Customer Identity & Access Management (CIAM) Security Architecture Lead

About The Position

Requirements

• 8+ years of experience in CIAM/IAM with at least 3 years in a lead or security architecture capacity
• Demonstrated experience assessing, remediating, and scaling existing CIAM implementations in complex environments
• Deep hands-on experience with Auth0 and at least one additional Tier-1 CIAM platform (e.g., Okta CIAM, Ping Identity, ForgeRock, Microsoft Entra ID)
• Expertise in OIDC, OAuth 2.0, SAML, FIDO2/WebAuthn, and SCIM
• Strong understanding of modern application architectures (SPAs, microservices, mobile APIs) and cloud platforms (AWS preferred)
• Proven ability to translate identity risk and architectural gaps into actionable remediation and roadmap decisions
• Strong understanding of Zero Trust principles, identity threat models, logging, monitoring, and auditability
• Ability to communicate complex security concepts to technical and non-technical stakeholders
• Proven ability to navigate a matrixed organization to accomplish goals

Nice To Haves

• Security certifications such as CISSP-ISSAP, CISM, or senior vendor certifications (e.g., Okta or Auth0 Certified Architect)
• Experience with Identity-as-Code, CI/CD pipelines, and Terraform
• Experience integrating CIAM with fraud detection, bot mitigation, or risk-based authentication engines
• Experience supporting CIAM in regulated or high-trust environments such as healthcare or life sciences
• Programming or scripting experience (Python, Java, Go, etc.)
• Experience applying analytics or AI/ML to identity security or anomaly detection

Responsibilities

• Serve as the security architecture authority for customer identity and access management across all customer-facing products
• Assess the existing Auth0 deployment and lead remediation, reconfiguration, and architectural improvements to meet enterprise security and scale requirements
• Design and evolve an enterprise CIAM architecture that remains portable across other CIAM platforms (e.g., Okta CIAM, Ping Identity, ForgeRock, Microsoft Entra ID)
• Establish CIAM security standards, reference architectures, control requirements, and guardrails aligned with Zero Trust principles and enterprise security strategy
• Develop and maintain a multi-year CIAM roadmap aligned with enterprise goals and digital transformation initiatives
• Define future-state capabilities including SSO, MFA, passwordless authentication, adaptive authentication, modern RBAC/ABAC models, and expansion across B2B and B2C use cases
• Ensure the roadmap addresses remediation of current-state gaps while enabling long-term scalability and consistency
• Architect and govern secure authentication and authorization patterns across diverse customer use cases
• Design and implement federated identity integrations using OIDC, OAuth 2.0, and SAML
• Support customer-managed and federated identity scenarios, including trust boundary definition, assurance levels, and delegated administration models
• Architect secure multi-tenant CIAM models supporting multiple products, customers, and environments
• Design layered administrative and delegated access controls for internal operations and customer administrators
• Ensure administrative access adheres to least privilege, separation of duties, and strong auditability
• Architect CIAM solutions supporting both human customer identities and system, service, and integration accounts
• Define secure API authentication, token lifecycle management, system to system (internal and external) authentication patterns and non-interactive access patterns
• Define and validate security controls, configurations, and assurance requirements for CIAM implementations
• Ensure CIAM solutions integrate with the broader security ecosystem including SIEM/SOAR, IAM/IGA, monitoring, and fraud detection platforms
• Partner with GRC, Security Operations, and Product Security teams to perform threat modeling, support audits, and reduce identity-related risk
• Act as the primary CIAM security advisor to Product, Marketing, IT, Engineering, and Platform teams
• Translate complex identity and security requirements into clear, consumable architectural guidance
• Communicate CIAM strategy, risk posture, and progress to VP-level and executive leadership

Benefits

• Health / Dental / Vision Benefits Day-One
• 5% matching 401k
• Additional benefits including but not limited to financial support, pet insurance, mental health resources, volunteer paid days off, employee stock program, foundation donation matching, and much more!