Sr. SailPoint Engineer- ISC & IIQ | Remote, USA

Our Advanced Fusion Center Identity practice runs and improves clients' SailPoint ISC/IIQ programs day-to-day. As a Sr. Sailpoint Engineer, you will handle escalations from Tier 1, stabilize and optimize production, and drive small/medium enhancements. The Sr. Sailpoint Engineer will keep identity lifecycle, access requests, certifications, and policy enforcement humming- with operational discipline, measurable SLAs, and crisp client communication. CyberArk and Okta integrations are nice-to-have.

How you'll make an impact

• Keep Sources, Identity Profiles, Access Profiles, Entitlements, Roles, Lifecycle events, Access Requests, Approvals, and Certifications healthy and on-schedule.

• Build and optimize workflows, transforms, and policies (SoD, RBAC) in IIQ and ISC.

• Monitor and resolve aggregations, account correlations, provisioning failures, and campaign anomalies, tune schedules and thresholds.

• Maintain and troubleshoot Virtual Appliance (VA) health, connector upgrades, and connectivity (e.g., AD/Entra, HRIS, SaaS apps, databases).

• Build and maintain Workflows (low code), Transforms, policies (SoD, separation of function), and request/catalog items.

• Run monthly health checks and deliver operational reports (KPIs, trendlines, incidents, changes, and risk/compliance signals).

• Act as escalation for Tier 1: triage, contain, and restore; perform root cause analysis and implement durable fixes.

• Create and improve runbooks/SOPs; automate recurring fixes and checks.

• Plan and execute low-risk changes (connector tuning, attribute mappings, workflow edits, catalog updates) within ITSM guardrails.

• Contribute to release readiness: sandbox validation, UAT coordination, deployment notes, and rollback plans.

• Translate operational signals into clear actions for client IAM owners and app teams.

• Advise on access modeling (Access Profiles vs. Roles), campaign design, and birthright vs. requestable access.

• Provide backlog intake sizing for Tier-3/architecture where code or complex redesigns are required.

• Okta/Entra ID Integration experience: Govern downstream via SCIM/API targets; align joiner/mover/leaver flows; validate group/entitlement posture.

• CyberArk (PAM) Integration experience: Support governance integrations (e.g., safe/platform entitlement visibility, request/approval via SailPoint); assist with out-of-band privilege variance findings and clean-up campaigns.

• Feed events and metrics to SIEM/SOC (webhooks/API), enrich tickets with context, and contribute to correlation use-cases (e.g., excessive privilege anomalies, orphan/rogue accounts).

• Partner with compliance teams on attestation evidence, control testing cadence, and audit responses.

• 5+ years of verifiable IAM operations/consulting experience, with at least 2 years hands-on in SailPoint IIQ and ISC in production.

• Recent ( 12 months) hands-on experience with SailPoint ISC/IDP in a production setting.

• Proven Tier-2 ownership of aggregations, correlation, provisioning, certifications, workflow/transform tuning, catalog & access model hygiene, and VA/connector health.

• Solid grasp of identity lifecycle (joiner/mover/leaver), request/approval patterns, SoD policy design, and RBAC in large, distributed environments.

• Comfortable with logs, metrics, and MTTR/SLAs; can turn noisy failures into stable automation.

• Strong written/verbal communication-clear incident timelines, executive-level status, and precise change plans.

• Familiarity with Entra ID/AD, HR sources, and common SaaS targets from an IIQ connector perspective.

• SailPoint IIQ (Workflows, Access Requests, Certifications, Identity & Access Profiles, Transforms, Policies, Reports)

• Virtual Appliances, connector logs, account activity, and provisioning task views

• ITSM (ServiceNow/Jira), Confluence/knowledge base, basic API tooling (Postman/Curl) for IIQ v3 endpoints

• Basic scripting for ops automation (PowerShell or Python) and CSV/data fixes where appropriate

• Okta (governance targets via SCIM/API; SSO basics helpful but not the focus)- preferred

• CyberArk governance integration (safe/platform entitlement visibility and request flows)- preferred

• Cloud platforms (AWS/GCP) as identity sources/targets- preferred

• Security/compliance context: SOC 2, SOX, HIPAA, PCI; evidence packaging for audits- preferred

• Certifications (SailPoint, Microsoft, ISC²)- preferred

+ A company committed to our inclusive value through our Employee Resource Groups (https://www.optiv.com/company/impact-report/inclusion-and-belonging)