Sr. SailPoint Engineer- ISC | Remote, USA

This position will be fully remote and can be hired anywhere in the continental U.S. 

Our Advanced Fusion Center Identity practice runs and improves clients’ SailPoint ISC programs day-to-day. As a Sr. SailPoint Engineer, you will handle escalations from Tier 1, stabilize and optimize production, and drive small/medium enhancements. The Sr. SailPoint Engineer will keep identity lifecycle, access requests, certifications, and policy enforcement humming— with operational discipline, measurable SLAs, and crisp client communication. CyberArk and Okta integrations are nice-to-have, not the main event. 
 

How you’ll make an impact

• Keep Sources, Identity Profiles, Access Profiles, Entitlements, Roles, Lifecycle events, Access Requests, Approvals, and Certifications healthy and on-schedule. 

• Monitor and resolve aggregations, account correlations, provisioning failures, and campaign anomalies, tune schedules and thresholds. 

• Maintain and troubleshoot Virtual Appliance (VA) health, connector upgrades, and connectivity (e.g., AD/Entra, HRIS, SaaS apps, databases). 

• Build and maintain Workflows (low code), Transforms, policies (SoD, separation of function), and request/catalog items. 

• Run monthly health checks and deliver operational reports (KPIs, trendlines, incidents, changes, and risk/compliance signals). 

• Act as escalation for Tier 1: triage, contain, and restore; perform root cause analysis and implement durable fixes. 

• Create and improve runbooks/SOPs; automate recurring fixes and checks. 

• Plan and execute low-risk changes (connector tuning, attribute mappings, workflow edits, catalog updates) within ITSM guardrails. 

• Contribute to release readiness: sandbox validation, UAT coordination, deployment notes, and rollback plans. 

• Translate operational signals into clear actions for client IAM owners and app teams. 

• Advise on access modeling (Access Profiles vs. Roles), campaign design, and birthright vs. requestable access. 

• Provide backlog intake sizing for Tier-3/architecture where code or complex redesigns are required. 

• Okta/Entra ID Integration experience: Govern downstream via SCIM/API targets; align joiner/mover/leaver flows; validate group/entitlement posture. 

• CyberArk (PAM) Integration experience: Support governance integrations (e.g., safe/platform entitlement visibility, request/approval via SailPoint); assist with out-of-band privilege variance findings and clean-up campaigns. 

• Feed events and metrics to SIEM/SOC (webhooks/API), enrich tickets with context, and contribute to correlation use-cases (e.g., excessive privilege anomalies, orphan/rogue accounts). 

• Partner with compliance teams on attestation evidence, control testing cadence, and audit responses. 

 
 What we’re hiring for

• 5+ years of verifiable IAM operations/consulting experience, with at least 1 year hands-on in SailPoint ISC (IdentityNow/ISC) in production. 

• Proven Tier-2 ownership of aggregations, correlation, provisioning, certifications, workflow/transform tuning, catalog & access model hygiene, and VA/connector health. 

• Solid grasp of identity lifecycle (joiner/mover/leaver), request/approval patterns, SoD policy design, and RBAC in large, distributed environments. 

• Comfortable with logs, metrics, and MTTR/SLAs; can turn noisy failures into stable automation. 

• Strong written/verbal communication—clear incident timelines, executive-level status, and precise change plans. 

• Familiarity with Entra ID/AD, HR sources, and common SaaS targets from an ISC connector perspective. 

• SailPoint ISC (Workflows, Access Requests, Certifications, Identity & Access Profiles, Transforms, Policies, Reports) 

• Virtual Appliances, connector logs, account activity, and provisioning task views 

• ITSM (ServiceNow/Jira), Confluence/knowledge base, basic API tooling (Postman/Curl) for ISC v3 endpoints 

• Basic scripting for ops automation (PowerShell or Python) and CSV/data fixes where appropriate 

• Okta (governance targets via SCIM/API; SSO basics helpful but not the focus)- nice to have

• CyberArk governance integration (safe/platform entitlement visibility and request flows)- nice to have

• Cloud platforms (AWS/GCP) as identity sources/targets- nice to have

• Security/compliance context: SOC 2, SOX, HIPAA, PCI; evidence packaging for audits- nice to have

• Certifications (SailPoint, Microsoft, ISC²) are a plus, not a gate

#LI-TW1

#LI-Remote

What you can expect from Optiv

• A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups.
• Work/life balance
• Professional training resources
• Creative problem-solving and the ability to tackle unique, complex projects
• Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities.
• The ability and technology necessary to productively work remotely/from home (where applicable)

EEO Statement

Optiv is an equal opportunity employer. All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity or expression, sexual orientation, pregnancy, age 40 and over, marital status, genetic information, national origin, status as an individual with a disability, military or veteran status, or any other basis protected by federal, state, or local law.

Optiv respects your privacy. By providing your information through this page or applying for a job at Optiv, you acknowledge that Optiv will collect, use, and process your information, which may include personal information and sensitive personal information, in connection with Optiv’s selection and recruitment activities.  For additional details on how Optiv uses and protects your personal information in the application process, click here to view our Applicant Privacy Notice. If you sign up to receive notifications of job postings, you may unsubscribe at any time.