Mohammed Rashed Hyder
Summary
- 8+ years of experience in Identity and Access Management (IAM), Cybersecurity, and IT Risk & Compliance, with deep expertise in tools like Ping Federate, OKTA, Azure AD, SailPoint, ForgeRock, and CyberArk.
- Proven track record of managing IAM projects with budgets up to $500K, driving operational cost savings of 15% through process automation and license optimization.
- Advanced technical proficiency in configuring and managing SSO, MFA, PAM, RBAC, and User Lifecycle Management (ULM) for large-scale enterprises.
- Expert in regulatory compliance with NIST 800-53, ISO 27001, PCI DSS, and GDPR standards, achieving 100% audit compliance through access reviews, control testing, and risk assessments.
- Automation-driven problem solver skilled in CI/CD DevOps pipelines for IAM tool deployments, access provisioning, and role-based automation using PowerShell, Python, and Azure DevOps (ADO).
- Collaborative leader and team player who has led cross-functional teams of engineers and developers to implement Zero Trust Architecture and Privileged Access Management (PAM) solutions for critical enterprise applications.
Overview
8
8
years of professional experience
1
1
Certification
Work History
IAM Consultant
Mastercard
04.2020 - Current
- Worked on implementing SSO solutions using PING Identity solutions with federated Protocols (SAML, OpenID Connect, OAuth, WS Federation)
- Utilized ADO Boards to manage and track project tasks, ensuring on-time delivery in Agile and Scrum frameworks
- Automated build and deployment processes using ADO Pipelines for CI/CD
- Collaborated with development teams using ADO Repos for version control and code reviews
- Managed project backlogs by creating and prioritizing Epics, Stories, and Tasks in Jira
- Configured custom workflows, automation, and notifications to enhance project efficiency
- Designed dashboards to monitor KPIs and team performance, ensuring alignment with project goals
- Provided Architectural design and implemented enterprise-wide Identity and Access Management (IAM) solutions using Ping Federate and PingID, Ping Access, PingOne, and Ping Directory
- Implemented PingID MFA with Ping Federate and integrated Apigee with PingOne Authorize
- Created flows using PingOne Davinci for authentication by connectors and used PingOne for SSO configuration
- Strong experience in updating certificates client certificates, and keys
- Experience in working with cloud security for GCP, AWS for applications migration, cloud security assessments of lifecycles, and designing the cloud security policies as per SIEM, DLP
- Experience in DEVOPS principles of CI/CD with cloud infrastructure such as Azure, AWS, GCP, and Kubernetes and cloud security and virtualization
- Expertise in configuring PingID and enabling multifactor authentication using PingID adapter
- Experience in creating custom authentication policies as per client requirements
- OGNL expressions to transform attributes in the SAML assertion as per the requirement
- Familiarity with OAuth deployment to retrieve an access token, ID token, and refresh token
- Implemented PKI-based digital certificate management and authentication with OAuth client
- Configured grant types to retrieve access tokens curl and REST-based tools like Postman
- Implemented CyberArk Password Vault, Web Access, Central Password Manager, and Privileged Session Management and its connectors
- Deployment and configuration of CyberArk PVWA, CPM and PSM as per security policies
- Used CyberArk for password rotations, reconciling accounts and assigning Safes
- Implemented PAM features of CyberArk such as User Entitlements and Access policy Management
- Utilized OKTA Universal directory, Access gateway and SSO implementation for applications
- OKTA directory integrations and SCIM connectors for some applications and user provisioning
- Implemented features OKTA API, MFA, life cycle management for customers
- Design the security as per ISO 27000, NIST 800-53, ITIL Foundation, and NIST standards
- Implementing the audits and compliance requirements including PCI DSS, and GDPR
- Implemented Office365 (o365, m365) for clients using WS-Federation and WS-Trust protocols
- Expertise in implementing IDP-initiated single sign-on and SP-initiated single sign-on
- Resolve replication problems by examining the configuration files to verify the replication server information and port settings
- Integrated/installed Splunk and created dashboards, alerts, and reports by universal forwarders at Ping Federate logs also utilized Python and Powershell scripts for troubleshooting
- Involved in designing, implementing, and deploying the PingFederate environment from scratch in close collaboration with architects
IAM Engineer
Key Bank
11.2018 - 03.2020
- Managing and maintaining Entra ID (Azure AD), and Active Directory (AD) infrastructure, including domains, users, and groups, authentication, health checks, and Group policies (GPO)
- Creating and managing security groups, distribution groups, and organizational units within AD
- Utilizing AD Connect (Ad Sync), (CA) Conditional Access policies, PIM Privileged Identity Management, and MFA of Azure AD to enhance the security posture of applications and users
- Implementing SSO using SAML, OAuth, OIDC, Provisioning and de-provisioning user access to AD resources and web applications, including granting and revoking permissions
- Configured Azure AD connect as part of Directory sync between on-premises and Cloud infrastructure
- Managed Active Directory (AD) 2012R2, 2016, ADFS, DC (Domain controllers), Active, Azure, and PKI with the application team
- Worked on Windows server 2016 ADDS forest preparation for schema upgrade
- Implemented Azure PIM privilege identity management and other app privileges using Ansible, Chef, Puppet, and DevOps tools
- Audited using CISA Scuba tools for conditional access policies and change related to it
- Implemented BCP failovers, AD Connect upgrades, licensing, and application permission issues
- Integrated CyberArk Connectors/plugins for various web applications
- Worked on CyberArk operational tasks related to users/groups for entitlements/access controls
- Deployment and configuration of CyberArk PVWA, CPM and PSM as per security policies
- Experience with integrating Azure AD with other services, such as Office 365, Azure AD Connect, and Azure AD Application Proxy
- Knowledge of Azure AD's reporting and analytics features, including Azure AD Audit Logs, Azure AD Sign-ins, and Azure AD Activity Logs
- Experience in implementing and managing Azure AD B2C and B2B for external user access to web applications
- Experience in working with cloud security for GCP, AWS for applications migration, cloud security assessments of lifecycles, and designing the cloud security policies as per SIEM, DLP
- Leveraged threat monitoring by SIEM, SOAR using Azure Sentinel
- Experience in DEVOPS principles of CI/CD with cloud infrastructure such as Azure, AWS, GCP, and Kubernetes and cloud security and virtualization
- Configured role-based access control (RBAC) and provisioning and de-provisioning of users
- Familiarity with Azure AD’s Microsoft Graph API and Azure AD PowerShell module
- Sailpoint integration for self request roles and application onboarding in sailpoint
- Active Directory, Network Services (DHCP, DNS, DHCP)), replication and GPO management
Okta IAM Engineer
Teladoc Health
11.2016 - 10.2018
- Expertise in configuring OAuth authorization servers in OKTA to be used by OAuth clients
- Experience with OKTA SSO, MFA, Universal Directory, and lifecycle management
- Experience in Okta Identity Life cycle, Creating OKTA workflows and managing OKTA workflow, Workflow automation, and application integration platform
- Experience in creating custom scopes and claims in OKTA for applications to authorized users
- Configured single-page applications for implicit grant type to get OpenID token
- Experience in implementing OKTA's appropriate accesses to applications, and systems with also inbuilt multifactor authentication for added security
- Experience in installing Okta’s Lightweight agent to integrate with Active Directory and Google Workspace directory
- Experience in making API calls from the Okta API to another identity provider API
- Integration of OKTA Identity Cloud with OAM(Oracle Access Manager), and ISAM (IBM Security Access Manager) for providing SSO, MFA implementations
- Proven expertise in setting up SAML applications in OKTA and installing AD/IWA agents on member domains, validating single sign-on, user provisioning, and troubleshooting password synchronization across multiple Okta platforms
- Integrated OKTA with ADFS (Active Directory Federation Service) for MFA
- Proven experience in building and nurturing strong collaborative relationships with key stakeholders to successfully onboard their SAAS applications into OKTA
- Experience in supporting user management in IDM - including creating, adding/updating resources, locking/unlocking, enabling/disabling, and deleting user accounts
Education
Master’s in information technology -
Campbellsville University
01.2021
Master’s in engineering management -
Eastern Michigan University
01.2019
Skills
- Federation
- AzureAD
- ForgeRock
- Sailpoint
- OKTA
- PingFederate 8x – 10x
- CA SiteMinder
- CyberArk
- AWS
- Azure
- Access Management
- Advance access Servers
- Okta
- Okta Access Gateway
- Multi-Factor
- Azure PIM
- Okta Verify
- Google Authenticator
- PingID
- Duo
- Web Server
- IIS 60/7/75/8/85
- Apache22/24
- IPlanet Web Server 6x
- Directory Servers
- Microsoft AD
- CA Directory Servers R12x/14x
- Ping Directory 8x
- Ping Directory 9x
- Sun ONE Directory Server 5x
- Sun ONE Directory Server 6x
- Operating Systems
- Windows Server 2003/2008/2012/2016/R2
- Red Hat Enterprise Linux 3-7
- UNIX (AIX, Sun Solaris 7-10)
Certification
- Comp TIA+
- CISSP
- PCI DSS
Timeline
IAM Consultant
Mastercard
04.2020 - Current
IAM Engineer
Key Bank
11.2018 - 03.2020
Okta IAM Engineer
Teladoc Health
11.2016 - 10.2018
Master’s in information technology -
Campbellsville University
Master’s in engineering management -
Eastern Michigan University
Similar Profiles
Susan VinsonSusan Vinson
Customer Relationship Management Specialist at MasterCardCustomer Relationship Management Specialist at MasterCard
Summer CaldwellSummer Caldwell
Customer Technical Services Analyst I at MastercardCustomer Technical Services Analyst I at Mastercard
Juan Pablo AntonovichJuan Pablo Antonovich
Account Manager at MasterCardAccount Manager at MasterCard
Senthilkumar SelvarajSenthilkumar Selvaraj
Senior Lead Developer at MasterCardSenior Lead Developer at MasterCard
Jayanth Gowda K UJayanth Gowda K U
IAM Consultant at Hexadius Consulting Pte. Ltd.IAM Consultant at Hexadius Consulting Pte. Ltd.