Identity & Access Management (IAM) Engineer

About The Position

Requirements

• United States citizen with the ability to obtain a security clearance.
• Bachelor's degree in Information Technology, IT Operations Management, or a related field.
• 5-8+ years IAM/IGA, 2-4+ years SailPoint engineering/admin (IIQ).
• Strong grasp of Zero Trust; identity protocols (OIDC/OAuth2/SAML); AD/LDAP.
• Scripting: PowerShell, Python; Java/Beanshell (IIQ); REST APIs.

Nice To Haves

• SailPoint certifications; SC‑300; CISSP; AZ‑500.
• Experience with Entra ID/Ping, CASB, ServiceNow.

Responsibilities

• SailPoint Engineering & Administration Engineer/administer SailPoint (IIQ/IDN): configuration, workflows, rules/policies, testing, deployment, maintenance.
• Onboard applications: connectors for EntraID, SaaS, on‑prem , DBs, directories (AD/LDAP), and HRIS (Workday/SuccessFactors).
• Automate JML: provisioning/deprovisioning, birthright/role-based access, movers entitlements.
• Access governance: entitlements, group management, SOD policies, certification campaigns.
• Role engineering: business/technical roles aligned to least privilege.
• Platform ops: patching, upgrades, performance tuning, troubleshooting.
• Customization: rules/workflows/tasks (Java/Beanshell for IIQ), UI config, reporting, dashboards.
• Implement identity-first controls: MFA, PKI, conditional access, adaptive/risk-based auth.
• Integrate with CASB and endpoint posture signals.
• Align with Zero Trust principles (least privilege, continuous verification).
• Build APIs/scripts (PowerShell, Python) for IAM workflows.
• Support CI/CD for IAM configs and environment promotion.
• Maintain audit evidence; enforce SOD; reduce identity risk through metrics.