Senior Identity Security Architect

Senior Identity Security Architect

SEATTLE, WA

Full Time

Define and own the target state architecture and reference designs for the identity security platform across BeyondTrust (Password Safe, EPM, PRA), Microsoft Entra ID, Active Directory,and SailPoint IDN.Lead the architecture and deployment strategy for large scale identity security modernization initiatives privileged access transformation, identity governance modernization, cloud identity adoption, Active Directory and hybrid identity modernization, and Zero Trust identity patterns Establish architecture standards, design patterns,teams implement against, and serve as design authority through architecture and design reviews.Develop migration and deployment strategies sequencing, cutover, rollback, and risk mitigation for moving large user and system populations onto modern identity platforms with minimal disruption.cloud (Azure, AWS, Google Cloud Platform), and enterprise/SaaS applications using APIs, federation, and provisioning standards (SAML, OAuth2/OIDC, SCIM, Kerberos, LDAP).Drive phishing resistant authentication and least privilege/PAM architecture across the enterprise. Partner with engineering leads, security architecture, platform/cloud teams, and program management to translate architecture into delivery roadmaps and executable workstreams.Provide technical leadership and guidance to build engineers; review designs and key implementations to ensure alignment to architecture and security requirements.Identify and document architectural risks, dependencies, and trade offs; present recommendations and decisions to engineering and leadership audiences.ensuring designs meet Nordstrom security, compliance, and data handling requirementsLeverage AI tooling to accelerate architecture analysis, design documentation, and solution evaluationBachelor's or master's degree in Computer Science, Cybersecurity, Information Technology, or equivalent education and experience.15+ years of security or identity engineering experience, including significant experience as an identity/security architect on enterprise scale environments.Demonstrated experience leading large scale identity security modernization or transformation programs end to end from target state architecture through production deployment.Deep architecture level expertise across two or more of the following, with strong working knowledge of the rest: BeyondTrust, Microsoft Entra ID, Active Directory, Okta, and SailPoint.Strong command of identity architecture fundamentals: authentication/authorization protocols (SAML, OAuth2/OIDC, SCIM, Kerberos, LDAP), federation, MFA and phishing resistant authentication, RBAC/ABAC, least privilege, tiered administration, and Zero Trust identity.Proven experience designing integrations and migrations across hybrid and multi cloud environments at scale.Experience setting architecture standards and acting as a design authority across multiple delivery teams.Excellent communication skills able to align engineers, architects, and senior leadership around architecture decisions and trade offs. Ability to operate independently in a fast paced, multi workstream program with highArchitecture or security certifications such as CISSP, SABSA, TOGAF, Microsoft Identity & Access Administrator (SC 300), or SailPoint Certified Engineer