What Working at Hexaware offers:
Hexaware is a dynamic and innovative IT organization committed to delivering cutting-edge solutions to our clients worldwide. We pride ourselves on fostering a collaborative and inclusive work environment where every team member is valued and empowered to succeed.
Hexaware provides access to a vast array of tools that enhance, revolutionize, and advance professional profile. We complete the circle with excellent growth opportunities, chances to collaborate with highly visible customers, chances to work alongside bright brains, and the perfect work-life balance.
With an ever-expanding portfolio of capabilities, we delve deep into and identify the source of our motivation. Although technology is at the core of our solutions, it is still the people and their passion that fuel Hexaware s commitment towards creating smiles.
At Hexaware we encourage to challenge oneself to achieve full potential and propel growth. We trust and empower to disrupt the status quo and innovate for a better future. We encourage an open and inspiring culture that fosters learning and brings talented, passionate, and caring people together.
We are always interested in, and want to support, the professional and personal you. We offer a wide array of programs to help expand skills and supercharge careers. We help discover passion the driving force that makes one smile and innovate, create, and make a difference every day.
The Hexaware Advantage: Your Workplace Benefits
- Excellent Health benefits with low-cost employee premium.
- Wide range of voluntary benefits such as Legal, Identity theft and Critical Care Coverage
- Unlimited training and upskilling opportunities through Udemy and Hexavarsity
Who we are?
At Hexaware Technologies, we are a leading global IT Services company, dedicated to driving digital transformation and innovation for businesses around the world. Founded in 1990, Hexaware has grown into a global trusted partner for enterprises, offering comprehensive AI empowered services including IT Consulting, Application Development, Infrastructure and Cloud Management and Business Process services.
At Hexaware we are a community of creative, diverse, and open-minded Hexawarians creating smiles through the power of great people and technology.
We pride ourselves on our people-centric culture and commitment to sustainability. Our diverse team of over 30,000 professionals across 30 countries is driven by a shared passion for innovation and excellence. We foster a collaborative environment where creativity and continuous learning are encouraged, enabling our employees to thrive and grow.
Job Title: IAM Operations Consultant (Ping Identity & SailPoint)
Location: Plano, TX (5 days onsite)
Shift: Standard business hours with on-call rotation for critical incidents
Key Responsibilities:
1) Service Operations:
- Own day-to-day operations for Ping Identity and SailPoint platforms, ensuring availability, performance, and security SLAs.
- Proactively monitor platform health, perform routine checks, capacity planning, backups, and schedule/execute maintenance, patching, and upgrades.
- Triage and resolve incidents, service requests, and problems; lead root cause analysis and implement permanent fixes.
- Execute changes via CAB with clear runbooks, rollback plans, impact/risk assessments, and post-implementation reviews.
- Maintain accurate runbooks, SOPs, diagrams, and operational documentation aligned to audit standards.
2) Ping Identity (SSO, MFA, Federation):
- Administer PingFederate, PingAccess, PingDirectory, and PingID/PingOne (as applicable).
- Onboard and maintain OIDC/SAML integrations: configure IdP/SP connections, manage metadata, certificates, and key rotation.
- Implement and tune MFA, adaptive policies, device trust, and conditional access.
- Manage authentication policies, token lifecycles, attribute mapping, session management, and header-based access.
- Promote configurations across environments; troubleshoot SSO issues end-to-end with application teams.
- Ensure standards alignment and secure integration patterns for SAML 2.0, OIDC, and OAuth 2.0.
3) SailPoint Identity Governance & Administration:
- Operate SailPoint platforms: IdentityIQ and/or IdentityNow (Identity Security Cloud), including task scheduling, health checks, and upgrades.
- Application onboarding and connector operations (e.g., AD/Entra ID, LDAP, Azure, Workday/SuccessFactors, ServiceNow, SAP, Oracle, databases, SaaS apps).
- Manage identity lifecycle (joiner-mover-leaver), account aggregation, correlation, transforms/mappings, roles/access profiles, and policies.
- Administer and support access request workflows, approval policies, birthright/access modeling, and role mining (as applicable).
- Run access certification campaigns (setup, scheduling, execution, attestation evidence, remediation tracking).
- Maintain and tune provisioning policies, entitlements, SoD policies/violations, and exception handling.
- Troubleshoot provisioning and aggregation failures, queue backlogs, connector errors, rules, and workflow issues.
- Develop and support SailPoint rules/workflows and automation:
- IdentityIQ: BeanShell/Java rules, lifecycle manager workflows, task definitions, plugin/config promotion.
- IdentityNow: sources, transforms, rules, lifecycle events, connectors, sp-config export/import, REST APIs.
- Perform data quality checks, identity refreshes, cleanup jobs, and optimize performance and indexing.
4) Security, Compliance, and Governance:
- Enforce least privilege, SoD, and Zero Trust-aligned controls across SSO and IGA.
- Integrate logs with SIEM for monitoring, alerting, and anomaly detection; define operational thresholds and playbooks.
- Support audits (SOX/PCI/ISO/other): produce evidence, enable control testing, and remediate findings.
- Manage certificate, key, and secret lifecycles and ensure secure configuration baselines.
5) Automation and Continuous Improvement:
- Automate routine tasks (app onboarding, cert renewals, config backups, campaign setups, rotation checks) using platform APIs and scripts.
- Implement configuration-as-code and environment promotion where supported (Ping and SailPoint).
- Define operational KPIs, measure performance, and drive improvements to reduce toil and improve reliability.
- Partner with engineering/architecture to deliver enhancements without operational risk.
6) Stakeholder Management:
- Collaborate with application owners, security, infra, HRIS, and compliance teams to plan changes and onboard services.
- Provide consultative guidance on integration patterns, controls, and IAM best practices.
- Communicate incident status, risks, and service health to both technical and non-technical stakeholders.
Required Qualifications:
- 5 8 years in IAM operations/engineering with production ownership.
- 3+ years administering Ping Identity (PingFederate, PingAccess, PingDirectory, PingID/PingOne).
- 3+ years operating SailPoint (IdentityIQ and/or IdentityNow) in enterprise environments.
- Strong grasp of SAML 2.0, OIDC, OAuth 2.0, JWT, token policies, and certificate management.
- Experience with identity lifecycle, provisioning, access requests, and certification campaigns.
- Windows/Linux administration, networking (DNS, TLS, proxies, load balancers), and directory services (AD/LDAP).
- Scripting and APIs: PowerShell and either Python or Java; experience with REST/JSON. For IdentityIQ, BeanShell/Java; for IdentityNow, transforms and rules.
- Experience with ITSM (e.g., ServiceNow), SIEM (e.g., Splunk), and monitoring (e.g., Datadog, Prometheus).
- Solid understanding of ITIL processes and enterprise security practices.
Preferred Qualifications:
- Ping Identity certifications (PingFederate, PingAccess) and SailPoint certifications (IdentityIQ/IdentityNow).
- Experience with SailPoint sp-config, plugin management (IIQ), connector tuning, and performance optimization.
- Knowledge of Azure AD/Entra ID, AWS IAM, Google Cloud Platform IAM; SCIM provisioning and JIT patterns.
- Exposure to CI/CD for IAM configs, Git-based versioning, and pipeline-driven deployments.
- Familiarity with compliance frameworks (SOX, PCI-DSS, ISO 27001) and evidence management.
- Experience integrating HR sources (Workday/SuccessFactors) and ERP apps (SAP/Oracle).
Key Technologies:
- Ping Identity: PingFederate, PingAccess, PingDirectory, PingID/PingOne, certificates/keystores.
- SailPoint: IdentityIQ, IdentityNow (Identity Security Cloud), rules/workflows, connectors, transforms, sp-config, REST APIs.
- Supporting: Active Directory/LDAP/Entra ID, HRIS (Workday/SuccessFactors), ServiceNow, SIEM, reverse proxies/load balancers, Git, scripting tools.
Education: Bachelor s degree in Computer Science, Information Security, or related field; or equivalent hands-on experience.
What you ll get from us:
Insert employee benefits here e.g.:
Competitive Salary
Company Pension Scheme
Comprehensive Health Insurance
Flexible Work Hours and Hybrid Work Options
XX days paid annual holidays + public holidays.
Professional Development and Training Opportunities
Employee Assistance Program (EAP)
Diversity, Equity, and Inclusion Initiatives
Company Events and Team-Building Activities
Equal Opportunities Employer:
Hexaware Technologies is an equal opportunity employer. We are dedicated to providing a work environment free from discrimination and harassment. All employment decisions at Hexaware are based on business needs, job requirements, and individual qualifications. We do not discriminate based on race including colour, nationality, ethnic or national origin, religion or belief, sex, age, disability, marital status, sexual orientation, parental status, gender reassignment, or any other status protected by law. We encourage candidates of all backgrounds to apply.
Never miss an opportunity! Create an alert based on the job you applied for.
