Identity and Access Management (IAM) Engineer

Company OverviewXCEL Engineering, Inc. is an award-winning small business that provides trusted information technology, engineering, consulting and project management solutions and services to federal agencies and organizations. Originally founded in 1971 by professional engineers at the University of Tennessee, XCEL was acquired in 2003 by U.S. Army and Navy veterans and in 2023 became a MartinFed company.XCEL Engineering is a part of IT Lab Partners (ITLP) which was created to support a leading research facility in the East Tennessee region in recruiting the best and the brightest technical talent. Considering joining our impressive team today!Job OverviewXCEL Engineering is seeking a qualified applicant for a highly skilled IAM professional to engineer and administer SailPoint IdentityIQ and advance our Zero Trust architecture in the identity pillar. This role owns joiner-mover-leaver (JML) automation, access governance, role modeling, and certification campaigns, partnering closely with Cyber Security and Policy to embed least privilege, continuous verification, and risk-based access.Essential FunctionsSailPoint Engineering and Administration Engineer/administer SailPoint (IIQ/IDN): configuration, workflows, rules/policies, testing, deployment, maintenance. Onboard applications: connectors for EntraID, SaaS, onprem , DBs, directories (AD/LDAP), and HRIS (Workday/SuccessFactors). Automate JML: provisioning/deprovisioning, birthright/role-based access, movers entitlements. Access governance: entitlements, group management, SOD policies, certification campaigns. Role engineering: business/technical roles aligned to least privilege. Platform ops: patching, upgrades, performance tuning, troubleshooting. Customization: rules/workflows/tasks (Java/Beanshell for IIQ), UI config, reporting, dashboards.Zero Trust Architecture Implement identity-first controls: MFA, PKI, conditional access, adaptive/risk-based auth. Integrate with CASB and endpoint posture signals. Align with Zero Trust principles (least privilege, continuous verification).Integration and Automation Build APIs/scripts (PowerShell, Python) for IAM workflows. Support CI/CD for IAM configs and environment promotion.Governance and Compliance Maintain audit evidence; enforce SOD; reduce identity risk through metrics.Basic Qualifications United States citizen with the ability to obtain a security clearance. Bachelor's degree in Information Technology, IT Operations Management, or a related field. 5-8+ years IAM/IGA, 2-4+ years SailPoint engineering/admin (IIQ). Strong grasp of Zero Trust; identity protocols (OIDC/OAuth2/SAML); AD/LDAP. Scripting: PowerShell, Python; Java/Beanshell (IIQ); REST APIs.Desired Qualifications SailPoint certifications; SC300; CISSP; AZ500. Experience with Entra ID/Ping, CASB, ServiceNow.PHYSICAL REQUIREMENTS And ENVIRONMENTAL CONDITIONS Inside office environment. Working on a computer for long periods of time. May involve long period of sitting at a desk. The work environment is fast-paced and sometimes involves extreme deadline pressures.Other DutiesThis job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.Xcel Engineering is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regards to race, color, religion, religious creed, gender, sexual orientation, gender identity, gender expression, transgender, pregnancy, marital status, national origin, ancestry, citizenship status, age, disability, protected Veteran Status, genetics or any other characteristics protected by applicable fede al, state or local law.