Somasekhar Keerthi

This project focused on ensuring Y2K compliance across multiple critical finance group applications while enhancing system functionality and reliability. As a team member, I analyzed systems for Y2K-affected source code, database segments, and virtual storage access method (VSAM) files. I prepared detailed specifications for the conversion process, coded, and rigorously tested the software to ensure functionality post-Y2K. Additionally, I created test plans for regression and unit testing, guaranteeing seamless integration into production. I also trained team members in coding and testing to ensure consistency across the team.

In this role, I delivered all applications on schedule while maintaining high quality and successfully implemented the Y2K compliance code into the production environment. Alongside compliance work, I proposed and implemented improvements to existing functionalities, enhancing overall system performance. I independently supported four finance applications and monitored night-time batch production jobs from an offshore center. I also troubleshot and resolved issues within the agreed service level agreements (SLAs).

I developed and managed user provisioning and de-provisioning tools on Unix and mainframe systems. These tools were provided to the access control administration teams, allowing them to perform user administration without prior knowledge of mainframe and Unix security. I developed .NET-based security applications for Unix, mainframe, SAP, and Oracle systems, with a SQL Server back end to manage the access request approval process.

I also built a recertification application to certify AD security groups, ensuring compliance and security integrity across the organization. Throughout the project, I managed all provisioning systems, continuously enhancing them with new functionalities. This involved migrating the existing codebase into a newer version of Visual Studio and rewriting the code to improve performance and system efficiency.

As part of the superuser management process, I maintained the super-user process documentation and scheduled SSIS jobs in SQL Server to load feeds from mainframe, AS/400, Unix, and Windows platforms. I also facilitated the weekly recertification process and led and facilitated the quarterly recertification process for superuser accounts.

This project aimed to implement IIQ as the organization's primary IAM solution, transitioning from the legacy IAM system, Aveksa. This strategic initiative was undertaken to enhance identity governance, improve compliance, and streamline access management processes across the enterprise.

As part of this project, I created high-level designs to implement IIQ in three different environments and conducted remote workshops to understand the existing Aveksa and the current functionality and identify gaps in the current system. I deployed the SailPoint application across different environments, built an Identity warehouse using multiple HR sources, and deployed JML workflows to handle on- and offboarding activities to meet compliance requirements correctly.

Additionally, I onboarded 100 applications, ensuring that each application adhered to the established identity governance policies. I also established various application connectors to integrate SailPoint with important systems, including AD, ServiceNow, REST API, Azure AD, SQL Server, CyberArk (utilizing SCIM 2.0), RACF, and ACF2.

This project focused on implementing the CyberArk PAM solution within the organization. The initiative began with a presentation of the CyberArk architectural solution to the architectural review board, which outlined the technical framework and benefits of the on-premise PAM deployment.

To facilitate the implementation, I prepared comprehensive high- and low-level design documents and deployed CyberArk PAM solution with Vault, PVWA, Central Policy Manager (CPM), PSM, and a DR solution. As part of the project, I evaluated the DR failover and fallback processes and scheduled incremental and full backups for vault data to ensure data integrity and availability. Safe naming and platform naming standards were designed for consistency and clarity in the environment.

I onboarded accounts across Windows, Linux, and AIX platforms to ensure comprehensive coverage of all use cases. Additionally, I integrated the ServiceNow ticketing system to enforce ticket number entries for accessing privileged accounts and the SIEM solution to monitor user activity logs for compliance and security oversight.

This project involved procuring and implementing CyberArk SaaS licenses as a managed service provider. It commenced with presenting the CyberArk architectural solution to the architectural review board, followed by creating change orders to open the necessary firewall rules for the CyberArk SaaS solution.

High- and low-level design documents were created and submitted, ensuring a comprehensive understanding of the implementation requirements. A ticket was created in the CyberArk portal to engage with CyberArk professional services, where the high-level architecture and requirements were reviewed in detail.

To facilitate the installation, we engaged with teams to provision domain-joined Windows connector servers. As part of the jump start program, we collaborated with the CyberArk professional services team to complete the implementation of the CyberArk solution.

Additionally, we integrated the ServiceNow ticketing tool to streamline access management processes. On-premise AD was installed as an identity connector for authentication. New servers that were migrated from the on-premise data center were onboarded into the CyberArk system.