Results-driven Sr. Identity Access and Management Engineer with a proven track record at Blue Cross Blue Shield-Michigan, enhancing identity governance and access management. Spearheaded the deployment of SailPoint ISC, automating provisioning workflows and achieving a 40% reduction in manual errors. Adept at cloud integration and fostering collaboration across teams to ensure security compliance.
Overview
12
12
years of professional experience
1
1
Certification
Work History
Sr. Identity Access and Management Solutions Engineer
Blue Cross Blue Shield-Michigan
04.2023 - 02.2026
Architected and deployed SailPoint Identity Security Cloud (ISC) platform supporting 5,000+ workforce identities and 500+ enterprise applications across hybrid cloud environments.
Integrated Imprivata Confirm ID for step-up authentication and MFA, strengthening access controls for EHR systems.
Implemented auditing and monitoring for privileged access and user activity within Epic systems.
Designed secure authentication workflows for Epic EMR, ensuring seamless access across Citrix environments.
Led Epic and Imprivata upgrades, patching, and performance tuning initiatives across enterprise environments.
Collaborated with clinical staff to optimize workflows while maintaining strict HIPAA compliance.
Deployed Imprivata One Sign for SSO across Epic and third-party clinical applications.
Integrated Imprivata with Active Directory and LDAP for identity authentication.
Defined and executed enterprise IAM strategy for clinical identity across 10,000+ users and 100+ applications.
Architected end-to-end Imprivata One Sign ecosystem, integrating with Epic Hyperspace/Hyperdrive, Citrix, and VDI platforms.
Spearheaded Imprivata Confirm ID rollout, enabling risk-based authentication for privileged and remote access.
Integrated HR identity sources (Workday -SuccessFactors) with SailPoint ISC to automate employee onboarding, role assignment, and access provisioning.
Implemented access request workflows integrating SailPoint ISC with ServiceNow ITSM for automated access approvals.
Developed automated access certification campaigns to ensure compliance with SOX, HIPAA, and NIST standards.
Implemented Segregation of Duties (SoD) policies to prevent high-risk access combinations across financial and healthcare systems.
Conducted periodic access reviews and certifications, ensuring compliance with internal policies and regulatory requirements.
Integrated applications with Auth0, enforcing secure authentication and role-based access for customer-facing systems.
Created documentation and reports for compliance assessments, facilitating audit readiness.
Implemented Conditional Access policies to enforce MFA and risk-based authentication.
Automated Joiner/Mover/Leaver (JML) lifecycle processes using Okta workflows, reducing manual provisioning errors by 40%.
Developed and maintained Segregation of Duties (SoD) policies, identifying and remediating high-risk access conflicts in critical applications.
Implemented Access Reviews and Privileged Identity Management (PIM) in Microsoft Entra ID, reducing standing privileged access.
Administered and governed access across enterprise applications using Okta and Microsoft Entra ID.
Built custom provisioning policies automating entitlement assignments across enterprise applications.
Onboarded 200+ enterprise applications into SailPoint ISC governance framework using connectors and API integrations.
Configured SailPoint application connectors for SaaS and on-prem applications including Active Directory, Salesforce, ServiceNow, and Workday.
Developed API-driven provisioning integrations using SailPoint ISC REST APIs.
Implemented automated account aggregation and entitlement discovery processes improving visibility into identity access across enterprise systems.
Designed identity governance dashboards and reporting frameworks to enhance audit and compliance visibility.
Led enterprise migration from legacy IAM platform to SailPoint ISC SaaS architecture.
Integrated SailPoint ISC with DevOps pipelines for automated identity provisioning across cloud environments.
Built identity analytics reporting and governance dashboards improving security visibility across identity access.
Implemented policy-based access governance enabling least privilege enforcement.
Supported enterprise IAM transformation initiatives aligning identity governance with Zero Trust security architecture.
Engineered enterprise-wide Access Management policies, implementing SSO via SAML 2.0 and OIDC, enforcing Adaptive MFA, and introducing Step-Up Authentication for sensitive healthcare services provider applications.
Architected and integrated Okta CIAM for external customer and partner portals, building a scalable, secure CIAM infrastructure supporting both B2C and B2B federation patterns.
Designed, configured, and managed Auth0 tenants including Universal Login, MFA, RBAC, Actions, Hooks, and custom domains for enterprise-scale CIAM solutions.
Implemented Auth0 token security, session management, anomaly detection, password policies, and best practices aligned with CIAM security standards.
Led end-to-end single-sign-on OKTA implementation for integrations using SAML, SWA, and OAuth.
Implemented SSO by Integrating on-prem applications with Okta Infrastructure using SAML, Open ID Connect (OIDC) and OAuth 2.0 service.
Sr. Identity Access and Management Engineer
ByteDance
08.2022 - 03.2023
Assisted in leading the implementation of the enterprise Identity Provider (IdP) by integrating Okta, Azure AD, and on-premises Active Directory (AD) into a unified identity control plane, securing access across hybrid environments for internal and SaaS applications.
Managed hybrid identity synchronization using Microsoft Identity Manager (MIM) and Okta Universal Directory, ensuring attribute consistency and secure propagation across AD, Azure AD, and cloud platforms.
Engineered enterprise-wide Access Management policies, implementing SSO via SAML 2.0 and OIDC, enforcing Adaptive MFA, and introducing Step-Up Authentication for sensitive financial applications.
Architected and integrated Okta CIAM for external customer and partner portals, building a scalable, secure CIAM infrastructure supporting both B2C and B2B federation patterns.
Co-engineered enterprise deployment and administration of Saviynt supporting global identity governance initiatives across hybrid cloud and on-prem environments.
Designed and implemented automated Joiner-Mover-Leaver (JML) workflows integrating HR systems, Active Directory, cloud applications, and enterprise platforms to streamline user lifecycle management.
Integrated Microsoft Entra ID, Active Directory, LDAP, ServiceNow, and SaaS platforms using SCIM, REST APIs, JDBC, and custom connectors.
Developed and optimized Saviynt workflows, REST API integrations, SQL queries, and provisioning rules to improve automation efficiency and reduce manual access management tasks.
Led application onboarding activities for cloud and on-prem applications including entitlement mapping, role engineering, account correlation, and provisioning automation.
Conducted identity governance assessments to identify orphaned accounts, toxic access combinations, and excessive privileges; implemented remediation strategies to mitigate operational risk.
Collaborated with cybersecurity, compliance, infrastructure, and application teams to design scalable IAM governance architectures in alignment with Zero Trust security principles.
Sr. Identity Access and Management Engineer
Alyeska Pipeline Service Company
08.2018 - 06.2022
Co-architected a centralized Identity Provider (IdP) solution integrating Okta, Azure AD, and on-premises Active Directory (AD) to support a unified Zero Trust Architecture, securing access to sensitive financial applications and data.
Engineered a highly available hybrid directory framework to synchronize thousands of identities between legacy AD and cloud IdPs. This new architecture achieved 99.9% sync uptime and cut identity-related helpdesk tickets by 30%, ensuring stable access to critical financial applications.
Implemented foundational Access Management (AM) controls, deploying SSO, Adaptive MFA, Conditional Access Policies, and Risk-Based Authentication (RBA) to harden access to critical systems.
Architected and deployed a scalable CIAM platform using Okta CIAM.
Implemented Self-Service Password Reset (SSPR) and custom user journeys in Azure AD B2C, including custom policy scripting for Conditional Access and user flow orchestration.
Delivered a secure and compliant customer experience through Password less Authentication (FIDO2-Web AuthO), Social Login, and Consent & Preference Management for GDPR and CCPA compliance.
Designed and implemented Federation solutions using SAML 2.0, OIDC, and WS-Federation, enabling SSO across a wide SaaS portfolio including Salesforce, Workday, and ServiceNow.
Co-architected global deployment and operationalization of Saviynt, Microsoft Entra ID, and enterprise PAM solutions across multi-region hybrid cloud environments supporting workforce, vendor, and privileged identity management.
Architected and deployed enterprise Identity Governance and Administration (IGA) capabilities including lifecycle management, birthright access, RBAC, SoD controls, access certifications, delegated administration, and automated provisioning workflows using Saviynt.
Led enterprise migration and modernization initiatives from legacy IAM platforms to Microsoft Entra ID with integrated SSO, Conditional Access, MFA, password less authentication, and Zero Trust security controls.
Implemented Privileged Access Management (PAM) strategies integrating vaulted credential management, privileged session monitoring, JIT/JEA access, service account governance, and automated privileged account onboarding across Windows, Linux, cloud, and network infrastructure.
Directed global IAM and PAM rollout across North America, EMEA, and APAC, ensuring successful architecture design, tenant configuration, connector integration, production cutovers, and operational transition planning.
Designed and enforced Zero Trust identity security policies aligned with NIST, SOX, HIPAA, PCI-DSS, and enterprise cybersecurity governance requirements.
Automated user provisioning, deprovisioning, role mining, privileged access approvals, certification campaigns, and compliance reporting workflows, streamlining administration and enhancing audit readiness.
Collaborated with security architects, infrastructure teams, application owners, compliance stakeholders, and executive leadership to develop scalable IAM and PAM governance frameworks enabling enterprise growth and ensuring regulatory compliance.
Improved security posture by reducing excessive privileges, orphaned accounts, and standing administrative access through automated governance controls and least-privilege enforcement.
Cyber-Security Consultant
Maximus Health and Human Services
Dallas, USA
01.2014 - 08.2018
Led SOC activities to monitor real-time network traffic, detecting and responding to security threats. Leveraged Palo Alto's advanced threat detection to identify potential vulnerabilities before exploitation.
Developed and executed incident response playbooks for rapid containment and mitigation of security breaches. Streamlined response times utilizing Palo Alto's integrated threat intelligence.
Vulnerability Assessments: Conducting thorough vulnerability assessments was critical to my role. I utilized Palo Alto's vulnerability management solutions to continuously assess our network and endpoint security, identifying and addressing potential weaknesses to fortify our defenses.
Implementation of Advanced SIEM Tools: I implemented state-of-the-art SIEM tools like Splunk and ArcSight to enhance our cybersecurity visibility. In conjunction with Palo Alto's logging and reporting features, these tools allowed us to gather, analyze, and correlate massive amounts of security data for better decision-making.
Managed configuration and optimization of Palo Alto Networks Firewalls through regular updates, rule-set evaluations, and performance tuning, ensuring robust protection against evolving cyber threats.
Led the deployment, architecture, and lifecycle management of Palo Alto Networks NGFWs and Panorama, delivering scalable, policy-driven perimeter and intra-zone security across DoS global infrastructure.
Maintained comprehensive policy sets using App-ID and User-ID features, Global Protect VPN, and Cloud-Delivered Security Services.