Yedukondalu Penumalli

CISSP‑Certified Cybersecurity & IAM Professional | Okta | Sailpoint | CyberArk | Delinea | Microsoft

Hyderabad, Telangana, India

About

I am a proactive, results-oriented Senior Technology Architect with over 16 years of experience driving secure digital transformations across the Telecom, Healthcare, Retail Supply Chain, and Media & Entertainment sectors. Acting as a trusted advisor, I specialize in bridging the gap between complex enterprise identity security requirements and scalable, business-aligned technical solutions. My core expertise lies in architecting, implementing, and managing robust Identity and Access Management (IAM), Identity Governance and Administration (IGA), and Privileged Access Management (PAM) architectures. I have a proven track record of leading legacy-to-cloud migrations and designing Zero-Trust frameworks using top-tier platforms, including Okta, SailPoint, CyberArk, Delinea, Microsoft/Azure AD, Oracle IAM. Beyond core identity delivery, I bring a strong consulting and practice-building focus to every engagement. I lead strategy, roadmap, and design workshops, engineer scalable service offerings for pre-sales and post-delivery success, and drive alignment across cross-functional stakeholder groups. My approach ensures that security controls not only mitigate risk but also enable streamlined enterprise operations. As a hands-on technical professional, my foundation in modern development (Java, Spring Boot, Node.js) and scripting (Python, PowerShell) empowers me to design custom REST API integrations, automate DevSecOps pipelines via Azure DevOps, and troubleshoot complex technical challenges autonomously. I am also actively championing next-generation enterprise AI transformations, leveraging Glean AI and Agentic AI workflows to optimize internal efficiency. My architectural strategies are strictly aligned with stringent global and regional compliance frameworks, including CAS Zero Trust Framework, ISO 27001, NIST, and ASCS. I am fully committed to maintaining the highest industry standards, backed by active certifications including CISSP, ISO 27001 Lead Implementer, CSA CCSK, Okta Certified Consultant & Developer, Delinea Certified Platform Engineer, Microsoft, and CyberArk certifications.

Experience

  • Senior Technical Consultant - Security Architectures at AHEAD
    Aug 2025 - Present · 1 yr

    • Architect and implement Okta as a cloud-native identity platform for medium-scale US enterprises, ensuring scalable and secure access management. • Lead the complex migration of legacy on-premises IGA frameworks to modern, cloud-based hybrid identity solutions utilizing Okta. • Execute deep-dive, current-state health check assessments for both Okta (IAM) and Delinea (PAM) environments, designing and implementing targeted remediation roadmaps to optimize security posture. • Engineered and continuously refined comprehensive Okta and SailPoint service offerings, providing critical technical strategy and enablement across pre-sales, core delivery, and post-delivery phases. • Champion enterprise AI transformation initiatives by integrating Glean AI and agentic AI methodologies to optimize internal workflows, enhance operational efficiency, and modernize enterprise search.

  • Senior Specialist - Information Security at LTIMindtree
    May 2024 - Apr 2025 · 1 yr

    Designed and implemented enterprise-grade identity security solutions using Okta, focusing on access control, authentication policies, and secure session management. Led L2/L3 support for identity services, resolving incidents, fulfilling service requests, and conducting root cause analysis within SLA targets. Integrated diverse applications into Okta with least privilege access, MFA enforcement, and global session controls. Enabled seamless user sync from Active Directory to Okta, ensuring data integrity and lifecycle consistency. Implemented SAML, OAuth, and OIDC protocols for secure authentication across web apps and APIs. Maintained platform availability, managed access workflows, and supported role onboarding. Delivered identity solutions using Microsoft Entra ID and Defender for Identity, enhancing threat detection and posture visibility. Automated reporting using Python and Microsoft Graph API for real-time access insights. Designed SAML-based OIDC integrations and onboarded gallery apps via standardized workflows. Conducted vulnerability analysis on token/session management and implemented remediation strategies. Configured Conditional Access Policies to enforce contextual controls and strengthen identity posture. Managed TLS certificate lifecycle across identity platforms. Participated in change management, incident response, and troubleshooting activities. Collaborated with stakeholders to align identity configurations with compliance and governance goals. Provided technical leadership in automation and service improvement, reducing manual overhead. Produced detailed documentation and operational handbooks to support sustainability, audit readiness, and knowledge sharing across IAM and security teams.

  • Technology Architect at Cognizant
    Jul 2021 - Apr 2024 · 2 yrs 10 mos

    Designed and implemented API-based identity connectors and provisioning workflows in SailPoint IIQ to automate entitlements, enforce least privilege, and maintain policy compliance. Architected enterprise-wide Privileged Access Security (PAS) using CyberArk, including credential vaulting, dual-control workflows, and RBAC to mitigate insider threats. Deployed CyberArk PSM across Windows, Linux, and databases to ensure secure session isolation and audit-ready recordings. Managed privileged account onboarding and lifecycle governance aligned with internal controls and regulatory frameworks. Defined identity federation and MFA architectures integrating Entra ID and Conditional Access with cloud apps for adaptive authentication. Engineered secure Java-based applications using Spring, Hibernate, and J2EE, embedding access controls and encrypted data flows. Automated infrastructure provisioning via Azure DevOps CI/CD pipelines, embedding identity validation and RBAC. Implemented security automation in Bicep and ARM templates for compliant Azure deployments aligned with ACSC Essential Eight. Designed microservices-based integration using Azure Event Grid and Service Bus for fault-tolerant, decoupled communication. Authored identity and security architecture specs, including topologies, provisioning maps, and reference models. Collaborated with stakeholders to align technical designs with business continuity and compliance goals. Delivered incident analysis and remediation for identity-related issues, ensuring confidentiality and system resilience. Applied DevSecOps principles across SDLC and integrated SIEM for real-time anomaly detection and compliance reporting.

  • Telstra (Hyderabad Area, India)
    • Senior Specialist
      Sep 2019 - May 2021 · 1 yr 9 mos

      - Defined and implemented security controls across Telstra’s network architecture and technologies, safeguarding systems, customer data, and infrastructure in collaboration with key stakeholders. - Contributed to security strategy and engineering standards, embedding security hygiene into network designs, technology processes, and operational workflows. - Engaged with business units and customers to drive continuous improvements in security engineering, ensuring solutions were scalable, compliant, and fit-for-purpose. - Developed and enforced security policies and procedures across multiple technologies, fostering awareness and mentoring junior engineers to uphold best practices. - Translated customer and business requirements into secure, commercially viable platforms, products, and infrastructure aligned with compliance and strategic goals. - Designed and maintained secure identity provisioning, access control, SSO, and API security solutions, ensuring robust authentication and authorization across services. - Secured cloud environments and payloads by applying encryption, access governance, and platform hardening aligned with enterprise cloud security frameworks.

    • IT Domain Specialist
      Apr 2018 - Sep 2019 · 1 yr 6 mos

      Design and Develop Identity and Access provisining solutions Design and Develop Access Control, Access Management solutions

  • Senior Security Engineer at IQVIA
    Sep 2017 - Apr 2018 · 8 mos

    • Designed and implemented enterprise-grade Identity and Access Management (IAM) solutions, utilizing SailPoint IIQ to support lifecycle governance, birthright provisioning, and role-based entitlements, ensuring secure access across hybrid environments. • Led the migration from legacy identity management platforms to modern IAM solutions, leveraging authoritative data sources and provisioning policies to enable compliant and scalable identity operations. • Conducted root cause analysis and incident response activities to resolve identity-related errors and security exceptions, maintaining the integrity, availability, and confidentiality of sensitive digital assets. • Collaborated with cross-functional teams, including infrastructure, compliance, and application development units, translating business requirements into secure technical implementations across diverse delivery contexts. • Defined and executed periodic access certification campaigns and audit remediation workflows, maintaining ongoing compliance with enterprise policies and external regulatory mandates. • Ensure solutions are reusable, scalable, reliable, manageable, and operable, and align with Quintile’s (IQVIA's) technology strategic directions, and meet any specific OKRs.