Francesco Strangis

I am currently implementing a security solution to protect on-premises applications using Microsoft Azure technologies. The solution leverages Microsoft Entra ID Application Proxy to securely publish the applications via Azure Application Service, ensuring that access will only be possible through authentication in Microsoft Entra ID using Single Sign-On (SSO) mechanisms.

Authentication is being enforced using some security protocols, including SAML 2.0, OpenID Connect, and OAuth 2.0, providing a seamless and secure experience for users. The user base includes accounts from both an on-premises Active Directory (AD) and Microsoft Entra ID, requiring a hybrid identity approach.

To enhance security and user experience, I am integrating FIDO2 Passwordless Passkeys, allowing users to authenticate without traditional passwords, improving both security and usability. Additionally, I am managing the distinction between Microsoft Entra ID B2C, ensuring appropriate access control and user management strategies.

In this project, I am responsible for the management, maintenance, evolution, and incident resolution of the customer's web protection platforms, including Strong, VAM, and WEBSSO, ensuring secure authentication and access management. Initially, the architecture was based on Broadcom Siteminder 12.0, where users accessed applications using biometric authentication and/or passwords, while internal employees authenticated through Kerberos and NTLM for seamless corporate access.

As part of a major architectural evolution, we designed the transition to Siteminder 12.8, enhancing security, scalability, and integration capabilities. This upgrade laid the foundation for further improvements in authentication mechanisms.

In the evolutionary phase, I have been heavily involved in the architectural design of advanced authentication features, ensuring seamless integration with the existing infrastructure. Specifically, I have contributed to the design and implementation of OTP authentication via Azure Authenticator and the adoption of SAML 2.0, providing more flexible and secure authentication methods while maintaining compatibility with the customer’s identity and access management framework.

As part of the incident management process, my duties include incident intake, analysis, troubleshooting, and resolution, working closely with both operations teams and the customer. I assess potential solutions and implement the most effective approach, ensuring minimal disruption and optimal security performance.

I contributed to the strengthening of the security posture of the existing platform by analyzing vulnerabilities, optimizing defenses, and implementing advanced protection strategies leveraging Azure technologies. The project focused on enhancing resilience against DDoS threats, integrating Azure DDoS Protection through a cost-benefit analysis to select the most effective plan.

To ensure proactive threat detection, I configured automated security breach alerts, enabling real-time monitoring and rapid response to potential incidents. Additionally, I implemented tailored security rules on Azure Application Gateway with Web Application Firewall (WAF) to provide layered protection for exposed services.

The effectiveness of these measures was rigorously validated through targeted testing across both development and production environments, ensuring a robust, well-integrated, and future-proof security framework.

In this project, I am responsible for designing and implementing a DevOps pipeline on Google Cloud Platform (GCP) to manage the entire test case project, covering both Front-End (FE) and Back-End (BE) processes. The pipeline automates the build process, executes unit tests, and manages the deployment to the TEST environment, ensuring a streamlined and efficient workflow.

Beyond development, my role also includes tasks related to technical analysis, documentation, and testing, guaranteeing that the pipeline integrates seamlessly with the existing infrastructure and supports continuous development.

In this project, I was responsible for the development, maintenance, and support of the Siebel AM platform used by the customer for CRM in both Business and Customer areas. My role involved implementing new customer-requested features, contributing to the evolution of the platform, and maintaining both new and existing projects to ensure stability and performance.

Beyond development, I conducted unit testing on implemented solutions to guarantee reliability and compliance with business requirements. Additionally, I provided technical support and service management, assisting in troubleshooting and optimizing platform operations.

This project focused on enhancing the customer’s CRM infrastructure through continuous improvements, leveraging the Siebel AM platform to support evolving business needs and ensure a seamless customer experience.