Active Directory Services Architect

The Identity, Endpoint & Directory Services Architect is responsible for architecting, securing, and modernizing enterprise identity, access, and endpoint platforms across on-premises and cloud environments. This role leads the design, governance, and evolution of Active Directory, ADFS, Microsoft Entra ID, laptop operating systems, endpoint management, and IAM capabilities to support secure, scalable, and resilient business operations.

The architect partners closely with security, infrastructure, cloud, and application teams to implement Zero Trust, modern authentication, and endpoint security strategies across the enterprise., Active Directory (On-Premises)

• Architect and modernize Active Directory forests, domains, trusts, DNS, and GPO structures
• Define AD security hardening standards, privileged access models, and tiered administration
• Lead AD consolidation, cleanup, migration, and upgrade initiatives
• Provide architectural oversight for AD DR, backup, and recovery strategies

ADFS & Federation Services

• Design and govern ADFS and federation architectures for secure application access
• Integrate on-prem and cloud applications using SAML, OAuth, and OpenID Connect
• Reduce dependency on legacy federation by transitioning to cloud-native authentication models

Microsoft Entra ID (Azure AD)

• Architect and optimize Microsoft Entra ID tenant design, identity lifecycle, and access governance
• Define Conditional Access, Identity Protection, PIM, IGA, B2B, and B2C strategies
• Lead hybrid identity integration using Entra Connect and cloud authentication methods
• Drive automation and integration using Microsoft Graph APIs

Endpoint Management & Laptop Operating Systems

• Define enterprise standards for Windows, macOS, and future endpoint OS platforms
• Architect modern endpoint management using Microsoft Intune / Endpoint Manager
• Lead device identity, compliance, encryption, patching, and configuration baselines
• Integrate endpoint posture with Conditional Access and Zero Trust controls

Identity & Access Management (IAM)

• Define and own the enterprise IAM architecture and roadmap, covering workforce, privileged, and service identities
• Design and enforce authentication and authorization models including RBAC, ABAC, MFA, and Conditional Access
• Lead adoption of Zero Trust identity principles, phishing-resistant authentication, and passwordless strategies
• Ensure compliance with security policies, regulatory standards, and audit requirements

Security, Governance & Architecture

• Produce architecture diagrams, standards, design documents, and runbooks
• Act as the technical authority for identity and endpoint-related design decisions
• Review and approve solution designs for applications integrating with IAM and endpoint platforms
• Stay current with Microsoft identity roadmap, industry trends, and emerging threats

Leadership & Collaboration

• Provide technical leadership and guidance to engineering and operations teams
• Support major incident resolution and root cause analysis related to identity or endpoint failures
• Collaborate with security, cloud, network, and application architects to deliver integrated solutions

Technical Expertise

• Deep expertise in Active Directory, ADFS, and Microsoft Entra ID
• Strong knowledge of IAM concepts, federation, SSO, MFA, and access governance
• Hands-on experience with endpoint management (Intune, GPOs, device compliance)
• Strong understanding of authentication protocols (SAML, OAuth, OpenID Connect, LDAP)

Experience

• 8-12+ years in Identity, IAM, Directory Services, or Security Architecture roles
• Proven experience designing enterprise-scale hybrid identity and endpoint environments
• Experience supporting cloud transformation and Zero Trust initiatives, * Bachelor's degree in Computer Science, Information Technology, or related field
• Certifications such as CISSP, CISM, Azure Identity, TOGAF, ITIL
• Experience with PAM, IGA, CIAM, and third-party IAM platforms

Success Measures

• Secure, resilient, and scalable identity & endpoint architecture
• Reduction of legacy authentication and security risks
• Improved user experience with strong security controls
• Compliance with enterprise security and audit requirements