We are seeking a highly skilled IAM professional to engineer and administer SailPoint IdentityIQ and advance our Zero Trust architecture in the identity pillar. This role owns joiner–mover–leaver (JML) automation, access governance, role modeling, and certification campaigns, partnering closely with Cyber Security and Policy to embed least privilege, continuous verification, and risk-based access. Candidates must have the ability to obtain a federal security clearance and pass a background/drug screen.
Key Responsibilities
SailPoint Engineering & Administration
• Engineer/administer SailPoint (IIQ/IDN): configuration, workflows, rules/policies, testing, deployment, maintenance.
• Onboard applications: connectors for EntraID, SaaS, on-prem , DBs, directories (AD/LDAP), and HRIS (Workday/SuccessFactors).
• Automate JML: provisioning/deprovisioning, birthright/role-based access, movers entitlements.
• Access governance: entitlements, group management, SOD policies, certification campaigns.
• Role engineering: business/technical roles aligned to least privilege.
• Platform ops: patching, upgrades, performance tuning, troubleshooting.
• Customization: rules/workflows/tasks (Java/Beanshell for IIQ), UI config, reporting, dashboards.
Zero Trust Architecture
• Implement identity-first controls: MFA, PKI, conditional access, adaptive/risk-based auth.
• Integrate with CASB and endpoint posture signals.
• Align with Zero Trust principles (least privilege, continuous verification).
Integration & Automation
• Build APIs/scripts (PowerShell, Python) for IAM workflows.
• Support CI/CD for IAM configs and environment promotion.
Governance & Compliance
• Maintain audit evidence; enforce SOD; reduce identity risk through metrics.
Required Qualifications
• 5–8+ years IAM/IGA, 2–4+ years SailPoint engineering/admin (IIQ).
• Strong grasp of Zero Trust; identity protocols (OIDC/OAuth2/SAML); AD/LDAP.
• Scripting: PowerShell, Python; Java/Beanshell (IIQ); REST APIs.
Preferred Qualifications
• SailPoint certifications; SC-300; CISSP; AZ-500.
• E xperience with Entra ID/Ping, CASB, ServiceNow.
Core Competencies
Security-first mindset • Architecture & delivery • Automation • Risk/compliance literacy • Operational excellence