Sr. SailPoint Engineer- ISC & IIQ | Remote, USA

Optiv Inc
Austin, United States of America
3 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Remote
Austin, United States of America

Tech stack

API
Amazon Web Services (AWS)
Confluence
JIRA
Software as a Service
Cloud Computing
Databases
Distributed Systems
Human Resources Information System (HRIS)
Identity and Access Management
Python
CURL
Powershell
Role-Based Access Control
Security Information and Event Management
Systems Integration
Scripting (Bash/Python/Go/Ruby)
Okta
Postman
Cyberark
Mttr
SailPoint
Webhooks
ServiceNow

Job description

Our Advanced Fusion Center Identity practice runs and improves clients' SailPoint ISC/IIQ programs day-to-day. As a Sr. Sailpoint Engineer, you will handle escalations from Tier 1, stabilize and optimize production, and drive small/medium enhancements. The Sr. Sailpoint Engineer will keep identity lifecycle, access requests, certifications, and policy enforcement humming- with operational discipline, measurable SLAs, and crisp client communication. CyberArk and Okta integrations are nice-to-have.

How you'll make an impact

  • Keep Sources, Identity Profiles, Access Profiles, Entitlements, Roles, Lifecycle events, Access Requests, Approvals, and Certifications healthy and on-schedule.

  • Build and optimize workflows, transforms, and policies (SoD, RBAC) in IIQ and ISC.

  • Monitor and resolve aggregations, account correlations, provisioning failures, and campaign anomalies, tune schedules and thresholds.

  • Maintain and troubleshoot Virtual Appliance (VA) health, connector upgrades, and connectivity (e.g., AD/Entra, HRIS, SaaS apps, databases).

  • Build and maintain Workflows (low code), Transforms, policies (SoD, separation of function), and request/catalog items.

  • Run monthly health checks and deliver operational reports (KPIs, trendlines, incidents, changes, and risk/compliance signals).

  • Act as escalation for Tier 1: triage, contain, and restore; perform root cause analysis and implement durable fixes.

  • Create and improve runbooks/SOPs; automate recurring fixes and checks.

  • Plan and execute low-risk changes (connector tuning, attribute mappings, workflow edits, catalog updates) within ITSM guardrails.

  • Contribute to release readiness: sandbox validation, UAT coordination, deployment notes, and rollback plans.

  • Translate operational signals into clear actions for client IAM owners and app teams.

  • Advise on access modeling (Access Profiles vs. Roles), campaign design, and birthright vs. requestable access.

  • Provide backlog intake sizing for Tier-3/architecture where code or complex redesigns are required.

  • Okta/Entra ID Integration experience: Govern downstream via SCIM/API targets; align joiner/mover/leaver flows; validate group/entitlement posture.

  • CyberArk (PAM) Integration experience: Support governance integrations (e.g., safe/platform entitlement visibility, request/approval via SailPoint); assist with out-of-band privilege variance findings and clean-up campaigns.

  • Feed events and metrics to SIEM/SOC (webhooks/API), enrich tickets with context, and contribute to correlation use-cases (e.g., excessive privilege anomalies, orphan/rogue accounts).

  • Partner with compliance teams on attestation evidence, control testing cadence, and audit responses.

Requirements

  • 5+ years of verifiable IAM operations/consulting experience, with at least 2 years hands-on in SailPoint IIQ and ISC in production.

  • Recent ( 12 months) hands-on experience with SailPoint ISC/IDP in a production setting.

  • Proven Tier-2 ownership of aggregations, correlation, provisioning, certifications, workflow/transform tuning, catalog & access model hygiene, and VA/connector health.

  • Solid grasp of identity lifecycle (joiner/mover/leaver), request/approval patterns, SoD policy design, and RBAC in large, distributed environments.

  • Comfortable with logs, metrics, and MTTR/SLAs; can turn noisy failures into stable automation.

  • Strong written/verbal communication-clear incident timelines, executive-level status, and precise change plans.

  • Familiarity with Entra ID/AD, HR sources, and common SaaS targets from an IIQ connector perspective.

  • SailPoint IIQ (Workflows, Access Requests, Certifications, Identity & Access Profiles, Transforms, Policies, Reports)

  • Virtual Appliances, connector logs, account activity, and provisioning task views

  • ITSM (ServiceNow/Jira), Confluence/knowledge base, basic API tooling (Postman/Curl) for IIQ v3 endpoints

  • Basic scripting for ops automation (PowerShell or Python) and CSV/data fixes where appropriate

  • Okta (governance targets via SCIM/API; SSO basics helpful but not the focus)- preferred

  • CyberArk governance integration (safe/platform entitlement visibility and request flows)- preferred

  • Cloud platforms (AWS/GCP) as identity sources/targets- preferred

  • Security/compliance context: SOC 2, SOX, HIPAA, PCI; evidence packaging for audits- preferred

  • Certifications (SailPoint, Microsoft, ISC²)- preferred

About the company

+ A company committed to our inclusive value through our Employee Resource Groups (https://www.optiv.com/company/impact-report/inclusion-and-belonging)

Apply for this position