Identity and Access Management Architect

IAM Security Architect

Job Overview:

We are looking for a highly skilled IAM Security Architect to lead the design and implementation of secure identity and access management solutions across enterprise environments. This role requires deep expertise in identity governance, authentication protocols, access controls, cloud entitlements, and secure architecture practices. The ideal candidate will play a critical role in enhancing enterprise security posture through modern IAM strategies while aligning with industry standards, compliance mandates, and zero trust principles.

Key Responsibilities:

• Architect and maintain secure identity solutions for hybrid and cloud environments covering workforce and application identities
• Design end-to-end identity frameworks involving

  authentication, authorization, federation

  , and

  privileged access management

• Define roadmaps and blueprints for

  Identity and Access Management (IAM)

  and

  Privileged Identity Management (PIM)

  solutions

• Implement modern

  Zero Trust Architecture

  , incorporating

  the least privilege

  ,

  JIT

  , and

  risk-based conditional access

  models
• Lead integration of IAM with

  multi-factor authentication (MFA)

  ,

  SSO

  ,

  password less technologies

  ,

  YubiKey

  , and

  device-based authentication

• Develop and enforce enterprise IAM standards aligned with

  NIST CSF

  ,

  ISO 27001

  ,

  SOC

  ,

  GDPR

  , and other regulatory requirements
• Provide expert consultation for

  IAM governance

  , role modeling, access reviews, and compliance controls
• Participate in

  threat modeling

  , risk assessments, and secure design reviews of IAM-related implementations
• Guide the deployment of

  identity federation

  ,

  OAuth2.0

  ,

  OIDC

  ,

  SAML

  ,

  Kerberos

  ,

  LDAP

  , and token-based authentication
• Support secure identity design for

  microservices, APIs

  , and

  mobile/web applications

  across the enterprise
• Enable secure application onboarding,

  application registration

  , and integration with IAM platforms
• Architect solutions for

  secrets management

  ,

  certificate management

  , and

  session security

• Lead secure configuration and policy design for

  modern IAM Solutions

• Support

  cloud infrastructure entitlement management (CIEM)

  for Azure, AWS, and hybrid environments
• Mentor IAM engineers and collaborate with cybersecurity, application, and infrastructure teams on security improvements

Technical Skills:

• Expertise in

  IAM protocols

  : OAuth 2.0, OpenID Connect, SAML, RADIUS, Kerberos, LDAP
• Strong experience in

  M365, Entra ID, Azure AD

  ,

  Sentinel

  ,

  Defender

  , and

  Azure-native identity controls

• In-depth experience with

  IAM platforms

  : SailPoint, Okta, PingFederate, CyberArk, Beyond Trust
• Hands-on knowledge in

  token management

  , session handling, mTLS, secrets vaulting, and credential protection
• Deep understanding of

  API Security

  , application security in

  Java/React/Android/iOS

  , and browser session models
• Experience in

  CI/CD pipeline security

  ,

  Infrastructure as Code (IaC)

  with

  Terraform, Azure CLI

  , scripting with

  PowerShell and Bash

• Understanding of

  Kubernetes, service mesh, container orchestration

  , and identity integrations within modern workloads
• Knowledge of

  CIEM

  ,

  RBAC policies

  ,

  DLP

  ,

  VPNs

  ,

  DNS security

  ,

  WAFs

  ,

  RADIUS clusters

  , and

  Cloud-native IAM

Required Skills:

• Proven experience

  architecting IAM solutions in

  large, regulated, and hybrid enterprise environments

• Deep knowledge of

  identity lifecycle

  ,

  access provisioning

  ,

  privilege elevation

  , and

  entitlement workflows

• Experience leading

  IAM audits

  ,

  access certification

  ,

  compliance reviews

  , and

  security hardening

  activities
• Ability to perform

  identity-related risk analysis

  , map

  control gaps

  , and define

  remediation plans

• Cross-functional collaboration experience with

  application

  ,

  DevOps

  ,

  security

  , and

  infrastructure teams

• Strong

  documentation

  and

  presentation skills

  to articulate complex IAM architecture clearly to stakeholders
• Ability to

  troubleshoot complex IAM issues

  and analyze logs via

  Sentinel

  ,

  KQL

  , and other telemetry sources

Certifications

• CISSP
• Okta Certified Professional or CyberArk Defender
• GIAC Identity and Access Management Certification (GIAC IAM)
• Microsoft Certified: Cybersecurity Architect Expert or Azure Security Engineer Associate (AZ-500)