Comcast Cybersecurity: Principal IAM Engineer (SailPoint)

Make your mark at Comcast -- a Fortune 30 global media and technology company. From the connectivity and platforms we provide, to the content and experiences we create, we reach hundreds of millions of customers, viewers, and guests worldwide. Become part of our award-winning technology team that turns big ideas into cutting-edge products, platforms, and solutions that our customers love. We create space to innovate, and we recognize, reward, and invest in your ideas, while ensuring you can proudly bring your authentic self to the workplace. Join us. You’ll do the best work of your career right here at Comcast. (In most cases, Comcast prefers to have employees on-site collaborating unless the team has been designated as virtual due to the nature of their work. If a position is listed with both office locations and virtual offerings, Comcast may be willing to consider candidates who live greater than 100 miles from the office for the remote option.)

Job Summary

The IAM Principal Engineer is responsible for driving the development, maintenance, and continuous improvement of the identity and access management program, delivering secure and scalable access solutions for myComcastAccess service. This role actively manages day-to-day engineering, support, and maintenance activities across all IAM technologies, ensuring operational excellence and system reliability. As a subject matter expert, the engineer develops custom solutions on identity management, privileged access management, and broader information security best practices, collaborating across technology domains to uphold enterprise security standards.

Job Description

What You’ll Do:

• Apply your expertise in SailPoint IdentityIQ and Radiant One FID / Global Sync to enhance and expand the capabilities of the enterprise IAM platform.
• Collaborate with Agile teams to design, build, test, and support scalable IAM solutions that meet foundational enterprise needs, including identity federation, directory virtualization, and multi-source synchronization.
• Contribute innovative and efficient configuration and coding solutions in SailPoint IdentityIQ and Radiant One FID environments that differentiate the IAM platform.
• Engineer cost-effective technical solutions leveraging Radiant One FID and Global Sync to address business challenges and streamline identity and access processes.
• Develop both tactical and strategic IAM solutions aligned with evolving business requirements, including federated identity management and synchronized directory services.
• Partner with key stakeholders to gather and validate requirements, ensuring delivered solutions meet expectations across SailPoint IdentityIQ and Radiant One FID systems.
• Participate in project teams to design new system capabilities, including proof-of-concept (POC) implementations for both Radiant One FID and SailPoint IdentityIQ, and presentations that highlight their functionality.
• Deploy and manage Radiant One FID in Kubernetes environments using Helm charts, ensuring scalable, reproducible, and reliable containerized deployments.
• Support the end-to-end testing lifecycle for system changes, including integrations with Radiant One FID / Global Sync, from design through execution.
• Create proactive capacity forecasts to prevent outages and ensure system reliability for SailPoint IdentityIQ and Radiant One FID services.
• Establish and maintain processes and procedures that uphold high standards of availability, security, and quality in managed IAM environments leveraging Radiant One FID / Global Sync.
• Leverage Radiant One FID for advanced identity aggregation, combining multiple directories and cloud sources into a unified virtual directory.
• Implement scalable multi-domain identity solutions with Radiant One FID, improving cross-system interoperability and accelerating enterprise onboarding/offboarding processes.
• Managing a small team of specialized developers, this role involves overseeing their daily activities, providing mentorship, and offering technical and strategic guidance to support their growth and ensure successful project delivery.

Required skills:

• Over 10 years of experience implementing SailPoint IdentityIQ
• More than 5 years of experience designing, architecting, implementing, operating, and maintaining Radiant Logic Virtual Directory Service (VDS), including Federated Identity Management (FIM) and Identity Correlation and Synchronization (ICS).
• Skilled in integrating data sources and applications into VDS, configuring data access views and permissions, and performing identity correlation and synchronization.
• Strong knowledge of LDAP, Active Directory services, Multi-Factor Authentication (MFA), risk-based authentication, and privileged access management.
• Deep understanding of Identity and Access Management (IAM) across authentication, authorization, endpoint security, network security, and policy engines.
• Technical expertise with Microsoft MFA, SailPoint, CyberArk, ForgeRock, Okta, Ping Identity, Active Directory, Azure Active Directory, AWS, Google Cloud Platform, Microsoft Azure, and cross-domain IDM integrations.
• Solid grasp of cloud identity concepts and hands-on experience with Azure AD and other cloud environments.
• 3–5+ years of experience developing workflows, forms, connector configurations, provisioning policies, and rules within SailPoint IdentityIQ.
• Quick learner with the ability to adopt new technologies and collaborate effectively to capture and implement business system requirements.
• Proficient in source control and development tools such as GitHub and Eclipse.
• Strong problem-solving skills with the ability to clearly communicate solutions and progress.
• Experimental mindset with a drive for innovation.
• Creative thinker with a passion for solving complex problems.
• Programming experience with BeanShell, JavaScript, and Java, SQL, Oracle Python etc.
• Skilled in developing web-based applications and integrating web services using REST APIs and JSON.
• Experience working with RDBMS databases and writing SQL queries.
• Excellent oral and written communication skills.
• Strong focus on customer experience and satisfaction.
• Effective communicator with strong liaison skills across all organizational levels.
• Performs well under pressure and consistently delivers high-quality, compliant solutions. 

EDUCATION:

• Required 10+ Years’ Experience with Bachelor’s degree Computer Science, Computer Engineering, or a related technical discipline.
• Preferred certifications: CISSP, CISM/CISA, SailPoint IdentityIQ Architect

Comcast is an equal opportunity workplace. We will consider all qualified applicants for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, genetic information, or any other basis protected by applicable law.

Skills:

SailPoint IdentityIQ; Core Java; Architecture Development; Identity Access Management (IAM)

Salary:

Primary Location Pay Range: $142,361.11 - $213,541.67

Comcast intends to offer the selected candidate base pay within this range, dependent on job-related, non-discriminatory factors such as experience. The application window is 30 days from the date job is posted, unless the number of applicants requires it to close sooner or later.

Base pay is one part of the Total Rewards that Comcast provides to compensate and recognize employees for their work. Most sales positions are eligible for a Commission under the terms of an applicable plan, while most non-sales positions are eligible for a Bonus. Additionally, Comcast provides best-in-class Benefits to eligible employees. We believe that benefits should connect you to the support you need when it matters most, and should help you care for those who matter most. That’s why we provide an array of options, expert guidance and always-on tools, that are personalized to meet the needs of your reality – to help support you physically, financially and emotionally through the big milestones and in your everyday life. Please visit the compensation and benefits summary on our careers site for more details.

Education

Bachelor's Degree

While possessing the stated degree is preferred, Comcast also may consider applicants who hold some combination of coursework and experience, or who have extensive related professional experience.

Relevant Work Experience

10 Years +