Identity Security Architect

Icon Clinical Research, Inc
Washington, United States of America
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Washington, United States of America

Tech stack

Microsoft Active Directory
Amazon Web Services (AWS)
Azure
Kerberos (Protocol)
Lightweight Directory Access Protocols (LDAP)
OAuth
OpenID
Role-Based Access Control
Phishing
Zero Trust Network Access
Sherwood Applied Business Security Architecture
Security Assertion Markup Language (SAML)
Google Cloud Platform
Okta
Togaf
SailPoint

Job description

  • Active Directory
  • SailPoint IDN

They want someone who can act as the design authority - not just an engineer, but the person setting standards other teams build against.

Key Deliverables

  • Architecture/reference designs + standards teams must follow
  • Migration & cutover strategy for moving large user populations to modern identity platforms (with rollback/risk mitigation planning)
  • Driving phishing-resistant authentication and least privilege/PAM architecture enterprise-wide
  • Zero Trust identity patterns, hybrid identity, cloud identity adoption (Azure/AWS/Google Cloud Platform)
  • Translating architecture into actual delivery roadmaps with engineering/program management
  • Leading design reviews, mentoring build engineers
  • Documenting risks/trade-offs for leadership
  • Using AI tooling to speed up architecture analysis and documentation

Requirements

  • 15+ years identity/security engineering, with real architect-level experience at enterprise scale
  • Has led a full identity modernization program end-to-end (not just participated in one)
  • Deep expertise in 2+ of: BeyondTrust, Entra ID, Active Directory, Okta, SailPoint (plus working knowledge of the rest)
  • Strong grasp of SAML, OAuth2/OIDC, SCIM, Kerberos, LDAP, federation, MFA, RBAC/ABAC, tiered admin
  • Has personally set architecture standards / acted as design authority across multiple teams before
  • Strong communicator across engineer-to-executive audiences
  • Comfortable working independently across multiple concurrent workstreams, * CISSP, SABSA, TOGAF, SC-300, or SailPoint Certified Engineer

Apply for this position