IT Security Architect

SailPoint, the industry leader in Identity Security, is looking for an Identity professional to contribute to our company’s internal corporate Identity program. The Identity Security Engineer will be a key team member in our growing and impactful organization as SailPoint continues to scale globally as the industry leader in Identity Security. This position will report to the Manager of Identity Security Architecture & Engineering and will support SailPoint’s internal Identity & Access Management (IAM) & Privileged Access Management (PAM) systems and operations.
As an Identity Security Engineer, you will be responsible for the design, installation, operation and maintenance of our IAM infrastructure(s) and capabilities. You will analyze, develop, and build / implement processes & technology to ensure the comprehensive and timely delivery of Identity Security services. Expect to work in cross-functional teams across IT, Cybersecurity, DevOps & Desktop Engineering, Support, Professional Services, and Corporate Compliance in support of the program. Make your mark in a high energy environment at one of the most consistently highest rated “best places to work” in Austin over the past 10 years!

Job Responsibilities

• Design, build, configure and deploy SailPoint’s IAM and PAM services & solution(s), including identity & accounts management, access management policies & associated controls, identity verification & authentication, secrets management, privileged access management as well as audit & reporting.

• Conduct analysis, generate designs & procedures, work closely with stakeholders to define use-cases, keep & maintain inventories, and develop comprehensive documentation & diagrams.

• Support IAM infrastructure operations, including troubleshooting user issues, change management, and performing system administration & maintenance.

• Monitor and respond to any capacity and/or performance needs, including rotational on-call support for the IAM infrastructure.

• Provide regular reports to leadership regarding security, data governance, capacity, performance, usage and licensing.

• Lead projects, provide security consultation(s), and develop detailed project plans for various projects & phases (PoC, Pilot, Production rollouts).

• Recommend and implement modifications that will enhance system usability & reliability while analyzing all aspects of the existing infrastructure.

• Proactively establish and grow a broad collaboration with business analysts, app / system owners, architects and engineers focusing on strategy, proliferation of automation & integrations, as well as defining / building and refining enterprise services & capabilities.

• Provide training on changes to system architecture and/or user experience (UX), document support procedures, and analyze user feedback to minimize impacts and maximize value to the business.

• Devise, develop and implement SOPs, SLAs and supporting workflows and approval criteria.

• Collect, analyze and decipher identity and security metrics & event data in order to provide meaningful recommendations to improve current policy configurations, and improvements to the UX.

Required Qualifications

• 2-4 years of experience using, installing, and administering IAM solutions.

• Solid understanding of IAM concepts, associated controls, terminology & technology.

• Experience administering and integrating tier zero identity infrastructure that provides AAA services such as MS Active Directory, Azure Active Directory, including Multi-Factor Authentication (MFA) services & controls.

• Preferred but not required: Bachelor’s degree in Information Security, Cybersecurity, Computer Science, Engineering.

• Solid knowledge / understanding of IAM patterns with Active Directory, GPO, Azure Active Directory, and cloud platforms such as AWS and GCP.

• Experience with developing and using PowerShell scripting.

• Strong customer service and interpersonal skills.

• Knowledge of common security standards such as NIST & GDPR.

• Good knowledge of managing infrastructure & endpoints in an enterprise setting.

• Must be a team player and analytical thinker, with robust troubleshooting skills and a creative problem-solving approach.

• Must be able to work with stakeholders & end-users who are located across the globe.

• Ability to work independently, present and describe highly technical topics in a non-technical manner, and effectively communicate with / educate business stakeholders at all levels, from individual contributors to C-level executives.

• Ability to produce and maintain detailed technical documentation, business processes and training material.

• Basic understanding of QA methodology including usability testing, performance testing, automated testing, test scripts, test cases and test plans.

• Familiarity with continuous delivery model and agile development processes.

• Must be flexible, willing to undertake a wide variety of new and challenging tasks all while driving results.

• Must be a US Citizen

Preferred Skills

• 4+ years of experience with administering & supporting the technology and associated business processes across the IAM domain for larger enterprise environments; ideally, within the software industry vertical. Industry and platform certifications are desirable.

• Extensive knowledge & experience designing, implementing, managing, and supporting Microsoft’s IAM products & services, including Microsoft Active Directory, Azure Active Directory (AAD), Conditional Access Policies, Azure AD Connect, Microsoft Identity Manager (MIM), Privileged Identity Management (PIM), and Azure MFA.

• Experience with implementing, administering, and supporting SailPoint’s IdentityNow and/or IdentityIQ (IIQ) IGA products.

• Experience with protocol-based Single Sign-On (SSO), Federated Identity Management (FIM), and virtual directory concepts & technology.

• Experience building, managing & maintaining ISO27001, SOC2, FedRAMP & SOX environments.

• 4+ years of experience with APIs and scripting languages (e.g. JavaScript, Python, etc).

• Experience with JSON, XML, SOAP and REST web-services.

Within 30 days, you will:

• SailPoint Overview: Learn about the company’s history, mission, and the core values that drive the "best places to work" culture.

• Meet the Team & Key Stakeholders: Introduce yourself and build relationships with your manager, the Identity Security Architecture & Engineering team, and key partners across IT, Cybersecurity, DevOps, and Compliance.

• Mentorship: Meet your onboarding buddy and establish a regular cadence for 1:1 meetings with your manager to align on expectations and priorities.

• Understand the Environment: Gain "read-only" access to the core IAM/PAM infrastructure (SailPoint, Entra ID, AD, etc.). Review existing architecture diagrams, documentation, and standard operating procedures (SOPs) to understand the current state.

• Tools & Systems: Familiarize yourself with the primary tools provided, including SailPoint’s internal instances, Azure/AWS/GCP consoles, scripting environments (PowerShell), and project management systems.

Within 60 days, you will:

• Enablement & Training: Complete all corporate and role-specific onboarding, achieve relevant SailPoint certifications, and finish all assigned compliance and security tasks.

• Shadowing & Analysis: Shadow team members on operational tasks, such as troubleshooting user issues and performing system maintenance. Begin analyzing existing policies, access controls, and configurations to identify potential areas for improvement.

• Stakeholder Engagement: Begin participating in meetings with business analysts and application owners to understand their use cases and how they interact with the IAM ecosystem.

Within 90 days, you will:

• Lead a Project: Take ownership of a small-scale project or a distinct phase of a larger initiative, such as a PoC for a new integration or the production rollout of a new access policy. Develop the detailed project plan and lead the execution.

• Enhance System Reliability: Based on your analysis from the first 60 days, recommend and begin implementing a modification to enhance system usability or reliability, documenting the changes and support procedures.

• Develop & Report: Devise a new SOP or SLA for a specific IT service. Begin collecting and analyzing identity metrics to provide your first report to leadership on security posture, capacity, or UX improvements.

• Proactive Collaboration: Proactively establish a working group with stakeholders from a specific business unit to refine their identity services or build a roadmap for future integrations.

• Continuous Learning: Stay current with the internal product roadmap, actively seek feedback from peers and your manager, and begin presenting technical topics to non-technical stakeholders in project meetings.

Benefits and Compensation listed vary based on the location of your employment and the nature of your employment with SailPoint.

As a part of the total compensation package, this role may be eligible for the SailPoint Corporate Bonus Plan or a role-specific commission, along with potential eligibility for equity participation. SailPoint maintains broad salary ranges for its roles to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect SailPoint’s differing products, industries, and lines of business. Candidates are typically placed into the range based on the preceding factors as well as internal peer equity. We estimate the base salary, for US-based employees, will be in this range from (min-mid-max, USD):

Base salaries for employees based in other locations are competitive for the employee’s home location.

Benefits Overview

1. Health and wellness coverage: Medical, dental, and vision insurance

2. Disability coverage: Short-term and long-term disability

3. Life protection: Life insurance and Accidental Death & Dismemberment (AD&D)

4. Additional life coverage options: Supplemental life insurance for employees, spouses, and children

5. Flexible spending accounts for health care, and dependent care; limited purpose flexible spending account

6. Financial security: 401(k) Savings and Investment Plan with company matching

7. Time off benefits: Flexible vacation policy

8. Holidays: 8 paid holidays annually

9. Sick leave

10. Parental support: Paid parental leave

11. Employee Assistance Program (EAP) and Care Counselors

12. Voluntary benefits: Legal Assistance, Critical Illness, Accident, Hospital Indemnity and Pet Insurance options

13. Health Savings Account (HSA) with employer contribution

SailPoint is an equal opportunity employer and we welcome all qualified candidates to apply to join our team.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable law.  

Alternative methods of applying for employment are available to individuals unable to submit an application through this site because of a disability. Contact [email protected] or mail to 11120 Four Points Dr, Suite 100, Austin, TX 78726, to discuss reasonable accommodations.  NOTE: Any unsolicited resumes sent by candidates or agencies to this email will not be considered for current openings at SailPoint.