Summary
Overview
Work History
Education
Skills
References
Timeline
Generic

Rijo Mathew

Washington DC

Summary

Dynamic Sr. Solutions Architect at OPEXUS Tech, specializing in PingFederate integration and identity management. Successfully led a team to enhance security posture and operational efficiency, implementing multi-factor authentication across 100+ applications. Proven leader with strong problem-solving skills, driving cloud architecture design and automation workflows to optimize performance and reduce costs.

Overview

25
25
years of professional experience

Work History

Sr. Solutions Architect – PingFederate

OPEXUS Tech
Washington
03.2009 - Current
  • Company Overview: Federal Agency - United States Agency for International Development (USAID)
  • Led a team of engineers in the design, deployment, and maintenance of scalable, high-availability PingFederate architecture across multiple data centers, ensuring failover and disaster recovery readiness.
  • Directed the implementation of federation strategies aligned with enterprise SSO, authentication, and identity governance policies, improving operational efficiency and security posture.
  • Managed and mentored a team of specialists in the integration of PingFederate with internal and external Service Providers (SPs) and Identity Providers (IdPs) using SAML and OIDC protocols, ensuring smooth onboarding for 100+ business applications.
  • Acted as the Technical Lead and SME for PingFederate-related design, troubleshooting, and performance tuning, providing guidance on complex SSO and federation challenges.
  • Spearheaded the integration of DUO Security MFA and RSA SecurID with PingFederate, establishing Multifactor authentication for critical workflows and compliance-sensitive applications.
  • Led the integration of PingFederate with both on-prem and cloud-based IdPs and SPs, including Okta and login.gov for secure, seamless federation.
  • Developed and fine-tuned authentication policies, incorporating multiple adapters like LDAP, Kerberos, PIV, DUO, and RSA SecurID for MFA and OTP-based authentication in compliance-sensitive workflows.
  • Managed and coordinated certificate management processes, including signing and decryption certificates, SSL server certificates, trusted CAs, and certificate rotations.
  • Integrated Kerberos and PIV card-based authentication to enable secure and compliant user authentication for internal and federal users.
  • Onboarded new applications through the PingFederate Admin Console and automated configuration tools to streamline the connection lifecycle.
  • Configured Okta as a cloud-based IdP with PingFederate as an on-prem gateway, ensuring secure hybrid cloud federation for internal and external applications.
  • Worked with SecOps teams to align MFA strategy with organizational risk posture and access control policies, ensuring compliance with regulatory frameworks.
  • Designed and configured custom policy contracts to define and manage attribute sets passed between authentication sources and relying parties.
  • Developed and optimized authentication selectors to dynamically route authentication flows based on user context, such as IP addresses, HTTP headers, and device types.
  • Implemented IDFirst Adapter to intelligently route users to appropriate authentication methods (e.g., Kerberos, X.509, HTML Form) based on user input.
  • Troubleshot and resolved complex issues related to SAML assertions, signature validation, and SAML binding using PingFederate logs and SAML trace tools.
  • Managed Signing and Decryption certificates to ensure secure SAML assertions and token exchanges across IdPs and SPs.
  • Integrated PingFederate with LDAP directories for credential validation and attribute retrieval.
  • Deployed Kerberos Adapter to support seamless Integrated Windows Authentication (IWA) for internal enterprise users within a trusted domain.
  • Used Adapter Mapping to connect adapter outputs to policy contracts, enabling flexible attribute propagation across authentication and federation layers.
  • Maintained trusted certificate authorities (CAs) in PingFederate’s trust store, validating IdP/SP signatures and TLS certificates.
  • Performed regular certificate health checks and expiration monitoring using PowerShell scripts and federation logs, proactively preventing downtime.
  • Coordinated SSL server certificate management for securing PingFederate Admin Console, runtime ports, and HTTPS endpoints, ensuring compliance with TLS standards.
  • Coordinated with internal PKI teams and 3rd-party CAs for certificate issuance, renewal, and revocation across all PingFederate environments.
  • Architected and led the deployment of multiple applications across diverse platforms, including AWS IaaS, AWS PaaS, Azure PaaS, and various vendor SaaS solutions.
  • Designed and led the simultaneous migration and modernization of multiple applications from AWS IaaS to AWS PaaS, enhancing scalability, performance, and cost efficiency.
  • Collaborated with Tech Leaders, developers, and SecOps Leads to design and implement Azure DevOps pipelines and AWS CodePipeline, deploying and configuring DevOps agents on AWS Windows and Linux servers and serverless containerized applications. Integrated Veracode scanning into the pipeline to identify security vulnerabilities in the application's code, dependencies, or binaries.
  • Implemented and managed automation workflows using Ansible Tower, streamlining configuration management, application deployments, and infrastructure provisioning across diverse environments.
  • Architected the migration of 'Work With USAID' (WWUA), from public Google Cloud Platform (GCP) to USAID’s Azure Serverless (Containerized) architecture, ensuring a seamless transition and enhanced performance.
  • Led the architecture, deployment, and maintenance of the PingFederate Identity and Access Management (IAM) solution to ensure secure authentication and authorization. Integrated with multiple enterprise applications to enable seamless Single Sign-On (SSO) and Multi-Factor Authentication (MFA), supporting Kerberos, PIV/CAC, DUO, RSA Token, and Login.Gov across 80+ internal and external applications.
  • Designed and implemented custom Opentext Documentum-based content and case management applications, including the Agency Secure Image and Storage Tracking System (ASIST), Agency Correspondence Tracking System (ACTS), Partner Vetting System (PVS), and the NGO Portal using the OpenText product suite. Led the consolidation of 50+ production repositories (containing 20+ million documents and over 7TB of data) from global missions into a single, centralized instance in Washington, improving efficiency and accessibility.
  • Led operations support for the Global Acquisition and Assistance System (GLAAS), USAID's Acquisition and Assistance (A&A) life cycle management system. Managed critical fiscal year-end activities involving billions of dollars annually ($40 billion in 2024). Ensured GLAAS and all related Financial Year-End (FYE) applications remained stable and high performing, enabling seamless processing of obligations during the critical FYE moratorium period.
  • Designed and managed SAP Business Objects (BOE) and Tableau data visualization and reporting solutions, integrating multiple data sources to deliver real-time analytics and actionable insights.
  • Implemented real-time application performance monitoring using Riverbed APM tools to enhance system reliability. Leveraged analytics to proactively troubleshoot issues and optimize network and application performance.
  • Designed the architecture and led multiple platform and software upgrades for the secure and compliant GovTA (Government Time and Attendance) payroll management system. Developed an interface to facilitate the secure monthly transfer of payroll files from USAID to the National Finance Center (NFC) for processing.
  • Created Technical Architecture documents and administered Google Workspace (USAID Email, Docs, Meet, etc.), ensuring seamless collaboration, efficient system management, and optimal performance.
  • Secured all external-facing USAID applications from potential advisory attacks by routing traffic through Akamai WAF. Leveraged Akamai's advanced protection to proactively identify and block numerous advisory attacks before they could compromise application availability.
  • Designed, implemented, and supported multiple Global Health initiatives and applications, including migration of GH Survey application to USAID environment, a mobile-based electronic data collection and reporting system that facilitates the collection, analysis, and reporting on the quality of HIV/AIDS services at President’s Emergency Plan for AIDS Relief (PEPFAR) funded sites.
  • Managed the upgrade, migration, and patching of Java, IIS, Tomcat, JBOSS, and both COTS and in-house built applications across diverse platforms including Windows, RHEL, AWS, and Azure, ensuring security, stability, and optimal performance.
  • Responsible for identifying and addressing security vulnerabilities across 65+ applications. Led efforts to mitigate multiple zero-day vulnerabilities, including the critical Log4j vulnerability.
  • Ensured that application logs and audit details were ingested into Splunk upon the deployment of new applications. Collaborated with the Splunk team to create custom dashboards for each application, enabling efficient log file monitoring.
  • Architected, designed, and optimized enterprise search solutions, such as Google Search Appliance and Lucidworks Fusion, to significantly improve knowledge retrieval efficiency and streamline access to critical information.
  • Led monthly Continuous Monitoring (ConMon) activities for applications, automating log inspection and anomaly extraction. Analyzed anomalies to identify and address potential security incidents.
  • Developed comprehensive technical documentation, including Technical Architecture Documents (TAD), System Security Plans (SSP), System Categorization and Registration Forms (FIPS-199), Standard Operating Procedures (SOP), and Operations & Maintenance (O&M) Manuals, for multiple supported applications.
  • Participated in Disaster Recovery (DR), Incident Response Plan (IRP), and Contingency Plan (CP) exercises, identifying and addressing gaps in preparedness and response strategies.
  • Participated in numerous SEV1 incidents and Situation Manager (SITMAN) bridges, working to resolve application outages and performance issues swiftly.
  • Ensure applications and systems comply with applicable regulations, standards, and security best practices, implementing safeguards to protect sensitive data and mitigate potential risks.
  • Oversee the planning, execution, and delivery of application operations projects, ensuring timely completion, adherence to budget, and alignment with quality standards.
  • Collaborate with external vendors and service providers to ensure timely issue resolution, strict adherence to service level agreements (SLAs), and alignment with organizational objectives and requirements.
  • Identify opportunities for process optimization, automation, and efficiency improvements within the application operations team, leading initiatives that enhance performance and reduce operational costs.
  • Act as a liaison between the application operations team and other departments or stakeholders, delivering regular updates, gathering requirements, and proactively addressing concerns.
  • Delegate tasks and responsibilities to team members based on their expertise, availability, and project needs, optimizing resource allocation and efficiency.
  • Provided strategic direction and mentorship to the application operations team, fostering professional growth through training, skill development, and continuous learning initiatives.
  • Federal Agency - United States Agency for International Development (USAID)

Documentum Programmer

Everest Business Solutions Inc.
02.2006 - 03.2009
  • System Migration & Development: Led the migration of Documentum content from version 5.3 SP3 to D6 SP1, developing migration scripts and tools for content transfer, and setting standards for migrating websites and content management systems, including OpenMarket to Web Publisher.
  • Custom Application Development: Designed and developed DFC-based applications like “Doctool” for document search and “D6 Direct” for users to access and manage documents without direct repository login, enhancing content accessibility and workflow automation.
  • Application Customization & Administration: Customized and enhanced BASF internal applications (e.g., Phonebook, MSDS, Stock Ticker) for improved functionality, and administered Google Search Appliances and WebTrends for better content retrieval and web analytics.

Project Supervisor

eDocuMAN Fz LLC.
03.2004 - 12.2004
  • Project Supervision & Design: Led the design, development, and deployment of the Pharmaceutical Strategic Asset Management System (PSAMS), including requirements analysis, workflow creation, and lifecycle management using Documentum and other enterprise software.
  • Customization & Integration: Customized and integrated ZyIMAGE Document Imaging Software with systems like Outlook for email archiving, and automated data population from DWG files using RXCapture, supporting the organization’s imaging and document management needs.
  • Implementation & Technical Support: Managed installation and configuration of PSAMS across development, staging, and production environments, and provided technical support for large-scale document management processes, including the archival of millions of documents and drawings.

Team Lead, Senior Systems Support Executive, Systems Trainee

Digital India
07.2000 - 12.2003
  • System Design & Customization: Designed and implemented the Document Management System (DMS) and Medical Records Management System using PowerFile, including customizing modules (Scan, Index, Search) to meet client requirements and enhance document handling features.
  • Integration & Workflow Automation: Integrated PowerFile with PipeTrack IT software for easy retrieval of archived images, and implemented Mind Crossing Knowledge Xchange to enable document import without re-indexing. Designed automated workflows to route documents for processing based on predefined life cycles.
  • Advanced Features & Customization: Enhanced search functionality and pre-scan automation in PowerFile to support advanced document categorization, and introduced the ability to generate auto-playable CDs for medical records, improving patient data portability.
  • Deployment & Training: Led the installation and configuration of software, scanners, and document management systems, and provided training for end users and system administrators to ensure smooth system adoption and operation.

Education

M S - Computer Science

Skills

  • PingFederate integration
  • Identity management
  • DevOps practices
  • Automation workflows
  • Team leadership
  • Agile methodologies
  • Cloud architecture design
  • Integrating designs
  • SAML protocol
  • Multi-factor authentication
  • OIDC protocol
  • Problem solving

References

Available upon request.

Timeline

Sr. Solutions Architect – PingFederate

OPEXUS Tech
03.2009 - Current

Documentum Programmer

Everest Business Solutions Inc.
02.2006 - 03.2009

Project Supervisor

eDocuMAN Fz LLC.
03.2004 - 12.2004

Team Lead, Senior Systems Support Executive, Systems Trainee

Digital India
07.2000 - 12.2003

M S - Computer Science

Similar Profiles

CREATE PROFILE
Rijo Mathew