Principal Identity Architect

About The Position

Requirements

• Expert-level knowledge of Active Directory (AD): Extensive experience with AD forest/domain design, GPO management, AD replication, trusts, DNS, and AD hardening best practices.
• Microsoft Entra (Azure AD): Deep experience in managing Azure AD environments, hybrid identity management (Azure AD Connect), Conditional Access, Identity Governance, and application management.
• Authentication Protocols: Strong expertise in authentication protocols (OAuth 2.0, OIDC, SAML, Kerberos, NTLM), PKI, and MFA solutions.
• IAM Solutions: Hands-on experience with Privileged Access Management (PAM), Identity Governance, Role-Based Access Control (RBAC), and managing user lifecycle automation.
• Deep expertise in IGA platforms (SailPoint, Saviynt, Azure AD Identity Governance, or comparable).
• Proven ability to design and deliver large-scale IGA programs supporting complex global organizations.
• Security: Knowledge of Zero Trust principles, Conditional Access policies, identity protection tools, and integration with security systems (SIEM, SOAR).
• Azure Infrastructure: Proficiency in Azure architecture, including virtual networks, virtual machines, Azure AD, Azure Identity Protection, and Azure Key Vault.
• PowerShell & Automation: Advanced skills in PowerShell scripting for automation of identity-related tasks and configuration.
• Hybrid Identity: Experience integrating on-prem AD with cloud services using technologies like Azure AD Connect, ADFS, and third-party federation services.
• Monitoring & Troubleshooting: Proficiency with monitoring tools like Azure Monitor, Log Analytics, and troubleshooting tools for AD and Azure AD.
• Understanding of and exceptional skills in several of the following areas: cloud computing, microservices, distributed systems, data structure,, operating system internals, storage systems, embedded system, and databases Mastery of agile methodologies, code reviews, testing frameworks, CI/CD tools and DevOps practices.
• Leadership: Proven ability to Lead some of the most complex and demanding programs, Demonstrates the ability to lead technical teams, provide mentorship, and inspire innovation within cross-functional teams.
• Communication: Excellent verbal and written communication skills with the ability to translate complex technical concepts into business terms for stakeholders.
• Problem-solving: Strong analytical and troubleshooting skills, with a focus on root cause analysis and resolution of identity-related issues.
• Collaboration: Ability to work across diverse teams including IT security, infrastructure, application developers, and external vendors.
• Strategic Thinking: Visionary mindset with the ability to think strategically about identity architecture and align it with future business goals.
• Project Management: Experience in leading complex identity management projects from concept to completion, ensuring timelines, budgets, and stakeholder satisfaction.
• Adaptability: Ability to manage ambiguity and adjust to changing priorities, technologies, and business requirements.
• Customer Focus: Strong focus on user experience and stakeholder satisfaction, balancing security and ease of use in identity solutions.
• Innovation: Continuous learning mindset and the ability to adopt new technologies and processes that drive efficiency and security.
• Bachelor’s or Master’s degree in Computer Science, Information Technology, or a related experience.
• 15+ years of experience in IT infrastructure with a focus on identity and access management.
• 10+ years of hands-on experience with Active Directory and Azure AD in an enterprise setting.

Nice To Haves

• Professional certifications like Microsoft Certified: Identity and Access Administrator Associate, Azure Solutions Architect Expert, or similar are highly desirable.
• Familiarity with security frameworks like NIST, ISO 27001, or CIS benchmarks is a plus.

Responsibilities

• Lead the strategy, design and implementation of enterprise-wide identity and access management (IAM) solutions, with a strong focus on Active Directory and Microsoft Entra (Azure AD).
• Architect and design hybrid identity solutions across on-premises and cloud platforms, including multi-forest AD environments and Azure AD integration.
• Lead the design of enterprise role models (RBAC/ABAC), separation of duties (SoD), and least-privilege access frameworks.
• Define policies, workflows, and controls for access request, approval, and certification processes.
• Lead troubleshooting and root-cause analysis for complex identity issues across the enterprise.
• Provide subject matter expertise in the deployment and management of Active Directory, including replication, Group Policy, DNS, trusts, Kerberos and secure AD hardening practices.
• Drive the adoption of modern authentication protocols such as OAuth, OIDC, SAML, and Kerberos.
• Modernize access solutions with Zero Trust Authentication architectures.
• Lead initiatives to improve identity security posture through privileged access management (PAM), least-privilege models, and conditional access policies in Azure AD.
• Architect and implement Microsoft Entra ID Governance and Conditional Access policies to ensure compliance with regulatory requirements (e.g., SOX, GDPR).
• Design and implement Single Sign-On (SSO) solutions and multi-factor authentication (MFA) strategies across enterprise and cloud applications.
• Collaborate with security teams to integrate identity solutions with SIEM and security monitoring platforms for advanced threat detection and incident response.
• Serve as a key advisor for mergers, acquisitions, and cloud migrations, ensuring seamless integration of identity and access management systems.

Benefits

• medical
• dental
• vision
• matching 401(k)
• paid time off
• wellness program
• coveted employee discounts for Sony products
• bonus package