Sanjay Kafle
McKinney,TX
Summary
7 + years of experience in developing and implementing processes and procedures for onboarding users and Privilege Accounts to CyberArk. Designing and implementation of various components of CyberArk such as EPV, EPM, PVWA, CPM, PSM, PSMP and AIM on CyberArk 9.x, 10.x, 11.x, and 12.x. Extensive experience in implementation and deployment of Privileged Account Security solutions for Windows, LINUX, Database servers, Security, Networks and Websites. Experience in installation, upgrade, managing, troubleshooting of CP agent 9.x, 10.x, 11.x, 12.x, including vault file configuration and cred file creation. Collaborated with infrastructure support groups to troubleshoot installation and upgrade issues. Utilized Privileged threat analytics (PTA) to detect threats on privileged accounts Experience with auto detection and Private Ark command line interface (PACLI). Good understanding of policies in Cyber Ark Central Policy Manager (CPM) and (PSM). On boarding windows and Linux accounts. On-boarding and grouping of Database Privilege Accounts for MySQL, Oracle databases, MongoDB. Bulk upload of accounts using Password Upload Utility (PUU) and add account feature in 10.x and newer interface. Managed Safes and server/host addresses in EPV. Resolves issues with CyberArk’s CPM to communicate with hosts to reconcile credentials. Configuration and management of platforms and assigning policy, maintaining password complexity rules, assigning PSM connectors. Created and managed PSM plugin. Collaborated with application teams to onboard applications for password management using CP and CCP, ensuring seamless integration and enhanced security. Implemented secure storage and retrieval of managed and unmanaged credentials including shared passwords, split passwords, one-time passwords, etc. Tested and implemented administrator/root passwords for Windows and LINUX platforms. Implemented AIM solution to manage Windows, Linux, and web application account passwords. Knowledge of Shell Scripting, PowerShell, and SQL. Good knowledge of Active Directory, LDAP and managing Users, Groups, Computers, Organizational Units. Good knowledge in IAM and experience in installation of various Operating systems such as Red Hat (LINUX) and Windows. Good knowledge of network switches, routers, firewalls of market leading vendors and have in-depth knowledge of network protocols. Trained teams on CyberArk best practices and new features to enhance adoption. Excellent Technical, Communication and Interpersonal Skills
Overview
7
7
years of professional experience
1
1
Certification
Work History
CISO CyberArk SME
Tata Consultancy Services TCS/ Citi Bank
02.2022 - Current
- Guided application and server team with installation and upgrade of CyberArk Credential Provider CP 12.6 from older versions
- Facilitated application team to move to CCP from CP, by analyzing the requirements and feasibility of supported application hence helping organization reduce the cost of CP license
- Manage and maintain CyberArk components (Vault, CPM, PSM, PVWA, PTA)
- Worked together with Infrastructure team during version upgrades, patches, and hotfix installations and assisting with pre and post checkouts
- Create, configure, and manage safe vaults, policies, and privileged accounts
- Monitor and optimize system performance to ensure high availability and security
- Provide L3-level support for incidents and service requests related to CyberArk and IAM
- Automate repetitive tasks to improve operational efficiency
- Develop custom connectors and scripts to enhance CyberArk functionality
- Conduct periodic audits of privileged accounts, sessions, and vault activities
- Conducted periodic audits and generated compliance reports to meet regulatory standards
- Ensure the system adheres to security best practices, corporate policies, and regulatory standards
- Collaborate with risk management teams to implement security controls
- Integrate CyberArk with enterprise systems like Active Directory, SIEM, ticketing systems, and cloud platforms
- Work on API integration and automation workflows
- Develop and maintain technical documentation, including runbooks, SOPs, and troubleshooting guides
- Train L1 and L2 teams on new features and best practices
- Share insights and recommendations with stakeholders and management
- Monitor CyberArk’s health using built-in tools and third-party monitoring systems
- Generate and review periodic reports on CyberArk usage, incidents, and compliance adherence
- Proactively identify risks or potential issues and implement corrective measures
- Work closely to Collaborate and Coordinate with application teams, security teams, and infrastructure teams to ensure smooth operations
- Provide input during risk assessments, threat modeling, and architectural reviews for privileged access
- Stay updated with CyberArk’s latest features, updates, and industry best practices
- Identify opportunities for automation, optimization, and improving security posture
CyberArk Consultant
Bank of the West/Optiv
06.2021 - 06.2022
- Company Overview: Remote
- Conducted Use case discussions with various application teams to educate and finalize approach to migrate privileged accounts into CyberArk Digital Vault and enable PSM Session Recording to manage their privileged access in PVWA
- Administered security policies to meet business requirements as well as to adhere to compliance
- Generated various CyberArk reports such as Privileged account Inventory, Compliance report, Entitlement report, from within PVWA as well as from the Vault
- Actively participated in discussion and generation of DNA reports
- Performed analysis and comparison of DNA reports in accordance with various CyberArk reports
- Coordinated with teams to perform pending and discovery of accounts in various domains and platforms
- Created plans, administered, and oversees the process of managing non-compliant accounts
- Communicated with the various teams for remediation of non-compliant accounts in CyberArk
- Troubleshoot various CyberArk issues for end users
- Built CyberArk safes and added different groups, users, applications, and providers in the safe and managed their access and permission
- Onboard, managed and implemented Windows, Linux, Database and Application accounts using Password Upload Utility
- In-depth knowledge of platform policy and configuration of accounts, safes, connection components in the PVWA
- Maintain authentication and authorization of privileged users working with CyberArk and access management
- Remote
CyberArk Consultant
WWT/ Express Scripts
St Louis, USA
04.2018 - 05.2021
- Company Overview: St Louis, MO
- Worked on Linux, Windows and database systems, broad understanding of user and system accounts setup in various IT systems and in solving problems through automation
- Created Safes, Applications, Accounts (Unix, Windows, Database, LDAP) Providers, authentication to access safes
- Performed daily operations, support, and maintenance of all security technologies centric to Privileged Access related information security solutions
- Onboarded all privileged and non-privileged accounts across all platforms such as Active Directory, Oracle, Sybase, MSSQL, Windows/Unix Local and proficient in bulk onboarding of accounts using Password Upload Utility (PUU)
- Implemented & integrated PAM solutions (CyberArk, Password Auto Repository)
- Assisted team lead with Vault Server upgrade (CyberArk Vault server and Private Ark client), Web server (CPM and PVWA)
- Provided input into engineering and the architectural design of Access Control, User Entitlements
- Enhanced security related to Privileged Access Management, Application Credentials, User Access Policy Management, High availability, and Disaster Resiliency
- Validated the system and CyberArk components after every Failover, Failback and Upgrades
- Coordinated with business and environment management team to make the system ready for business users
- Checking CyberArk logs from servers to fix the service id issues
- Implemented secure storage and retrieval of shared passwords, one-time passwords, exclusive, Tested and implemented administrator/root passwords from a variety of platforms such as Windows, LINUX
- Proactively supporting incidents and tickets in our Service Now ticketing tools based on SLA and criticality of the request
- Managed Incidents and provided tactical and dynamic solutions to resolve the issues
- Mentored team members while also handling escalations
- St Louis, MO
Education
Master of Science - Computer Science
Campbellsville University
Campbellsville, KY01.2022
bachelor’s - information management
Tribhuwan University
Kathmandu, Nepal01.2013
Skills
- Problem-solving
- Teamwork and collaboration
- Issue research
- Goal setting
- Project planning
Certification
- CyberArk Trustee
Timeline
CISO CyberArk SME
Tata Consultancy Services TCS/ Citi Bank
02.2022 - Current
CyberArk Consultant
Bank of the West/Optiv
06.2021 - 06.2022
CyberArk Consultant
WWT/ Express Scripts
04.2018 - 05.2021
- CyberArk Trustee
Master of Science - Computer Science
Campbellsville University
bachelor’s - information management
Tribhuwan University
Similar Profiles
Roy DeVattRoy DeVatt
iOS Developer at Tata Consultancy Services (TCS) Citi BankiOS Developer at Tata Consultancy Services (TCS) Citi Bank
GAURAV VIJANGAURAV VIJAN
Associate Consultant, Technology at CITI BANK(Foundation Services) (TATA CONSULTANCY SERVICES)Associate Consultant, Technology at CITI BANK(Foundation Services) (TATA CONSULTANCY SERVICES)
Preethi Ravi KavithaPreethi Ravi Kavitha
DATA ENGINEER at CITI BANK(TATA CONSULTANCY SERVICES)DATA ENGINEER at CITI BANK(TATA CONSULTANCY SERVICES)