Rahul Sharma
Senior Specialist - Identity And Access Management
Bangalore
Summary
- 9+ years of extensive working experience in Identity and Access Management (Active Directory\Azure Active Directory\Okta Operations).
- Currently acting as BAU Team Lead, provides support with resolution of escalated tickets and conducts regular team training meeting to keep up to date with latest security\technical\process enhancements.
- Proficient in Designing, Planning, Creating and Managing Active Directory Services (Forests, Domain & Trust Relationship), GPOs, Azure App Registrations, Power-shell Scripting, Functional level Upgrade, Security Hardening.
- Trusted advisor by providing technical support to Azure Active Directory & Active Directory Infrastructure. Application On-boarding and BAU experience in OKTA along with the knowledge related to configuration and different protocols used by Applications.
- Designed & Conducted disaster recovery of complete Active Directory infrastructure in Fence Network. Impact Analyze and remediation of security flaws captured in Active Directory Assessment Report.
- Automate tasks and providing consolidated reports using PowerShell. Experience in authoring technical white papers, RFPs, SOPs as well as project conceptualization and planning documents. Integration of IGA tool (Saviynt) with Active Directory.
Overview
10
10
years of professional experience
5
5
years of post-secondary education
2
2
Languages
Work History
Senior Specialist - Identity and Access Management
Diageo
Bengaluru
04.2021 - Current
- Acting as Senior SME and BAU Team Lead with managing 8 members in team.
- Lead Resource for one the most vital project “AD Remediation”.
- Managing integration of IGA tool (Saviynt) with Active Directory and suggesting the best approaches from AD perspective to fetch relevant Data and propagation
- Implementing and managing the Azure AD Connect server
- (New Set-up and Upgrades)
- Contributes to Process improvement initiatives with the valuable suggestion to enhance the user experience and technical solutions
- Experience on Azure AD Enterprise Application (App Registration, SPN Registration, Application Integration.)
- Extended Azure Password Protection feature to all the On-prem Domain Controllers to in-corporate custom banned password policy
- Hardened the Application registration and User Consent for all enterprise-based Azure Applications
- Redefined OU delegation on Least Privilege Model
- Designed security parameter by moving Privilege Access of users from Standard ID to Admin IDs in AD and at infra level
- Implemented Fine-grained password policy for different set of Users
- Analyzed and implemented the GPO for Infra Servers as per CIS hardening policy for hardening the controls
- Experience on mitigating the dependency on deprecated TLS version from AD\Okta\AAD Connect\PKI\KMS. (IAM related Infra servers)
- Participated in Pen-Testing as Blue Team to identify and study the Red Team Movements.
- Analyzing Bloodhound test results periodically and mitigating them to secure the AD environment
- Analyzing the Security best practices in industry and advising company to opt those to remain complaint and secure from intruders
- Took active participation in User Migration project for one of the acquired partners using Quest tool
- Drafting Powershell scripts for team to automate manual works and give output efficiently
- Automating the health check for Active Directory Servers
- Managing the PKI environment
- Configured Exceptional group policies for Migrated users to access the laptops and resources from the parent domain
- Helped different applications team to configure ASR Failover
- Identified and implemented security parameters for low privilege users (SAMRi10)
- Experience in writing KQL query for extracting & analyzing Sign in and security logs from Sentinel in Azure
- Knowledge & experience in integration application in Azure and Okta on basis of different protocols (SAML & OIDC)
- Handling P1 calls and resolve them within SLA.
- Demonstrated leadership skills in managing projects from concept to completion.
- Learned and adapted quickly to new technology and software applications.
- Used critical thinking to break down problems, evaluate solutions and make decisions.
- Skilled at working independently and collaboratively in a team environment.
Lead Administrator and BAU TL - Diageo Client
RCS Tech LLC
07.2019 - 04.2021
- Lead Resource for one the most vital project “AD Remediation” for Diageo.
- Participated in Planning and Executing the Domain and Forest Level upgrade from 2003 to 2008R2 and 2008R2 to 2012R2.
- Coordinated with different application team to understand and identify the impact of Forest and Domain Level Upgrade.
- Performed the Migration of Sysvol from FRS to DFSR.
- Refinement of OU Access delegation for Service Desk and Desktop Support Team.
- Consolidated the Domain Controllers scattered over different locations by analyzing the utilization.
- Identifying Kerberos Unconstrained Delegation on Computer object and remediated by converting to constrained delegation by help application team to overcome such configuration to reduce the security risk in the organization.
- Encrypted all Domain Controllers by validating and analyzing the impact in existing functionality.
- Worked on AD Site consolidation, Replication, FSMO placement, Group Policy, application dependency, OU structure, GC and DC placement.
- Implemented protected LSA on all Domain Controllers after analyzing the impact & auditing.
- Understanding and implementing the Group policy as per the requirement of different stakeholder and application team and supporting the existing Group policy infrastructure.
- Created powershell script to identified orphaned GPO and stale groups and performed cleanup.
- Designing and Implementing Distributed File System and refinement of existing.
- Provided support to BAU activities of Shared Folder Creation.
- Designed complete plan of Shared Folder day-to-day activities and delegated the work with proper KT plan to L1 team in Lift&Shift Program.
- Participated and Lead the different program of process.
- Improvement and automation for better utilization of resources.
- Providing support to Azure Active Directory and AAD connect server.
- Planned, Implemented and created test cases for Azure password protection for on-prem ADDS in Development environment to present to Security Management Team.
- Assisting applications team to register the application in the azure with proper API permissions.
- Prepared different SOP documents for easy functionality of day-to-day activities and updating on regular basis as per the requirement.
- Providing L3 technical support for VIP users, escalated cases from Operations teams.
- Handling P1/P2 calls and resolve them within SLA.
Technical Support Engineer
Veritas Technologies
Pune
07.2018 - 07.2019
- Act as a trusted advisor by providing technical support to Global Enterprise level Customers and Partners on Veritas Information Intelligence products (Data Archiving Solutions)
- Researches on a wide array of technical topics such as Operating Systems, Infrastructural Technologies and Veritas Software Products
- Applies specialized knowledge, analytical practices and procedures to analyze, diagnose and resolve issues in unique and often complex enterprise environments
- Effectively communicates procedural and technical issues to internal and external customers/stakeholders in an enterprise environment
- Participates and possibly leads conference calls with customers and 3rd party Teams/Vendors
- Assesses when it is necessary to engage or escalate to senior resources to resolve complex issues
- Manages own schedule of cases, which includes determining priority levels and negotiating and setting expectations with customers
- Participate in new product releases and beta cycles to ensure information and training requirements are met to support new products
- Interface with Sales, Services, Engineering, Product Management, and Support Management when necessary to prioritize customer requests
- Define and track bugs for Development and offer innovative ideas to improve product quality
- Develop documentation and the Technical Support Knowledge Base to reduce troubleshooting time and drive faster issue resolution
- Reviews technical solution articles for accuracy and completeness
- Served as primary point of contact for support relating to owned solutions and products.
- Explained technical information in clear terms to non-technical individuals to promote better understanding.
Senior Operational Professional
IBM India Pvt Ltd
Noida
04.2014 - 07.2018
- Developed strong communication and organizational skills through working on group projects.
- Gained extensive knowledge in data entry, analysis and reporting.
- Completed general labor tasks such as loading and unloading materials, cleaning up job sites and operating heavy machinery.
- Learned and adapted quickly to new technology and software applications.
- Providing remote support for banking sector, managing client servers.
- Managed and supported multiple domain Active Directory
- Ensured all systems complied to information security (ISEC) requirements.
- Performs weekly & monthly patching on all production and test servers.
- Responsible for taking ownership of changes includes creation of change, implementation and closer in Remedy.
- TCP/IP, DHCP, AD and DNS configuration and support.
- Creating and managing GPO, groups & groups permission as per the design in multi domain environment.
- Administer Systems using VMware ESX and VSphere.
- Work with Unix Team Managing Access & command on Solaris10 and RedHat 4, 5, and 6 through GPOs.
- System error event troubleshooting
- Working on DFS shares, folder structuring managing NTFS permissions on the DFS shares.
- Following ITIL process for Change management, incident management and problem management.
- Export and Import VM between different hypervisor host machines. Customizing Virtual Machines. (Add / remove hardware RAM, Processor etc.)
IT Executive
Shree Shubham Logistic Ltd
Jaipur
08.2013 - 04.2014
- Administration of servers build for Windows Server (Win 2008, 2003 Servers)
- Providing remote support over different locations of client
- Interaction with client by working at client location
- Providing Support for SAP to all the concerned Departments (Accounts and Operations)
- Setting up & installation of the SAP system at location, as required
- Coordinating with warehousing & account Department for data upload & report generation in SAP
- Ensuring Service through SAP for the concerned Departments
- Providing end- user SAP training at locations, as & when required
- Mainly Support to RSWC HO& Location to generate SAP monthly billing & MIS Report.
Education
MSc - Accounting and Finance
University of Bedfordshire
09.2011 - 03.2013
Bachelor of Commerce - undefined
.S. Jain Subodh P.G. College, Rajasthan University
01.2007 - 01.2010
Skills
Identity access management
Active Directory Directory Services Administration
Azure Active Directory Management
Application integration on Azure & Okta using SAML and OIDC protocol
Designing and Executing Disaster Recovery plan for Active Directory
Analyzing Security best practice in Industry and suggesting Leadership team to adopt it
Process Defining and enhancing the existing one
Problem Solving Capabilities
Power-shell scripting
PKI Management
GPO\DFS\DNS Management
Timeline
Senior Specialist - Identity and Access Management
Diageo
04.2021 - Current
Lead Administrator and BAU TL - Diageo Client
RCS Tech LLC
07.2019 - 04.2021
Technical Support Engineer
Veritas Technologies
07.2018 - 07.2019
Senior Operational Professional
IBM India Pvt Ltd
04.2014 - 07.2018
IT Executive
Shree Shubham Logistic Ltd
08.2013 - 04.2014
MSc - Accounting and Finance
University of Bedfordshire
09.2011 - 03.2013
Bachelor of Commerce - undefined
.S. Jain Subodh P.G. College, Rajasthan University
01.2007 - 01.2010