Engineer, Identity Governance & Administration

Hibbett • Full-time • Birmingham, AL, US • $85k - $110k / year • 2m ago

00015 Store Support CenterLE_301 Hibbett Retail, Inc.

SUMMARY

The position of Identity Governance & Administration (IGA) Engineer will deliver best-in-class design, implementation and management of our IGA solution in a large-scale, fast-paced retail environment. This role requires deep SailPoint Identity Security Cloud (ISC) expertise, strong operational knowledge and the ability to work effectively across security, infrastructure, application and business teams. This position reports to the Vice President, CISO.

ESSENTIAL DUTIES AND RESPONSIBILITIES

Own the Identity & Access Management (IAM) architecture roadmap with a strong focus on SailPoint ISC, authoritative data sources, and core directory services (Active Directory, Entra ID)
Design and govern identity lifecycle and access governance solutions for employees, contractors, vendors and service accounts
Architect and oversee implementations between IAM platforms and enterprise systems including POS, ERP, e-commerce platforms and cloud workloads
Define and implement robust a RBAC model, automated provisioning/deprovisioning and identity workflows within SailPoint
Provide guidance and architectural support for directory service modernization ensuring security and role modelling across hybrid IT estates
Lead the secure integration of Authentication & Authorization mechanisms (e.g. SAML, OIDC, OAuth2) for internal and customer facing applications
Support audit and compliance initiatives including PCI-DSS, GDP and internal policy enforcement
Evaluate new IAM technologies, tools and capabilities to maintain a forward-looking, strategic identity architecture
Collaborate with business and technical stakeholders to gather requirements and translate them into scalable SailPoint configurations
Integrate SailPoint ISC with enterprise systems and applications (both on-prem and cloud) via out of the box connectors or custom-built connectors
Implement identity governance policies, role models, access reviews and segregation of duties (SoD) controls
Monitor and maintain the health of the SailPoint ISC platform, troubleshoot issues and implement enhancements
Automate provisioning and de-provisioning for user access across multiple systems
Participate in security audits and contribute to compliance efforts by providing evidence and supporting documentation
Stay current with SailPoint updates, new features and industry best practices in identity and access management
Support hybrid environments by integrating Privilege Cloud with on-prem infrastructure and identity sources (e.g. Active Directory)
Collaborate with internal colleagues and teams to maintain optimal configuration, availability and performance.
Participate in security reviews and support audit-related activities related to privileged account governance
Provide integration support across ITSM ticket systems, SIEMs and CI/CD pipelines to ensure secure DevOps practices.
Perform regular health checks, maintenance and upgrades, and incident resolution for the SailPoint platform.
Provide level 2/3 support for SailPoint related issues and alerts.
Document architecture, procedures and incident response playbooks.
Work with Technology, Security and Application teams to understand access needs across the organization's systems and cloud environments
After hours support required.
Perform other identity Governance tasks as assigned.

QUALIFICATIONS

SailPoint certification (e.g. SailPoint IdentityNow Engineer or Architect)
Background in broader IAM concepts such as PAM, SSO, or MFA.
Security certifications such as CISSP, CISM or CCSP are a plus.
Knowledge of security frameworks, regulatory requirements and compliance standards (e.g. NIST, PCI DSS, GDPR)

REQUIRED SKILLS/ABILITIES

Proven experience within Identity and Access Management, with significant hands-on experience with SailPoint (preferably ISC)
Strong understanding of identity lifecycle management, JML, RBAC/ABAC/PBAC, access certification and provisioning
Experience with SailPoint features such as IdentityNow configuration and deployment, Custom connector development, REST APIs and web services, rules, roles, polices and workflows in SailPoint ISC
Familiarity with directory services (AD, Entra ID), HR systems and enterprise applications
Solid understanding of Windows/Linux systems, and cloud platforms (AWS, Azure, GCP)
Proficient in scripting and development languages such as PowerShell, Java or Python and experienced at utilizing SailPoint's own REST APIs
Excellent problem-solving skills and attention to detail
Strong written and verbal communication and collaboration skills
Detail-oriented with a strong security mindset and ability to think proactively.
Ability to read and interpret security policies, technical documentation, and procedures.
Ability to write clear and concise reports and correspondence.
Highly analytical mindset and an eagerness to learn.

PHYSICAL DEMANDS

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made.

Frequently required to stand, walk, sit, use hands to type, handle or feel; reach with hands and arms; and talk or hear.
Occasionally required to lift and/or move up to 25 pounds.

WORK ENVIRONMENT

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made.

Noise level is generally quiet to moderate.

Hibbett's Privacy Policy

Candidates will have an option during the application process to withdraw their application prior to completion of the application. Throughout this online job application process, you will be asked to provide personal information about yourself. Please review Hibbett’s Privacy Policy to understand how the information you provide will be utilized and safeguarded.

By clicking the Apply button, I acknowledge that I have read and understand the Hibbett's Privacy Policy. Further, I consent to the use of the same as my Electronic Agreement for purposes hereof. I acknowledge that I have a right to withdraw such consent at any time by contacting Hibbett.