Lead Cybersecurity - IAM Operations - SailPoint IdentityIQ

This position requires office presence of a minimum of 5 days per week and is only located in the location(s) posted. No relocation is offered.

AT&T is a large telecommunications company dedicated to delivering innovative communications solutions. We value collaboration, continuous learning, and high-quality engineering practices. Join us to make an impact and grow your career with a dynamic team.

Provide advanced (Tier
3) operations and production support for SailPoint Identity

IQ, serving as the escalation point for complex, high-impact issues that require deep platform expertise—such as provisioning failures, aggregation errors, workflow breakdowns, and connector/API connectivity problems. Ensure reliable identity lifecycle processing and entitlement governance across integrated applications by performing debug-level troubleshooting, root cause analysis, and coordinated restoration activities. Partner closely with engineering, product, security, and compliance stakeholders to drive operational stability, improve monitoring, runbooks, and standard operating procedures, and ensure release readiness, production cutovers, and change governance are executed safely.

Support Azure-connected services (e.g., Key Vault, logging/analytics, SFTP, containerized environments) and participate in incident, problem, and change management to protect access integrity and meet audit requirements.

• Provide Tier 3 operational support for SailPoint Identity
  
  IQ; diagnose complex issues involving provisioning, aggregation, workflow failures, and connectivity.
• Monitor and manage Identity Refresh, Aggregation Tasks, NCD triggers, Delegation‑on‑Mover events, and application‑specific lifecycle tasks.
• Troubleshoot and resolve failures including task result corruption, incomplete workflow cases, provisioning “stucks,” leaver/mover issues, and API errors.
• Perform debug-level analysis to identify root causes and validate expected system behavior.

• Manage and validate Application Owner Work groups, Entitlement Owner Work groups, SOX attributes, requestable flags, and elevated access configurations.
• Partner with onboarding teams to validate entitlement catalog accuracy and metadata (PCI, CPNI, business criticality, SOX flags).
• Execute workgroup aggregation, AD account/group full aggregation, and entitlement import workflows across environments.

• Lead/participate in MOP (Method of Procedure) development, deployment rehearsals, and production cutover planning.
• Validate deployment scripts, environment readiness, rollback steps, and dependency alignment with engineering and product teams.
• Conduct stage testing and verification of fixes, patches, and E‑fixes prior to production release.

• Collaborate with engineering, product managers, developers, testers, and security leadership to improve stability and functionality.
• Communicate with business stakeholders, compliance teams, and cross‑application owners to resolve blockers and drive outcomes.
• Mentor operations team members; contribute to onboarding documentation and maintain operational SOPs.

• Create and enhance SOPs, runbooks, wikis, operational checklists, and repeatable procedures.
• Propose and validate new features (e.g., enhanced access reports, filtering options, monitoring improvements) in partnership with engineering/product teams.
• Identify systemic issues and recommend optimizations for performance, task scheduling, and account/entitlement workflows.

• Own operational incidents across onboarded applications; document worknotes, root causes, mitigations, and follow-ups.
• Ensure adherence to audit expectations and change governance (CI/CD controls, change windows, post-deployment validation).
• Support Service Now processes including incident updates, request fulfillment, CR creation, and post‑deployment validation.

• Work with Azure services including Key Vault,…