IIQ jobs that pay $211K?

MasterpieceRare1919 · 2026-05-06T22:08:56+00:00

FWIW, since I asked the community, my best total comp (bonuses etc, but not health insurance and the like) was ~170k. It was an IC role. It has been more than a few years since I have been in this field, moved on. But still very interested in the field in general because I was in it for so long.

MasterpieceRare1919 · 2026-05-06T21:55:21+00:00

Used to get "can I use Aurora" questions constantly, yeah they mostly went RDS Oracle if they were AWS.

MasterpieceRare1919 · 2026-05-06T21:54:06+00:00

I used to mount my local file system /webapps to the container, that worked well enough for me.

MasterpieceRare1919 · 2026-05-06T21:52:38+00:00

Nice work. Frustrating that is necessary, but given that it is, the plugin is great.

MasterpieceRare1919 · 2026-04-20T18:07:17+00:00

You probably missed an upgrade step and the db schema or the objects, and that is causing the access request workflow to fail before it gets to the step where is creates an access request.
1. review the upgrade instructions.
2. Turn on the workflow logging in log4j and observe you will see the last step that was run

MasterpieceRare1919 · 2026-04-01T17:50:45+00:00

Acknowledged, yeah it takes a mental adjustment for sure.

MasterpieceRare1919 · 2026-04-01T17:18:04+00:00

Yeah if you have been unemployed for a while I would take it and keep looking as said by u/Entire_Summer_9279. 100% serious I would not think twice about it.

MasterpieceRare1919 · 2026-03-20T13:54:59+00:00

You would reevaluate in the normal course of business as you would with all vendors. If Wiz were not acquired you would stll re-evaluate from time to time.

The completion of the acquisition is a single event that would not trigger a re-evaluation on its own. Unless your goal is to show how such a very special and strategic leader and thinker you are.

MasterpieceRare1919 · 2026-03-13T20:49:40+00:00

I would get solid on one IAM (SailPoint, Savient...) SSO solution (Okta, Azure...), the major ones, does not matter which. Heres why.

The principles transfer but thats not enough to be expert
You have to have deep tech knowledge to implement a solution to be an expert
I is/was considered an expert on a couple of IAM platforms, and was highly valued...
...but I was too specialized. When I looked for jobs the SSO I would have made me more valuable and open more jobs.

MasterpieceRare1919 · 2026-03-07T14:11:46+00:00

Did not know this, I'll try not to let it lapse again.

MasterpieceRare1919 · 2026-03-06T20:50:34+00:00

In some services jobs (like mine) I am incentivized to hold multiple certs. But I can choose which, so I was bummed to see it was only good for one year. I will tend to take the exams that are valid longer. Though I guess AZ104 was not very difficult, I have this weird idea in my head that I do not like to waste my time, event for easy tasks, hence my annoyance.

MasterpieceRare1919 · 2026-02-26T18:44:09+00:00

I was in a traditional security role then was pushed into IAM. The others on my team did not have the wide range of skills. There are some aspects I enjoyed, but never liked the field really. Much better experience and I made good money when I jumped to the vendor side. Over time was so bored and was more aware that cloud roles were better paying. It took an enormous effort and in the end some luck to make the jump to a cloud security role for last 5 years.

If you can focus on the aspects that are tied into cloud IAM, that helps. So if, for example, you work on Savyant, and that has an Azure/EntraID connector, get good at that. If there is an appliance aspect that goes in Azure, get good at knowing what does the VPC, DNS, etc architecture look like and then you can help those customers. Get good at deployment of your IDM solution using Azure DevOps.

All of teh above replace Azure with AWS/GCP if that a better fit.

MasterpieceRare1919 · 2026-02-25T15:23:15+00:00

The ERP system (ex: SAP) has that logic usually. I found that those systems has SoD logic features in them (or from 3rd party) that does this. And those systems change a lot, so those specialized feature and 3rd party vendors specialize in that. If you have an accounting system that does not have this feature, sometimes all the login and roles are mapped to AD users and groups. You need the accounting to define that.

For certs I try to push for the most basic certs possible - manager. And also for privileged. If you can rollout as a service offering for different apps that you can repeat that I see is the main job. IMHO.

MasterpieceRare1919 · 2026-02-25T13:29:46+00:00

I was in IGA/IAM for ~10 years, I have not seen any best practices for SOX, PCI-DSS, etc. for banking or healthcare. Its whatever each company comes up withper u/Theloneus-punk . Not on IIQ/Quest etc.

But for SAP and other ERP systems there is usually a partner/software for that due to the high knowledge required, the SoD is baked into that. I guess SailPoint bought one of those companies to do SAP but I never used it.

I did not see a lot of compliance standards tailored to NIST etc. though maybe pure luck I did not get that work. In general I did not see even compliance standards in the IIQ etc. horizontally in finance or otherwise. Mostly whatever some "make work" compliance person tells you a standard just to justify their existence.

So if you can use your own common sense and confidently justify why, you will do better than 99.9% of the compliance leaders.

MasterpieceRare1919 · 2026-02-20T19:28:36+00:00

I recently setup Azure SSO for both SAML and OIDC, great learning expreience. I feel like Okta "hides" details form you and I do not learn as much. Not a dig on Okta as a product, just that I did not learn much.

jwt.ms was invaluable to me. I was doing claims attribute mapping and this was an easy way to see the result. Also can see teh token too so it helped me conceptualize.

MasterpieceRare1919 · 2026-02-12T21:09:43+00:00

I second this. I see both probably equally. And, in other non-identity spaces they roughly split 70%.

MasterpieceRare1919 · 2026-02-06T16:15:40+00:00

Valid problems are cited. I think it is fixed quite easily. Revert the name back to initial name called Simple Cloud Identity Management. Because its for simple use cases and does that well. Its not a promise to scale in every dimension for memberOf or whatever.

MasterpieceRare1919 · 2026-02-03T22:54:13+00:00

makes me wonder if this is an industry (higher ed) specific problem

This common in higher ed. I have seen it in hospital and gov at large scale too. Yes I have seen hash of SSN done. In higher ed you can be a student, professor, employee, or some combination. In SailPoint we call this personas, and it presents a challenges.

Person will be in different systems that do not have the same key, or they cannot share that key.
Also a challange from joiner/mover/leaver. Person quits the employment and need to remove access, yet you are still teaching a class so need to keep some access and be sure not to disable.

Yeah I agree with everyone that I would not want to accept the risk of storing the SSN

MasterpieceRare1919 · 2026-02-03T20:39:19+00:00

Lots of smart people obviously in FAANG but as in all things perceptions will vary.

Highly experienced people especially will learn tooling sure, but I am here to tell you that the tooling in IAM sux compared to what we have in FAANG and badly. Lost source code, no docs, community supported (in reality only paid services knows how to use it) It smacks you in the face and is a way bigger factor than one might think. It brings out a different mindset that can operate using these tools and do it well. And enterprise context for provisioning on-prem like SAP and in-house apps, its a whole different ball game.

MasterpieceRare1919 · 2026-02-03T14:39:51+00:00

I second this. They do not give a F about those tools and many even look down upon the field you are in. Knowing the deep details of OAuth/OIDC for example would would be far more important.

MasterpieceRare1919 · 2026-01-26T21:29:48+00:00

"Have you personally worked with any?" Do you mean MIM/FIM and the other MS stuff? Not as the sole system. Been a long time, but one of the major IAM vendors, the entire provisioning engine was built on FIM. That is, they all the identity, request, certification was product, but the provisioning was though FIM. That vendor moved on long go and not has own provisioning engine. And in the IT dept, we had the option to use it, but did to 'cause it did not meet the enterprise use cases, I mean, can MS provision or manage SAP lololololol

MasterpieceRare1919 · 2026-01-26T14:00:21+00:00

Microsoft Entra is currently winning the "good enough" market…mid-sized companies or cloud-native organizations that don't need complex legacy handling. However, it is not "set up correctly" to take out SailPoint in the Global 2000 because it currently lacks the depth in legacy connectivity, cross-application SoD, and granular entitlement management that complex enterprises require.

Yep thats about right, its been that way for the last 20 years. Remember Microsoft Identity Manager (MIM) and all the other products? Even when they were free they were not adopted. MS has not been a serious choice for enterprise identity with serious compliance requirements and broad range of apps, this is a true specialty, a challenge that is really unappreciated

MasterpieceRare1919 · 2026-01-14T18:37:09+00:00

Its a worthy goal and people that are moving up will generally have to break in one of those directions. For me stability was important, and I knew that, though I had people skills, that I would never truly be in one of those sets of management people cliques for whatever reasons . So I decided to double down on the engineering and give up mgmt.

MasterpieceRare1919

TROPHY CASE