Identity Security Architect
Icon Clinical Research, Inc
Washington, United States of America
yesterday
Role details
Contract type
Permanent contract Employment type
Full-time (> 32 hours) Working hours
Regular working hours Languages
English Experience level
SeniorJob location
Washington, United States of America
Tech stack
Microsoft Active Directory
Amazon Web Services (AWS)
Azure
Kerberos (Protocol)
Lightweight Directory Access Protocols (LDAP)
OAuth
OpenID
Role-Based Access Control
Phishing
Zero Trust Network Access
Sherwood Applied Business Security Architecture
Security Assertion Markup Language (SAML)
Google Cloud Platform
Okta
Togaf
SailPoint
Job description
- Active Directory
- SailPoint IDN
They want someone who can act as the design authority - not just an engineer, but the person setting standards other teams build against.
Key Deliverables
- Architecture/reference designs + standards teams must follow
- Migration & cutover strategy for moving large user populations to modern identity platforms (with rollback/risk mitigation planning)
- Driving phishing-resistant authentication and least privilege/PAM architecture enterprise-wide
- Zero Trust identity patterns, hybrid identity, cloud identity adoption (Azure/AWS/Google Cloud Platform)
- Translating architecture into actual delivery roadmaps with engineering/program management
- Leading design reviews, mentoring build engineers
- Documenting risks/trade-offs for leadership
- Using AI tooling to speed up architecture analysis and documentation
Requirements
- 15+ years identity/security engineering, with real architect-level experience at enterprise scale
- Has led a full identity modernization program end-to-end (not just participated in one)
- Deep expertise in 2+ of: BeyondTrust, Entra ID, Active Directory, Okta, SailPoint (plus working knowledge of the rest)
- Strong grasp of SAML, OAuth2/OIDC, SCIM, Kerberos, LDAP, federation, MFA, RBAC/ABAC, tiered admin
- Has personally set architecture standards / acted as design authority across multiple teams before
- Strong communicator across engineer-to-executive audiences
- Comfortable working independently across multiple concurrent workstreams, * CISSP, SABSA, TOGAF, SC-300, or SailPoint Certified Engineer