Sr. Information Security Architect - Cloud IAM

Description

We are seeking a highly skilled Senior IAM Security Architect to join our information security architecture team. This role requires deep expertise in the design, implementation, and management of IAM security controls, with a focus on identity protection across cloud environments. The ideal candidate will have a strong background in AWS, Azure, and Entra ID (formerly Azure AD), and possess at least 5 years of experience in IAM related security risk assessment and threat modeling. The Senior IAM Security Architect will be responsible for ensuring the secure and efficient management of user & non-human identities, access controls, and security policies within the organization. This role will also focus on establishing a Zero Trust identity posture, implementing behavioral risk assessments, and driving automation for identity security. Expertise in Single Sign-On (SSO), Multi-Factor Authentication (MFA), and modern authentication protocols is essential.

What You'll Do:

• Participate in design of secure IAM architectures across multiple platforms (AWS, Azure, Entra ID), ensuring all components align with best practices and organizational security requirements.
• Develop security controls for IAM, including user authentication, authorization, role management, identity federation, and privilege management across cloud and hybrid environments.
• Establish and maintain a Zero Trust security model for IAM, ensuring that all access requests are continuously verified, regardless of location or network.
• Integrate Zero Trust principles with cloud-native security tools and IAM platforms (e.g., AWS, Azure, Entra ID) to ensure seamless, secure, and dynamic access control.
• Automate risk-based access controls and adaptive authentication based on behavioral signals, ensuring a dynamic response to security events.
• Establish and enforce least privilege access principles for all roles across cloud and on-prem environments, ensuring users only have the minimal access necessary to perform their job functions.
• Design and implement Just-in-Time (JIT) access control mechanisms to dynamically grant access based on user needs, significantly reducing standing permission sets.
• Design SSO solutions that provide seamless and secure access to enterprise applications, ensuring a frictionless user experience while maintaining high security standards.
• Lead the adoption of modern authentication protocols (e.g., OAuth 2.0, OpenID Connect, SAML) for secure, scalable, and standardized access management across applications and systems.
• Implement and manage MFA solutions to enhance authentication security, applying risk-based policies to ensure strong protection for sensitive data and critical resources.
• Develop and integrate IAM security controls with cloud platforms such as AWS, Azure, and Entra ID, ensuring secure access management across both public and hybrid cloud environments.
• Work closely with cloud engineers and architects to align IAM security protocols with cloud service provider best practices, while ensuring compliance with industry standards.
• Leverage native security features of cloud platforms (e.g., AWS IAM, Azure AD, Entra ID) to design scalable, secure, and automated IAM solutions.
• Lead the migration process from Hybrid Active Directory to Entra-ID based authentication to ensure minimal disruption and proper synchronization and federation across systems.
• Develop and maintain security governance frameworks for IAM, focusing on identity lifecycle management, role-based access control (RBAC), user provisioning, deprovisioning, and enforcement of least privilege.
• Ensure proper identity governance and access reviews are conducted regularly, documenting changes and exceptions as part of compliance audits.
• Collaborate with cross-functional teams, including application security, network security, infrastructure, and DevOps, to integrate IAM security best practices across systems and services.
• Stay up to date on the latest IAM trends, security threats, and technology advancements to continuously improve IAM practices and solutions.
• Implement security automation tools and workflows to improve efficiency and reduce manual efforts in identity management and access control.

Additional Skills & Qualifications

• Bachelor’s degree in computer science, Information Security, or related field.
• Preferred Certified Information Systems Security Professional (CISSP) or Certified Identity and Access Manager (CIAM) or other relevant IAM/security certification.
• 7+ years of experience in IAM security, including at least 5 years of experience in IAM risk assessment, threat modeling, and security control design.
• Proven expertise in implementing and securing IAM solutions in cloud environments such as AWS, Azure, and Entra ID.
• In-depth knowledge of IAM security best practices, identity governance, and access management policies.
• Experience with IAM protocols such as SSO, MFA, OAuth, SAML, OpenID Connect, and identity federation.
• Hands-on experience in conducting security risk assessments and threat modeling for IAM systems.
• Demonstrated experience in establishing least privilege access and implementing Just-in-Time (JIT) access controls across cloud and on-premises environments.
• Expertise in implementing and managing a Zero Trust security posture for IAM, with hands-on experience in identity validation, continuous authentication, and risk-based access controls.
• Strong expertise with IAM platforms such as Microsoft Entra ID (Azure AD), AWS IAM, Azure Active Directory.
• Experience with cloud security, integrating IAM systems with AWS, Azure, and hybrid environments.
• Strong understanding of IAM security controls, including role-based access control (RBAC), attribute-based access control (ABAC), policy enforcement, and Just-in-Time (JIT) provisioning.
• Experience in implementing and managing SSO and MFA, with expertise in modern authentication protocols such as OAuth 2.0, OpenID Connect, and SAML.

Experience Level

Expert Level