IAM Solutions Architect

Job#: 3035244

Job Description:
IAM Solutions Architect

Location: Chicago, Illinois (Onsite)

Employment Type: Contract

Duration: 12 month contract w/extension

Role Overview

We are seeking an experienced Solutions Architect to bridge our AI security and Identity and Access Management (IAM) teams. The core mission of this role is to define and design how the organization manages and secures "agentic identities" (AI and other non-human identities). This position involves hands-on architecture and design to create secure, scalable identity models for AI workloads, including large language models (LLMs) and agentic frameworks, within a complex enterprise environment.

Key Responsibilities

• Lead the hands-on architecture and design of identity and access management solutions for AI and machine learning systems.
• Define how AI agents authenticate, act on behalf of users, and how their identities are provisioned and governed.
• Develop and enforce IAM frameworks for AI workloads, ensuring least-privilege access, service identity governance, and secure token flows (e.g., OAuth 2.0).
• Design security for AI deployments, including LLMs, agents, and APIs, focusing on identity models for agent-to-system and user-to-agent interactions.
• Collaborate with AI, platform engineering, and IAM teams to embed security guardrails into the AI development lifecycle.
• Author security architecture documents, threat and risk assessments, and implementation guides for AI-related initiatives.
• Monitor the evolving AI threat landscape, including prompt injection and data exfiltration, and translate findings into actionable controls.
• Present technical security architecture and recommendations to leadership and cross-functional stakeholders.

Required Qualifications

Identity & Access Management (IAM):

• 7+ years of experience in cybersecurity, with significant experience in a security architecture or engineering capacity focused on IAM.
• Expertise in Entra ID (Azure AD) is critical, along with a strong understanding of on-premise and cloud Active Directory.
• Deep knowledge of identity architecture principles, including RBAC, group design, and access models.
• Proven experience with non-human identity management, including managed identities and service principals, and designing least-privilege access for automated agents.

Authentication & Security Concepts:

• Deep understanding of authentication and authorization protocols, particularly OAuth 2.0, token flows, and fine-grained authorization patterns.
• Strong working knowledge of cloud-native security, application security, data protection, and zero-trust principles.
• Demonstrated ability to design end-to-end security architectures for enterprise environments, with a strong preference for experience in Azure.

AI Exposure:

• Demonstrated exposure to AI/ML systems beyond basic usage, through professional or significant personal projects.
• Ability to understand AI terminology, discuss deployment patterns for LLMs and agents, and think critically about their security implications.

Preferred Qualifications

• Experience in financial services or other heavily regulated industries.
• Hands-on experience with the Microsoft Azure security ecosystem, including Azure AI and Defender for Cloud.
• Familiarity with API gateway security patterns for AI services (e.g., Azure APIM).
• Knowledge of model security scanning, container security for ML workloads, and secure MLOps pipeline design.
• Relevant certifications such as CISSP, CCSP, or Azure Security Engineer Associate.
• Knowledge of advanced authentication concepts (e.g., RAR, macaroons, biscuits).

Compensation

The pay rate for this position is between $90.00 and $100.00 per hour.

We are an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. We will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law.

Apex uses a virtual recruiter as part of the application process. Click for more details.

If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at or

Everforth Apex is a world-class IT services company that serves thousands of clients across the globe. When you join Everforth Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing in Talent Satisfaction in the United States and Great Place to Work in the United Kingdom and Mexico. Everforth Apex uses a virtual recruiter as part of the application process. Click for more details.

Everforth Apex Benefits Overview: Everforth Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Everforth Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Everforth Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Everforth Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Everforth Apex team member can provide.