Systems Engineer III

Systems Engineer III | Allentown, Pennsylvania, United States Call Outs:-Sailpoint Engineer-Local to PA-Travel- is minimal, onsite once a quarterSailPoint Engineer - SAP GRC/SuccessFactors (Employee Central) Integration & JML AutomationLocationHybrid - Louisville, KY/Allentown, PA/Providence RIEmployment TypeFull-timeAbout the RoleWe are seeking a hands-on SailPoint Engineer to support and enhance our SailPoint IdentityIQ (IIQ) platform with a strong focus on application onboarding and access provisioning. You will design and implement end-to-end identity integrations, develop lifecycle event workflows, onboard new applications to IIQ, and ensure reliable provisioning to target systems. This role partners closely with Application Owners, Security, Operations, and Audit to drive consistent identity governance at scale.Immediate needs will be integrations between SailPoint IdentityIQ (IIQ) and SAP SuccessFactors Employee Central to enable HRdriven identity lifecycle automation (Joiner/Mover/Leaver). You will own the end-to-end engineering-from data modeling and connector configuration to policy/rule logic, workflow orchestration, and access certification enablement-while partnering closely with our SAP/HR technology organization operating in a SAFe Agile model for planning and delivery.What You'll Do (Key Responsibilities)• Integration Engineeringo Design and implement SailPoint connectors/integrations for SAP SuccessFactors Employee Central (e.g., via OData APIs, SF EC Compound Employee API, IPS, SCIM, flat-file** ingestion as needed).o Build and maintain attribute mappings, transformations, and correlation logic to create/maintain unique digital identities and entitlements.o Engineer HRdriven provisioning to downstream directories and apps (e.g., AD/Azure AD, key business apps) using JML events.o Implement delta/nearrealtime feeds, handle edge cases (contingent workers, rehires, LOA, concurrent employment), and ensure resiliency and replay strategies.o Build identity data exports from SailPoint to legacy IGA systems• JML Lifecycle & Governanceo Translate HR events (Joiner, Mover, Leaver) into SailPoint lifecycle events, workflows, and policies (e.g., birthright access, department/location changes, manager transitions, deprovisioning).o Implement roles, entitlements, policy violations, SOD checks, and certification campaigns driven by HR attributes.o Develop detection & remediation for orphaned accounts, rehire rules, and multi-contract scenarios within SuccessFactors.• Data Quality & Controlso Define and enforce authoritative source logic, identity uniqueness rules, and account correlation rules.o Build validation, reconciliation, and exception handling to minimize manual remediation.o Instrument monitoring (dashboards, alerts, audit trails); define operational SLIs/SLOs for provisioning latency and data accuracy.• SAFe / Agile Deliveryo Participate in PI Planning, backlog refinement, story slicing, and crossteam coordination with the SAP Scaled Agile teams (HRIS, SAP Basis, Security).o Provide engineering estimates, produce architecture diagrams, and deliver incremental value via sprints.o Collaborate with product owners, scrum masters, and release train engineers; contribute to system demos and Inspect & Adapt events.• Platform Engineering & Supporto Administer, monitor, and optimize the SailPoint IdentityIQ platform (app servers, task scheduler, connectors, clustering, job tuning, and logs).o Develop and maintain IIQ objects (rules, workflows, tasks, roles, policies, certifications, forms, email templates, aggregation jobs).o Troubleshoot and resolve production incidents (connector failures, provisioning errors, aggregation/job performance, identity refresh issues).o Maintain environment parity across Dev/Test/Prod and support release management/SDLC with change controls.• Application Onboarding & Provisioningo Lead onboarding of applications to IIQ including scoping, integration design, schema mapping, authoritative/non-authoritative source integration, and access modeling (entitlements/roles).o Implement and tune provisioning connectors (e.g., AD/LDAP, Azure AD/Microsoft Entra ID, databases/JDBC, web services/REST/SOAP, SCIM, SaaS apps).o Build and maintain joiner-mover-leaver (JML) processes, automated birthright access, and role-based access controls (RBAC).o Define and execute account aggregation, entitlement aggregation, and credential management (password sync/management if applicable).o Create certification campaigns and policy controls (SoD, toxic combinations), and enable continuous compliance.Required Qualifications• 4-7+ years of IAM engineering with SailPoint IdentityIQ and/or IdentityNow (custom rules, workflows, connectors, role model, certifications).• Hands-on integration experience with SAP SuccessFactors Employee Central as an authoritative identity source (preferably using Compound Employee and/or OData; familiarity with IPS/IAS advantageous).• Strong grasp of HR data models (worker/assignment, manager, position, org structures) and practical handling of rehire, LOA, contingent, concurrent employment.• Proficiency with JML automation, correlation rules, and provisioning to AD/Azure AD and common enterprise apps.• Scripting/development: Java (IdentityIQ), BeanShell, Groovy, PowerShell and/or Python for transformations, rules, and operational tooling.• Experience working in SAFe/Scaled Agile environments (PI Planning, story estimation, release planning, demos).• Solid understanding of directory services (LDAP), SSO/SAML/OIDC, SCIM, REST, and webhook/event patterns.• Strong troubleshooting across identity data pipelines, logs, API errors, and connector behavior.Preferred• SailPoint certifications (Engineer, IdentityIQ/IdentityNow).• Prior delivery of HRdriven provisioning with SAP SuccessFactors at enterprise scale (>10k identities).• Exposure to SAP IAS/IDP, BTP, and downstream SAP app provisioning patterns.• Knowledge of SoD frameworks, GRC integrations, and experience with audit/regulatory requirements.• CI/CD for IAM (Git, pipelines), config as code, and environment promotion strategies.• Experience with data platforms for monitoring (e.g., Splunk, ELK, Azure Monitor) and dashboarding for identity KPIs.Key Competencies• System thinking & data modeling• API integration and rule logic design• Agile delivery & stakeholder communication• Risk & control mindset (SOD, least privilege)• Operational excellence (observability, runbooks, SLAs)Tools & TechnologiesSailPoint IdentityIQ• SAP SuccessFactors EC (Compound Employee, OData)• SAP IAS/IPS• SCIM/REST• SAML/OIDC• AD/Azure AD• Java/BeanShell/Groovy/PowerShell/Python• Git/CI-CD•• SQL• JSON/XML• Postman