Bonaventure Kounga

· Provide administrative support for the Enterprise-wide IAM and the associated systems.

· Involve in interacting with clients during meetings, gather requirements, design and deliver solutions to install and integrate with the existing Beyond insight implementations and manage high privileged accounts to automate privilege access management process.

· Responsible for optimizing the existing security infrastructure of our client and assist the Security Practice Architect in selection, design, architecture, automation enhancement, and best practices in regard to the Privilege Access Management products.

· Responsible for password policy creation, password rotations, account creation, account changes, account integrations, maintaining/creating new safes, and PAM policies.

· Maintain resource on PAM/PIM implementation (CyberArk) - planned and configured environment for highly secured finance/HR accounts.

· Developed and implemented processes and procedures for Onboarding users and Privilege Accounts to CyberArk.

· Primarily involved in Installation and configuration of CyberArk Vault, CPM, CyberArk PVWA, AIM, OPM CyberArk PSM and PSM SSH proxy Architecture and design.

· Responsible for optimizing the existing security infrastructure of our client and assist the Security Practice Architect in selection, design, architecture, automation enhancement, and best practices in regard to the Privilege Access Management products.

· Responsible for CPM configurations that supports remote password management and change on the following IIS Application Pools.

. Drafted and interpreted sketches, blueprints and manuals to effectively assure engineering excellence.

· Installation and configuration of CyberArk Private Ark client and Private Ark server and CPM, PVWA, PSM, PSMP, DR, good understanding of policies in CyberArk Central Policy Manager (CPM) and (PSM), Resolved CyberArk issues in CPM to communicate with a host to reconcile credentials

· Implementing security best practices in AWS including multi factor authentication, access key rotation, encryption using KMS, firewalls- security groups and NACLs, S3 bucket policies and ACLs, mitigating DDOS attacks, etc.

· Configuring S3 events to set up automated communication between S3 and other AWS services.

· Designed roles and groups using AWS Identity and Access Management (IAM).

· Controlling access to files and directories using ACL permissions.

· Configuring and using AWS CLI to make API calls to AWS console.

· Designing for high availability and business continuity using self-healing - based architectures, fail-over routing policies, multi-AZ deployment of EC2 instances, ELB health checks, Auto Scaling, and other disaster recovery models.

· Using AWS Scheduler as a simple solution to create automatic start and stop schedules for Amazon EC2 and Amazon RDS instances for cost optimization.

· Tagging AWS resources and developing a methodological standard for tagging of individual resources for audit, tracking and cost analysis.

· Migrating on-premises databases to cloud via cloud endure.

· Managing provisioning of AWS infrastructures using CloudFormation.

· Developing a continuous delivery pipeline in a cloud environment.

· Developing automation solutions utilizing Ansible, and CloudFormation/Terraform.

· Performing setup and maintaining AWS services in Development, Test, and Production environments.

· Using AWS Control Tower to automate the setup of new landing zone using best practices blueprints for federated access, identity, and account structure. Developing and documenting security guardrails for AWS Cloud environments. Setting up CI/CD pipeline to run automated tests efficiently.

. Reviewed existing systems and made recommendations for improvements.

. Utilized code and modern cloud-native deployment techniques to design, plan and integrate cloud computing and virtualization systems.

. Identified, analyzed and resolved infrastructure vulnerabilities and application deployment issues.

. Supervised work of programmers, designers and technicians, assigned tasks and monitored performance against targets.