Tony Santos Email and Phone Number

● Responsible for communicating with ISIM Server owners to provide guidance. ● Provided instructions to migrate servers into Access Hub. ● ISIM servers not in an automated state required manual steps in order to make arrangements to prepare for migration. ● Confirmed decommissioned servers were no longer on the list to be migrated.

● ISIM Analyst. Identity IQ, ALM software installation, Deployment. Access risk management reporting SOD risks. Ran template workflows. Application onboarding using built-in and custom connectors. Ran reports using JAVA scripts. User provisioning and task creation. Life Cycle Manager (LCM) Joiner, mover, and Leaver events. Assigned users entitlements and roles.● Responsible for working on the onboarding process and documenting business admin configurations using the ACAT automation tool. ● Analyzed and documented functional and nonfunctional requirements for various IAM domains and worked with the IAM cross-team to ensure any violations were remediated. Additionally completed cross-validation to ensure the documentation and IAM eco-system was complete and in sync, and documented artifacts, approvals, and evidence in the IAM Repository Document/Capture audit trail of events. ● Managed entitlements, IAM controls, groups, and user roles utilizing the ACAT application and maintained constant communication with system and business owners managing their application IAM controls.

● Administrator of access for Active Directory Groups, Windows Servers, RSA token consoles for remote access (VPN), and NERC/CIP environments for jump servers and firewalls. ● SailPoint engineering. Via Identity Now, Access risk management reporting SOD risks., I reviewed user access and entitlements for uncorrelated accounts. Revoked access as needed. Ran template workflows. Via Identity IQ, software installation, Deployment. Access risk management reporting SOD risks. Ran template workflows. Application onboarding using built-in and custom connectors. Ran reports using JAVA scripts. User provisioning and task creation. Life Cycle Manager (LCM) Joiner, mover, and Leaver events. Assigned users entitlements and roles.● Responsible for managing and resolving issues in ServiceNow SNOW ticket queues, managing SOX access recertifications, and ensuring compliance with regulatory policies. Manage user accounts, permissions, access rights, and CyberArk storage allocations in accordance with best practices for privacy, security, and compliance. Using Role-Based Access Control (RBAC), Identity and Access Management (IAM) best practices, and IDM systems and tools. ● Privilege Access Management PAM, Create procedures, and training plans for system administration and appropriate usage. Using IBM ISIM identity manager, Tivoli Identity Access Management tools to grant access to SQL databases and manage VDI access in the transmission domain. Additionally, provided support and administration of the Agency Active Directory and all AD Operating System upgrades beyond Windows 2008 Server.

● Supporting daily business operations in the realm of security and access control. Responsibilities include tracking, updating, and completing security-related issues via a trouble ticket system, such as access requests, access issues, and/or security-related concerns. ● Responsible for tracking service level objectives (SLOs) for the team and suggesting improvements when these SLOs are breached. Other responsibilities include amending proxy and target addresses within Active Directory, processing and closing incident tickets for access to various applications, processing terminations and transfers, provisioning and removing access to Invoice Management System users, processing user termination service requests via REMEDY ticketing system, and working with AS400 mainframe user profiles according to departmental access authorizations.

● Monitored customer's network traffic for suspicious activity, identified potential security threats. Escalated high severity events-based Service Level Agreements (SLAs). Analyzed SEIM log and event data to identify improvements to configurations and recommend solutions. ● Performed forensic analysis of log files while following SOC policies and procedures. Monitored active channels via Qradar and Guardium Dashboard. Alerted on high severity threat events related to PCI Asset Vault. Detected malware and generated suppression lists for illegal byte code characters with ForeFront. Conducted outbound communications to known malicious IP addresses and performed nslookups. Monitored Qradar Connectors and utilized FireEye box to detect advanced malware and zero-day exploits. Trained on Guardium monitoring. Adhered to SOC policies and procedures.

● Served as a liaison for security, compliance, and audit-related activities and provided technical support to internal/external customers by processing security and compliance requests, executing and maintaining security procedures and related projects. User provisioning and Deprovisioning SAR requests Mainframe. Used the LDAP protocol to provide users with access to applications.