Azure Security & IAM Architect

Azure Security & IAM Architect - MT 1770

Location: Remote across USA/ Canada

Preferred Qualifications Relevant certifications: CISSP,GIAC,Azure Security Engineer,AWS Security Specialty,Identity-focused certifications. Experience working in large-scale,multi-cloud,enterprise environments. Key Tools and Technologies IGA: SailPoint,Saviynt,One Identity PAM: CyberArk,BeyondTrust,Delinea Cloud IAM: Azure AD / Entra ID,AWS IAM,Google Cloud Platform IAM SSO and Federation: Okta,Ping Identity,ForgeRock,Auth0,Keycloak Directory Services: Active Directory,OpenLDAP,Azure AD DS

Position Summary

We are seeking a highly skilled and experienced Azure Security and Identity and Access Management (IAM) Security Architect to lead the design, implementation, and governance of our enterprise Azure and IAM strategy. The ideal candidate will have deep technical knowledge of Azure Security Architecture, authentication, authorization, identity governance, and privileged access management across cloud and on-premises environments. This role plays a critical part in ensuring secure, compliant, and seamless access to corporate systems and data.

Key Responsibilities

Design and implement IAM architectures and strategies aligned with enterprise security goals.

Lead the development and automation of identity lifecycle processes (Joiner-Mover-Leaver).

Develop and enforce policies for authentication, authorization, and access control.

Collaborate with cloud and application teams to integrate IAM best practices into deployments.

Design and support SSO, federation, and identity integration across SaaS, IaaS, and on-prem platforms.

Design a Zero Trust access model for a hybrid workforce accessing SaaS and on-prem apps

Implement and manage Privileged Access Management (PAM) solutions.

Perform risk assessments on identity infrastructure and implement appropriate security controls.

Ensure compliance with security frameworks and regulatory requirements (e.g., NIST, ISO, GDPR, SOX).

Evaluate and recommend IAM tools and technologies.

Participate in incident response efforts related to identity threats or breaches.

Integrate AWS IAM with Azure AD for SSO and conditional access enforcement

Required Skills and Expertise

Azure infra threat Modeling and Risk Assessment skills

Azure Security Strategy and Architecture Design

Network Security Architecture

Azure Security Services Expertise: Microsoft Defender for Cloud, Microsoft Sentinel, Key Vault, Azure Firewall, DDoS Protection, Security Center, and Azure Policy.

Expertise in IAM concepts including RBAC, ABAC, PBAC, JML, role engineering, JML process automation, Conditional access, Entitlement management, PSM, PIM, PAM, and access certification.

Hands-on experience with protocols like SAML 2.0, OAuth 2.0, OIDC, LDAP, and Kerberos.

Strong knowledge of directory services (Active Directory, Azure AD, LDAP).

Deep experience with IGA platforms (e.g., SailPoint, Saviynt, One Identity).

PAM tools such as CyberArk, BeyondTrust, Delinea.

Cloud IAM solutions: Azure AD / Entra ID, AWS IAM, Google Cloud Platform IAM.

Experience designing Zero Trust and Conditional Access architectures.

Understanding of IAM-related compliance frameworks: NIST 800-53/63, ISO 27001, HIPAA, SOX, GDPR.

Threat modeling and identity-centric risk mitigation strategies.

Strong communication and collaboration skills across technical and business teams.

Expertise with Top IAM Tools & Platforms

- Identity Governance and Administration (IGA)

Examples

SailPoint Lifecycle management, compliance, access certification

Saviynt Cloud-native IGA with fine-grained access for apps and infra -Privileged Access Management (PAM)

Examples

CyberArk Vaulting, session recording, Just-in-Time (JIT) access

BeyondTrust Endpoint privilege management and session monitoring

Delinea (formerly Thycotic) Azure PIM - Authentication & Federation Tools

Examples

Keycloak Open-source OIDC/OAuth2 identity provider

Auth0 (now part of Okta)

Shibboleth federation via SAML

Preferred Qualifications

Relevant certifications: CISSP, GIAC, Azure Security Engineer, AWS Security Specialty, Identity-focused certifications.

Experience working in large-scale, multi-cloud, enterprise environments.

Key Tools and Technologies

IGA: SailPoint, Saviynt, One Identity

PAM: CyberArk, BeyondTrust, Delinea

Cloud IAM: Azure AD / Entra ID, AWS IAM, Google Cloud Platform IAM

SSO and Federation: Okta, Ping Identity, ForgeRock, Auth0, Keycloak

Directory Services: Active Directory, OpenLDAP, Azure AD DS