IAM Architect – Access Management, CIAM

Role Overview

• Deploy, configure, manage, and support Okta, Auth0, Ping Identity (PingFederate, PingOne, PingOne AIC), and Microsoft Entra ID environments
• Manage user lifecycle governance including provisioning, deprovisioning, and access certification workflows
• Maintain authentication policies, authorization rules, access workflows, and security controls
• Implement and oversee Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Adaptive Authentication
• Ensure adherence to least-privilege and Zero-Trust principles for all user and application identities
• Support modern IAM capabilities such as: Just-in-Time (JIT) access provisioning, Conditional Access and risk-based authentication, API access management and OAuth/OIDC flows, Cloud-native identity federation, Identity lifecycle automation and governance, Passwordless and phishing-resistant authentication, Workforce and customer identity management (CIAM)
• Assist in building automated identity workflows for application onboarding and user access requests
• Integrate IAM platforms with AD/LDAP, cloud directories, SIEM, SCIM provisioning, SAML/OIDC applications, and cloud services (AWS/Azure/GCP)
• Onboard new applications, SaaS platforms, APIs, and services to Okta, Ping Identity, and Entra ID
• Configure identity providers (IdP), service providers (SP), federation protocols, and API gateways
• Develop automation for user provisioning, access reviews, and monitoring using PowerShell, Python, or REST APIs
• Implement access governance policies, role-based access control (RBAC), and attribute-based access control (ABAC)
• Configure and maintain directory synchronization, identity federation, and hybrid identity architectures
• Support identity threat detection, anomaly monitoring, and security incident response
• Champion projects from an ownership perspective, taking full accountability for successful delivery and client outcomes
• Drive client customer satisfaction by maintaining proactive communication, managing expectations, and ensuring quality deliverables
• Provide strategic oversight across multiple concurrent projects, ensuring alignment with client objectives and timelines
• Enhance delivery team efficiency through mentorship, technical guidance, and process optimization
• Ensure appropriate staffing on projects by assessing technical requirements and team capabilities
• Identify and mitigate project risks, escalating issues when necessary to maintain project health
• Collaborate with project managers and leadership to optimize resource allocation and project planning
• Conduct regular project health checks and implement corrective actions to keep engagements on track
• Foster strong client relationships through technical excellence and consultative approach
• Lead post-implementation reviews and capture lessons learned to continuously improve delivery practices
• Develop and refine standard operating procedures (SOPs) and templates to improve consistency and quality across engagements
• Create and maintain technical documentation, implementation guides, and best practice frameworks
• Standardize delivery methodologies and tooling to enhance team productivity and client outcomes
• Provide technical expertise during the presales process to support new business opportunities
• Assist with project scoping activities, including technical discovery and requirements gathering
• Develop Level of Effort (LOE) estimates for proposed IAM implementations and engagements
• Contribute to Statement of Work (SOW) development, ensuring technical accuracy and feasibility
• Support proposal development with technical content, solution architectures, and implementation approaches
• Act as a liaison between the sales organization and delivery practice to ensure smooth handoffs
• Participate in client-facing presentations and technical demonstrations during the sales cycle
• Provide subject matter expertise to address technical questions and concerns from prospective clients
• Collaborate with sales teams to identify opportunities for service expansion and upsell within existing accounts

Requirements

• Bachelor's degree in Computer Science, Information Security, or related field — or equivalent work experience
• 3–5+ years of experience in Identity and Access Management engineering or Consulting
• Hands-on experience with Okta (Universal Directory, Lifecycle Management, Workflows, API Access Management)
• Experience implementing Microsoft Entra ID including Conditional Access, Identity Protection, and Entra Connect
• Working knowledge of Ping Identity solutions (PingFederate, PingOne, or PingAccess)
• Strong understanding of identity governance, SSO protocols (SAML, OIDC, OAuth), MFA, and access certification
• Experience with Windows/Linux server administration and Active Directory
• Familiarity with scripting (PowerShell, Python) and REST APIs
• Knowledge of common security frameworks and access control principles.

Tech Stack

• AWS
• Azure
• Cloud
• Google Cloud Platform
• Linux
• Python

Benefits

• Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family). If you choose the High Deductible / HSA plan, GPS will contribute in 4 equal quarterly installments: ($850 per EE annually / $1750 per family annually (includes spouse/children/family options)
• Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans
• 12 corporate holidays and a Flexible Time Off (FTO) program
• Healthy mobile phone and home internet allowance
• Eligibility for retirement plan after 2 months at open enrollment
• Pet Benefit Option