Security Track Consultant

About The Position

Requirements

• 10+ years of experience
• Own and lead day-to-day operations for enterprise key and certificate lifecycle management, ensuring secure, reliable, and compliant handling of cryptographic keys, certificates, secrets, and related IAM integrations.
• Drive operational excellence, incident/problem management, automation, and continuous improvement across keychain services supporting critical business applications.
• Administer PingFederate, PingAccess, PingDirectory, and PingID/PingOne (as applicable).
• Onboard and maintain OIDC/SAML integrations: configure IdP/SP connections, manage metadata, certificates, and key rotation.
• Operate SailPoint platforms: IdentityIQ and/or IdentityNow (Identity Security Cloud), including task scheduling, health checks, and upgrades.
• Application onboarding and connector operations (e.g., AD/Entra ID, LDAP, Azure, Workday/SuccessFactors, ServiceNow, SAP, Oracle, databases, SaaS apps).
• Maintain and tune provisioning policies, entitlements, SoD policies/violations, and exception handling.
• Develop and support SailPoint rules/workflows and automation: IdentityIQ: BeanShell/Java rules, lifecycle manager workflows, task definitions, plugin/config promotion. IdentityNow: sources, transforms, rules, lifecycle events, connectors, sp-config export/import, REST APIs.
• Enforce least privilege, SoD, and Zero Trust-aligned controls across SSO and IGA.
• Manage certificate, key, and secret lifecycles and ensure secure configuration baselines.
• Automate routine tasks (app onboarding, cert renewals, config backups, campaign setups, rotation checks) using platform APIs and scripts.
• Implement configuration-as-code and environment promotion where supported (Ping and SailPoint).

Responsibilities

• Lead the IAM Keychain Operations team, providing direction, coaching, performance management, and workload prioritization.
• Own operational KPIs/SLAs/SLOs for key and certificate services (availability, turnaround time, renewal success rate, incident reduction).
• Establish and maintain runbooks, SOPs, on-call rotations, and escalation paths.
• Own day-to-day operations for Ping Identity and SailPoint platforms, ensuring availability, performance, and security SLAs.
• Proactively monitor platform health, perform routine checks, capacity planning, backups, and schedule/execute maintenance, patching, and upgrades.
• Triage and resolve incidents, service requests, and problems; lead root cause analysis and implement permanent fixes.
• Administer PingFederate, PingAccess, PingDirectory, and PingID/PingOne (as applicable).
• Onboard and maintain OIDC/SAML integrations: configure IdP/SP connections, manage metadata, certificates, and key rotation.
• Operate SailPoint platforms: IdentityIQ and/or IdentityNow (Identity Security Cloud), including task scheduling, health checks, and upgrades.
• Application onboarding and connector operations (e.g., AD/Entra ID, LDAP, Azure, Workday/SuccessFactors, ServiceNow, SAP, Oracle, databases, SaaS apps).
• Maintain and tune provisioning policies, entitlements, SoD policies/violations, and exception handling.
• Develop and support SailPoint rules/workflows and automation: IdentityIQ: BeanShell/Java rules, lifecycle manager workflows, task definitions, plugin/config promotion. IdentityNow: sources, transforms, rules, lifecycle events, connectors, sp-config export/import, REST APIs.
• Enforce least privilege, SoD, and Zero Trust-aligned controls across SSO and IGA.
• Manage certificate, key, and secret lifecycles and ensure secure configuration baselines.
• Automate routine tasks (app onboarding, cert renewals, config backups, campaign setups, rotation checks) using platform APIs and scripts.
• Implement configuration-as-code and environment promotion where supported (Ping and SailPoint).