CV IDENTITY AND ACCESS MANAGEMENT : Trouvez votre intervenant freelance

Exemple d'expériences de Yann,
freelance IDENTITY AND ACCESS MANAGEMENT habitant l'Essonne (91)

• Identity and Access Management Engineer

  Jan 2015 - aujourd'hui

  CriteoContextWith over 2400 users, Criteo naturally raises questions about the management of the identity of its users, and of course the need to deliver a secure service and simplified access to the resources of it Information System.In a context where resources are deployed indifferently on-premises or in the cloud, I participate in the construction of the Identity & Access Management service offering and ensure its integration into the information system.Due to the growing need, this one naturally wants to move towards the public Cloud, by the capacity of continuity of service and elasticity. In parallel with the need to benefit from a powerful IaaS solution, the choice naturally turned to Microsoft Azure, for its simplified integration with the Microsoft solutions already in the majority within Criteo.My main mission is to analyze the desirability of the appropriate services, and to promote the adoption of these solutions.
  As an Architect, I try to offer solutions to the needs expressed by Criteo, trying to support its digital transformation and its rise in competence on the most innovative topics.In parallel, my mission is to ensure the technological watch concerning the new services related to the identity and the novelties allowing to optimize the existing one, or to find solutions to current problems.Finally, being the technical leader on the Identity part, I ensure the transfer of competence to the technical and operational teams through training sessions and technical workshops.TechnologiesMicrosoft Azure Active Directory, Active Directory, MicrosoftAD FS, SAML 2.0, Azure MFA, Conditional Access Policies, Microsoft AD CS, Microsoft MIM, Microsoft Web Application Proxy, Microsoft Azure AD Application Proxy, Microsoft MDM, IntuneActions
  •Authentication: oArchitecture:Establishment of a dedicated service offering to authentication, in order to define authentication standards and technical elements related to the use of this service. Defining the protocols and functional bricks to use according to the corporate use cases.oImplementation:Deploying the functional technical bricks necessary for the proper delivery of this service catalog (federation system, AD FS, Azure AD, and of course a strong Active Directory architecture)
  .•Identity Federation:oArchitecture:Establishment of an identity federation service offering, in order to deliver a standardized SSO solution with controlled tools. Defining the protocols and functional bricks to use according to the corporate use cases.oImplementation:Deployment of the functional technical bricks necessary for the good delivery of this service catalog (federation system, AD FS, Azure AD, SAML, OpenID, OAuth 2.0).
  •Public Key Infrastructure :oArchitecture:Analysis and review of the current state of the current PKI. Proposal for remediation and installation of a new architecture completely controlled and secure.Design of the new PKI architecture and establishment of golden rules related to its use.oImplementation:Deployment of the new PKI architecture, based on theMicrosoft AD CS solution, as well as all the related technical and security process
  .•Securing External Access:oArchitecture:Study and design of a multi-factor authentication solution to secure the external access of users to IT resources. oImplementation:Deployment of the Microsoft Azure MFA solution on all services published and available outside the company. Development of operational processes and guidelines necessary for the operation of the solution. User awareness of security and need to use MFA.
  •Secure Publication of Internal resources:oArchitecture:Study and design of a solution for publication of internal services to the company outside, with obviously as main constraint security and high availability.oImplementation:After study, implementation of the Microsoft Azure AD Application Proxy solution to publish on the Internet applications internal to Criteo's SI.
  •Password Synchronisation between domains:oArchitecture:Study and design of a password synchronization solution between the different Active Directory directories present within the
  different entities of Criteo. Need of course driving by security constraint and high availability.oImplementation:Deployment of Microsoft MIM solution and PCNS functionality to synchronize identities and passwords between different domains of production.
  •Security and Audit:oArchitecture:Study of the implementation of an enterprise solution to centralize the logs generated by theinfrastructure in order to answer to Audit, security and service continuity improvement issues. Design of a highly available infrastructure to support integration of the IT infrastructure with the Azure OMS (Operations Management Suite) log and security centralization services, and proposal of a service catalog for subscription and consumption of the solution.oImplementation:Deployment and configuration of the infrastructure needed to consume OMS services.
  •Migration from Active Directory 2012 R2 toActive Directory 2016:oArchitecture:Premigratory functional feasibility study, and design of the new Active Directory architecture 2016.oImplementation:Scripting and Migration Guide for allDomain Controllers (RWDC & RODC) to Windows Server 2016.
  •Migration from AD FS 2012 R2 toAD FS 2016:oArchitecture:Design of the new AD FS 2016 and WAP 2016 architecture. Study of the new features and possibilities offered by this new version (Azure MFA support, Windows Hello, conditional policies, customization, ...).oImplementation:Installing the new AD FS 2016 servers, adding these servers to the AD FS farm, deleting the AD FS 2012 R2 servers, and then migrating this farm to the AD FS 2016 farm level.
  •Migrating federated applications from AD FS to Azure AD :oArchitecture:Establishment of a service catalog for federation on Azure AD to define the applications that can be migrated to Azure AD. To take advantage of Azure SLA, and the advanced features available in terms of security and access.oImplementation:Migration of all business applications, with strong work upstream with application teams to raise awareness of technologies and processes related to SSO

• Program Leader

  Core Infrastructure –vNextIn
  Jan 2011 - Jan 2015

  charge of Identity and Access Management solutions, Forefront UAG, Forefront TMG, Forefront IM, DirectAccess, Active Directory, ADFS, EMS, AD RMS, NAP, PKI and SmartCards technologies.The projects carriedout are mainly missions meeting the need to secure the perimeter of the company, or to manage the life cycle of the users.•In a large industrial group, I participated in assistance with the RSSI in the implementation of comprehensive security standards, access control policy, user control policy. I have also implemented a Server Hardening strategy as well as user workstations.
  •Within a large industrial group, I participated in a security audit of the group's Active Directory architecture (2 forests, 106 domains).
  •Within a large industrial group, I participated in the implementation of a complex ADFS 3.0 architecture in order to answer complex scenarios of SSO.
  •Within a large industrial group, I participated in the implementation of an MBAM 2.5 architecturedistributed on several geographical plates and this in integration with SCCM.
  •In a large industrial group, I participated in the implementation of a 2 levels PKI architecture in a forest inDMZ dedicated to partners.
  •In a large sports federation, I participated in the implementation of DirectAccess 2012 R2 solution for all the nomad usersof the group. This solution must be highly available and articulated on different sites.
  •Within a consulting group, I participated in the implementation of the DirectAccess 2012R2solution with strong authentication via mobile OTP (Gemalto) for all the nomad usersof the company.
  •In a public administration around the world, I helped for the implementation of DirectAccess feature builtinto Microsoft Forefront UAG as the primary roaming solution for these users, as well as setting up a complete PKI infrastructure.
  •At a global insurance company, I participated in the implementation of Microsoft Forefront UAG for the publication of many applications to be proposed in SSO (web applications, SharePoint, Citrix applications, ADFS, ...)
  •In a large distribution group, I participated in the implementation of the AD RMS solution to protect confidential documents and emails from the company. This need resulted in the creation of multiple templates within the AD RMS configuration.
  •At a major player in the oil industry, I helped set up the Microsoft Forefront UAG secure gateway for publishing multiple applications with a SSO constraint requiring the implementation of a repository Intelligent SQL (LDAP and non-LDAP web applications, messaging, SSL VPN, Remote Desktop, File Access, ...)
  •Within a large banking group, I helped set up Microsoft Forefront UAG for publishing critical applications with SSO constraint.
  •In a large Logistics group, I helped set up publishing of Exchange Messaging Services and SharePoint sites with the Microsoft Forefront TMG product.
  •In a large company whose core business is agribusiness, I participated in the implementation of the publication of Exchange messaging services with the Microsoft Forefront TMG product
  .•In a group working in aerospace, I participated in the implementation of the entire Microsoft part of a project to secure the network via 802.1x technology.
  •With Microsoft I p...