Staff IAM Engineer, Sailpoint

Toast creates technology to help restaurants and local businesses succeed in a digital world, helping business owners operate, increase sales, engage customers, and keep employees happy.

We are seeking a highly motivated and experienced Staff IAM Engineer to join our growing IT IAM team. In this role, you will be a key contributor to the development, enhancement, and strategic evolution of our Identity and Access Management (IAM) program, with a focus on Okta and SailPoint Identity Security Cloud (formerly IdentityNow). You will play a critical role in building our identity lifecycle management processes, ensuring security, compliance, and efficiency. This role requires a deep understanding of IAM principles and best practices, as well as hands-on experience with enterprise-grade IAM platforms SailPoint and Okta

A day in the life (Responsibilities) 

• Design, develop, and deploy SailPoint Identity Security Cloud: This includes building complex workflows, configuring policies, building integrations, developing user lifecycle management workflows between SailPoint and integrated systems, and acting as a subject matter expert for SailPoint. 
• Drive automation: Develop and implement automated provisioning and de-provisioning processes, and seamlessly integrate SailPoint with diverse applications, leveraging scripting and API knowledge. Focus on scalability and efficiency in automation efforts.
• Architect and implement access controls: Create, develop, and deploy robust access policies and roles, adhering to the principle of least privilege.
• Ramp the team and develop comprehensive documentation: Write and maintain detailed documentation for all IAM configurations, processes, runbooks, and governance needs, ensuring clarity and consistency for both technical and non-technical audiences. This documentation should be utilized to guide the team to implement using best practices, deliver scalable solutions, and operate out of SOPs that create repeatable processes. 
• Champion continuous improvement: Research and evaluate emerging IAM technologies, stay abreast of industry best practices, and proactively drive opportunities to enhance our IAM program. 
• Ensure platform health and performance: Take ownership of system health checks, proactive monitoring, troubleshooting, and performance tuning for both platforms to ensure optimal performance, reliability, and availability. Develop and implement monitoring and alerting solutions.
• Enhance security incident response: Develop and implement the security incident response processes related to identity and access. Implement monitoring and alerting to provide system logs and alerts for suspicious activity. Participate in security audits and compliance assessments (e.g., SOX, SOC, PCI).
• Collaborate with stakeholders: Work closely with business units, application owners, and security teams to gather requirements, design effective solutions, and implement IAM strategies that meet business needs while maintaining security posture. This includes leading requirements gathering sessions and translating business needs into technical specifications.

What you'll need to thrive (Requirements)

• 10+ years of experience in Identity and Access Management.
• 7+ years experience with SailPoint Identity Security Cloud, including design, development, configuration, and med-large scale deployment.
• Proven experience implementing Sailpoint to manage access for large core enterprise applications including Salesforce, Netsuite and Snowflake
• Proven experience configuring and implementing full end-to-end User Access Review (UAR) capabilities in Sailpoint for integrated and non-integrated applications
• Proven experience configuring and implementing Access Request functionality in SailPoint. Experience migrating access request capabilities from ServiceNow to SailPoint is ideal.
• Extensive experience with Okta administration, including user management, authentication, and application integration, and application access workflows.
• Solid understanding of IAM concepts, best practices, and industry standards.
• Experience with scripting languages (e.g., Java, Python) for automation.
• Excellent analytical, problem-solving, and communication skills.

What will help you stand out (Nonessential Skills/Nice to Haves)

• Relevant certifications (e.g., CISSP, CISM, SailPoint Certified Professional).
• Compliance Knowledge (SOX, SOC, PCI, UAR)
• Experience with other IAM solutions (e.g., Azure AD, AWS IAM).
• Knowledge of IT security frameworks (e.g., NIST, ISO 27001).
  

AI at Toast

At Toast, one of our company values is that we're hungry to build and learn. We believe learning new AI tools empowers us to build for our customers faster, more independently, and with higher quality. We provide these tools across all disciplines, from Engineering and Product to Sales and Support, and are inspired by how our Toasters are already driving real value with them. The people who thrive here are those who embrace changes that let us build more for our customers; it’s a core part of our culture.

Our Total Rewards Philosophy 
We strive to provide competitive compensation and benefits programs that help to attract, retain, and motivate the best and brightest people in our industry. Our total rewards package goes beyond great earnings potential and provides the means to a healthy lifestyle with the flexibility to meet Toasters’ changing needs. Learn more about our benefits at https://careers.toasttab.com/toast-benefits.