IT Security Analyst, Sr

Triage & investigation: Monitor Saviynt alerts and dashboards; investigate SoD violations, access policy breaches, and anomalous access requests.

Policy stewardship: Maintain, tune, and document Saviynt access control policies, roles, entitlements, risk rules , and workflow states to reduce false positives while preserving coverage.

Risk reviews: Coordinate with IAM engineering and application owners on risk assessments , rule exceptions, and compensating controls.

User access reviews (UARs): Set up, launch, and track UAR/attestation campaigns; validate evidence for audit.

Incident response: For confirmed identity‑related incidents, execute runbook actions (revoke access, disable accounts, quarantine sessions) and escalate to L4/IR when required.

Data & reporting: Use basic SQL and Saviynt analytics to produce incident timelines, SoD violation trends, and control effectiveness metrics; publish weekly/monthly SOC reports.

Workflow hygiene: Ensure access request processes, approvals, and birthright access rules reflect Joiner‑Mover‑Leaver (JML) requirements.

ITSM integration: Create and update ServiceNow tickets with clear evidence, remediation steps, and status; drive items to closure.

Continuous improvement: Propose rule/policy adjustments, connector configuration improvements (e.g., AD/Azure AD), and automation ideas (PowerShell/scripts) to reduce toil.

Design and implement Saviynt IGA components including access requests, certification campaigns, role management, access provisioning/de-provisioning workflows, and SOD (Segregation of Duties) controls.

Drive the rapid onboarding of applications into the Saviynt IGA platform, ensuring seamless integration and automated lifecycle management.

Develop and customize Saviynt connectors to integrate with various target systems, including applications, databases, directories (e.g., Active Directory, LDAP), and cloud platforms (AWS, Azure, GCP).

Configure and manage Saviynt's analytics and reporting capabilities to provide insights into access governance, compliance, and risk posture.

Provide expert guidance on IAM best practices, industry standards (e.g., NIST, ISO 27001), and regulatory compliance requirements.

Design and implement IAM solutions with a strong focus on cloud environments (AWS, Azure, GCP), ensuring secure and scalable identity governance across hybrid infrastructures.

Develop and maintain technical documentation, including design specifications, implementation guides, and operational procedures for Saviynt IGA solutions.

Conduct system testing, performance tuning, and troubleshooting of Saviynt IGA components to ensure optimal performance and reliability.

Assist in defining and implementing access governance policies, roles, and entitlements within the Saviynt platform.

Support audit activities by providing reports and evidence related to access controls and governance.

Mentor and provide technical leadership to junior IAM engineers and support staff.

Stay current with the latest trends and technologies in IAM, particularly within the Saviynt ecosystem and cloud security.

Saviynt (mandatory) - policies, access requests, SoD/risk rules, certifications, analytics

Directories: Active Directory, Azure AD (Entra ID)

ITSM: ServiceNow (or Jira if applicable)

Data: Basic SQL for identity queries and reporting

Optional exposure: SailPoint, PowerShell scripting, API/connector troubleshooting

4-6 years in IAM/IGA roles with 1-2 years hands‑on in Saviynt (workflows, policies, access request processes, certifications).

Strong grasp of the IGA lifecycle (Joiner‑Mover‑Leaver) and related controls.

Working knowledge of AD/Azure AD identity concepts (groups, roles, conditional access dependencies).

Familiarity with regulatory frameworks (e.g., SOX, GDPR ) and how they map to access controls and audit evidence.

Solid analytical and communication skills; clear ticket writing and executive‑friendly summaries.

Experience designing SoD rule sets and role mining / RBAC rationalization.

Scripting/automation (PowerShell), REST/Graph API, or ETL for identity data.

Exposure to cloud/SaaS app onboarding and connector health monitoring.

Saviynt certification (e.g., Certified Identity Governance Expert) is highly desirable.

Relevant certs (e.g., Security+, CySA+, Azure, or Saviynt vendor training).

MTTD/MTTR for identity‑related incidents within SLA.

Reduction in false positives and policy noise after tuning.

On‑time completion rate for UAR/certification campaigns.

SoD violation trend (decreasing sustained over N months).

Audit readiness: completeness and quality of evidence provided.

0-30 days: Access & tooling onboarding; review current Saviynt policies/risk rules; shadow investigations; own low‑risk alert queues; document quick‑win tuning items.

31-60 days: Lead investigations for SoD/policy breaches; implement approved tuning; launch/assist a UAR campaign; publish weekly KPI report.

61-90 days: Own Saviynt policy stewardship cadence; propose risk rule refinements; automate frequent queries/reports; partner with IAM to close top recurring violations.

4-6 years in IAM/IGA roles with 1-2 years hands‑on in Saviynt (workflows, policies, access request processes, certifications).

Strong grasp of the IGA lifecycle (Joiner‑Mover‑Leaver) and related controls.

Working knowledge of AD/Azure AD identity concepts (groups, roles, conditional access dependencies).

Familiarity with regulatory frameworks (e.g., SOX, GDPR ) and how they map to access controls and audit evidence.

Solid analytical and communication skills; clear ticket writing and executive‑friendly summaries.

Experience designing SoD rule sets and role mining / RBAC rationalization.

Scripting/automation (PowerShell), REST/Graph API, or ETL for identity data.

Exposure to cloud/SaaS app onboarding and connector health monitoring.

Saviynt certification (e.g., Certified Identity Governance Expert) is highly desirable.

Relevant certs (e.g., Security+, CySA+, Azure, or Saviynt vendor training)
#LI-AS2