Lead Discovery Architect, Cyber Compliance – GRC
United States
Full Time
2 hours ago
No Visa Sponsorship
Key skills
AzureCloudCyber SecurityKubernetesNeo4jOpenShiftPythonTerraformPowerShellAIAgenticIAMAzure ADEntra IDActive DirectoryGitLeadershipOKRsChange ManagementCommunicationZero Trust
About this role
Role Overview
- The Lead Discovery Architect of our Cyber Strike Pods anchors the Assessment-Led Operating Model by converting raw telemetry into defensible decisions and prioritized, time-bound remediation plans aligned to NIST SP 800-207 and the CISA Zero Trust Maturity Model.
- The Lead Discovery Architect leads high-velocity discovery assessments to find flaws and architect the cybersecurity foundations required to sever attack paths across on-premises Active Directory, Entra ID (Azure AD), and the emerging world of Agentic AI.
- This role operates as the discovery authority and chief architect for a multi-disciplinary pod, owning technical direction, quality, and executive communications across assessment, prioritization, and proof-of-remediation.
- Given the U.S. Public Sector context, this role works within ATO constraints and handles sensitive data appropriately while coordinating with compliance owners (e.g., FISMA/FedRAMP/CMMC) to ensure evidence and artifacts support accreditation updates.
- Direct technical discovery within Active Directory (AD) and Entra ID.
- Convert raw telemetry into Executive Identity Risk Scorecards.
- Articulate "Choke Point Saturation" and "Attack Path Depth," proving to Agency CISOs that an adversary can achieve Full Domain Takeover in an average of 3.2 hops.
- Own and deliver executive readouts/whiteboard sessions to translate graph-theory findings into business impact, time-to-fix, and outcome-based roadmaps with clear owners and due dates.
- Identify the Shadow Admins and unmanaged GPOs that must be remediated before IAM/PAM tools can be effectively deployed and map each finding to specific identity control objectives and preconditions for IAM/PAM efficacy.
- Identify specific Choke Points that represent 80% of a client's risk (e.g., GPO links, Service Account rotation, and Tiered Admin restrictions).
- Lead hands-on proofs-of-remediation for the top choke points and measure impact before scale-out.
- Map identified risks to specific hardening or maturity services and OEM solution pathways (Ping Identity, Aembit, Zscaler, Delinea, Hydden).
- Sequence work to minimize operational disruption and define “no-regrets” controls and fast-path wins.
- Utilize tools like Hydden to identify the risks of orphaned service principals, Automated Service Accounts, and Shadow AI agents that create unmonitored backdoors into critical workloads.
- Recommend lifecycle controls, least-privilege scopes, and continuous discovery for NHIs across clouds and platforms.
- Move clients from static, password-based security to a context-aware Zero Trust architecture, ensuring "Least Privilege" is enforced by technical control, not just policy.
- Analyze the structural integrity of the bridge between on-prem AD and Entra ID, identifying high-risk configurations such as identifying the compromise of an on-prem helpdesk account can lead to a total takeover of the M365/Azure tenant.
- Convert technical debt into actionable demand for our high margin Hardening & Maturity Services.
- Move clients from "Reactive" (D+) to "Optimized" (A) postures.
- Document runbooks and operating-level agreements that sustain gains post-engagement.
- Build and maintain reusable discovery and hardening automation (PowerShell, Microsoft Graph API, KQL, Neo4j/Cypher, Terraform/Policy-as-Code) and steward a Git-based pattern library/playbooks for repeatable execution.
- Define, track, and report identity resilience KPIs/OKRs (e.g., Mean Attack Path Length, Shadow Admin density, Credential Exposure rate, CA policy coverage) and establish a leadership inspection cadence.
- Support mentorship of pod engineers to develop identity security expertise, operational judgment, and technical ownership.
- Coordinate with SOC, IR, Cloud Platform, and Enterprise Architecture to sequence changes safely and ensure durable ownership.
- Ensure alignment to U.S. Public Sector requirements (e.g., NIST SP 800-53 controls, CISA directives/BODs, agency-specific ATO conditions) and produce evidence artifacts to support audits and accreditations.
- Other Duties Perform all other duties, as assigned.
Requirements
- Bachelor’s Degree in an IT-related field or equivalent work experience, required.
- 12-15 years of progressive experience in Cyber consulting.
- 5+ years leading hands-on identity modernization engagements.
- Proven experience leading automation architecture for high-volume, factory-style transformations (hundreds to thousands of workloads).
- Demonstrated experience and ownership of reusable automation assets and playbooks (version-controlled, peer-reviewed).
- Hands-on experience operating in hybrid environments spanning on-prem virtualization, Kubernetes/OpenShift platforms, and public cloud services.
- Deep, practical experience with Microsoft identity/security stack: Entra ID Protection, Conditional Access, PIM, Entra ID Governance, Defender for Identity, Microsoft Sentinel (SIEM), and Microsoft 365 Defender.
- Experience in U.S. Public Sector environments and frameworks (NIST SP 800-207/800-53, FedRAMP, CMMC) is highly desirable.
- Deep proficiency with Active Directory (on-prem) and Entra ID (Cloud).
- Understanding of and/or ability to learn proficient use of BloodHound, PingCastle, and Purple Knight is mandatory.
- Hands-on proficiency with Microsoft Defender for Identity, Entra Permissions Management (CIEM), Microsoft Sentinel, and Microsoft 365 Defender.
- Fluency in PowerShell, KQL, Python, and Neo4j/Cypher for data-driven analysis and automation.
- Deep understanding of NIST 800-207 and the technical requirements for implementing a Zero Trust identity perimeter.
- Ability to translate Zero Trust principles into enforceable controls (Conditional Access patterns, PIM guardrails, device trust, continuous evaluation).
- Ability to see an environment through the eyes of an attacker such as nodes, edges, and "Pass-the-Hash" opportunities where others see "Users and Groups".
- Ability to write and interpret complex Cypher and KQL to quantify attack paths, choke points, and control efficacy; familiarity with MITRE ATT&CK and threat modeling (e.g., STRIDE).
- Ability to translate a complex graph-theory finding into a compelling business case for identity modernization.
- Skilled at building decision-ready artifacts (scorecards, roadmaps, architecture decision records) that drive action.
- Exceptional written and verbal communication skills, with the ability to translate complex automation concepts into executive-level and non-technical narratives.
- A mindset oriented toward product thinking – treating automation as a long-lived platform rather than a one-time migration tool with strong DevOps hygiene (Git, PRs, CI) and change management discipline to ensure safe rollout at scale.
Tech Stack
- Azure
- Cloud
- Cyber Security
- Kubernetes
- Neo4j
- OpenShift
- Python
- Terraform
Benefits
- Comprehensive Health, Dental, and Vision plans
- Premier 401k retirement plan with corporate matching and a 529 college saving plan
- Tax-advantaged Health Savings Account and Dependent Care Flexible Spending Account options
- Legal Resources
- Unlock Exclusive Benefits for Full-Time Employees: Generous work/life balance opportunities supported by a PTO bank, paid holidays, leave programs and additional flex time off
- Employee referral program
- Employee recognition, gift and reward program
- Tuition reimbursement for continuing education
- Remote or hybrid work options
- Engaging company events such as team building activities, annual awards and kick-off parties
- Health and wellness-focused activities
- Relaxation Spaces
- In-office gourmet coffee, tea, fresh fruit and healthy snacks
- Corporate GREEN approach – tracking energy consumption for reduction and purchasing only environmentally friendly products for our offices