Summary
Overview
Work History
Education
Skills
Certification
Projectsandachievements
Timeline
Generic

Hemanth Kambhampati

Bellevue,WA

Summary

Accomplished IAM Engineer with a proven track record at Microsoft, enhancing security through Zero Trust Architecture and robust Conditional Access Policies. Expert in Microsoft Entra AD Connect and adept at fostering client relationships. Demonstrated ability to lead initiatives, improving system compliance and user experience with a strategic blend of technical proficiency and collaborative teamwork.

Overview

6
6
years of professional experience
1
1
Certification

Work History

IAM Engineer

Microsoft
Bellevue, WA
01.2024 - Current
  • Designed and Implemented Zero Trust Architecture, continuously verifying users, devices, and applications before granting access to enterprise resources
  • Supported Single Sign-On and authentication initiatives across diverse enterprise applications, focusing on SAML, OAuth, and OpenID Connect for enhanced security
  • Configured and Managed Conditional Access Policies to secure access to critical applications, enforcing Multi-Factor Authentication (MFA) and location-based access controls to mitigate unauthorized access risks
  • Deployed and Managed App Registrations in Azure AD, securing enterprise applications with OAuth 2.0 and OpenID Connect, ensuring compliance and secure authentication
  • On-boarded various clients assisting them to fully utilized P2 features such as PIM, Microsoft Defender for cloud apps, Microsoft Defender for Identity, App governance
  • Designed and deployed standard practices across multiple clients to set-up Conditional access policies that includes internal, external access and configuring risk factors to tackle real time threats
  • Managed and secured Hybrid and Entra Joined Devices, enabling seamless access to cloud and on-premises resources while enforcing strict device compliance
  • Configured Azure AD Application Proxy, providing secure remote access to on-premises web applications without relying on VPN, enhancing user experience and security
  • Monitored and analyzed Identity Protection Risk Events, enabling proactive threat detection and remediation to minimize identity-related security breaches
  • Implemented Role-Based Access Control (RBAC) models, ensuring least privilege access across enterprise systems, improving security and simplifying permission management

System Administrator

Nationwide
Colombus, Ohio
01.2023 - 01.2024
  • Configured and Deployed SSO Solutions using ADFS and OAuth, streamlining user access to internal and third-party applications while enhancing security
  • Installed and configured telegraf agent on ADFS, AD, Certificate Authority Servers and configured alert manager within Grafana to send alerts automatically via ServiceNow web-hooks to triage alerts to on-call as wells as regular base
  • Established processes to address server life cycle management to handle the server information within Prometheus database which saved the team to address decommissioned servers as wells as during the disaster recovery exercise
  • Configured Splunk add on for Microsoft 365, Splunk add on for Microsoft Exchange with app registration-based API credentials to pull all the security logs from teams, Microsoft Exchange, Audit logs and sign-in logs from Entra ID specifically targeting Interactive sign-in logs, non-interactive sign-in logs and Service principal logs
  • Utilized Git for version control and managed CI/CD pipelines to facilitate seamless software deployments
  • Developed and Enforced Conditional Access Policies to restrict access based on user risk, device compliance, and geographic location, supporting a Zero Trust security model
  • Managed App Registrations for internal and multi-tenant applications, securing API permissions and integrating with external identity providers for Single Sign-On (SSO)
  • Optimized Azure AD Connect Configurations to ensure continuous identity synchronization between on-premises AD and Azure AD, improving user experience and security
  • Participated in Agile sprints to implement new IAM features and troubleshoot authentication-related issues
  • Administered Role-Based Access Control (RBAC) for enterprise applications, enforcing least privilege access and adhering to security policies
  • Conducted periodic system audits to ensure compliance with cybersecurity standards and policies
  • Configured and Managed Network Policy Server (NPS) for VPN and wireless network access, ensuring secure authentication through RADIUS-based multi-factor authentication
  • Monitored NPS Logs for authentication patterns, security breaches, and policy violations, ensuring timely incident response and security enhancements

Windows/ VMware Administrator

GGS Engineering Services
Hyderabad, India
09.2018 - 08.2021
  • Implemented Azure AD Connect to enable hybrid identity management, synchronizing on-premises Active Directory with Azure AD for seamless user access
  • Upgraded ADFS to the latest version to enhance security features, support modern authentication protocols, and improve overall system performance
  • Migrated ADFS from legacy systems to a modern ADFS infrastructure, ensuring minimal downtime and a seamless transition for users
  • Configured and Managed ADFS to provide Single Sign-On (SSO) for internal and external applications, improving user experience and reducing login complexity
  • Managed Network Policy Server (NPS) to secure remote access services, ensuring compliant devices could connect to the network through RADIUS-based authentication
  • Deployed and optimized Registered and Hybrid Joined Devices for secure access, ensuring device compliance and secure authentication across cloud and on-premises environments
  • Deployed Conditional Access Policies to restrict access based on user risk and device health, ensuring only compliant devices could access critical enterprise resources
  • Configured Multi-Factor Authentication (MFA) for high-privilege accounts, enhancing security for critical applications and reducing the risk of unauthorized access
  • Monitored and Audited ADFS Logs for potential security threats and performance optimization, ensuring authentication processes remained efficient and secure

Education

Master of Science - IT, IT Infrastructure

University of Central Missouri
01.2023

Skills

  • User Management
  • Microsoft Entra AD connect
  • Conditional Access Policy
  • Identity protection
  • App registration
  • Enterprise application
  • Network policy server
  • Active Directory Federation services
  • Single sign on
  • SAML Authentication Methods
  • Device Identity
  • Role based access control
  • Hybrid Identity
  • Application Integration
  • Zero trust architecture
  • Open ID connect
  • Application proxy

Certification

  • L-100
  • AZ-900
  • AZ-104

Projectsandachievements

  • Zero Trust Architecture Deployment, Designed and deployed a Zero Trust model, enhancing security by continuously authenticating and authorizing users and devices across all enterprise applications.
  • Conditional Access Policy Implementation, Developed and enforced dynamic Conditional Access Policies, reducing unauthorized access incidents by 25% while improving overall security.
  • ADFS Migration, Led the migration from legacy authentication systems to ADFS, enabling secure Single Sign-On (SSO) and improving user access across multiple applications.
  • Azure AD Connect Optimization, Optimized identity synchronization rules, reducing unnecessary data replication and improving system performance and security.

Timeline

IAM Engineer

Microsoft
01.2024 - Current

System Administrator

Nationwide
01.2023 - 01.2024

Windows/ VMware Administrator

GGS Engineering Services
09.2018 - 08.2021

Master of Science - IT, IT Infrastructure

University of Central Missouri
  • L-100
  • AZ-900
  • AZ-104

Similar Profiles

CREATE PROFILE
Hemanth Kambhampati