IAM Engineer: SailPoint

Responsibilities

Job Description

What will you contribute?

The Identity and Access Management (IAM) Engineer: SailPoint will help facilitate the tactical and strategic advancement of Finastra's IAM program, which includes Identity Governance & Administration (IGA) and Privileged Access Management (PAM) solutions. As part of the broader Information Security organization, this role will participate in a multidisciplinary information security team, applying fundamental systems security understanding, skills, expertise, and experience to maintain and operate complex information systems and security tools that satisfy organizational mission and/or business requirements, including stakeholder protection needs and security requirements. The role will also be responsible for researching, planning, coordinating, and implementing IAM solutions. The ideal candidate will be self-directed and work effectively in a diverse team environment.

Responsibilities & Deliverables:

• Owns the configuration, administration, and maintenance of current solution technologies: SailPoint IdentityNow (IDN) and DUO MFA, including both the infrastructure as well as the application itself

• Owns all the integrations to and from our IGA and MFA platforms

• Works with the teams for other Enterprise Applications (HRIS, directories, ticketing) and the Helpdesk as needed to tackle failures of normal data flow

• Engages with SailPoint Support when a product failure is suspected

• Provides input to the IAM roadmap as it pertains to our current and future solution technologies and aligns priorities to support the roadmap's realization

• Extends the functionality of the IdentityNow product through PowerShell scripts running against the IDN API using agile methodology and following appropriate change management procedures

• Identifies opportunities for improvement in code and processes and comes up with detailed solutions

• Addresses the L3 (engineering) ticket queue in a timely fashion and provides a backstop when Operations personnel cannot handle an issue

• Oversees access control governance procedures, including periodic access reviews

• Performs IGA work, even if outside of SailPoint systems, such as service account governance and audit support

• Drives IAM initiatives to improve our broader security posture, provides hands-on support for them as needed, and demonstrates their progress by means of metrics

• Owns the relevant documentation and training required for IAM initiatives and routines (e.g.: runbooks for the Ops team and Helpdesk, as well as end-user guides)

• Effectively communicates with the larger cybersecurity organization, other teams and all levels of management using detailed analysis of data and summaries for both technical and non-technical audiences

• Understands risk, thinks through the security impact of decisions, and communicates clearly and concisely to advocate for security throughout the organization

• Can identify dangerous actions and act accordingly to minimize risk

• Stays current on security trends and industry best practices, providing input and recommendations based on research

Knowledge / Skills:

• Extensive knowledge of IAM concepts, e.g.: authentication, authorization, account lifecycle (joiner, mover, leaver), password policies, MFA principles, RBAC/ABAC, least-privilege, zero-trust, machine identities, service account governance, privileged access management, etc.

• In-depth experience and granular knowledge of the SailPoint object model, gained from either IdentityIQ or IdentityNow

• Knowledge of basic data structures and understanding of algorithmic complexity a must

• Version control (git) required

• Ability to read and write complex scripts in PowerShell required

• Automated deployment for PowerShell scripts and libraries a plus

• Experience using other programming languages (Java, C#, Python, C++, etc.) a plus

• Ability to autonomously find answers from documentation, the API, and the web required

• Familiarity with compliance organizations and standards (i.e., SOX, PCI, etc.) as well as audit support a plus

• Knowledge of LDAP/Active Directory, and relevant IT architecture required

• Knowledge of both Windows and Unix platforms required (bash scripting a plus)

• Knowledge and understanding of REST API concepts (authN/authZ, HTTP verbs, JSON representation of objects) required

• Knowledge of PKI architecture, SSL/TLS, MFA, OAuth principles, and the ability to apply that knowledge in troubleshooting required

• Knowledge of web technologies (XML, HTML, etc.), SaaS applications, network operations (networks, protocols and email [SMTP, POP3]) a plus

• Microsoft Office knowledge (especially the ability to use Excel to quickly analyze CSV or other tabular data) a plus

• Familiarity with DUO MFA administration a plus

• Capable of working cooperatively with leadership, other teams, teammates, vendor support, and non-technical end-users in a challenging, dynamic, and global environment

• Ability to successfully handle multiple priorities simultaneously required

• Excellent written and verbal communication skills required

Experience:

• 2+ years of in-depth experience in IGA engineering using SailPoint products - prefer IdentityNow, but willing to accept IdentityIQ experience with clear demonstrated knowledge of the SailPoint Object Model and IGA principles

• Experience configuring all parts of a SailPoint IGA solution, including but not limited to: lifecycle management, SOD policies, password policies, application onboarding, reporting, certifications, roles and entitlements

• Experience extending the functionality of the IGA product by programming (Beanshell and Powershell)

• Experience providing requested audit and attestation evidence

• Experience managing DUO or another MFA solution a plus

• Experience with password manager technologies (e.g., LastPass) and remote session governance (e.g., CyberArk) a plus

• Experience in meeting goals in a fast-paced environment that can require reprioritizing and balancing needs

Education / Certifications:

• Bachelor's degree from an accredited college or university, or equivalent experience. A degree in Computer Science, Computer/Data Systems Management or a related field or discipline is preferred but not required.

• SailPoint Certifications (Engineer or Architect) are a plus