IAM Operations Consultant (Ping Identity & SailPoint)

1. Service Operations:

• Own day-to-day operations for Ping Identity and SailPoint platforms, ensuring availability, performance, and security SLAs.
• Proactively monitor platform health, perform routine checks, capacity planning, backups, and schedule/execute maintenance, patching, and upgrades.
• Triage and resolve incidents, service requests, and problems; lead root cause analysis and implement permanent fixes.
• Execute changes via CAB with clear runbooks, rollback plans, impact/risk assessments, and post-implementation reviews.
• Maintain accurate runbooks, SOPs, diagrams, and operational documentation aligned to audit standards.

2. Ping Identity (SSO, MFA, Federation):

• Administer PingFederate, PingAccess, PingDirectory, and PingID/PingOne (as applicable).
• Onboard and maintain OIDC/SAML integrations: configure IdP/SP connections, manage metadata, certificates, and key rotation.
• Implement and tune MFA, adaptive policies, device trust, and conditional access.
• Manage authentication policies, token lifecycles, attribute mapping, session management, and header-based access.
• Promote configurations across environments; troubleshoot SSO issues end-to-end with application teams.
• Ensure standards alignment and secure integration patterns for SAML 2.0, OIDC, and OAuth 2.0.

3. SailPoint Identity Governance & Administration:

• Operate SailPoint platforms: IdentityIQ and/or IdentityNow (Identity Security Cloud), including task scheduling, health checks, and upgrades.
• Application onboarding and connector operations (e.g., AD/Entra ID, LDAP, Azure, Workday/SuccessFactors, ServiceNow, SAP, Oracle, databases, SaaS apps).
• Manage identity lifecycle (joiner-mover-leaver), account aggregation, correlation, transforms/mappings, roles/access profiles, and policies.
• Administer and support access request workflows, approval policies, birthright/access modeling, and role mining (as applicable).
• Run access certification campaigns (setup, scheduling, execution, attestation evidence, remediation tracking).
• Maintain and tune provisioning policies, entitlements, SoD policies/violations, and exception handling.
• Troubleshoot provisioning and aggregation failures, queue backlogs, connector errors, rules, and workflow issues.
• Develop and support SailPoint rules/workflows and automation:
• IdentityIQ: BeanShell/Java rules, lifecycle manager workflows, task definitions, plugin/config promotion.
• IdentityNow: sources, transforms, rules, lifecycle events, connectors, sp-config export/import, REST APIs.
• Perform data quality checks, identity refreshes, cleanup jobs, and optimize performance and indexing.

4. Security, Compliance, and Governance:

• Enforce least privilege, SoD, and Zero Trust-aligned controls across SSO and IGA.
• Integrate logs with SIEM for monitoring, alerting, and anomaly detection; define operational thresholds and playbooks.
• Support audits (SOX/PCI/ISO/other): produce evidence, enable control testing, and remediate findings.
• Manage certificate, key, and secret lifecycles and ensure secure configuration baselines.

5. Automation and Continuous Improvement:

• Automate routine tasks (app onboarding, cert renewals, config backups, campaign setups, rotation checks) using platform APIs and scripts.
• Implement configuration-as-code and environment promotion where supported (Ping and SailPoint).
• Define operational KPIs, measure performance, and drive improvements to reduce toil and improve reliability.
• Partner with engineering/architecture to deliver enhancements without operational risk.

6. Stakeholder Management:

• Collaborate with application owners, security, infra, HRIS, and compliance teams to plan changes and onboard services.
• Provide consultative guidance on integration patterns, controls, and IAM best practices.
• Communicate incident status, risks, and service health to both technical and non-technical stakeholders.

5 8 years in IAM operations/engineering with production ownership.

• 3+ years administering Ping Identity (PingFederate, PingAccess, PingDirectory, PingID/PingOne).
• 3+ years operating SailPoint (IdentityIQ and/or IdentityNow) in enterprise environments.
• Strong grasp of SAML 2.0, OIDC, OAuth 2.0, JWT, token policies, and certificate management.
• Experience with identity lifecycle, provisioning, access requests, and certification campaigns.
• Windows/Linux administration, networking (DNS, TLS, proxies, load balancers), and directory services (AD/LDAP).
• Scripting and APIs: PowerShell and either Python or Java; experience with REST/JSON. For IdentityIQ, BeanShell/Java; for IdentityNow, transforms and rules.
• Experience with ITSM (e.g., ServiceNow), SIEM (e.g., Splunk), and monitoring (e.g., Datadog, Prometheus).
• Solid understanding of ITIL processes and enterprise security practices., Ping Identity certifications (PingFederate, PingAccess) and SailPoint certifications (IdentityIQ/IdentityNow).
• Experience with SailPoint sp-config, plugin management (IIQ), connector tuning, and performance optimization.
• Knowledge of Azure AD/Entra ID, AWS IAM, Google Cloud Platform IAM; SCIM provisioning and JIT patterns.
• Exposure to CI/CD for IAM configs, Git-based versioning, and pipeline-driven deployments.
• Familiarity with compliance frameworks (SOX, PCI-DSS, ISO 27001) and evidence management.
• Experience integrating HR sources (Workday/SuccessFactors) and ERP apps (SAP/Oracle).

Key Technologies:

• Ping Identity: PingFederate, PingAccess, PingDirectory, PingID/PingOne, certificates/keystores.
• SailPoint: IdentityIQ, IdentityNow (Identity Security Cloud), rules/workflows, connectors, transforms, sp-config, REST APIs.
• Supporting: Active Directory/LDAP/Entra ID, HRIS (Workday/SuccessFactors), ServiceNow, SIEM, reverse proxies/load balancers, Git, scripting tools.

Education: Bachelor s degree in Computer Science, Information Security, or related field; or equivalent hands-on experience.

Competitive Salary Company Pension Scheme Comprehensive Health Insurance Flexible Work Hours and Hybrid Work Options XX days paid annual holidays + public holidays. Professional Development and Training Opportunities Employee Assistance Program (EAP) Diversity, Equity, and Inclusion Initiatives Company Events and Team-Building Activities Equal Opportunities Employer