Job Description

Title: Azure Security & IAM Architect

Position Type: Full-time Employment/ Contract

Location: Remote across USA/ Canada

Position Summary

We are seeking a highly skilled and experienced Azure Security and Identity and Access Management (IAM) Security Architect to lead the design, implementation, and governance of our enterprise Azure and IAM strategy. The ideal candidate will have deep technical knowledge of Azure Security Architecture, authentication, authorization, identity governance, and privileged access management across cloud and on-premises environments. This role plays a critical part in ensuring secure, compliant, and seamless access to corporate systems and data.

Key Responsibilities

• Design and implement IAM architectures and strategies aligned with enterprise security goals.
• Lead the development and automation of identity lifecycle processes (Joiner-Mover-Leaver).
• Develop and enforce policies for authentication, authorization, and access control.
• Collaborate with cloud and application teams to integrate IAM best practices into deployments.
• Design and support SSO, federation, and identity integration across SaaS, IaaS, and on-prem platforms.
• Design a Zero Trust access model for a hybrid workforce accessing SaaS and on-prem apps
• Implement and manage Privileged Access Management (PAM) solutions.
• Perform risk assessments on identity infrastructure and implement appropriate security controls.
• Ensure compliance with security frameworks and regulatory requirements (e.g., NIST, ISO, GDPR, SOX).
• Evaluate and recommend IAM tools and technologies.
• Participate in incident response efforts related to identity threats or breaches.
• Integrate AWS IAM with Azure AD for SSO and conditional access enforcement

Required Skills and Expertise

• Azure infra threat Modeling and Risk Assessment skills
• Azure Security Strategy and Architecture Design
• Network Security Architecture
• Azure Security Services Expertise: Microsoft Defender for Cloud, Microsoft Sentinel, Key Vault, Azure Firewall, DDoS Protection, Security Center, and Azure Policy.
• Expertise in IAM concepts including RBAC, ABAC, PBAC, JML, role engineering, JML process automation, Conditional access, Entitlement management, PSM, PIM, PAM, and access certification.
• Hands-on experience with protocols like SAML 2.0, OAuth 2.0, OIDC, LDAP, and Kerberos.
• Strong knowledge of directory services (Active Directory, Azure AD, LDAP).
• Deep experience with IGA platforms (e.g., SailPoint, Saviynt, One Identity).
• PAM tools such as CyberArk, BeyondTrust, Delinea.
• Cloud IAM solutions: Azure AD / Entra ID, AWS IAM, GCP IAM.
• Experience designing Zero Trust and Conditional Access architectures.
• Understanding of IAM-related compliance frameworks: NIST 800-53/63, ISO 27001, HIPAA, SOX, GDPR.
• Threat modeling and identity-centric risk mitigation strategies.
• Strong communication and collaboration skills across technical and business teams.
• Expertise with Top IAM Tools & Platforms

- Identity Governance and Administration (IGA)

Examples

SailPoint Lifecycle management, compliance, access certification

Saviynt Cloud-native IGA with fine-grained access for apps and infra

- Privileged Access Management (PAM)

Examples

CyberArk Vaulting, session recording, Just-in-Time (JIT) access

BeyondTrust Endpoint privilege management and session monitoring

Delinea (formerly Thycotic)

Azure PIM

- Authentication & Federation Tools

Examples

Keycloak Open-source OIDC/OAuth2 identity provider

Auth0 (now part of Okta)

Shibboleth federation via SAML

Preferred Qualifications

• Relevant certifications: CISSP, GIAC, Azure Security Engineer, AWS Security Specialty, Identity-focused certifications.
• Experience working in large-scale, multi-cloud, enterprise environments.

Key Tools and Technologies

• IGA: SailPoint, Saviynt, One Identity
• PAM: CyberArk, BeyondTrust, Delinea
• Cloud IAM: Azure AD / Entra ID, AWS IAM, GCP IAM
• SSO and Federation: Okta, Ping Identity, ForgeRock, Auth0, Keycloak
• Directory Services: Active Directory, OpenLDAP, Azure AD DS

Job Tags

Similar Jobs