Sr. SailPoint Engineer- ISC & IIQ | Remote, USA

About The Position

Requirements

• 5+ years of verifiable IAM operations/consulting experience, with at least 2 years hands-on in SailPoint IIQ and ISC in production.
• Recent (≤12 months) hands-on experience with SailPoint ISC/IDP in a production setting.
• Proven Tier-2 ownership of aggregations, correlation, provisioning, certifications, workflow/transform tuning, catalog & access model hygiene, and VA/connector health.
• Solid grasp of identity lifecycle (joiner/mover/leaver), request/approval patterns, SoD policy design, and RBAC in large, distributed environments.
• Comfortable with logs, metrics, and MTTR/SLAs; can turn noisy failures into stable automation.
• Strong written/verbal communication—clear incident timelines, executive-level status, and precise change plans.
• Familiarity with Entra ID/AD, HR sources, and common SaaS targets from an IIQ connector perspective.
• SailPoint IIQ (Workflows, Access Requests, Certifications, Identity & Access Profiles, Transforms, Policies, Reports)
• Virtual Appliances, connector logs, account activity, and provisioning task views
• ITSM (ServiceNow/Jira), Confluence/knowledge base, basic API tooling (Postman/Curl) for IIQ v3 endpoints
• Basic scripting for ops automation (PowerShell or Python) and CSV/data fixes where appropriate

Nice To Haves

• CyberArk and Okta integrations are nice-to-have.
• Okta (governance targets via SCIM/API; SSO basics helpful but not the focus)
• CyberArk governance integration (safe/platform entitlement visibility and request flows)
• Cloud platforms (AWS/GCP) as identity sources/targets
• Security/compliance context: SOC 2, SOX, HIPAA, PCI; evidence packaging for audits
• Certifications (SailPoint, Microsoft, ISC²)

Responsibilities

• Keep Sources, Identity Profiles, Access Profiles, Entitlements, Roles, Lifecycle events, Access Requests, Approvals, and Certifications healthy and on-schedule.
• Build and optimize workflows, transforms, and policies (SoD, RBAC) in IIQ and ISC.
• Monitor and resolve aggregations, account correlations, provisioning failures, and campaign anomalies, tune schedules and thresholds.
• Maintain and troubleshoot Virtual Appliance (VA) health, connector upgrades, and connectivity (e.g., AD/Entra, HRIS, SaaS apps, databases).
• Build and maintain Workflows (low code), Transforms, policies (SoD, separation of function), and request/catalog items.
• Run monthly health checks and deliver operational reports (KPIs, trendlines, incidents, changes, and risk/compliance signals).
• Act as escalation for Tier 1: triage, contain, and restore; perform root cause analysis and implement durable fixes.
• Create and improve runbooks/SOPs; automate recurring fixes and checks.
• Plan and execute low-risk changes (connector tuning, attribute mappings, workflow edits, catalog updates) within ITSM guardrails.
• Contribute to release readiness: sandbox validation, UAT coordination, deployment notes, and rollback plans.
• Translate operational signals into clear actions for client IAM owners and app teams.
• Advise on access modeling (Access Profiles vs. Roles), campaign design, and birthright vs. requestable access.
• Provide backlog intake sizing for Tier-3/architecture where code or complex redesigns are required.
• Okta/Entra ID Integration experience: Govern downstream via SCIM/API targets; align joiner/mover/leaver flows; validate group/entitlement posture.
• CyberArk (PAM) Integration experience: Support governance integrations (e.g., safe/platform entitlement visibility, request/approval via SailPoint); assist with out-of-band privilege variance findings and clean-up campaigns.
• Feed events and metrics to SIEM/SOC (webhooks/API), enrich tickets with context, and contribute to correlation use-cases (e.g., excessive privilege anomalies, orphan/rogue accounts).
• Partner with compliance teams on attestation evidence, control testing cadence, and audit responses.

Benefits

• A company committed to our inclusive value through our Employee Resource Groups
• Work/life balance
• Professional training resources
• Creative problem-solving and the ability to tackle unique, complex projects
• Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities.
• The ability and technology necessary to productively work remotely/from home (where applicable)