Security Architect

Project Role : Security Architect
Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.
Must have skills : SailPoint IdentityIQ
Good to have skills : NA
Minimum 5 year(s) of experience is required
Educational Qualification : 15 years full time education

Summary:
The SailPoint IIQ Operations Engineer is responsible for the day-to-day administration, monitoring, and support of the IdentityIQ platform. This role ensures platform stability, operational excellence, and timely execution of identity governance processes. While primarily operations-focused, the role also encompasses light scripting, workflow configuration, and connector maintenance to support business continuity and process improvements.


Roles & Responsibilities:
- Administer and monitor the SailPoint IIQ environment across Dev, QA, and Production instances
- Manage scheduled tasks, aggregation jobs, and provisioning queues to ensure timely execution
- Monitor system health, application logs (Tomcat, IIQ), and database performance escalate anomalies
- Perform routine platform maintenance including patch application, certificate renewals, and log rotation
- Manage IIQ application server configurations and support environment refreshes and clones
- Execute and oversee Joiner-Mover-Leaver (JML) processes troubleshoot provisioning failures and stuck workflows
- Process manual access request fulfillment and manage approval queue health
- Remediate failed provisioning events and retry/re-trigger identity refresh tasks
- Support onboarding of new applications into IIQ by coordinating with application owners and the IIQ development team
- Launch, monitor, and close access certification campaigns as per the governance calendar
- Ensure timely completion of certifications follow up with certifiers and escalate non-responses
- Produce compliance and audit evidence reports from IIQ for SOX, HIPAA, GDPR, and PCI-DSS requirements
- Maintain audit trail integrity and support internal/external audit requests with data extracts and logs
- Monitor and maintain existing connectors for Active Directory, LDAP, Azure AD, SAP, Workday, ServiceNow, and flat-file sources
- Troubleshoot connector failures, aggregation errors, and data sync issues coordinate resolution with application teams
- Perform minor connector configuration changes and rule adjustments for attribute mapping and correlation
- Support REST/SOAP API integrations with ITSM and HRMS systems handle feed failures and re-processing
- Make targeted modifications to existing BeanShell rules, workflow steps, and email notification templates
- Configure and tune role assignments, access profiles, and entitlement catalog entries
- Write and maintain basic IIQ task definitions and scheduled reports using the native reporting engine
- Assist the development team with UAT testing, change deployment steps, and post-release validation in production
- Act as the L2 support resource for IAM incidents triage, resolve, or escalate IIQ-related issues per SLA
- Manage the IIQ operations backlog, including service requests for access provisioning, de-provisioning, and modifications
- Document root cause analyses (RCAs) for major incidents and implement preventive measures
- Maintain and update operational runbooks, SOPs, and knowledge base articles
- Generate and distribute regular operational dashboards covering provisioning metrics, certification status, and SoD violations
- Track and report on KPIs such as orphan accounts, access request SLA adherence, and certification completion rates
- Ensure Separation of Duties (SoD) violation reports are reviewed and actioned within agreed timelines
- Support periodic entitlement reviews and role mining exercises alongside the IAM governance team
- Collaborate with HR, IT, and business application owners to resolve access and provisioning queries
- Provide knowledge transfer and guidance to L1 helpdesk teams on common IIQ issues and procedures
- Participate in change advisory board (CAB) reviews for IIQ-related changes
- Coordinate with the SailPoint IIQ development/SME team for complex configuration changes and platform upgrades


Professional & Technical Skills:
- IIQ Modules: LCM, Compliance Manager, Task Management, Role Management, Provisioning
- Light Development: BeanShell (rule modifications), XML, basic workflow configuration
- Directories: Active Directory, LDAP, Azure AD (account management & troubleshooting)
- Connectors: AD, LDAP, flat-file, JDBC familiarity with SAP, Workday, or ServiceNow connectors
- Compliance: SOX, HIPAA, GDPR, PCI-DSS — audit evidence generation and certification ops
- Databases: Basic SQL querying on MySQL, MS SQL, or Oracle for IIQ backend troubleshooting
- Platforms: Linux/Windows server administration, Tomcat log analysis and service management
- ITSM: ServiceNow or equivalent — incident, request, and change management workflows
- SailPoint Certified IdentityIQ Engineer certification
- Exposure to SailPoint IdentityNow (cloud) or IIQ-to-IDN migration activities
- Familiarity with CyberArk, BeyondTrust, or other PAM tools for privileged account oversight
- Experience with CI/CD pipelines for IIQ configuration deployments
- ITIL Foundation certification
- Exposure to Zero Trust architecture and least-privilege access principles
- Experience supporting large-scale environments with 10,000+ identities



Additional Information:
- The candidate should have minimum 7-8 years in IAM operations, with 6-7 years hands-on SailPoint IIQ administration
- This position is based at our Bengaluru office.
- A 15 years full time education is required.