Lead IAM Provisioning Engineer- SailPoint/ CyberArk/ PKI / Entra ID

Req ID: 373979 NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now. We are currently seeking a Lead IAM Provisioning Engineer- SailPoint/ CyberArk/ PKI / Entra ID to join our team in Plano, Texas (US-TX), United States (US). Prior to Applying, please review and comply accordingly: ** Must be a US citizen or Green card holder to proceed with applying. **Please carefully review the job requirements and pay transparency details below prior to applying This SailPoint-Focused L3 Senior User Provisioning Engineer is a technical leader for identity lifecycle, entitlement engineering, and privileged access across enterprise IGA/PAM and cloud identity platforms. This role owns complex SailPoint and CyberArk integrations, designs Entra ID identity flows, manages PKI and certificate automation, and drives reliability, auditability, and automation across provisioning processes. The L3 engineer resolves escalated incidents, leads root‑cause remediation, and mentors L2/L1 staff. Key Responsibilities \- Technical ownership of user lifecycle and entitlement engineering across Active Directory, Entra ID, SaaS apps, and custom systems.- SailPoint IGA leadership: design, implement, and tune connectors, provisioning policies, role engineering, reconciliation, and certification campaigns. \- CyberArk PAM stewardship: onboard targets, manage vault policies, implement credential rotation, and support privileged session controls. \- PKI and certificate lifecycle: architect and operate certificate issuance, renewal, revocation, and automation for service identities and TLS endpoints. \- Cloud identity engineering: design Entra ID conditional access, cross‑tenant syncs, and entitlement models; coordinate with AWS/GCP IAM as needed. \- Automation and infrastructure as code: develop and maintain SCIM/SAML/OIDC connectors, PowerShell/Python scripts, and Terraform/IaC for repeatable provisioning patterns. \- Incident response and RCA: lead Tier‑3 troubleshooting for provisioning failures, perform root‑cause analysis, implement permanent fixes, and reduce recurrence. \- Governance and audit readiness: lead access reviews, entitlement remediation, evidence collection, and support external/internal audits. \- Mentorship and documentation: create runbooks, operational playbooks, and train L1/L2 engineers to improve throughput and reduce manual errors. Required Qualifications: \- 5+ years of hands‑on IAM experience with progressive responsibility in provisioning and identity engineering. \- Proven, practical experience with SailPoint (IGA) and CyberArk (PAM) implementations. \- Deep operational knowledge of Entra ID / Azure AD and identity synchronization patterns. \- Strong understanding of PKI concepts and hands‑on certificate management. \- Proficient with identity protocols: SCIM, SAML, OAuth/OIDC, MFA. \- Advanced scripting and automation skills: PowerShell, Python, Bash; experience with Terraform or CloudFormation. \- Experience with ITSM/ticketing tools (ServiceNow, Jira) and SLA management. \- Demonstrated ability to perform complex troubleshooting and deliver durable engineering fixes. Preferred Qualifications \- Experience integrating HR systems (Workday, SuccessFactors) with IGA. \- Familiarity with Kubernetes RBAC, secrets management (Vault, Key Vault), and DevSecOps CI/CD integration. \- Certifications: SailPoint, CyberArk, Microsoft Identity/Entra, CISSP, or equivalent. Soft Skills and Logistics \- Analytical and detail oriented with strong problem‑solving and RCA discipline. \- Effective communicator able to influence engineering, security, and business stakeholders. \- Proven mentor and team player who improves operational maturity. \- Employment type: Full‑time or contract. Location: Remote / Hybrid / On‑site. Reports to: IAM Operations or Security Architecture Lead. Where required by law, NTT DATA provides a reasonable range of compensation for specific roles. The starting pay range for this remote role is $89,300 – $124,000. This range reflects the minimum and maximum target compensation for the position across all US locations. Actual compensation will depend on a number of factors, including the candidate’s actual work location, relevant experience, technical skills, and other qualifications. This position may also be eligible for incentive compensation based on individual and/or company performance. This position is eligible for company benefits including medical, dental, and vision insurance with an employer contribution, flexible spending or health savings account, life and AD&D insurance, short and long term disability coverage, paid time off, employee assistance, participation in a 401k program with company match, and additional voluntary or legally-required benefits. About NTT DATA NTT DATA is a $30 billion business and technology services leader, serving 75% of the Fortune Global 100. We are committed to accelerating client success and positively impacting society through responsible innovation. We are one of the world's leading AI and digital infrastructure providers, with unmatched capabilities in enterprise-scale AI, cloud, security, connectivity, data centers and application services. our consulting and Industry solutions help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have experts in more than 50 countries. We also offer clients access to a robust ecosystem of innovation centers as well as established and start-up partners. NTT DATA is a part of NTT Group, which invests over $3 billion each year in R&D. Whenever possible, we hire locally to NTT DATA offices or client sites. This ensures we can provide timely and effective support tailored to each client’s needs. While many positions offer remote or hybrid work options, these arrangements are subject to change based on client requirements. For employees near an NTT DATA office or client site, in-office attendance may be required for meetings or events, depending on business needs. At NTT DATA, we are committed to staying flexible and meeting the evolving needs of both our clients and employees. NTT DATA recruiters will never ask for payment or banking information and will only use @nttdata.com and @talent.nttdataservices.com email addresses. If you are requested to provide payment or disclose banking information, please submit a contact us form, https://us.nttdata.com/en/contact-us. NTT DATA endeavors to make https://us.nttdata.com accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact us at https://us.nttdata.com/en/contact-us. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications. NTT DATA is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. For our EEO Policy Statement, please click here. If you'd like more information on your EEO rights under the law, please click here. For Pay Transparency information, please click here.