IT Security Architect-IAM & PAM

About The Position

Requirements

• Bachelor’s degree from an accredited college or university in Computer Science, Information Systems, Cybersecurity, or a related field, or equivalent combination of education and experience.
• Seven (7) years of progressive experience in enterprise IT and information security, to include five (5) years in complex, multi-tiered IT environments.
• Demonstrate hands-on experience with IAM and PAM solutions.
• Experience supporting regulated environments subject to audit and compliance requirements.
• CISSP or CISM required (or equivalent).
• Valid Texas Class A, B, or C driver’s license, no Driving While Intoxicated (DWI) conviction within the last sixty (60) consecutive months, not more than one (1) DWI on driving record, and not more than three (3) convictions of moving violations within the last thirty-six (36) months to operate DART non-revenue vehicles, or drive in the course and scope of job.
• Deep expertise in Privileged Access Management (PAM), with strong hands-on experience administering and architecting CyberArk solutions.
• Strong knowledge of Identity and Access Management concepts, including authentication, authorization, federation, MFA, RBAC, and access governance.
• Advanced understanding of Active Directory, Azure AD / Entra ID, LDAP, Kerberos, and identity integrations.
• Experience integrating IAM/PAM with Windows, Linux, databases, network devices, cloud platforms, and enterprise applications.
• Knowledge of Zero Trust Architecture and identity-centric security models.
• Familiarity with SIEM integration, logging, session monitoring, and privileged activity analytics.
• Working knowledge of scripting and automation (e.g., PowerShell, Python) to support identity and privilege workflows.
• Strong knowledge of NIST 800-53, NIST CSF, ISO 27001/27002, and related security frameworks.
• Understanding of regulatory requirements affecting identity and privileged access, including PCI-DSS, HIPAA, CJIS, and protection of PII/PHI.
• Experience supporting vulnerability management, penetration testing, and audit remediation efforts.
• Strong architectural and analytical skills with the ability to translate business requirements into secure technical designs.
• Excellent written and verbal communication skills, including the ability to explain complex security concepts to non-technical stakeholders.
• Proven ability to work independently, manage multiple initiatives, and operate effectively in a fast-paced, mission-critical environment.
• Demonstrated judgment and decision-making capabilities in high-risk security scenarios.

Nice To Haves

• CyberArk certifications (e.g., Defender, Sentry, or PAM-related certifications) strongly preferred.
• Additional IAM, cloud, or Zero Trust certifications are a plus.

Responsibilities

• Serve as the enterprise architect and technical lead for Identity and Access Management (IAM) and Privileged Access Management (PAM) capabilities, including workforce, privileged, service, and application identities.
• Design, implement, and maintain CyberArk PAM solutions, including Privileged Vault, PSM, PSMP, EPM, Secrets Management, and PAM-as-a-Service (as applicable).
• Define and enforce privileged access standards, including least privilege, just-in-time access, credential vaulting, session monitoring, and privileged credential rotation.
• Architect identity lifecycle management (joiner/mover/leaver), access provisioning, de-provisioning, role-based access control (RBAC), and access certification processes.
• Integrate IAM and PAM controls with on-premises, cloud, SaaS, and hybrid environments, including Active Directory, Azure AD / Entra ID, cloud IaaS/PaaS platforms, and critical applications.
• Design secure authentication mechanisms, including MFA, conditional access, privileged MFA, and adaptive risk-based access controls.
• Develop and maintain IAM- and PAM-focused reference architectures, standards, patterns, and technical design documents aligned to enterprise architecture frameworks.
• Ensure identity and privileged access controls are embedded into system and application designs throughout the acquisition and SDLC processes.
• Evaluate new systems, integrations, and architectural changes to assess identity-related risk and impact to the existing security posture.
• Determine security control requirements for systems and networks with a strong emphasis on identity, authentication, authorization, and privileged access.
• Apply Zero Trust Architecture principles, including identity-centric trust decisions, continuous verification, and least privilege enforcement.
• Perform security architecture reviews, threat modeling, and risk assessments focused on identity compromise, credential misuse, and privilege escalation.
• Define IAM and PAM security requirements to support regulatory and audit obligations (e.g., NIST 800-53, PCI-DSS, HIPAA, CJIS, TSA SSI, PII/PHI).
• Support internal and external audits by providing architectural artifacts, control mappings, and evidence related to IAM and PAM controls.
• Analyze audit findings and control gaps and lead remediation strategies in coordination with technical and business stakeholders.
• Contribute to Change Advisory Board (CAB) activities by assessing identity and access impacts of proposed changes.
• Provide architectural oversight and escalation support for IAM and PAM operational issues in a 24x7 environment.
• Partner with security operations and incident response teams during investigations involving compromised accounts, credential theft, or unauthorized access.
• Ensure logging, monitoring, and alerting for identity and privileged access activity are integrated with SIEM and security monitoring platforms.
• Guide secure configuration, hardening, and lifecycle management of IAM and PAM infrastructure components.
• Act as the IAM/PAM subject matter expert for internal teams, project managers, and external vendors.
• Lead and influence cross-functional teams without direct authority to achieve secure-by-design outcomes.
• Stay current on IAM, PAM, and identity threat trends, emerging technologies, and industry best practices.
• Contribute to the Agency’s long-term identity security roadmap and maturity improvement initiatives.
• Performs other related duties as assigned.