Access Management Specialist
Resume:
Koushik
SailPoint IAM Engineer Identity & Access Management Specialist Java Backend Expertise
Email: *******.***@*****.***
Phone: +1-757-***-****
PROFESSIONAL SUMMARY:
Results-driven Identity & Access Management (IAM) professional with 10+ years of progressive experience, specializing in enterprise-wide implementations of SailPoint IdentityIQ (versions 7.x through 8.2).
Proficient in the design, development, and deployment of SailPoint features including Life Cycle Management (LCM), Role-Based Access Control (RBAC), and Certification Campaigns.
Expertise in configuring and customizing connectors for Active Directory, Azure AD, LDAP, JDBC, REST APIs, and flat files to integrate 50+ applications across industries.
Experienced in writing custom SailPoint workflows, provisioning rules, build map rules, correlation rules, and aggregation tasks using BeanShell and Java.
Built scalable microservices with Java 8–11 and Spring Boot, integrating identity data with downstream applications securely using OAuth2 and REST APIs.
Adept in integrating IAM with ticketing systems like ServiceNow, enhancing user self-service portals, access request workflows, and automated provisioning tasks.
Designed comprehensive governance models including SoD policies, policy violation remediation, and periodic access reviews to ensure audit compliance with SOX, HIPAA, and PCI.
Proven track record in SailPoint upgrade projects (7.3 8.0 8.2), regression testing,
impact analysis, and migration planning with minimal downtime.
Integrated SailPoint solutions with cloud-native services (AWS IAM, Azure AD, Okta) and built scalable provisioning systems for hybrid and multi-cloud environments.
Authored technical documentation, solution design documents (SDDs), onboarding runbooks, and architecture diagrams to support delivery and maintenance teams.
Worked closely with HR, Application Owners, and Access Managers to define and maintain identity data sources, entitlement catalogs, and business logic mappings.
Known for mentoring junior developers, conducting code reviews, and setting up best practices and reusable artifacts in enterprise SailPoint environments.
Passionate about identity architecture, enterprise security strategies, and zero-trust access models with a focus on delivering seamless, secure user access across ecosystems.
CORE COMPETENCIES:
SailPoint IdentityIQ 7.0 to 8.2 – Implementation, Configuration, Upgrade
IAM Lifecycle Management (Joiner, Mover, Leaver)
Role-Based Access Control (RBAC) & Policy Enforcement
Application Onboarding – JDBC, AD, LDAP, Azure, AWS
SailPoint Connectors – Flat File, JDBC, Active Directory, ServiceNow
REST API Design & Integration, Custom Web Services
Java (8–11), Spring Boot, JPA, Hibernate, BeanShell
Custom Workflow & Rule Development, Email Templates, Identity Cubes
Entitlements Management, Certifications, Policy Violation Remediation
SAML, OAuth, MFA, RSA SecureID, Azure Conditional Access
Directory Services – LDAP, Microsoft Active Directory, Azure AD
DevOps: Jenkins, Maven, Git, Tomcat, SQL Server, Oracle
Cloud Identity: Azure AD, AWS IAM, Okta, GCP IAM
CI/CD Pipelines, Access Reviews, Certification Campaigns, ITSM Integration
EDUCATION:
M.S. in Computer Science, Western Illinois University (2016-2018)
B.Tech in Information Technology, P.V.P Siddhartha Institute of Technology (2012-2016)
TECHNICAL SKILLS:
Languages
Java, BeanShell, JavaScript, HTML, XML, SQL
IAM Tools
SailPoint IIQ (7.x/8.x), CyberArk, Okta, RSA MFA
Frameworks
Spring Boot, Spring Security, Hibernate, JPA
Web Services
REST, SOAP
Directories
Active Directory, LDAP, Azure AD
Databases
Oracle, SQL Server, PostgreSQL, MySQL
Servers
Tomcat, WebLogic, Apache
Cloud Platforms
AWS, Azure, GCP
Tools
Git, Jenkins, Maven, Postman, IntelliJ, Eclipse, Jira
PROFESSIONAL EXPERIENCE:
Client: INTUIT, CA Sep 2024 to Present
Role: SailPoint IAM Engineer
Responsibilities:
Designed and implemented LCM workflows including Joiner, Mover, Leaver, and Rehire using SailPoint IIQ 8.2.
Configured and deployed custom provisioning connectors (AD, JDBC, Azure AD, AWS) with pre- and post-provisioning rules.
Integrated SailPoint with ServiceNow for automated ticket creation and fulfillment workflows.
Developed and deployed REST APIs for secure data exchange with HRMS and entitlement systems.
Created and maintained certification campaigns with real-time analytics dashboards.
Configured and maintained SailPoint IdentityIQ connectors (AD, LDAP, JDBC, Azure AD, AWS IAM, REST APIs) to onboard 50+ enterprise applications with zero downtime.
Deployed ForgeRock Identity Gateway (IG) as a reverse proxy to protect APIs and web applications, enabling centralized access control and policy enforcement.
Automated infrastructure provisioning using Terraform CLI in CI/CD pipelines integrated with Jenkins and GitLab, enabling consistent environment setup across dev, QA, staging, and production environments.
Designed and implemented reusable Terraform modules to provision AWS infrastructure components such as VPCs, subnets, EC2 instances, security groups, RDS, and S3 buckets in a standardized and scalable manner.
Built dynamic attribute-based role models and implemented RBAC across 30+ integrated applications.
Authored complex BeanShell rules for identity correlation, entitlement policies, and remediation.
Managed code deployment across Dev, QA, UAT, and Prod using Git, Jenkins, and Maven.
Designed SOX-compliant access governance policies and automated policy violation reporting.
Collaborated with security architects to integrate SailPoint with MFA (RSA) and SSO (SAML, OAuth).
Architected and executed end-to-end lifecycle event automation using Joiner, Mover, Leaver workflows.
Integrated 20+ internal and external applications using connectors including AD, JDBC, LDAP, Azure, AWS, and custom REST connectors.
Designed and implemented end-to-end IAM solutions using ForgeRock AM, IDM, DS, and IG to manage user lifecycle, authentication, and authorization across enterprise applications.
Designed and implemented custom provisioning connectors within SailPoint IdentityNow/IIQ for ServiceNow, CyberArk, and Oracle DB integrations using Java, BeanShell, and REST APIs.
Developed advanced certification campaigns, remediation workflows, and SoD policies.
Worked closely with InfoSec teams to implement governance controls, risk remediation reports, and access certifications.
Configured and scheduled aggregation, provisioning, and identity refresh tasks using rule- based logic.
Participated in IIQ upgrades from 7.2 to 8.2 and regression testing of legacy functionality.
Client: Blue Cross Blue Shield Association – Mar 2023 to Aug 2024
Role: SailPoint Developer.
Responsibilities:
Developed custom BeanShell rules and lifecycle workflows for HR-driven identity provisioning.
Developed enterprise-grade access provisioning flows using Java, SailPoint IIQ, and REST APIs.
Created custom SailPoint workflows for multi-level access approvals and conditional access requests.
Integrated SailPoint with Active Directory, ServiceNow, and Oracle using custom and out-of- the-box connectors.
Designed identity data transformation rules for multiple flat-file sources.
Integrated SailPoint solutions with AWS IAM, Azure AD, and GCP IAM to support hybrid and multi-cloud identity environments, leveraging SCIM and REST API frameworks.
Applied version control and collaboration practices by storing .tf files in Git repositories, creating feature branches for new infrastructure changes, and implementing pull request reviews.
Managed state files using remote backends like AWS S3 with state locking through DynamoDB to prevent concurrency issues during team deployments.
Developed and configured custom authentication chains, trees, and adaptive risk-based authentication policies in ForgeRock AM to support multi-factor authentication (MFA) and Single Sign-On (SSO).
Enabled policy-based identity refresh schedules and optimization tasks for performance.
Deployed entitlement review campaigns and automated revocation via rule-driven logic.
Collaborated with audit teams to design detailed reports for compliance and remediation tracking.
Developed asynchronous microservices using Spring Boot to sync roles between AD and HR systems.
Deployed encrypted identity data transport using JWT and OAuth for secure API calls.
Led migration of SailPoint 7.3 to 8.1 with zero disruption to existing services.
Employed DevSecOps best practices by integrating IAM checks into CI/CD workflows and ensuring API security for all identity-related services.
Implemented fine-grained access policies and role-based access control across multiple domains.
Built integrations with Active Directory, ServiceNow, Oracle DB, and Azure AD using SailPoint-provided and custom connectors.
Created access review campaigns targeting critical entitlements and data owners.
Designed onboarding frameworks to reduce manual interventions and improve SLA compliance.
Built dashboards for compliance tracking and identity analytics
Client: INTUIT - Nov 2020 to Mar 2023
Role: IAM Solutions Consultant
Responsibilities:
Collaborated with business stakeholders to gather IAM requirements and translated them into scalable SailPoint configurations.
Architected RBAC and SoD models supporting retail, logistics, and finance applications.
Created reusable SailPoint task definitions, email templates, and custom identity attributes.
Integrated SailPoint with cloud systems (Azure AD, AWS IAM) using SCIM and REST APIs.
Developed CI/CD pipelines for rule promotion using Jenkins and Git.
Used Terraform workspaces to manage configurations across multiple environments (dev, stage, prod) and minimize duplication of code.
Integrated Terraform with secrets managers like AWS Secrets Manager and HashiCorp Vault to securely pass credentials and environment-specific variables during infrastructure provisioning.
Integrated ForgeRock AM with third-party identity providers (IdPs) using SAML 2.0 and OpenID Connect to enable federated identity management and seamless cross-domain access.
Implemented external entitlement discovery using custom PowerShell and Python scripts.
Designed identity onboarding flows leveraging HRMS feeds and real-time aggregation.
Configured access review workflows using dynamic scoping and phased certifications.
Assisted in IAM architecture modernization with SailPoint as central orchestration engine.
Provided L3 support, root cause analysis, and post-mortem documentation for IAM incidents.
Conducted proof-of-concept and pilots for Azure AD and CyberArk integration.
Developed RESTful APIs for integration with custom entitlement approval flows.
Implemented user recertification policies with multi-stage and multi-owner workflows.
Enabled federation and MFA integration with SAML and OAuth-based SSO solutions
Client: Ascensus -PA Sep 2018 to Oct 2020
Role: SailPoint Application Onboarding Engineer
Responsibilities:
Onboarded 25+ clinical, HR, and finance systems into SailPoint using JDBC and flat-file connectors.
Onboarded healthcare, HR, and ERP systems using JDBC and flat file connectors.
Defined schema mappings, correlation logic, and entitlement attributes.
Automated user provisioning and de-provisioning workflows in ForgeRock IDM using REST APIs, scripts, and connectors (AD, LDAP, JDBC, Salesforce, Workday, etc.).
Refactored monolithic Terraform scripts into modular architecture, enabling better code reusability, faster debugging, and clean separation of responsibilities (network, compute, storage).
Performed Terraform plan and apply operations through automated pipelines and conducted manual validation of plan outputs to ensure safety of infrastructure changes before deployment.
Created rule-based entitlement provisioning models aligned with compliance frameworks.
Developed dashboards for visualizing access certifications and remediation metrics.
Worked with clinical and IT security teams to build role mining and role modeling frameworks.
Automated identity lifecycle tasks using scheduled aggregation and refresh jobs.
Delivered REST-based integration with Epic and Salesforce for real-time user updates.
Implemented policy violation alerts with escalation workflows.
Documented onboarding processes and created knowledge base for future reference.
Audited SailPoint job logs, debug pages, and connector traces to resolve provisioning errors.
Designed identity correlation rules and account linking strategies for hybrid users.
Enhanced reporting capabilities with custom Identity and Access reports.
Supported daily operations, task failures, and ticket-based access provisioning support.
Client: Watcher Inc, New Jersey - Jan 2017 to Aug 2018
Role: IAM Java Backend Engineer
Responsibilities:
Developed RESTful microservices to expose identity data externally using Java 11 and Spring Boot.
Designed and implemented Java Spring Boot microservices for exposing IAM data to external consumers.
Consumed SailPoint IIQ APIs for identity enrichment and access management workflows.
Used Hibernate/JPA for database integration and attribute storage.
Implemented synchronization and reconciliation policies between ForgeRock IDM and external systems to ensure data consistency and timely identity updates.
Implemented logging, exception handling, and rate limiting in API gateway layer.
Developed OAuth2-based authentication flows for secure API access.
Troubleshot infrastructure provisioning issues, including IAM permission problems, incorrect dependency resolutions, and resource drift, using detailed analysis of Terraform logs and AWS CloudTrail.
Contributed to IAM strategy documentation and backend solution architecture.
Created monitoring dashboards using ELK stack and Grafana for IAM service visibility.
Managed Git-based source control and Jenkins build pipelines for IAM-related backend code.
Wrote JUnit and Mockito-based unit and integration tests for IAM services.
Integrated CI/CD deployments with infrastructure-as-code for SailPoint app server provisioning.
Integrated with SailPoint via Java SDK and REST API for token exchange and attribute sync.
Participated in code reviews, version control, and CI/CD pipelines aligned with IAM development.
Created exception-handling mechanisms and unit tests to enhance API resilience.
Client: Trilogic, India – Sep 2015 to Jun 2016
Role: Jr.IAM Engineer
Integrated CI/CD deployments with infrastructure-as-code for SailPoint app server provisioning.
Integrated with SailPoint via Java SDK and REST API for token exchange and attribute sync.
Participated in code reviews, version control, and CI/CD pipelines aligned with IAM development.
Assist in the installation and configuration of SailPoint IdentityIQ components under the guidance of senior team members across development and test environments.
Documented Terraform implementation standards, including naming conventions, tagging strategies, module structure, and lifecycle policies to ensure consistency across all teams and projects.
Configured ForgeRock DS for high-availability LDAP infrastructure with replication, tuning, and schema customization for storing identity data at scale.
Support integration tasks for onboarding new applications into SailPoint using standard connectors such as Active Directory, LDAP, JDBC, and flat files.
Develop and maintain BeanShell scripts for rules, workflows, and provisioning policies, following established coding standards and best practices.
Participate in the creation of lifecycle workflows, including Joiner, Mover, and Leaver scenarios, and ensure appropriate testing and documentation.
Troubleshoot aggregation and provisioning issues, analyze job logs and debug information, and collaborate with the IAM team to implement fixes.
Assist in the deployment process using Jenkins or similar CI/CD pipelines by preparing build packages, reviewing change sets, and maintaining deployment documentation.
Write and execute test cases for IAM features, including usability, performance, and regression tests, contributing to overall solution quality.
Generate access certification reports and support periodic review campaigns to help enforce compliance requirements and segregation of duties (SoD) policies.
Document onboarding procedures, technical configurations, connector mappings, and workflow logic in support of knowledge sharing and audit readiness.
Stay updated with IAM trends and actively participate in team meetings, knowledge sessions, and hands-on labs to enhance SailPoint development skills.
PROJECT USE CASES & SCENARIOS
Configured Joiner workflows to dynamically allocate licenses and entitlements based on business unit.
Created a real-time identity data push mechanism using REST integration to sync access rights across HRMS and AD.
Developed alerting mechanism for SoD violations during campaign review cycles.
Applied preprocessor and transformer rules to normalize identity attributes across multi- source data feeds.
GOVERNANCE & COMPLIANCE CONTROLS
Designed governance models that enforced policy violations for over-privileged access.
Enabled periodic and event-based access certifications with revocation workflows.
Maintained audit trail and compliance reporting for SOX, HIPAA, and PCI-DSS environments.
APPLICATION ONBOARDING HIGHLIGHTS
Onboarded: Workday, SAP SuccessFactors, Salesforce, AD, LDAP, Oracle, Azure AD, CyberArk, Epic, ServiceNow
Connector Types: Flat File, JDBC, REST, WebService
Supported Complex Provisioning Use Cases: Delegation, Group-based provisioning, Attribute-based entitlement derivation.
Contact this candidate