Shafeel Mukkandath

• Design and develop security architectures and reference architecture for cloud and hybrid based systems
• Subject-matter expertise and stakeholder advices for all IAM topics related to both cloud and on-premises enterprise technology
• Assessed the enterprise wide identity and access management current state, created the future roadmap, deployed an opensource identity management solution, promote and assist the stakeholders in integration of businesses
• Create of key objectives (OKRs) for the team and assist the team to achieve those
• Support data engineering and governance team with the architecture and implementation of data security controls such as access controls, data classification etc
• Assess the enterprise application security landscape, identify the security gaps and work with SaaS vendors/stakeholder to harden and mitigate those security gaps.
• Assist IT team in enhancing current IDM process to balance with security requirements.
• Development of automation program with python and javascript
• Research the cloud infrastructure security standards such as ISO 27000 series, NIST CSF, and CSA and assist the stakeholders to achieve those standards.

Client: NTUC Enterprise, Singapore

Project : IDAM architecture and Implementation

Role: Architect / Technical Lead

Responsibilities:

• Architecture review, identify gaps with the current IAM practice and technologies
• Lead the team in Design, Develop and implementation of SaaS based solution (OKTA and IdentityNow) for identity governance and SSO and Integrate with NTUC on-premise and cloud systems such as O365, GSuite, AWS etc

-

Client: BTPN Bank, Indonesia

Project : Digital identity platform for consumer banking application

Role: Architect / Technical Lead

Responsibilities:

• Lead the team in Design and Development of Consumer Identity & Access Management solution for the banking application.
• Architecture of GraphQL API Gateway as Identity MicroServices which routes data from multiple Identity REST API services.
• Enhancement of CIAM use cases such as consumer/device registration, password/device authentication, step-up & adaptive authentication and password management

-

Client: Prudential Insurance Service, Singapore

Project : Digital identity platform for consumer health application

Role: Architect / Technical Lead

Responsibilities:

• Architect client's digital transformation journey with ForgeRock ConsumerIAM (CIAM) solution
• Design and implement Identity API's for consumer on-boarding and various authentications (Social Registration, facial & voice Authentication etc.)
• Design consumers data privacy & Consent framework
• Consults with business stakeholders and other architects to understand core business processes and priorities and provides recommendations on CIAM solution

-

Client: Standard Chartered Bank, Singapore

Project: IAM Assessment & Architecture Roadmap

Role: Architect

Responsibilities:

• Starting with a broad current-state assessment and helped the client to create strategy with a focused vision for the future IAM environment and architecture.
• Establish an enterprise wide IAM governance model. Provide a roadmap for the next 3 years to gain an insight on the program initiatives and planning.
• Integration framework with legacy mainframe and other applications and use of emerging technology such as Robotic Process Automation
  

• Evaluate and conducting POC’s for suitable Identity as a Service (IDaaS) which delivers a Single Sign-On experience to Grab cloud and On-premises applications
• Design & Develop Identity reconciliation from cloud IDM to grab internal user management system using SCIM to achieve role based access control
• Created Custom Django frontend application for IT Admin team to manage identities of Grab cloud apps using RESTful API’s.
• Working closely with security & governance team to mitigate flaws related to grab’s identities and their access.
  

• Consult application team in Design, Development and integrate various enterprise-wide web applications with multiple Visa IAM systems: CA Siteminder and ForgeRock
• Perform migration strategy from CA Siteminder to ForgeRock OpenAM
• Implement multiple Identity security technologies such as Authentications, MFA/2FA, Adapative AuthN, Impersonation and Password services and federation services using SAML2, OAuth 2.0 and OpenID connect
• Design and Implement of Visa Enterprise Directory [LDAP] and configure Unix/Linux clients for enterprise level authentication
• Develop technical solutions for any security risk mitigation, which incorporates in IAM infrastructure
• Research and development on emerging enterprise security technologies & solutions
  

• Worked as Siteminder SME to support new projects and intergations
• PIC for CA Siteminder Upgrade from R6 to R12
• Implement federation between third party companies using SAML Based Authentication
• Migration of directory server from Sun DS 5.2 to ODSEE 11gR1, including extended schema updates, access control items (ACI) and designing of replication directory server’s across various datacentres.
• Troubleshoot various SSO, SAML and LDAP issues
• Monitor and report system and application logs for security events
• Maintain accurate documentation that is readily available to peers and management

• Managing and Administering CA Siteminder Web agent, Policy Server and Sun Directory Server 5.2
• Providing and controlling the user access to various client applications
• Providing Level 2 support on Oracle Identity Manager for Nokia Siemens Network(NSN)
• Identity Management for NSN network user accounts, mailbox, user provisioning, role-based access control to various applications
• Troubleshooting various NSN application provisioning issues related to Oracle identity Manager