IAM Engineer

Summary

Join Toast's growing IT IAM team as a Staff IAM Engineer and play a key role in developing, enhancing, and strategically evolving our Identity and Access Management (IAM) program. You will focus on Okta and SailPoint IdentityNow, building identity lifecycle management processes, ensuring security, compliance, and efficiency. This role demands a deep understanding of IAM principles and best practices, along with hands-on experience with enterprise-grade IAM platforms. You will design, develop, and deploy SailPoint IdentityNow, drive automation, architect and implement access controls, and champion continuous improvement. The position requires extensive experience with SailPoint and Okta, scripting languages, and strong analytical and communication skills. Competitive compensation and benefits are offered.

Requirements

• 10+ years of experience in Identity and Access Management
• 7+ years experience with SailPoint IdentityNow, including design, development, configuration, and med-large scale deployment
• Extensive experience with Okta administration, including user management, authentication, and application integration
• Solid understanding of IAM concepts, best practices, and industry standards
• Experience with scripting languages (e.g., Java, Python) for automation
• Excellent analytical, problem-solving, and communication skills

Responsibilities

• Design, develop, and deploy SailPoint IdentityNow: This includes building complex workflows, configuring policies, building integrations, developing user lifecycle management workflows between Sailpoint and integrated Systems, and acting as a subject matter expert for Sailpoint
• Drive automation: Develop and implement automated provisioning and de-provisioning processes, and seamlessly integrate SailPoint with diverse applications, leveraging scripting and API knowledge. Focus on scalability and efficiency in automation efforts
• Architect and implement access controls: Create, develop and deploy robust access policies and roles, adhering to the principle of least privilege
• Ramp the team and develop comprehensive documentation: Write and maintain detailed documentation for all IAM configurations, processes, runbooks, and governance needs, ensuring clarity and consistency for both technical and non-technical audiences. This documentation should be utilized to guide the team to implement using best practices, deliver scalable solutions, and operate out of SOPs that create repeatable processes
• Champion continuous improvement: Research and evaluate emerging IAM technologies, stay abreast of industry best practices, and proactively drive opportunities to enhance our IAM program
• Ensure platform health and performance: Take ownership of system health checks, proactive monitoring, troubleshooting, and performance tuning for both platforms to ensure optimal performance, reliability, and availability. Develop and implement monitoring and alerting solutions
• Enhance security incident response: Develop and implement the security incident response processes related to identity and access. Implement monitoring and alerting to provide system logs and alerts for suspicious activity. Participate in security audits and compliance assessments (e.g., SOX, SOC, PCI)

Preferred Qualifications

• Relevant certifications (e.g., CISSP, CISM, SailPoint Certified Professional)
• Compliance Knowledge (SOX, SOC, PCI, UAR)
• Experience with other IAM solutions (e.g., Azure AD, AWS IAM)
• Knowledge of IT security frameworks (e.g., NIST, ISO 27001)

Benefits

• Competitive compensation and benefits programs
• Cash compensation (overtime, bonus/commissions if eligible)
• Equity
• Benefits