Role Summary:
Atos is seeking a senior Cyber Security SME specializing in next-generation Identity & Access across human employees, AI agents, IoT/OT devices, and applications. You will advise clients, architect solutions, and lead delivery in an MSSP context designing multi-tenant, automated identity services aligned to Zero Trust, improving security outcomes, and accelerating time to value. You ll partner with sales, solution architects, and operations to shape offerings, win pursuits, and ensure reliable operations at scale.
Client Advisory & Architecture (Employees, AI Agents, IoT/OT, Apps)
Assess identity maturity and define target architectures spanning workforce, customer, workload, and machine identities under Zero Trust (NIST SP 800 207).
Design adaptive access (risk-based, context-aware, passwordless/FIDO2, device trust, continuous authentication) across web, mobile, and legacy apps.
Establish identity for AI agents and automations (service principals, scoped tokens, data access guardrails, human-in-the-loop approvals, auditability).
Implement workload identity (mTLS, SPIFFE/SPIRE, PKI, certificate lifecycle, secretless auth) for microservices and platforms (Kubernetes, serverless, edge).
Engineer IoT/OT device identity (x.509 provisioning, TPM/secure elements, attestation) and integrate with gateways/brokers.
Integrate IGA, PAM, CIEM/permissions management, and ITDR to reduce excessive privileges and lateral movement risk. Apply ABAC/ReBAC and policy as code (e.g., OPA) for APIs and event driven architectures.
MSSP Solution Design & Delivery
Create multi-tenant reference architectures and runbooks for managed identity services (onboarding, steady state, incident management, offboarding).
Integrate identity telemetry with SIEM/SOAR/MDR (e.g., Microsoft Sentinel, Splunk, QRadar) to enable ITDR and automated response.
Define SLAs/SLOs, KPIs, and cost models; ensure observability, resiliency, and controlled change for identity services.
Lead complex migrations and consolidations (tenant to tenant, hybrid/coexistence, M&A).
Operations & Continuous Improvement
Establish control health monitoring for identity platforms; drive automation to reduce toil and MTTR.
Partner with SOC/MDR to tune detections (impossible travel, consent phishing, anomalous token use) and reduce false positives.
Lead blameless post incidents; convert findings into hardened patterns and playbooks.
Governance, Risk & Compliance
Operationalize Join Move Leave and access reviews at scale; integrate with HRIS and ITSM.
Map controls to NIST 800 63/207, NIST CSF 2.0, ISO 27001, SOC 2, PCI DSS, HIPAA (as applicable).
Prove compliance via evidence automation and continuous control validation.
Pre Sales, Workshops & Proposals
Lead discovery, demos, and architecture workshops; craft SOWs/LOEs and respond to RFP/RFIs for managed identity services.
Present to executive and technical stakeholders; quantify risk reduction and ROI.
Contribute reusable assets (patterns, reference architectures, calculators) to speed pursuits.
8+ years in cybersecurity with 5+ years in Identity & Access; 3+ years in consulting/MSSP client facing roles.
Deep knowledge of SAML, OAuth 2.0, OpenID Connect, SCIM, FIDO2/WebAuthn, and certificate-based auth.
Hands-on with major platforms: Microsoft Entra ID (Azure AD), Okta, Ping, ForgeRock; IGA (SailPoint, Saviynt); PAM (CyberArk, BeyondTrust).
Cloud & workload identity across Azure, AWS, Google Cloud Platform (federation, workload identity; secrets management Vault/Key Vault/Secrets Manager).
Experience implementing CIEM/permissions management (e.g., Entra Permissions Management/Cloud Knox, Veza, Sonrai) and ITDR.
Knowledge of API/microservices authorization (OPA, service mesh mTLS, SPIFFE/SPIRE), plus Kubernetes RBAC/Gatekeeper/Kyverno.
Proven integration of identity with SIEM/SOAR/MDR and automation playbooks.
Excellent communication and stakeholder management skills
Never miss an opportunity! Create an alert based on the job you applied for.
