Identity Security Architect

Southern Company•Atlanta, GA

1d•Hybrid

About The Position

Southern Company, a major U.S. energy firm, is seeking an experienced Identity Security Architect to design creative identity solutions and reduce risk. This is a primarily on-site role with 4 days per week in-office presence expected. This role will have responsibility for setting the strategic direction for identity security specifically across our various cloud tenants and in support of the company’s desire for agentic transformation. It will directly support the company’s efforts to mitigate real and potential cyber threats to the company’s facilities, personnel, technology, operations, and brand – including critical electric and gas utility infrastructure and its privately owned telecommunications network. Although the position is cloud centric there is expected to be heavy involvement with the design and security of agents and agentic use cases. There is likely future engagement with on-prem applications as well, as legacy datastores are set for modernization and ingestion into large language models. Applicants should be well rounded in their understanding of different security disciplines such as networking, endpoint, data, cloud, application security, monitoring and, of course, identity. They should be able to align execution with an overall strategy to increase identity maturity, anticipate future requirements for complex hybrid and multi-cloud environments, and drive identity initiatives via influence and relationships. Southern Company is headquartered in Atlanta, and we bring energy to homes and businesses across the country. We’ve made our name as a leading producer of clean, safe, reliable and affordable energy, and we approach each day as a vital step in building the future of energy. We’re always looking ahead, and our innovations in the industry – from new nuclear to deployment of electric transportation and renewables – to help brighten the lives and businesses of millions of customers nationwide. Our team is critical to building the future of energy with secure, resilient, and sustainable cyber solutions.

Requirements

3+ years designing or operating cloud identity architectures across multiple providers (Azure/Entra, AWS IAM, GCP IAM, SaaS).
Experience building or contributing to an identity security program, including governance and standards.
Strong understanding of non-human identities: service accounts, workloads, APIs, automation, and AI agents.
Hands on experience with OAuth 2.0, OIDC, token lifecycles, certificates, and trust boundaries.
Understanding of authorization models beyond RBAC (claims based, policy based, attribute based).
Familiarity with AI / agent execution models, delegated authority, and identity risks introduced by autonomy.
Ability to translate security requirements into developer friendly architectures and patterns.
Strong communication skills to position identity as a business and platform enabler.
Ability to lead initiatives from concept through delivery with minimal oversight.
Must pass Insider Threat Program background checks.

Nice To Haves

Experience securing AI platforms, LLM integrations, or agent frameworks.
Familiarity with Model Context Protocol (MCP), agent to tool authentication, or workload mediation patterns.
Experience with API security, token introspection, and fine-grained authorization.
Programming or scripting proficiency (Python, JavaScript, REST/Graph APIs, JSON).
Knowledge of Zero Trust Architecture, NIST, OWASP, and cloud security frameworks.
Security certifications (CISSP, CCSP, CISA, GIAC, CRISC, etc.).
Awareness of nation state, supply chain, and AI enabled threat models.
Interest in applying agentic and AI security concepts to critical infrastructure and energy systems.

Responsibilities

Set strategic direction for agentic, AI, and workload identity security across the organization and advise leadership on emerging identity risks and opportunities.
Define and evolve Southern Company’s agentic identity architecture, including non‑human identities (AI agents, service principals, workloads, automation, MCP servers).
Collaborate with engineering and security teams to integrate SPIFFE/SPIRE-based identity mechanisms, ensuring scalable, robust, and policy-driven workload authentication and authorization.
Serve as a trusted advisor by designing secure, scalable identity and authorization patterns that enable AI‑driven business capabilities.
Align forward‑looking identity strategy with business goals across multi‑cloud, SaaS, and AI platforms.
Establish identity guardrails for autonomous agents, including least privilege, intent‑bounded access, and lifecycle governance.
Engage third‑party experts for architecture reviews, AI risk assessments, and emerging best practices.
Influence adoption through a product‑ and enablement‑oriented approach to identity services, patterns, and platforms.
Monitor and prepare for regulatory, ethical, and security impacts of AI‑driven and autonomous systems.
Contribute to standards, policies, and reference architectures for human, non‑human, and agentic identity.
Improve processes supporting automation, ephemeral access, workload trust, and identity observability.
Lead cross‑functional initiatives involving security, AI, cloud, and engineering teams.
Mentor and educate teams on modern identity, zero trust, and agent safety principles.