Sr. Identity Engineer- IIQ/ISC/Zilla

This position will be fully remote and can be hired anywhere in the continental U.S.

Our Advanced Fusion Center Identity practice runs and improves clients’ SailPoint ISC/IIQ and Zilla programs day-to-day. As a Sr. Identity Engineer you will handle escalations from Tier 1 stabilize and optimize production and drive small/medium enhancements. The Sr. Identity Engineer will keep identity lifecycle access requests certifications and policy enforcement humming— with operational discipline measurable SLAs and crisp client communication. CyberArk and Okta integrations are nice-to-have not the main event.

Bottom line this is a dual-platform Tier-2 identity operations role inside AFC. You’ll keep Zilla and SailPoint governance reliable at scale automate the boring stuff and speak plainly about risk impact and fixes.

How you’ll make an impact

• Keep Sources Identity Profiles Access Profiles Entitlements Roles Lifecycle events Access Requests Approvals and Certifications healthy and on-schedule.

• Build and optimize workflows transforms and policies (SoD RBAC) in Zilla and ISC.

• Monitor and resolve aggregations account correlations provisioning failures and campaign anomalies tune schedules and thresholds.

• Maintain and troubleshoot Virtual Appliance (VA) health connector upgrades and connectivity (e.g. AD/Entra HRIS SaaS apps databases).

• Build and maintain Workflows (low code) Transforms policies (SoD separation of function) and request/catalog items.

• Run monthly health checks and deliver operational reports (KPIs trendlines incidents changes and risk/compliance signals).

• Act as escalation for Tier 1: triage contain and restore; perform root cause analysis and implement durable fixes.

• Create and improve runbooks/SOPs; automate recurring fixes and checks.

• Plan and execute low-risk changes (connector tuning attribute mappings workflow edits catalog updates) within ITSM guardrails.

• Contribute to release readiness: sandbox validation UAT coordination deployment notes and rollback plans.

• Translate operational signals into clear actions for client IAM owners and app teams.

• Advise on access modeling (Access Profiles vs. Roles) campaign design and birthright vs. requestable access.

• Provide backlog intake sizing for Tier-3/architecture where code or complex redesigns are required.

• Okta/Entra ID Integration experience: Govern downstream via SCIM/API targets; align joiner/mover/leaver flows; validate group/entitlement posture.

• CyberArk (PAM) Integration experience: Support governance integrations (e.g. safe/platform entitlement visibility request/approval via SailPoint); assist with out-of-band privilege variance findings and clean-up campaigns.

• Feed events and metrics to SIEM/SOC (webhooks/API) enrich tickets with context and contribute to correlation use-cases (e.g. excessive privilege anomalies orphan/rogue accounts).

• Partner with compliance teams on attestation evidence control testing cadence and audit responses.

What we’re hiring for

• 5+ years of verifiable IAM operations/consulting experience with at least 1 year hands-on in SailPoint IIQ in production.

• Recent (≤12 months) hands-on experience with SailPoint ISC/IDP and Zilla in production environments.

• Experience with SailPoint ISC nice to have

• Proven Tier-2 ownership of aggregations correlation provisioning certifications workflow/transform tuning catalog & access model hygiene and VA/connector health.

• Solid grasp of identity lifecycle (joiner/mover/leaver) request/approval patterns SoD policy design and RBAC in large distributed environments.

• Comfortable with logs metrics and MTTR/SLAs; can turn noisy failures into stable automation.

• Strong written/verbal communication—clear incident timelines executive-level status and precise change plans.

• Familiarity with Entra ID/AD HR sources and common SaaS targets from an IIQ connector perspective.

• SailPoint IIQ (Workflows Access Requests Certifications Identity & Access Profiles Transforms Policies Reports)

• Virtual Appliances connector logs account activity and provisioning task views

• ITSM (ServiceNow/Jira) Confluence/knowledge base basic API tooling (Postman/Curl) for IIQ v3 endpoints

• Basic scripting for ops automation (PowerShell or Python) and CSV/data fixes where appropriate

• Okta (governance targets via SCIM/API; SSO basics helpful but not the focus)- nice to have

• CyberArk governance integration (safe/platform entitlement visibility and request flows)- nice to have

• Cloud platforms (AWS/GCP) as identity sources/targets- nice to have

• Security/compliance context: SOC 2 SOX HIPAA PCI; evidence packaging for audits- nice to have

• Certifications (SailPoint Microsoft ISC²) are a plus not a gate

#LI-TW1

#LI-Remote

What you can expect from Optiv

• A company committed to championing Diversity Equality and Inclusion through our Employee Resource Groups .

• Work/life balance

• Professional training resources

• Creative problem-solving and the ability to tackle unique complex projects

• Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities.

• The ability and technology necessary to productively work remotely/from home (where applicable)

EEO Statement

Optiv is an equal opportunity employer. All qualified applicants for employment will be considered without regard to race color religion sex gender identity or expression sexual orientation pregnancy age 40 and over marital status genetic information national origin status as an individual with a disability military or veteran status or any other basis protected by federal state or local law.

Optiv respects your privacy. By providing your information through this page or applying for a job at Optiv you acknowledge that Optiv will collect use and process your information which may include personal information and sensitive personal information in connection with Optiv’s selection and recruitment activities.  For additional details on how Optiv uses and protects your personal information in the application process click here to view our Applicant Privacy Notice . If you sign up to receive notifications of job postings you may unsubscribe at any time.