Azure Security & IAM Architect

  • Posted 3 hours ago | Updated 3 hours ago

Overview

Remote
Hybrid
Accepts corp to corp applications
Contract - Long Term

Skills

Software as a Service
Amazon Web Services
SAAS
Best Practices
Oauth
GCP
Authentication
Mitigation
SAML
Okta
firewall
ACTIVE DIRECTORY
HIPAA
IaaS
Large-Scale
Governance
network security
SSO
LDAP
CISSP
nist
Kerberos
ISO
Risk Assessment
Risk Assessments
Incident Response
Identity and Access Management
SailPoint
Access Control
ISO 27001
Security Architecture
Sarbanes Oxley
Sarbanes-Oxley (Sox)
Process Automation
JIT
Privileged Access Management
DDOS
GIAC
Openldap

Job Details

Title: Azure Security & IAM Architect
Position Type: Full-time Employment/ Contract
Location: Remote across USA/ Canada
Position Summary
We are seeking a highly skilled and experienced Azure Security and Identity and Access Management (IAM) Security Architect to lead the design, implementation, and governance of our enterprise Azure and IAM strategy. The ideal candidate will have deep technical knowledge of Azure Security Architecture, authentication, authorization, identity governance, and privileged access management across cloud and on-premises environments. This role plays a critical part in ensuring secure, compliant, and seamless access to corporate systems and data.
Key Responsibilities
  • Design and implement IAM architectures and strategies aligned with enterprise security goals.
  • Lead the development and automation of identity lifecycle processes (Joiner-Mover-Leaver).
  • Develop and enforce policies for authentication, authorization, and access control.
  • Collaborate with cloud and application teams to integrate IAM best practices into deployments.
  • Design and support SSO, federation, and identity integration across SaaS, IaaS, and on-prem platforms.
  • Design a Zero Trust access model for a hybrid workforce accessing SaaS and on-prem apps
  • Implement and manage Privileged Access Management (PAM) solutions.
  • Perform risk assessments on identity infrastructure and implement appropriate security controls.
  • Ensure compliance with security frameworks and regulatory requirements (e.g., NIST, ISO, GDPR, SOX).
  • Evaluate and recommend IAM tools and technologies.
  • Participate in incident response efforts related to identity threats or breaches.
  • Integrate AWS IAM with Azure AD for SSO and conditional access enforcement
Required Skills and Expertise
  • Azure infra threat Modeling and Risk Assessment skills
  • Azure Security Strategy and Architecture Design
  • Network Security Architecture
  • Azure Security Services Expertise: Microsoft Defender for Cloud, Microsoft Sentinel, Key Vault, Azure Firewall, DDoS Protection, Security Center, and Azure Policy.
  • Expertise in IAM concepts including RBAC, ABAC, PBAC, JML, role engineering, JML process automation, Conditional access, Entitlement management, PSM, PIM, PAM, and access certification.
  • Hands-on experience with protocols like SAML 2.0, OAuth 2.0, OIDC, LDAP, and Kerberos.
  • Strong knowledge of directory services (Active Directory, Azure AD, LDAP).
  • Deep experience with IGA platforms (e.g., SailPoint, Saviynt, One Identity).
  • PAM tools such as CyberArk, BeyondTrust, Delinea.
  • Cloud IAM solutions: Azure AD / Entra ID, AWS IAM, Google Cloud Platform IAM.
  • Experience designing Zero Trust and Conditional Access architectures.
  • Understanding of IAM-related compliance frameworks: NIST 800-53/63, ISO 27001, HIPAA, SOX, GDPR.
  • Threat modeling and identity-centric risk mitigation strategies.
  • Strong communication and collaboration skills across technical and business teams.
  • Expertise with Top IAM Tools & Platforms
- Identity Governance and Administration (IGA)
Examples
SailPoint Lifecycle management, compliance, access certification
Saviynt Cloud-native IGA with fine-grained access for apps and infra
- Privileged Access Management (PAM)
Examples
CyberArk Vaulting, session recording, Just-in-Time (JIT) access
BeyondTrust Endpoint privilege management and session monitoring
Delinea (formerly Thycotic)
Azure PIM
- Authentication & Federation Tools
Examples
Keycloak Open-source OIDC/OAuth2 identity provider
Auth0 (now part of Okta)
Shibboleth federation via SAML
Preferred Qualifications
  • Relevant certifications: CISSP, GIAC, Azure Security Engineer, AWS Security Specialty, Identity-focused certifications.
  • Experience working in large-scale, multi-cloud, enterprise environments.
Key Tools and Technologies
  • IGA: SailPoint, Saviynt, One Identity
  • PAM: CyberArk, BeyondTrust, Delinea
  • Cloud IAM: Azure AD / Entra ID, AWS IAM, Google Cloud Platform IAM
  • SSO and Federation: Okta, Ping Identity, ForgeRock, Auth0, Keycloak
  • Directory Services: Active Directory, OpenLDAP, Azure AD DS
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.