Lead Discovery Architect (Cyber Compliance & GRC)

Mythics, LLC

28d•Hybrid

About The Position

The Lead Discovery Architect of our Cyber Strike Pods anchors the Assessment-Led Operating Model by converting raw telemetry into defensible decisions and prioritized, time-bound remediation plans aligned to NIST SP 800-207 and the CISA Zero Trust Maturity Model. The Lead Discovery Architect leads high-velocity discovery assessments to find flaws and architect the cybersecurity foundations required to sever attack paths across on-premises Active Directory, Entra ID (Azure AD), and the emerging world of Agentic AI. This role operates as the discovery authority and chief architect for a multi-disciplinary pod, owning technical direction, quality, and executive communications across assessment, prioritization, and proof-of-remediation. Given the U.S. Public Sector context, this role works within ATO constraints and handles sensitive data appropriately while coordinating with compliance owners (e.g., FISMA/FedRAMP/CMMC) to ensure evidence and artifacts support accreditation updates.

Requirements

Bachelor’s Degree in an IT-related field or equivalent work experience, required.
12-15 years of progressive experience in Cyber consulting.
5+ years leading hands-on identity modernization engagements.
Proven experience leading automation architecture for high-volume, factory-style transformations (hundreds to thousands of workloads).
Demonstrated experience and ownership of reusable automation assets and playbooks (version-controlled, peer-reviewed).
Hands-on experience operating in hybrid environments spanning on-prem virtualization, Kubernetes/OpenShift platforms, and public cloud services.
Deep, practical experience with Microsoft identity/security stack: Entra ID Protection, Conditional Access, PIM, Entra ID Governance, Defender for Identity, Microsoft Sentinel (SIEM), and Microsoft 365 Defender.
Deep proficiency with Active Directory (on-prem) and Entra ID (Cloud). Understanding of and/or ability to learn proficient use of BloodHound, PingCastle, and Purple Knight is mandatory
Hands-on proficiency with Microsoft Defender for Identity, Entra Permissions Management (CIEM), Microsoft Sentinel, and Microsoft 365 Defender.
Fluency in PowerShell, KQL, Python, and Neo4j/Cypher for data-driven analysis and automation.
Deep understanding of NIST 800-207 and the technical requirements for implementing a Zero Trust identity perimeter.
Ability to translate Zero Trust principles into enforceable controls (Conditional Access patterns, PIM guardrails, device trust, continuous evaluation).
Ability to see an environment through the eyes of an attacker such as nodes, edges, and "Pass-the-Hash" opportunities where others see "Users and Groups"
Ability to write and interpret complex Cypher and KQL to quantify attack paths, choke points, and control efficacy; familiarity with MITRE ATT&CK and threat modeling (e.g., STRIDE).
Ability to translate a complex graph-theory finding into a compelling business case for identity modernization.
Skilled at building decision-ready artifacts (scorecards, roadmaps, architecture decision records) that drive action.
Exceptional written and verbal communication skills, with the ability to translate complex automation concepts into executive-level and non-technical narratives.
A mindset oriented toward product thinking – treating automation as a long-lived platform rather than a one-time migration tool with strong DevOps hygiene (Git, PRs, CI) and change management discipline to ensure safe rollout at scale.

Nice To Haves

Experience in U.S. Public Sector environments and frameworks (NIST SP 800-207/800-53, FedRAMP, CMMC) is highly desirable.

Responsibilities

Direct technical discovery within Active Directory (AD) and Entra ID.
Convert raw telemetry into Executive Identity Risk Scorecards.
Articulate "Choke Point Saturation" and "Attack Path Depth," proving to Agency CISOs that an adversary can achieve Full Domain Takeover in an average of 3.2 hops.
Own and deliver executive readouts/whiteboard sessions to translate graph-theory findings into business impact, time-to-fix, and outcome-based roadmaps with clear owners and due dates.
Identify the Shadow Admins and unmanaged GPOs that must be remediated before IAM/PAM tools can be effectively deployed and map each finding to specific identity control objectives and preconditions for IAM/PAM efficacy.
Identify specific Choke Points that represent 80% of a client's risk (e.g., GPO links, Service Account rotation, and Tiered Admin restrictions).
Lead hands-on proofs-of-remediation for the top choke points and measure impact before scale-out.
Map identified risks to specific hardening or maturity services and OEM solution pathways (Ping Identity, Aembit, Zscaler, Delinea, Hydden).
Sequence work to minimize operational disruption and define “no-regrets” controls and fast-path wins.
Utilize tools like Hydden to identify the risks of orphaned service principals, Automated Service Accounts, and Shadow AI agents that create unmonitored backdoors into critical workloads.
Recommend lifecycle controls, least-privilege scopes, and continuous discovery for NHIs across clouds and platforms.
Move clients from static, password-based security to a context-aware Zero Trust architecture, ensuring "Least Privilege" is enforced by technical control, not just policy.
Analyze the structural integrity of the bridge between on-prem AD and Entra ID, identifying high-risk configurations such as identifying the compromise of an on-prem helpdesk account can lead to a total takeover of the M365/Azure tenant.
Convert technical debt into actionable demand for our high margin Hardening & Maturity Services.
Move clients from "Reactive" (D+) to "Optimized" (A) postures.
Document runbooks and operating-level agreements that sustain gains post-engagement.
Build and maintain reusable discovery and hardening automation (PowerShell, Microsoft Graph API, KQL, Neo4j/Cypher, Terraform/Policy-as-Code) and steward a Git-based pattern library/playbooks for repeatable execution.
Define, track, and report identity resilience KPIs/OKRs (e.g., Mean Attack Path Length, Shadow Admin density, Credential Exposure rate, CA policy coverage) and establish a leadership inspection cadence.
Support mentorship of pod engineers to develop identity security expertise, operational judgment, and technical ownership.
Coordinate with SOC, IR, Cloud Platform, and Enterprise Architecture to sequence changes safely and ensure durable ownership.
Ensure alignment to U.S. Public Sector requirements (e.g., NIST SP 800-53 controls, CISA directives/BODs, agency-specific ATO conditions) and produce evidence artifacts to support audits and accreditations.
Perform all other duties, as assigned.

Benefits

Comprehensive Health, Dental, and Vision plans
Premier 401k retirement plan with corporate matching and a 529 college saving plan
Tax-advantaged Health Savings Account and Dependent Care Flexible Spending Account options
Legal Resources
Generous work/life balance opportunities supported by a PTO bank, paid holidays, leave programs and additional flex time off
Employee referral program
Employee recognition, gift and reward program
Tuition reimbursement for continuing education
Remote or hybrid work options
Engaging company events such as team building activities, annual awards and kick-off parties
Health and wellness-focused activities
Relaxation Spaces
In-office gourmet coffee, tea, fresh fruit and healthy snacks
Corporate GREEN approach – tracking energy consumption for reduction and purchasing only environmentally friendly products for our offices