Cyberark Engineer Remote Jobs (NOW HIRING)

This position will be fully remote and can be hired anywhere in the continental U.S.
Our Advanced Fusion Center Identity practice runs and improves clients' SailPoint ISC/IIQ programs day-to-day. As a Sr. Sailpoint Engineer, you will handle escalations from Tier 1, stabilize and optimize production, and drive small/medium enhancements. The Sr. Sailpoint Engineer will keep identity lifecycle, access requests, certifications, and policy enforcement humming- with operational discipline, measurable SLAs, and crisp client communication. CyberArk and Okta integrations are nice-to-have.
How you'll make an impact

• Keep Sources, Identity Profiles, Access Profiles, Entitlements, Roles, Lifecycle events, Access Requests, Approvals, and Certifications healthy and on-schedule.

• Build and optimize workflows, transforms, and policies (SoD, RBAC) in IIQ and ISC.

• Monitor and resolve aggregations, account correlations, provisioning failures, and campaign anomalies, tune schedules and thresholds.

• Maintain and troubleshoot Virtual Appliance (VA) health, connector upgrades, and connectivity (e.g., AD/Entra, HRIS, SaaS apps, databases).

• Build and maintain Workflows (low code), Transforms, policies (SoD, separation of function), and request/catalog items.

• Run monthly health checks and deliver operational reports (KPIs, trendlines, incidents, changes, and risk/compliance signals).

• Act as escalation for Tier 1: triage, contain, and restore; perform root cause analysis and implement durable fixes.

• Create and improve runbooks/SOPs; automate recurring fixes and checks.

• Plan and execute low-risk changes (connector tuning, attribute mappings, workflow edits, catalog updates) within ITSM guardrails.

• Contribute to release readiness: sandbox validation, UAT coordination, deployment notes, and rollback plans.

• Translate operational signals into clear actions for client IAM owners and app teams.

• Advise on access modeling (Access Profiles vs. Roles), campaign design, and birthright vs. requestable access.

• Provide backlog intake sizing for Tier-3/architecture where code or complex redesigns are required.

• Okta/Entra ID Integration experience: Govern downstream via SCIM/API targets; align joiner/mover/leaver flows; validate group/entitlement posture.

• CyberArk (PAM) Integration experience: Support governance integrations (e.g., safe/platform entitlement visibility, request/approval via SailPoint); assist with out-of-band privilege variance findings and clean-up campaigns.

• Feed events and metrics to SIEM/SOC (webhooks/API), enrich tickets with context, and contribute to correlation use-cases (e.g., excessive privilege anomalies, orphan/rogue accounts).

• Partner with compliance teams on attestation evidence, control testing cadence, and audit responses.

What we're looking for

• 5+ years of verifiable IAM operations/consulting experience, with at least 2 years hands-on in SailPoint IIQ and ISC in production.

• Recent (12 months) hands-on experience with SailPoint ISC/IDP in a production setting.

• Proven Tier-2 ownership of aggregations, correlation, provisioning, certifications, workflow/transform tuning, catalog & access model hygiene, and VA/connector health.

• Solid grasp of identity lifecycle (joiner/mover/leaver), request/approval patterns, SoD policy design, and RBAC in large, distributed environments.

• Comfortable with logs, metrics, and MTTR/SLAs; can turn noisy failures into stable automation.

• Strong written/verbal communication-clear incident timelines, executive-level status, and precise change plans.

• Familiarity with Entra ID/AD, HR sources, and common SaaS targets from an IIQ connector perspective.

• SailPoint IIQ (Workflows, Access Requests, Certifications, Identity & Access Profiles, Transforms, Policies, Reports)

• Virtual Appliances, connector logs, account activity, and provisioning task views

• ITSM (ServiceNow/Jira), Confluence/knowledge base, basic API tooling (Postman/Curl) for IIQ v3 endpoints

• Basic scripting for ops automation (PowerShell or Python) and CSV/data fixes where appropriate

• Okta (governance targets via SCIM/API; SSO basics helpful but not the focus)- preferred

• CyberArk governance integration (safe/platform entitlement visibility and request flows)- preferred

• Cloud platforms (AWS/GCP) as identity sources/targets- preferred

• Security/compliance context: SOC 2, SOX, HIPAA, PCI; evidence packaging for audits- preferred

• Certifications (SailPoint, Microsoft, ISC)- preferred

#LI-TW1

#LI-Remote

What you can expect from Optiv

• A company committed to our inclusive value through our Employee Resource Groups

• Work/life balance

• Professional training resources

• Creative problem-solving and the ability to tackle unique, complex projects

• Volunteer Opportunities. "Optiv Chips In" encourages employees to volunteer and engage with their teams and communities.

• The ability and technology necessary to productively work remotely/from home (where applicable)

EEO Statement

Optiv is an equal opportunity employer. All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity or expression, sexual orientation, pregnancy, age 40 and over, marital status, genetic information, national origin, status as an individual with a disability, military or veteran status, or any other basis protected by federal, state, or local law.

Optiv respects your privacy.By providing your information through this page or applying for a job at Optiv, you acknowledge that Optiv will collect, use, and process your information, which may include personal information and sensitive personal information, in connection with Optiv's selection and recruitment activities. For additional details on how Optiv uses and protects your personal information in the application process, click here to view ourApplicant Privacy Notice. If you sign up to receive notifications of job postings, you may unsubscribe at any time.