Senior Architect, Identity & Security

About The Position

Requirements

• Bachelor's degree in a relevant field preferred, or equivalent experience required.
• Prior experience in consulting preferred.
• 8-12+ years of experience in IT architecture, engineering, and/or security with a deep focus on identity solutions.
• Expert-level knowledge of Active Directory Domain Services (AD DS) design, security, and administration, including: domain/forest architecture, sites/replication, DNS, Group Policy (GPO) management, DC virtualization safeguards, and forest recovery principles.
• Strong experience with Microsoft Entra ID (formerly Azure AD), including Entra Connect, Conditional Access, and Privileged Identity Management (PIM).
• Proven experience leading "on-prem to cloud" identity migrations, AD remediations, and/or consolidation projects.
• Proficiency in designing and implementing Privileged Access Management (PAM) solutions (including typical platforms like CyberArk/Delinea) and Tiered Access Models (EAM).
• Hands-on experience with AD security assessment tools (e.g., Purple Knight, PingCastle) and hardening methodologies (CIS Benchmarks, Microsoft baselines).
• Proficiency with AD security hardening techniques such as LAPS adoption, resource-based Kerberos constrained delegation remediation (RBKCD), and LDAP signing configuration.
• Familiarity with migration tools (e.g., Quest On-Demand Migration) and identity-driven application dependencies.
• Strong communication (written and verbal), presentation, client management, and team leadership skills.
• Willingness to travel for out-of-town client engagements.

Nice To Haves

• Familiarity with compliance standards (e.g., NIST, HIPAA, ISO).
• Advanced scripting for automation and analysis (e.g., PowerShell).
• Knowledge of Infrastructure as Code (Terraform) and DevSecOps practices.
• Experience with remediation techniques (e.g., KRBTGT password rotation, NTLM restriction, Group Policy cleanup).
• Familiarity with application dependency mapping tools (e.g., Device42, Faddom).
• Familiarity with enterprise Identity Governance and Administration (IGA) platforms (e.g., SailPoint, Saviynt) to manage and improve periodic access certifications (e.g., moving from spreadsheets to a tool) and run detective Segregation of Duties (SoD) reports.
• Experience automating identity lifecycles by replacing nightly batch files from a Human Resources Information System (HRIS) with Application Programming Interface (API)-driven syncs or establishing governance for non-employee/contractor identities.
• Understanding of System for Cross-domain Identity Management (SCIM) or API-based provisioning to automate Joiner-Mover-Leaver (JML) workflows for Software as a Service (SaaS) apps, expanding beyond just core directories and email.
• Familiarity with security event logging (i.e., security information and event management (SIEM) integration with Active Directory and other tier 0 assets).
• Familiarity with common customer identity and access management (CIAM) platforms (Microsoft Entra External ID, Okta, Auth0, etc.) and their migration/implementation patterns.
• Professional certifications (e.g., Microsoft Identity/SC series, CISSP, CyberArk/Delinea).

Responsibilities

• Partner with consultants and client leadership to architect, build, and deploy secure and modern Active Directory and Microsoft Entra ID solutions.
• Assess current-state identity environments and processes, interview stakeholders, define critical requirements, and present practical solution strategies and roadmaps to client executives.
• Lead the technical design of future-state Active Directory (AD DS) and Entra ID architectures, including Privileged Access Management (PAM) design, Tiered Administrative Access Models, and identity consolidation strategies.
• Establish and enforce identity architecture standards, best practices, and governance to deliver secure, compliant, and consistent solutions aligned with industry benchmarks (e.g., CIS and Microsoft baselines).
• Lead security assessment and remediation planning, including consolidating findings from tools (e.g., Purple Knight, CIS scans) to create and manage prioritized, risk-based remediation backlogs.
• Provide expert technical oversight for security remediation initiatives, such as hardening domain controllers, remediating privileged access, resolving Entra Connect sync issues, and restricting legacy protocols.
• Develop detailed implementation plans, migration strategies, and remediation backlogs (e.g., in Smartsheet or similar project management tools) for AD consolidation, identity synchronization, and legacy decommissioning.
• Establish and manage engagement-level governance, quality, and risk management, including defining quantitative success criteria, RACI, and managing all technical stakeholder communications.
• Support key decision-making on project direction, including technology selections, team workstreams, and delivery methodologies.
• Mentor junior consultants on technical best practices, solution design, and client engagement.
• Assist business development efforts through proposals, pre-sales technical discovery, and client presentations.

Benefits

• A collaborative, flexible, and outcomes-driven consulting environment.
• A culture that values inclusion, diverse perspectives, and teamwork.
• A business-focused and industry-specific approach to deploying technology that helps clients tackle their most significant challenges and deliver tangible results, free from rigid hierarchies.