design (LLD), AWS Secrets Manager, AWS Certificate Manager

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring