Senior SailPoint Security Cloud (ISC) Engineer in New York
Role details
Job location
Tech stack
Job description
We are seeking a hands-on Senior SailPoint Engineer to lead the design, implementation, and support of our enterprise Governance and Administration (IGA) platform. This role will be responsible for architecting, deploying, and maintaining SailPoint Security Cloud (ISC) while partnering closely with , Infrastructure, Security, Cloud, and Application teams to automate lifecycle management across the enterprise., Design, implement, and maintain SailPoint Security Cloud (ISC) solutions in large enterprise environments.
Lead multiple full lifecycle SailPoint ISC implementations, including architecture, configuration, deployment, migration, and production support.
Build and maintain Joiner, Mover, Leaver (JML) lifecycle workflows for automated provisioning and deprovisioning.
Configure and customize SailPoint lifecycle events, workflows, transforms, rules, profiles, access profiles, roles, and sources.
Develop and maintain automated provisioning workflows across cloud and on-premises applications.
Design and implement Role-Based Access Control (RBAC) models, entitlement management, birthright access, and role engineering strategies.
Configure and manage access request, approval, and fulfillment workflows.
Design and administer access certification campaigns, periodic access reviews, and Segregation of Duties (SoD) controls.
Develop custom integrations utilizing REST APIs, SCIM, PowerShell, and SailPoint Web Services connectors where required.
Configure and troubleshoot SailPoint connectors, aggregation jobs, provisioning policies, mappings, and account correlation.
Integrate SailPoint with enterprise providers, HR systems, cloud platforms, and privileged access management solutions.
Partner with Azure, Infrastructure, Security, and Application teams to automate governance across hybrid cloud environments.
Support production incidents, perform root cause analysis, and optimize platform performance, scalability, and reliability.
Develop technical documentation, architecture diagrams, implementation guides, and operational runbooks.
Participate in platform upgrades, new feature deployments, testing, and continuous platform improvements.
Requirements
This is a highly technical engineering role requiring multiple end-to-end SailPoint ISC implementations in enterprise environments. The ideal candidate will have deep expertise building governance solutions, integrating enterprise applications, and automating access management processes within a Microsoft Azure ecosystem., 8+ years of and Access Management (IAM) experience.
5+ years of hands-on SailPoint engineering experience.
Multiple enterprise SailPoint Security Cloud (ISC / IdentityNow) implementations from design through production.
Strong understanding of Governance and Administration (IGA) concepts.
️
Deep experience with:
Lifecycle Management (Joiner / Mover / Leaver)
Provisioning & Deprovisioning
Access Certifications
Access Requests, Security Cloud administration
Experience configuring and troubleshooting SailPoint connectors.
Experience developing API-based integrations using REST, SCIM, and PowerShell.
Strong understanding of authentication and protocols including SAML, OAuth 2.0, OIDC, LDAP, and SCIM.
Experience working within enterprise Microsoft Azure and Entra ID environments.
Strong troubleshooting, analytical, and communication skills., SailPoint Security Engineer Certification (strongly ).
Experience implementing SailPoint integrations with:
Workday
ServiceNow
Active Directory
Microsoft Entra ID (Azure AD)
CyberArk
Salesforce
Experience with Microsoft Graph API.
Experience with Azure automation, PowerShell, and enterprise architecture.
Experience working in hybrid cloud environments.
Familiarity with Zero Trust architecture and modern security practices.
Experience supporting highly regulated enterprise environments.
️
Technical Environment
SailPoint Security Cloud (ISC / IdentityNow)
Microsoft Azure
Microsoft Entra ID (Azure AD)
Active Directory
Microsoft Graph API
PowerShell
REST APIs
SCIM
SAML
OAuth 2.0
OpenID Connect (OIDC)
LDAP