IAM Operations Consultant ((Ping Identity & SailPoint))
Share
Job Location:
Monthly Salary:
Posted on:
5 hours ago
Vacancies:
1 Vacancy
Job Summary
Role: IAM Operations Consultant (Ping Identity & SailPoint)
Location: Plano TX (Hybrid)
Fulltime
Role Summary:
Key Responsibilities:
Service Operations:
- Own day-to-day operations for Ping Identity and SailPoint platforms ensuring availability performance and security SLAs.
- Proactively monitor platform health perform routine checks capacity planning backups and schedule/execute maintenance patching and upgrades.
- Triage and resolve incidents service requests and problems; lead root cause analysis and implement permanent fixes.
- Execute changes via CAB with clear runbooks rollback plans impact/risk assessments and post-implementation reviews.
- Maintain accurate runbooks SOPs diagrams and operational documentation aligned to audit standards.
Ping Identity (SSO MFA Federation):
- Administer PingFederate PingAccess PingDirectory and PingID/PingOne (as applicable).
- Onboard and maintain OIDC/SAML integrations: configure IdP/SP connections manage metadata certificates and key rotation.
- Implement and tune MFA adaptive policies device trust and conditional access.
- Manage authentication policies token lifecycles attribute mapping session management and header-based access.
- Promote configurations across environments; troubleshoot SSO issues end-to-end with application teams.
- Ensure standards alignment and secure integration patterns for SAML 2.0 OIDC and OAuth 2.0.
SailPoint Identity Governance & Administration:
- Operate SailPoint platforms: IdentityIQ and/or IdentityNow (Identity Security Cloud) including task scheduling health checks and upgrades.
- Application onboarding and connector operations (e.g. AD/Entra ID LDAP Azure Workday/SuccessFactors ServiceNow SAP Oracle databases SaaS apps).
- Manage identity lifecycle (joiner-mover-leaver) account aggregation correlation transforms/mappings roles/access profiles and policies.
- Administer and support access request workflows approval policies birthright/access modeling and role mining (as applicable).
- Run access certification campaigns (setup scheduling execution attestation evidence remediation tracking).
- Maintain and tune provisioning policies entitlements SoD policies/violations and exception handling.
- Troubleshoot provisioning and aggregation failures queue backlogs connector errors rules and workflow issues.
- Develop and support SailPoint rules/workflows and automation:
- IdentityIQ: BeanShell/Java rules lifecycle manager workflows task definitions plugin/config promotion.
- IdentityNow: sources transforms rules lifecycle events connectors sp-config export/import REST APIs.
- Perform data quality checks identity refreshes cleanup jobs and optimize performance and indexing.
Security Compliance and Governance:
- Enforce least privilege SoD and Zero Trust-aligned controls across SSO and IGA.
- Integrate logs with SIEM for monitoring alerting and anomaly detection; define operational thresholds and playbooks.
- Support audits (SOX/PCI/ISO/other): produce evidence enable control testing and remediate findings.
- Manage certificate key and secret lifecycles and ensure secure configuration baselines.
Automation and Continuous Improvement:
- Automate routine tasks (app onboarding cert renewals config backups campaign setups rotation checks) using platform APIs and scripts.
- Implement configuration-as-code and environment promotion where supported (Ping and SailPoint).
- Define operational KPIs measure performance and drive improvements to reduce toil and improve reliability.
- Partner with engineering/architecture to deliver enhancements without operational risk.
Stakeholder Management:
- Collaborate with application owners security infra HRIS and compliance teams to plan changes and onboard services.
- Provide consultative guidance on integration patterns controls and IAM best practices.
- Communicate incident status risks and service health to both technical and non-technical stakeholders.
Required Qualifications:
- 5 8 years in IAM operations/engineering with production ownership.
- 3 years administering Ping Identity (PingFederate PingAccess PingDirectory PingID/PingOne).
- 3 years operating SailPoint (IdentityIQ and/or IdentityNow) in enterprise environments.
- Strong grasp of SAML 2.0 OIDC OAuth 2.0 JWT token policies and certificate management.
- Experience with identity lifecycle provisioning access requests and certification campaigns.
- Windows/Linux administration networking (DNS TLS proxies load balancers) and directory services (AD/LDAP).
- Scripting and APIs: PowerShell and either Python or Java; experience with REST/JSON. For IdentityIQ BeanShell/Java; for IdentityNow transforms and rules.
- Experience with ITSM (e.g. ServiceNow) SIEM (e.g. Splunk) and monitoring (e.g. Datadog Prometheus).
- Solid understanding of ITIL processes and enterprise security practices.
Preferred Qualifications:
- Ping Identity certifications (PingFederate PingAccess) and SailPoint certifications (IdentityIQ/IdentityNow).
- Experience with SailPoint sp-config plugin management (IIQ) connector tuning and performance optimization.
- Knowledge of Azure AD/Entra ID AWS IAM GCP IAM; SCIM provisioning and JIT patterns.
- Exposure to CI/CD for IAM configs Git-based versioning and pipeline-driven deployments.
- Familiarity with compliance frameworks (SOX PCI-DSS ISO 27001) and evidence management.
- Experience integrating HR sources (Workday/SuccessFactors) and ERP apps (SAP/Oracle).
Key Technologies:
- Ping Identity: PingFederate PingAccess PingDirectory PingID/PingOne certificates/keystores.
- SailPoint: IdentityIQ IdentityNow (Identity Security Cloud) rules/workflows connectors transforms sp-config REST APIs.
- Supporting: Active Directory/LDAP/Entra ID HRIS (Workday/SuccessFactors) ServiceNow SIEM reverse proxies/load balancers Git scripting tools.
