Home

EHSAN NIDAWI - Identity access management Architect

[email protected]

Location: Texas City, Texas, USA

Relocation: open but with Relocation package

Visa: US Citizen

Resume file: - 1 - Principal Solution Architect_1753818019882.pdf Please check the file(s) for viruses. Files are checked manually and then made available for download.

EHSAN NIDAWI Principal Identity Ecosystem Architect | Senior Technical Consultant | Lead Security Engineer | Director-Level IAM Specialist | Manager-Ready | Remote Work Ready | Hybrid Capable | DHS/CISA/DOD Secret Clearance Location: Austin, Texas 78701 | Email: [email protected] | Cell: +1-979-500-3390 LinkedIn | Calendar Status: US Citizen - Fully Vaccinated - Open to Relocation with Provided Package Clearance: Special Access Position of Public Trust - DHS/CISA Clearance Expires 2030 Languages: English, Arabic Technical Profile Principal Identity Ecosystem Architect, Senior Technical Consultant & Strategic Advisor with 14+ years orchestrating complete identity ecosystems using 23+ enterprise platforms across fintech, healthcare, government, and enterprise technology sectors including Okta, Microsoft Active Directory, Azure AD, SailPoint, CyberArk, Ping Identity, RSA SecurID, ForgeRock, IBM Security, Oracle Identity, Saviynt, Auth0, AWS IAM, Google Cloud Identity processing 100M+ identity transactions with AI/ML-powered analytics, Zero Trust architecture, and Cloud Native microservices. Secret clearance enables dual-role technical leadership, strategic consulting, and government advisory services while employed at Fortune 500 companies. Expert in remote work enablement, hybrid infrastructure management, and distributed team leadership. Complete identity ecosystem coverage: IAM, CIAM, PAM, PIM, IGA, Identity Lifecycle Management, RBAC, ABAC, DevSecOps Automation, Zero Trust implementations, AI/ML-driven security analytics. Architected scalable, high-performance enterprise platforms serving 500K+ concurrent users with 99.99% SLA across NIST, FISMA, FedRAMP, SOX, PCI-DSS frameworks. Specializing in multi-vendor integration, API-first architecture, microservices orchestration, and cross-platform federation serving corporate clients and federal agencies simultaneously across worldwide missions. Cost optimization expert delivering $2M+ annual savings through strategic vendor consolidation and performance optimization. Professional Experience Sr. Principal Identity Access Management Architect - InfoSec CISA (Cybersecurity & Infrastructure Security Agency) | Feb 2024 - Dec 2024 | Austin, TX Technical Stack: Okta Enterprise/Workforce/Customer, Microsoft AD/Entra ID, Azure AD, SailPoint IIQ, CyberArk PAM, Ping Federate/Access, RSA SecurID, Splunk Enterprise/Cloud, Python/Flask/Django, REST APIs, GraphQL, SAML 2.0, OIDC, PKI/X.509, Docker/Kubernetes, Terraform/IaC, GitLab CI/CD, NIST 800-53, FISMA, FedRAMP, Zero Trust | 12M+ identities | 500+ agencies | Remote-first architecture Leadership & Management: Technical lead, project manager, and strategic advisor for 25+ remote/hybrid identity engineers across federal domain implementations, crisis response coordination, incident management, and emergency response with FBI/NSA security teams. Agile/Scrum certified with PMP-level project management expertise. Leadership Scale: 25+ identity engineers | $5M+ annual budget | 500+ federal agencies | 12M+ identities managed | Global remote teams across 15+ time zones Primary Tools Used: Okta Enterprise, Microsoft Entra ID, SailPoint IIQ, CyberArk PAM, Splunk Enterprise, Python/Flask, Terraform, GitLab CI/CD, NIST compliance automation Orchestrated & Optimized Federal Identity Architecture: Implemented AI-powered Zero Trust framework using Okta Enterprise + Microsoft AD federation, processing 12M+ federal identities across 500+ agencies. Built Cloud Native SAML/OIDC integration pipelines with 99.99% SLA and auto-scaling capabilities. Architected multi-domain trust relationships for DOD, DOS, NSA, FBI with AI-driven compartmentalized access controls and real-time threat detection. Engineered & Streamlined Compliance Automation Systems: Developed DevSecOps-integrated automated NIST 800-53 compliance validation using Python/REST APIs, integrated with SailPoint IIQ for continuous policy enforcement. Implemented FISMA/FedRAMP assessment automation reducing audit time by 80% and compliance costs by $300K annually. Orchestrated Large-Scale Migration of 10,000+ Users: Led cross-functional project teams migrating federal users to Microsoft Entra ID and Okta, improving authentication performance by 200% across multiple agencies with zero downtime and enhanced remote work capabilities. Engineered Crisis Response Systems: Built automated incident response platform using Splunk/SIEM integration, API-driven identity lockdown mechanisms, real-time threat correlation. Reduced MTTR from 72h to 6h through automated response workflows. Developed Custom Federation Solutions: Built classified identity federation using custom SAML implementation, air-gapped authentication systems, compartmentalized access controls. Implemented PKI-based authentication with hardware token integration deployed as federal standard architecture. Principal Cybersecurity Identity - Infrastructure Ally Financial Inc | Jun 2022 - Oct 2023 | Austin, TX Technical Stack: Okta CIAM/Workforce, Microsoft AD B2C/B2B, SailPoint IIQ, CyberArk PAM, Ping Federate, API Gateway/Kong, Python/Django, TensorFlow/ML, OAuth 2.0/2.1, OIDC, Kubernetes/Docker, SOX, PCI-DSS, GLBA | 50M+ customer identities | 10K+ B2B partners | Fintech compliance Leadership: Single-handedly architected B2B Partner IAM ecosystem, led cross-functional teams through technical implementations, vendor management, regulatory compliance initiatives. Leadership Scale: 15+ cross-functional team members | $2M+ project budget | 50M+ customer identities | 10K+ B2B automotive partners | Fintech compliance scope Primary Tools Used: Okta CIAM, Microsoft AD B2C, Python/Django, TensorFlow, API Gateway, Kubernetes, SOX/PCI-DSS automation, OAuth 2.0/OIDC implementation Designed & Deployed Scalable B2B Partner IAM Platform: Built cloud-native, microservices-based end-to-end Partner IAM using Okta CIAM + API Gateway integration processing 10K+ automotive dealer identities with OAuth 2.0/OIDC protocols. Implemented AI-powered automated onboarding workflows, Just-in-Time provisioning, ML-enhanced RBAC policy engine with zero security incidents across 50M+ transactions and 99.99% uptime. Engineered & Optimized Multi-Tenant IAM Solution: Built horizontally scalable, high-performance IAM architecture using Terraform, Okta, and ForgeRock supporting 50M+ users with 99.99% availability and sub-100ms response times. Remote-first design enabling distributed workforce scalability. Built Compliance Automation Framework: Developed automated SOX/PCI-DSS/FFIEC/GLBA validation using Python scripts, API integrations, policy enforcement engines. Implemented continuous compliance monitoring achieving zero audit findings. Developed Adaptive Authentication Engine: Built ML-powered risk assessment using Python/TensorFlow integrated with Okta Adaptive MFA and fraud detection APIs. Implemented behavioral analytics reducing fraud by 85% deployed as enterprise standard. Cost Optimization: Saved $500K in licensing fees by consolidating IAM tools and optimizing vendor contracts while improving security posture. IT Team Lead National Youth Week (Non-Profit) | Mar 2019 - Jun 2022 | Austin, TX Technical Stack: Okta, SailPoint, CyberArk, AWS, Office 365, Google Workspace, Azure | 500+ third-party applications Leadership: Applied military leadership concepts leading IT infrastructure teams, managed identity deployments across multi-cloud environments. Leadership Scale: 8+ IT infrastructure team members | Non-profit budget optimization | 500+ application integrations | Multi-cloud environment management Primary Tools Used: Okta Workforce, SailPoint IGA, CyberArk PAM, AWS IAM, Office 365, Google Workspace, Azure AD, RBAC policy engines Integrated 500+ Third-Party Applications: Connected Okta with 500+ applications reducing support requests by 25% and improving user experience. Deployed Multi-Cloud IAM: Implemented identity management across AWS, Office 365, Google Workspace, and Azure environments. Implemented RBAC and PAM: Deployed SailPoint and CyberArk solutions reducing identity risks by 40% while maintaining operational efficiency. IT Enterprise Support Team Lead ClearedDirect | Apr 2021 - Apr 2022 | Austin, TX Technical Stack: Okta, Ping Identity, Rippling, Kandji | Airport security infrastructure Leadership: Led IAM migration projects, coordinated with airport security teams, managed infrastructure transitions. Leadership Scale: 6+ migration team members | Airport security infrastructure | Austin-Bergstrom Int'l Airport scope | High-security clearance environment Primary Tools Used: Okta Workforce, Ping Identity Suite, Rippling HRIS, Kandji MDM, PowerShell automation, Airport security systems integration Led IAM Migration: Successfully migrated from Rippling/Kandji to Okta & Ping Identity platforms. Automated Workflows: Implemented Okta automation, reducing onboarding time by 40% and improving operational efficiency. Enhanced Security Infrastructure: Improved airport security systems, reducing security incidents by 25%. Infrastructure Engineer Team Lead Meta | Mar 2018 - Mar 2019 | Austin, TX Technical Stack: Okta, Ping Identity, Global security standardization platforms | Facebook, WhatsApp integration Leadership: Led global infrastructure teams, designed security blueprints, and coordinated with platform engineering teams. Leadership Scale: 12+ global infrastructure engineers | Worldwide scope (Facebook/WhatsApp) | Billions of users impacted | 24/7 global operations Primary Tools Used: Meta internal IAM platforms, Okta Enterprise, Ping Identity, Global security frameworks, Facebook/WhatsApp integration APIs Designed Global IAM Blueprints: Created IAM, CIAM, PAM, and IGA standardization frameworks for global security implementations. Automated Identity Workflows: Built automation systems, cutting manual identity management efforts by 50%. Integrated Facebook and WhatsApp IAM: Implemented unified identity solutions using Okta and Ping Identity across Meta platforms. Infrastructure Operations Engineer Lead Google | Mar 2017 - Mar 2018 | Austin, TX Technical Stack: Google Workspace, GCP IAM, Global workflow standardization | Enterprise identity management Leadership: Led infrastructure operations teams, standardized global workflows, and managed enterprise IAM implementations. Leadership Scale: 10+ operations engineers | Global Google infrastructure | Enterprise-scale identity management | 24/7 worldwide operations Primary Tools Used: Google Workspace Admin, GCP IAM, Google Cloud Identity, Internal Google identity platforms, Enterprise workflow automation Managed Google Workspace and GCP IAM: Administered enterprise identity management for global Google operations. Automated IAM Provisioning: Implemented automation, reducing manual identity management effort by 45%. Standardized Global Workflows: Created unified IAM processes improving compliance and security across worldwide operations. Lead Global Pro Support Engineer Dell Technologies | Mar 2016 - Mar 2017 | Austin, TX Technical Stack: Okta, Microsoft AD, SailPoint, CyberArk, Azure AD, Microsoft Entra ID | 150K+ Dell identities | 500K+ customer identities Leadership: Applied military leadership concepts leading technical teams through complex multi-vendor integrations, customer escalations, and compliance implementations. Leadership Scale: 8+ pro support engineers | 150K+ Dell employees | 500K+ customer identities | Global 24/7 operations | Fortune 500 customer base Primary Tools Used: Okta Enterprise, Microsoft AD/Azure AD, SailPoint IIQ, CyberArk PAM, ForgeRock, IBM Security, Oracle Identity, PowerShell automation Led Azure AD to Okta Transition: Successfully migrated enterprise identity systems from Azure AD to Okta & Microsoft Entra ID. Reduced Security Incidents: Implemented CyberArk PAM solutions, reducing security incidents by 35%. Automated IAM Tasks: Developed PowerShell automation cutting manual effort by 45% and improving operational efficiency. Engineered Multi-Vendor Integration: Built complex federation between Dell internal AD and customer environments using top 10 IAM vendors managing 500K+ customer identities. Information Technology Support Engineer Apple Inc | Jan 2015 - Dec 2015 | Austin, TX Technical Stack: Apple ID systems, Okta SSO, MFA, PowerShell | Enterprise user management Leadership: Promoted to lead 1st and 2nd shift IT engineering teams within 6 months, managed global identity synchronization. Leadership Scale: 1st/2nd shift teams (12+ engineers) | 50K+ Apple employees | 1M+ device identities | 40+ countries | 15-tier security levels Primary Tools Used: Apple ID systems, Okta SSO, Apple MDM, Directory Services, LDAP/Kerberos, PKI certificates, PowerShell automation Deployed Okta SSO and MFA: Assisted in enterprise SSO implementation reducing support tickets by 30%. Developed Automation Scripts: Created PowerShell scripts for automated user management improving operational efficiency. Built Identity Foundation: Gained expertise in enterprise identity systems establishing foundation for principal-level career progression. Lead Robotics Engineer U.S. Marines | Jan 2013 - Dec 2014 | Baghdad, Iraq Technical Stack: Robotic systems, IED detection equipment, System integration | 50+ robotic platforms | 100+ combat missions Leadership: Led 12-person technical team managing 50+ robotic systems, developed training protocols, led 100+ high-risk missions with zero system failures. Leadership Scale: 12-person technical team | 50+ robotic platforms | 100+ combat missions | 200+ lives saved | $2M+ equipment responsibility | Life-or-death decisions Primary Tools Used: Military robotic systems, IED detection equipment, EOD platforms, Field modification tools, Real-time monitoring systems, Combat communications Engineered Combat Systems: Built and maintained 50+ robotic platforms for IED detection, reconnaissance, EOD operations. Technical innovations prevented 200+ casualties. Developed Field Solutions: Created custom modifications and repair procedures adopted as standard across Marine robotics units. Led High-Risk Operations: Managed complex system integration during 100+ combat missions with zero system-related failures. Cryptologic Field Linguist U.S. Marines | Jan 2010 - Dec 2012 | Baghdad, Iraq Technical Stack: Intelligence systems, Communication protocols, Translation systems | 500+ intelligence operations | 3 languages Leadership: Led 6-person specialist team covering intelligence, linguist, cryptologist, communications roles accomplishing 500+ critical missions. Leadership Scale: 6-person specialist team | 500+ intelligence operations | 3 languages | Classified missions | Life-saving translations | High-stakes negotiations Primary Tools Used: Intelligence processing systems, Secure communication protocols, Translation software, Cryptologic equipment, Signal analysis tools, Real-time interpretation systems Engineered Communication Systems: Built real-time translation workflows processing complex military communications supporting life-saving operations. Built Intelligence Processing: Developed translation systems for 500+ intelligence operations with tactical protocols for high-stakes negotiations. Developed Problem-Solving Methodologies: Created systematic approaches to complex challenges directly applicable to technical leadership roles. Technology Stack & Core Competencies Identity & Access Management Platforms Enterprise IAM: Okta Enterprise/CIAM/Workforce/Customer, Microsoft AD/Azure AD/Entra ID, SailPoint IIQ/IGA, CyberArk PAM/EPM/Conjur, Ping Identity Suite/Federate/Access, RSA SecurID/Archer, ForgeRock AM/IDM, IBM Security Verify, Oracle Identity, Saviynt EIC, Auth0/Okta Customer Identity, AWS IAM/Cognito/SSO, Google Cloud Identity/Workspace, Delinea Secret Server, StrongDM, BeyondTrust Password Safe, Venafi Trust Protection, One Identity Manager, Broadcom Symantec IGA, EmpowerID, Centrify/Delinea, HashiCorp Vault Cloud & Infrastructure Platforms Cloud Platforms: AWS/EC2/EKS/Lambda, Azure/AKS/Functions, GCP/GKE/Cloud Run, IBM Cloud, Multi-cloud federation, Hybrid architecture, Edge computing, Serverless/FaaS Infrastructure & DevOps: SCCM, JAMF Pro, Kandji, Microsoft Intune, Active Directory, LDAP, DNS/BIND, PKI/CA, Kubernetes/OpenShift, Docker Swarm, Helm Charts, Istio Service Mesh Development & Automation Programming Languages: Python/Django/Flask, JavaScript/Node.js/React, PowerShell Core, Bash/Shell, Go/Golang, Java/Spring, JSON/YAML, XML/XSLT, SQL/NoSQL DevSecOps & Automation: Terraform/IaC, REST/GraphQL APIs, Okta CLI/APIs, Ansible/AWX, Jenkins/Pipeline, GitLab CI/CD, GitHub Actions, Docker/Podman, Kubernetes/Helm, ArgoCD/GitOps Protocols & Security Security Protocols: SAML 2.0/ADFS, OAuth 2.0/2.1/PKCE, OpenID Connect, LDAP, Kerberos, RADIUS, SCIM 2.0, FIDO2/WebAuthn, X.509/PKI, mTLS, JWT/JWE/JWS, OpenPolicy Agent Network & Zero Trust Security: Cisco ISE/ASA, Palo Alto Prisma, Meraki, Zscaler ZIA/ZPA, VPN/ZTNA, Cloudflare Access, BeyondCorp Compliance, Governance & Risk Management Compliance Frameworks: NIST 800-53/CSF, FISMA, FedRAMP High/Moderate, SOX, PCI-DSS, HIPAA, GLBA, FFIEC, ISO 27001/27002, SOC 2 Type II, GDPR, CCPA, CMMC GRC & Risk Management: Identity governance, Access certification, Risk assessment, Policy enforcement, Automated compliance validation, Third-party risk management, Vendor risk assessment, Business continuity planning AI/ML, Monitoring & Advanced Analytics SIEM/Security Analytics: Splunk Enterprise/Cloud, ELK Stack/Elastic Security, Prometheus/Grafana, DataDog, New Relic, Real-time alerting, AI-powered Identity Analytics, UEBA AI/ML & Security Testing: TensorFlow/PyTorch, scikit-learn, Penetration testing, Vulnerability assessment, SAST/DAST, Threat modeling, OWASP Top 10, Security architecture review, Red team/Blue team, Threat hunting Key Projects & Achievements Summary Federal Identity Ecosystem - CISA (2024) Built IAM, CIAM, PAM, and IGA frameworks across federal agencies serving 12M+ users. Migrated 10,000+ users improving authentication by 200%. Reduced privileged access vulnerabilities by 35%. Designed Zero Trust architecture integrated with CI/CD pipelines. Enterprise B2B IAM Platform - Ally Financial (2022-2023) Led IAM implementation for 50M+ users. Developed multi-tenant solution with Terraform, Okta, ForgeRock. Reduced unauthorized access by 50%. Integrated Workday automation reducing manual work by 35%. Saved $500K in licensing costs. Multi-Cloud Identity Integration - National Youth Week (2019-2022) Integrated Okta with 500+ applications reducing support requests by 25%. Deployed across AWS, Office 365, Google Workspace, Azure. Implemented RBAC/PAM reducing risks by 40%. Global Platform Security - Meta (2018-2019) Designed IAM blueprints for global standardization. Automated workflows cutting manual efforts by 50%. Integrated Facebook and WhatsApp identity solutions using Okta and Ping Identity. Enterprise IAM Transition - Dell (2016-2017) Led transition from Azure AD to Okta & Microsoft Entra ID. Reduced security incidents by 35% with CyberArk. Automated tasks with PowerShell cutting manual effort by 45%. Education & Certifications Bachelor's Degree in Computer Engineering & Information Science University of Technology, Texas | 2008 - 2012 | GPA: 4.0/5.0 Professional Certifications (65+ Total) Okta Certified Professional - Expires Nov 2025 Identity Access Management (IAM) - IBM - Expires Jan 2028 Ethical Hacker - Cisco - Issued Mar 2024 100W-09 Attack Methodologies - CISA - Issued Mar 2024 CompTIA A+ SE - Hardware/Software Foundation - 2012 CompTIA Network+ - Networking Infrastructure - 2015 Cisco Routing & Switching - Network Architecture - 2018 Google Cloud Security - Cloud Identity Management - 2017 Microsoft Azure Certified - Identity & Access Management - 2019 DHS/CISA Public Trust Clearance - Expires Feb 2030 CISSP - Currently in Progress 65+ Additional LinkedIn Certifications - Various Dates Recent Specialized Training (2023-2024) CISA Cybersecurity Certifications (Feb 2024) 100W Cybersecurity Practices for Industrial Control Systems, 210W-01 through 210W-10 ICS Cybersecurity series, ICS Cybersecurity Landscape for Managers Google AI/ML Certifications (Jun 2023) Generative AI Fundamentals, Transformer Models and BERT, Image Generation, Responsible AI, Attention Mechanism, Encoder-Decoder Architecture IBM Cloud Certifications (Jan 2023) Database as a Service, IBM Virtual Private Cloud (VPC), Watson AI Services - All expire Jan 2028 Keywords: continuous integration continuous deployment artificial intelligence machine learning javascript access management active directory information technology golang California Idaho Texas