Sr. Identity Engineer- IIQ/ISC/Zilla
This position will be fully remote and can be hired anywhere in the continental U.S.
Our Advanced Fusion Center Identity practice runs and improves clients’ SailPoint ISC/IIQ and Zilla programs day-to-day. As a Sr. Identity Engineer, you will handle escalations from Tier 1, stabilize and optimize production, and drive small/medium enhancements. The Sr. Identity Engineer will keep identity lifecycle, access requests, certifications, and policy enforcement humming— with operational discipline, measurable SLAs, and crisp client communication. CyberArk and Okta integrations are nice-to-have, not the main event.
Bottom line, this is a dual-platform Tier-2 identity operations role inside AFC. You’ll keep Zilla and SailPoint governance reliable at scale, automate the boring stuff, and speak plainly about risk, impact, and fixes.
How you’ll make an impact
Keep Sources, Identity Profiles, Access Profiles, Entitlements, Roles, Lifecycle events, Access Requests, Approvals, and Certifications healthy and on-schedule.
Build and optimize workflows, transforms, and policies (SoD, RBAC) in Zilla and ISC.
Monitor and resolve aggregations, account correlations, provisioning failures, and campaign anomalies, tune schedules and thresholds.
Maintain and troubleshoot Virtual Appliance (VA) health, connector upgrades, and connectivity (e.g., AD/Entra, HRIS, SaaS apps, databases).
Build and maintain Workflows (low code), Transforms, policies (SoD, separation of function), and request/catalog items.
Run monthly health checks and deliver operational reports (KPIs, trendlines, incidents, changes, and risk/compliance signals).
Act as escalation for Tier 1: triage, contain, and restore; perform root cause analysis and implement durable fixes.
Create and improve runbooks/SOPs; automate recurring fixes and checks.
Plan and execute low-risk changes (connector tuning, attribute mappings, workflow edits, catalog updates) within ITSM guardrails.
Contribute to release readiness: sandbox validation, UAT coordination, deployment notes, and rollback plans.
Translate operational signals into clear actions for client IAM owners and app teams.
Advise on access modeling (Access Profiles vs. Roles), campaign design, and birthright vs. requestable access.
Provide backlog intake sizing for Tier-3/architecture where code or complex redesigns are required.
Okta/Entra ID Integration experience: Govern downstream via SCIM/API targets; align joiner/mover/leaver flows; validate group/entitlement posture.
CyberArk (PAM) Integration experience: Support governance integrations (e.g., safe/platform entitlement visibility, request/approval via SailPoint); assist with out-of-band privilege variance findings and clean-up campaigns.
Feed events and metrics to SIEM/SOC (webhooks/API), enrich tickets with context, and contribute to correlation use-cases (e.g., excessive privilege anomalies, orphan/rogue accounts).
Partner with compliance teams on attestation evidence, control testing cadence, and audit responses.
What we’re hiring for
5+ years of verifiable IAM operations/consulting experience, with at least 1 year hands-on in SailPoint IIQ in production.
Recent (≤12 months) hands-on experience with SailPoint ISC/IDP and Zilla in production environments.
Experience with SailPoint ISC, nice to have
Proven Tier-2 ownership of aggregations, correlation, provisioning, certifications, workflow/transform tuning, catalog & access model hygiene, and VA/connector health.
Solid grasp of identity lifecycle (joiner/mover/leaver), request/approval patterns, SoD policy design, and RBAC in large, distributed environments.
Comfortable with logs, metrics, and MTTR/SLAs; can turn noisy failures into stable automation.
Strong written/verbal communication—clear incident timelines, executive-level status, and precise change plans.
Familiarity with Entra ID/AD, HR sources, and common SaaS targets from an IIQ connector perspective.
SailPoint IIQ (Workflows, Access Requests, Certifications, Identity & Access Profiles, Transforms, Policies, Reports)
Virtual Appliances, connector logs, account activity, and provisioning task views
ITSM (ServiceNow/Jira), Confluence/knowledge base, basic API tooling (Postman/Curl) for IIQ v3 endpoints
Basic scripting for ops automation (PowerShell or Python) and CSV/data fixes where appropriate
Okta (governance targets via SCIM/API; SSO basics helpful but not the focus)- nice to have
CyberArk governance integration (safe/platform entitlement visibility and request flows)- nice to have
Cloud platforms (AWS/GCP) as identity sources/targets- nice to have
Security/compliance context: SOC 2, SOX, HIPAA, PCI; evidence packaging for audits- nice to have
Certifications (SailPoint, Microsoft, ISC²) are a plus, not a gate
#LI-TW1
#LI-Remote
What you can expect from Optiv
A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups.
Work/life balance
Professional training resources
Creative problem-solving and the ability to tackle unique, complex projects
Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities.
The ability and technology necessary to productively work remotely/from home (where applicable)
EEO Statement
Optiv is an equal opportunity employer. All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity or expression, sexual orientation, pregnancy, age 40 and over, marital status, genetic information, national origin, status as an individual with a disability, military or veteran status, or any other basis protected by federal, state, or local law.
Optiv respects your privacy. By providing your information through this page or applying for a job at Optiv, you acknowledge that Optiv will collect, use, and process your information, which may include personal information and sensitive personal information, in connection with Optiv’s selection and recruitment activities. For additional details on how Optiv uses and protects your personal information in the application process, click here to view our Applicant Privacy Notice. If you sign up to receive notifications of job postings, you may unsubscribe at any time.
Sr. Identity Engineer- IIQ/ISC/Zilla
This position will be fully remote and can be hired anywhere in the continental U.S.
Our Advanced Fusion Center Identity practice runs and improves clients’ SailPoint ISC/IIQ and Zilla programs day-to-day. As a Sr. Identity Engineer, you will handle escalations from Tier 1, stabilize and optimize production, and drive small/medium enhancements. The Sr. Identity Engineer will keep identity lifecycle, access requests, certifications, and policy enforcement humming— with operational discipline, measurable SLAs, and crisp client communication. CyberArk and Okta integrations are nice-to-have, not the main event.
Bottom line, this is a dual-platform Tier-2 identity operations role inside AFC. You’ll keep Zilla and SailPoint governance reliable at scale, automate the boring stuff, and speak plainly about risk, impact, and fixes.
How you’ll make an impact
Keep Sources, Identity Profiles, Access Profiles, Entitlements, Roles, Lifecycle events, Access Requests, Approvals, and Certifications healthy and on-schedule.
Build and optimize workflows, transforms, and policies (SoD, RBAC) in Zilla and ISC.
Monitor and resolve aggregations, account correlations, provisioning failures, and campaign anomalies, tune schedules and thresholds.
Maintain and troubleshoot Virtual Appliance (VA) health, connector upgrades, and connectivity (e.g., AD/Entra, HRIS, SaaS apps, databases).
Build and maintain Workflows (low code), Transforms, policies (SoD, separation of function), and request/catalog items.
Run monthly health checks and deliver operational reports (KPIs, trendlines, incidents, changes, and risk/compliance signals).
Act as escalation for Tier 1: triage, contain, and restore; perform root cause analysis and implement durable fixes.
Create and improve runbooks/SOPs; automate recurring fixes and checks.
Plan and execute low-risk changes (connector tuning, attribute mappings, workflow edits, catalog updates) within ITSM guardrails.
Contribute to release readiness: sandbox validation, UAT coordination, deployment notes, and rollback plans.
Translate operational signals into clear actions for client IAM owners and app teams.
Advise on access modeling (Access Profiles vs. Roles), campaign design, and birthright vs. requestable access.
Provide backlog intake sizing for Tier-3/architecture where code or complex redesigns are required.
Okta/Entra ID Integration experience: Govern downstream via SCIM/API targets; align joiner/mover/leaver flows; validate group/entitlement posture.
CyberArk (PAM) Integration experience: Support governance integrations (e.g., safe/platform entitlement visibility, request/approval via SailPoint); assist with out-of-band privilege variance findings and clean-up campaigns.
Feed events and metrics to SIEM/SOC (webhooks/API), enrich tickets with context, and contribute to correlation use-cases (e.g., excessive privilege anomalies, orphan/rogue accounts).
Partner with compliance teams on attestation evidence, control testing cadence, and audit responses.
What we’re hiring for
5+ years of verifiable IAM operations/consulting experience, with at least 1 year hands-on in SailPoint IIQ in production.
Recent (≤12 months) hands-on experience with SailPoint ISC/IDP and Zilla in production environments.
Experience with SailPoint ISC, nice to have
Proven Tier-2 ownership of aggregations, correlation, provisioning, certifications, workflow/transform tuning, catalog & access model hygiene, and VA/connector health.
Solid grasp of identity lifecycle (joiner/mover/leaver), request/approval patterns, SoD policy design, and RBAC in large, distributed environments.
Comfortable with logs, metrics, and MTTR/SLAs; can turn noisy failures into stable automation.
Strong written/verbal communication—clear incident timelines, executive-level status, and precise change plans.
Familiarity with Entra ID/AD, HR sources, and common SaaS targets from an IIQ connector perspective.
SailPoint IIQ (Workflows, Access Requests, Certifications, Identity & Access Profiles, Transforms, Policies, Reports)
Virtual Appliances, connector logs, account activity, and provisioning task views
ITSM (ServiceNow/Jira), Confluence/knowledge base, basic API tooling (Postman/Curl) for IIQ v3 endpoints
Basic scripting for ops automation (PowerShell or Python) and CSV/data fixes where appropriate
Okta (governance targets via SCIM/API; SSO basics helpful but not the focus)- nice to have
CyberArk governance integration (safe/platform entitlement visibility and request flows)- nice to have
Cloud platforms (AWS/GCP) as identity sources/targets- nice to have
Security/compliance context: SOC 2, SOX, HIPAA, PCI; evidence packaging for audits- nice to have
Certifications (SailPoint, Microsoft, ISC²) are a plus, not a gate
#LI-TW1
#LI-Remote
What you can expect from Optiv
A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups.
Work/life balance
Professional training resources
Creative problem-solving and the ability to tackle unique, complex projects
Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities.
The ability and technology necessary to productively work remotely/from home (where applicable)
EEO Statement
Optiv is an equal opportunity employer. All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity or expression, sexual orientation, pregnancy, age 40 and over, marital status, genetic information, national origin, status as an individual with a disability, military or veteran status, or any other basis protected by federal, state, or local law.
Optiv respects your privacy. By providing your information through this page or applying for a job at Optiv, you acknowledge that Optiv will collect, use, and process your information, which may include personal information and sensitive personal information, in connection with Optiv’s selection and recruitment activities. For additional details on how Optiv uses and protects your personal information in the application process, click here to view our Applicant Privacy Notice. If you sign up to receive notifications of job postings, you may unsubscribe at any time.