Security Engineer

Job Description:

Project Summary:

Provide single source-of-truth for online identity for members and non-member web accounts using Azure Active Directory Business to Customer as Identity Access Management solution, capable of supporting millions of usersand billions of authentications per day.

Improved and consistent sign-up and sign-in experience across web properties that provides an improved member experience.

SSO to be seamless and not to change much of the current user experience

Incrementally populate the user credentials sourced from eCommerce system to a modernized, cloud-based identityplatform designed for B2Cfunctions.

MigrateCostco user identities from WebSphere CommerceDB to Azure AD B2C on first sign-in

Role/Contribution:

Planningand designing AAD B2C architecture that can cater60 million Users

Planningand designing AzureApp services, Resourcegroups, ARM templates, Blob Storage

Configuring Azure Active Directory B2C tenant and proxy applications for implementing custom policies of

Identity Experience Framework

Grantingnecessary permission for Microsoft Graph in ProxyIdentityExperienceFramework and IdentityExperienceFramework applications, to perform read write operationto the AD tenant via user impersonation

Developedcustom policies for Identity Experience Framework (IEF), base (TrustFrameworkBase.xml), extension (TrustFrameworkExtensions.xml), Relying party (SignUpOrSignin.xml, ProfileEdit.xml, PasswordReset.xml) files for Local Accountsas identity providers

Built custom User Journeys, Orchestration steps, technical profiles, adding them as output claims in Self Asserted Technical profiles, Content Definitions, Display Controls

claims transformation to custom claims,JSON transformations, case change, conditional value

CustomUI to match the company brandingand design guidelines, and hosting them in Azure Blob storagefor access via Azure CDN (Akamai)

REACT based DOM manipulations

UX customizations using custom claim types, Regex input validation, Validation Technical profiles, Passwordcomplexity for seamless experience with branding for web and mobile experience

DisplayControls for sending verification code, email verification, custom email and dependent One-timepassword (OTP) generation, along with verify code

Custom Rest API’s to integratewith custom servicesfor interacting with LOB applications and InfoBip Emailservice

Securingrestful services with Client Certificate authentication and Basic authentication, RSA encryption and decryption

Writingall trace info to application insights, from IEF & Azure App Service

Defined custom attributesfor storing custom defined information as custom claim, attaching to B2C customextensions app, claim resolversto transfer data via query stringsto IEF and rest api

JWT validation with publickeys, expiration date and nonce

MicrosoftGraph endpoints for Get user, create user with identities, update user, delete user, register/update extension properties

Seedingtool for pre-populating 60+ Million users from DB2 to Azure AD B2C using MASL Python libraries

PerformedData Mining and analysis activitieswith the Costco user base using Pandas for Python, for determining active/inactive users, categorize based on business models,regions etc.