{"@context":"https://schema.org/","@type":"JobPosting","title":"Security Architect - Identity and Access Management

We are seeking an experienced IAM Architect to design, implement, and evolve enterprise-wide identity and access management capabilities across a global environment. This role will drive modern authentication, governance, and privileged access strategies aligned with Zero Trust principles.

What you'll do:

• Lead the design and evolution of IAM architecture, including identity lifecycle, access governance, and privileged access management (PAM).
• Implement modern authentication solutions (SSO, MFA, passwordless, biometrics) to enhance security and user experience.
• Design secure authentication and authorization frameworks (OIDC, SAML, OAuth, Kerberos, LDAP).
• Embed Zero Trust and least privilege principles across enterprise systems and privileged roles.
• Develop and automate identity governance processes, leveraging AI/ML for anomaly detection and remediation.
• Oversee Conditional Access, risk-based authentication, and device/state-based access controls.
• Integrate IAM with HR, IT, and engineering platforms for policy-driven lifecycle management.
• Architect and maintain Active Directory (on-prem) and cloud identity platforms (Entra ID/Azure AD).
• Collaborate with security teams to define Azure policies, guardrails, and compliance controls (e.g., ISO 27001, ISO 22301).
• Align IAM strategy with broader security architecture (firewalls, micro-segmentation, NDR, remote access).
• Identify and mitigate IAM-related vulnerabilities and security risks.
• Maintain architecture standards, documentation, and runbooks.
• Engage with vendors and stakeholders; communicate strategy and roadmap to senior leadership.

• Bachelor's degree in Computer Science, IT, or related field (or equivalent experience).
• 7-10 years of IAM/identity engineering experience; 3+ years in architecture roles.
• Experience in large-scale, global enterprise environments.
• Strong expertise in Microsoft identity stack (Entra ID/Azure AD, Active Directory).
• Deep understanding of authentication protocols (OIDC, SAML, OAuth, Kerberos, LDAP).
• Experience with RBAC, entitlement management, and automated provisioning.
• Knowledge of Conditional Access, Azure Policy, and cloud security guardrails.
• Familiarity with network security concepts (NDR, micro-segmentation).
• Experience securing hybrid infrastructure environments.
• Certified in CISSP/ CIAM /Azure Cybersecurity Expert
• Scripting and automation (PowerShell, REST APIs).