First AmericanRemote
Senior Information Security Architect – Cloud IAM
United States
Full Time
2 hours ago
$148,600 - $198,200 USD
Visa Sponsor
Key skills
AWSAzureCloudGoogle Cloud PlatformGCPGoogle CloudIAMAzure ADEntra IDOAuthSAMLActive DirectoryIdentity ManagementSSONetwork SecurityCloud SecurityZero Trust
About this role
Role Overview
- Participate in the design of secure IAM architectures across multiple platforms (AWS, Azure, Entra ID), ensuring all components align with best practices and organizational security requirements.
- Design security controls for IAM, including user authentication, authorization, role management, identity federation, and privilege management across cloud and hybrid environments.
- Lead the design and evolution of CIAM architecture that supports secure, scalable, and customer-centric identity services across web, mobile, and API-based platforms.
- Establish and maintain a Zero Trust security model for IAM, ensuring that all access requests are continuously verified, regardless of location or network.
- Integrate Zero Trust principles with cloud-native security tools and IAM platforms (e.g., AWS, Azure, Entra ID) to ensure seamless, secure, and dynamic access control.
- Automate risk-based access controls and adaptive authentication based on behavioral signals, ensuring a dynamic response to security events.
- Establish and enforce least privilege access principles for all roles across cloud and on-prem environments, ensuring users only have the minimal access necessary to perform their job functions.
- Design and implement Just-in-Time (JIT) access control mechanisms to dynamically grant access based on user needs, significantly reducing standing permission sets.
- Design SSO solutions that provide seamless and secure access to enterprise applications, ensuring a frictionless user experience while maintaining high security standards.
- Lead the adoption of modern authentication protocols (e.g., OAuth 2.0, OpenID Connect, SAML) for secure, scalable, and standardized access management across applications and systems.
- Design MFA solutions to enhance authentication security, applying risk-based policies to ensure strong protection for sensitive data and critical resources.
- Develop and integrate IAM security controls with cloud platforms such as AWS, Azure, and Entra ID, ensuring secure access management across both public and hybrid cloud environments.
- Leverage native security features of cloud platforms (e.g., AWS IAM, Azure AD, Entra ID) to design scalable, secure, and automated IAM solutions.
- Lead the migration process from Hybrid Active Directory to Entra-ID based authentication to ensure minimal disruption and proper synchronization and federation across systems.
- Develop and maintain security governance frameworks for IAM, focusing on identity lifecycle management, role-based access control (RBAC), user provisioning, deprovisioning, and enforcement of least privilege.
- Ensure proper identity governance and access reviews are conducted regularly, documenting changes and exceptions as part of compliance audits.
- Collaborate with cross-functional teams, including application security, network security, infrastructure, and DevOps, to integrate IAM security best practices across systems and services.
- Stay up to date on the latest IAM trends, security threats, and technology advancements to continuously improve IAM practices and solutions.
- Implement security automation tools and workflows to improve efficiency and reduce manual efforts in identity management and access control.
Requirements
- Bachelor’s degree in computer science, Information Security, or related field
- 7+ years of experience in IAM security, including at least 5 years of experience in IAM risk assessment, threat modeling, and security control design
- Preferred Certified Information Systems Security Professional (CISSP) or Certified Identity and Access Manager (CIAM) or other relevant IAM/security certification
- Proven expertise in implementing and securing IAM solutions in cloud environments such as AWS, Azure, and Entra ID
- Knowledge in GCP would be a nice to have.
- In-depth knowledge of IAM security best practices, identity governance, and access management policies.
- Hands-on experience in conducting security risk assessments and threat modeling for IAM systems.
- Demonstrated experience in establishing least privilege access and implementing Just-in-Time (JIT) access controls across cloud and on-premises environments.
- Expertise in implementing and managing a Zero Trust security posture for IAM, with hands-on experience in identity validation, continuous authentication, and risk-based access controls.
- Strong expertise with IAM platforms such as Microsoft Entra ID (Azure AD), AWS IAM, Azure Active Directory.
- Experience with cloud security, integrating IAM systems with AWS, Azure, and hybrid environments.
- Strong understanding of IAM security controls, including role-based access control (RBAC), attribute-based access control (ABAC), policy enforcement, and Just-in-Time (JIT) provisioning.
- Experience in implementing and managing SSO and MFA, with expertise in modern authentication protocols such as OAuth 2.0, OpenID Connect, and SAML.
- Experience in architecting and operating CIAM solutions at enterprise scale (customer-facing portals, mobile apps, APIs).
Tech Stack
- AWS
- Azure
- Cloud
- Google Cloud Platform
Benefits
- medical
- dental
- vision
- 401k
- PTO/paid sick leave
- employee stock purchase plan