Summary
Overview
Work History
Education
Skills
Timeline
Generic

Joel Davis

Richardson,Texas

Summary

Highly skilled Cybersecurity Engineer with comprehensive understanding of network architectures, security protocols, and risk assessment methodologies. Proven strengths include vulnerability analysis, threat mitigation and cyber incident response. Demonstrated impact in previous roles includes successful implementation of sophisticated security solutions to safeguard company data and infrastructure.

Overview

16
16
years of professional experience

Work History

Sr. IAM Cybersecurity Engineer

Blue Cross Blue Shield -Michigan
03.2023 - Current
  • Responsible for designing, implementing, and managing Identity Directory and Identity Governance, including IAM architecture and integrations, Azure Cloud, AWS Cloud, and GCP migrations, utilizing scripting tools, two-step verification systems, and deploying IAM protocols such as SSO/SAML, OAuth/OIDC, and SCIM for Blue Cross Blue Shield-Michigan’s security architecture
  • Configuration & customization of Business Processes/Workflows for Provisioning and de-provisioning accounts across various internal and external systems in SailPoint Identity IQ
  • Integration of SailPoint Predictive identity with Okta for Compliance Control and Certifications, policy-based access controls, and Automated Life Cycle Managements
  • Configured rule-based identity and access management framework including user provisioning, role based and attribute-based access control (RBAC/ABAC), and single sign-on, including integration across cloud-based services including Microsoft Azure/Office 365/Exchange Online Workday and Salesforce
  • Deployed Workforce and Customer Identity Management, LDAP Directories, Single Sign-On (SSO), Provisioning and Identity Workflows, Access Management, RBAC (Role-Based Access Control), Security Infrastructure Design, Authentication and Authorization, and in addition Password Less authentication solutions using FIDO2 solution based on CTAP2.0 Protocols
  • Assisted with architecting Security in Azure using Azure Security Center, Encryption (Bit locker, TDE, AES 256, SSE), Storage Access and ACLs, Reporting and Auditing, Resource Groups, Role Based Access Control Model (RBAC), Monitoring using Operations Management Suite, Azure Extensions for AV, Network Security Groups, and Web Application Firewall
  • Centralized Identity data and leveraged one model for Policy, Risk, and Roles across all IAM processes and Experience on RBAC (Role Based Access Control) analysis and implementation
  • Created Azure Firewall with its configuration/rules using VDC/Arm Template/DevOps-pipeline Created Data Factory with selfhosted Integration Runtime connected to virtual machines using VDC/Arm Template/DevOps-pipeline Created Resource Groups that contains (Tags, Key Vault, Automation Acct, RBAC assignment) using PowerShell/Arm Template/DevOps-pipeline Created custom Azure Policy Definition/initiative using PowerShell/Arm Template/DevOps-pipeline Created Custom RBAC roles for Management Group/Subscriptions/RG using the PowerShell/Arm Template/DevOps-pipelines
  • Implemented of Azure AD-B2C - Azure AD (Employees) Federation - SSO - Oauth-2.0 OpenID Connect and Azure AD-B2C (Agents) - PING Federation - SSO with OnPrem
  • Deployed and Implemented CyberArk Privileged Identity management suite and session management suite for version 9.7
  • Prime in providing problem resolution to authentication issues to PVWA and directory sync problems
  • Worked on Cyber Ark Enterprise Password Vault and PVWA
  • Responsible for implementing, and managing Identity Directory and Identity Governance, including IAM architecture and integrations, Azure Cloud, AWS Cloud, and SailPoint IIQ-Service Now migrations, utilizing PowerShell, Beanstalk, and Perl scripting tools, two-step verification systems, and deploying IAM protocols such as SSO/SAML, OAuth/OIDC, and SCIM
  • Used Saviynt tool to perform role mining and request profile to applications at Target to simplify the process of requesting access, performing quarterly access review and managing terms, transfer and rogue
  • Researched and debate modern methodologies to harden and secure corporate assets involving security patching and review of standards ISO / IEC 27001:2013, Confidential, NIST 800-53, HIPAA 164.310, and Sarbanes-Oxley section 4 regulations and compliance
  • Responsible for PAM Operational tasks defining access control, user entitlements, user access policy management, application credentials and session management related to Privileged Access Management for applications, credentials, and user access policy management
  • Implemented Entitlement Management and Privileged Identity Management (PIM) for Identity Governance with Zero trust maturity model with Risk exposure and conditional access.

IAM Security Engineer

Bytedance-Tiktok
08.2022 - 03.2023
  • Responsible for implementing, and managing Identity Directory and Identity Governance, including IAM architecture and integrations, Azure Cloud, AWS Cloud, and GCP migrations, utilizing scripting tools, two-step verification systems, and deploying IAM protocols such as SSO/SAML, OAuth/OIDC, and SCIM for ByteDance’ enterprise architecture, including Project Portfolio Management (PPM), integrating SAML server with Ping ID and Okta libs, (java & eclipse), VPN, SIEM, SOAR
  • Lead in planning, implementation, and auditing of NIST, HIPAA, and PCI
  • Cloud engineering and architectural implementation with Azure, Office 365, Azure Protect, and other IaaS, PaaS, and SaaS solutions
  • Responsible for implementing containerized based applications on Azure Kubernetes by using Azure Kubernetes Service (AKS), Kubernetes Cluster, Virtual Network to deploy agent nodes, Ingress API Gateway, Azure App services, Azure Application insights, Azure Application gateway, Azure DNS, Azure traffic manager, App services
  • Designed and implemented Azure Advanced Threat Protection (Azure ATP), WDATP Azure Security Center, Advanced Threat Analytics (ATA) Azure Stream Analytics (ASA), RBAC & Conditional Access SailPoint Identity IQ, Beyond Trust, Saviynt, PingFederate, and Ping Identity
  • Configured Ping Federation Environment for SAML Federated Authentications for users coming from partner sites by configuring ID Provider/Consumer using SAML 2.0 POST binding
  • Configured AD passthrough authentication for Identity Access Manager (IAM)
  • Collaborated with DevOps team to gather requirement to integrate application with PingFederate/Ping Access/Ping ID for Single Sign On
  • Designing and implementing applications integration with PingFederate/ Ping Access/Ping ID in both Non-Production and Production
  • Performed attribute mapping on Okta and provided support for OKTA service/help desk queue - Identifying and troubleshooting issues
  • Implemented SSO by Integrating on-prem applications with Okta Infrastructure using SAML, Open ID Connect (OIDC) and OAuth 2.0 service
  • Created different Okta Sign On policies and Okta MFA enrollment policies based on requirement for application ids and different user types
  • Configured SiteMinder and PingFederate Environment for SAML Federated Authentication for users coming from partner sites by configuring ID Provider/Consumer using SAML 2.0 POST binding
  • Install and configure PingFederate and demonstrated POC for Federation SSO with external users and partners
  • Created the Federation service between Site Minder federated web services to Ping federate for classic migration of applications that are SAML and WS - FED based applications
  • Developed custom PingFederate adapters and PingFederate custom data source drivers using PingFederate Java SDK (IdpAuthenticationAdapterV2 / Custom Data Source Driver / Password Credential Validator)
  • Developed and Implemented Oauth 2.0 with different Grant Types on Ping Federate acting as Authorization Server to support Web service based SSO and Mobile based apps
  • Created the Federation service between Site Minder federated web services to Ping federate for classic migration of applications that are SAML and WS - FED based applications
  • Designing and implementing applications integration with PingFederate/ Ping Access/Ping ID in both Non-Production and Production
  • Created SP /IDP connections in Ping Federate using SAML2.0 protocol based on applications details or metadata
  • Creating various Ping Access configurations - creating site, application, Identity Mapping, Web Sessions
  • Migrated SAML Based SSO partners from Ping Federate 8.3.2 to 9.3.1.

Sr. IAM CyberSecurity Engineer

Alyeska Pipeline Service Company
08.2018 - 06.2022
  • Responsible for designing, implementing, and managing Identity Directory and Identity Governance, including IAM architecture and integrations, Azure Cloud, AWS Cloud, and GCP migrations, utilizing scripting tools, two-step verification systems, and deploying IAM protocols such as SSO/SAML, OAuth/OIDC, and SCIM for Alyeska Pipeline’s security architecture
  • Conducted and coordinated IT security risk assessments for technology and security frameworks such NIST-CSF System Security and administrator Professional, Facility Security Officer (FSO), Information Systems Security Officer (ISSO), Information Security Management, Firewalls, IDS, Penetration Testing, and industry security standards e.g
  • ISO 27001:2013, NIST 800 series, HITRUST, HIPPA, GDPR and CCPA, and NISPOM regulations
  • Worked with CISO to achieve FISMA compliance and Authorization to Operate (ATO) for systems based on guidance from the ISO and NIST SP, HITRUST, HIPPA, GDPR and CCPA, and NISPOM regulations and other Risk Management Frameworks
  • Work as part of Identity Access Management, improving and automating IAM solution for ping Federate, Ping Access, CA SiteMinder, Radiant Logic VDS, LDAP and CA Directory Systems
  • Experienced in Radiant Logic VDS for deploying new LDAP views, update attributes mappings, create virtual OU for SSO and federation
  • Developed and implemented Identity-as-a Service (IDaaS) solutions utilizing Service Provider Cloud methodology and platforms (Okta, SailPoint, Ping Identity, OneLogin, Microsoft Azure Active Directory Premium) in migrating production applications to a Software-as-a-Service (SaaS) environment by adhering to identity management of Industry standard protocols such as ADFS, OAuth2, SAML 2.0, WS-Federation, and OpenID-Connect
  • Responsible for developing best practices and standards and implementing Full Ping Identity Stack (PingFederate, Ping Access, Ping ID, Ping Directory), Azure AD, AD, ADFS
  • ADDS, ADCS
  • Azure Active Directory (AAD) configuration and management, policies and provisioning, Azure AD Connect, Azure AD, Multi-Factor Authentication (MFA), ADFS, AD DS, AD CS technologies for PingFederate 7.1.2, 8.4, 9.1.3, and 10x
  • Implemented OAuth to access the protected API with Access Token by using Different OAuth Grant types., and the installation and configuration of Ping Access Policy Servers and Ping Access Agents, defining Ping Access Sites, Site Authenticators, Virtual hosts, Policies Access Tokens, and Rules to protect confidential applications
  • Configured SSO with Ping Access using out of the box and custom developed authentication schemes, and implementing OAuth & OpenID Connect Solutions using PingFederate
  • Installed and configured Ping Access servers, Gateways and Agent to protect the resources
  • Including in the new infrastructure was the installation of PingFederate and Ping Access
  • Working with application’s business and technical teams to gather requirement to integrate application with PingFederate/Ping Access/Ping ID for Single Sign On
  • Designing and implementing applications integration with PingFederate/ Ping Access/Ping ID in both Non-Production and Production
  • Extensive hands-on experience with BIG-IP 5000 and 2000 series
  • Allocation and designing appropriate virtual IP for F5 ADC through IPAM Infoblox
  • Extensively worked on code upgrades from v11.5.3 to v11.5.3 and downgrades from 12.0.0 to 11.5.4
  • Extensively worked on virtual F5 LTM module on VMware for application testing.

Operations Security Engineer

Maximus Health and Human Services
01.2016 - 08.2018
  • Designed, configured, implemented, and maintained the Enterprise Network & Security domain Handling Design, & implementation & support of the Enterprise Network & Security domain, utilizing various network & security products and tools
  • Using Ping Federate, Ping one worked on enterprise users Single Sign On through browser and through services with third party application hosted in enterprise or cloud
  • Experience in integrating SAML Profiles with different binding methods like POST, Redirect and Artifact
  • Implemented, configured, and maintained Symantec Network Protection, Secure Web Gateway (SWG), Blue Coat Proxy, Web Security Service (WSS), Content environment
  • Assisted in the design, deployment and troubleshooting EDR/XDR solutions like Sentinel One, Crowd Strike, Sophos XDR, Microsoft Defender for End Point protection administration
  • Performed Network Vulnerability scans using Tenable Nessus and analyse/prioritize the findings
  • Assign the findings and recommendations to the appropriate system owner
  • Communicate the vulnerabilities for appropriate remediation plans
  • Installed and maintained security infrastructure, including IPS, IDS, log management, and security assessment systems
  • Assessed threats, risks, and vulnerabilities from emerging Security issues
  • Extensive Experience with Symantec DLP and RSA DLP architecture and implementation for enterprise level
  • Worked with Symantec DLP upgrades and patches
  • Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools
  • Configured windows USER-ID agent to collect host information using Palo Alto Global Protect
  • Configured APP-ID feature in Palo Alto firewalls to reduce attack surface, regain visibility and control over traffic
  • Implemented PKI administration for machine-based certificates including SSL server and device based (Cisco ACS 6.x, firewall certs, etc.) for Confidential
  • Managed and configuring Virtual Server, Pools, iRules, Profiles, Persistence, and monitor on F5 LTM to match the configuration the Application had on NetScaler
  • Successfully migrated from BIG-IP 3600 to vCMP 5200v
  • Used Confidential to dynamically assign reusable IP addresses to Confidential clients using Infoblox IPAM and resolved IP address conflicts
  • F5 migration of applications to new BIG-IP vCMP infrastructure
  • F5 build-out of the base F5 BIG-IP infrastructure, including the BIG-IP 10200v platforms and vCMP guest instances
  • Configured and troubleshooting the F5 LTM and APM and providing level 2 support for the customers
  • Configuration and troubleshooting F5 LTM and providing level 2 and level 3 support for the customers
  • Extensive hands-on experience with BIG-IP 5000 and 2000 series
  • Allocation and designing appropriate virtual IP for F5 ADC through IPAM Infoblox
  • Extensively worked on code upgrades from v11.5.3 to v11.5.3 and downgrades from 12.0.0 to 11.5.4
  • Extensively worked on virtual F5 LTM module on VMware for application testing.

Network Systems Analyst

Enterprise Products Partners L.P
Houston, Texas
08.2008 - 12.2015
  • Cisco Meraki Configuration: Meraki Network creation and configuration - Location, Tags, DHCP, Wired/Wireless setup, Firewall, etc
  • Configuration Gateway/IP Access, DNS, DMARC circuits repair, cabling, DMZ switch, external switch, CLM switch
  • Managed firewall using FortiGate to allow or block IPs, created policies added different interfaces and VLANs
  • Installations, design, and implementation of Cisco solutions, VPN, Fortinet, VOIP
  • Provided daily Palo Alto Network firewalls administration such as security NAT, Threat prevention, URL filtering, IPSEC and SSL VPN's, security rules, zone-based integration, and analyzing syslog’s, and utilizing wildfire feature
  • Deployed Cisco security ASA Firepower services on two Cisco ASA 5525
  • Deployed IPS, URL Filtering and Malware protection
  • Setup and deployed multiple Cisco ASA 5505 to corporate offices with redundant links using IP SLA
  • Configure OoS on Cisco ASA 5505 to maximize bandwidth and protect VoIP traffic
  • Configured BGP-EVPN control plane and VXLAN bridging, routing, and gateway support, while designing and implementing Cisco Nexus Platform, Cisco UCS & HP Virtual Connect Flex10.

Education

Bachelor of Science - Industrial Engineering

Ohio State University
Columbus, OH
05-1999

Skills

  • Intrusion Detection
  • Penetration Testing
  • Compliance Management
  • Cybersecurity frameworks
  • Patch management
  • Access Control
  • Network Security
  • Disaster Recovery Planning
  • Firewall Management
  • Application security
  • Incident Response
  • Firewall Installation
  • VXLAN designs and troubleshooting
  • Active Directory knowledge
  • Network Security Management
  • IP Addressing and Subnetting
  • Firewall configuration
  • Active Listening
  • Interpersonal Communication
  • Critical Thinking
  • Adaptability and Flexibility
  • Analytical Skills
  • Security Needs Assessment
  • Reliability
  • Problem-Solving
  • Decision-Making
  • Excellent Communication
  • Effective Communication
  • Ethical hacking with [Tools]
  • Data Encryption
  • Multitasking
  • Adaptability
  • Continuous Improvement
  • Professionalism
  • Team Collaboration
  • Organizational Skills
  • Problem-solving aptitude
  • Attention to Detail
  • Risk Assessment
  • Security issues troubleshooting
  • Teamwork and Collaboration
  • Analytical Thinking
  • Time Management
  • Problem-solving abilities

Timeline

Sr. IAM Cybersecurity Engineer

Blue Cross Blue Shield -Michigan
03.2023 - Current

IAM Security Engineer

Bytedance-Tiktok
08.2022 - 03.2023

Sr. IAM CyberSecurity Engineer

Alyeska Pipeline Service Company
08.2018 - 06.2022

Operations Security Engineer

Maximus Health and Human Services
01.2016 - 08.2018

Network Systems Analyst

Enterprise Products Partners L.P
08.2008 - 12.2015

Bachelor of Science - Industrial Engineering

Ohio State University

Similar Profiles

  • NICOLE N. MACK

    NICOLE N. MACKNICOLE N. MACK

    Senior Business Systems Analyst at Blue Cross and Blue Shield of Kansas CitySenior Business Systems Analyst at Blue Cross and Blue Shield of Kansas City

  • SONIA OGANDO

    SONIA OGANDOSONIA OGANDO

    Enrollment Specialists at Anthem Blue Cross Blue Cross Blue ShieldEnrollment Specialists at Anthem Blue Cross Blue Cross Blue Shield

  • Crystal Brown

    Crystal BrownCrystal Brown

    Business System Analyst at Blue Cross Blue Cross Blue Shield of Tennessee (Facets Billing)Business System Analyst at Blue Cross Blue Cross Blue Shield of Tennessee (Facets Billing)

  • Christina Frederic

    Christina FredericChristina Frederic

    Medicare Appeals & Grievances Coordinator at Florida Blue - Blue Cross Blue Shield Of FloridaMedicare Appeals & Grievances Coordinator at Florida Blue - Blue Cross Blue Shield Of Florida

  • Judaea Bouwens

    Judaea BouwensJudaea Bouwens

    Business Assistant at Heartland DentalBusiness Assistant at Heartland Dental

CREATE PROFILE
Joel Davis