Senior Architect, Identity & Security

Senior Principal/Architect (Identity & Security)

Overview

A consulting organization is seeking a Senior Principal/Architect (Identity & Security) to lead cross-functional teams in the design remediation and modernization of complex identity and cloud infrastructure solutions. This role focuses on securing and transforming critical IT environments for a diverse portfolio of clients helping them navigate complex Active Directory modernizations cloud identity migrations and security hardening initiatives. This opportunity provides technical leadership in transforming complex IT environments across key industry verticals including Healthcare Financial Services Private Equity and High Tech.

Responsibilities:

• Partner with consultants and client leadership to architect build and deploy secure and modern Active Directory and Microsoft Entra ID solutions.

• Assess current-state identity environments and processes interview stakeholders define critical requirements and present practical solution strategies and roadmaps to client executives.

• Lead the technical design of future-state Active Directory (AD DS) and Entra ID architectures including Privileged Access Management (PAM) design Tiered Administrative Access Models and identity consolidation strategies.

• Establish and enforce identity architecture standards best practices and governance to deliver secure compliant and consistent solutions aligned with industry benchmarks (e.g. CIS and Microsoft baselines).

• Lead security assessment and remediation planning including consolidating findings from tools (e.g. Purple Knight CIS scans) to create and manage prioritized risk-based remediation backlogs.

• Provide expert technical oversight for security remediation initiatives such as hardening domain controllers remediating privileged access resolving Entra Connect sync issues and restricting legacy protocols.

• Develop detailed implementation plans migration strategies and remediation backlogs (e.g. in Smartsheet or similar project management tools) for AD consolidation identity synchronization and legacy decommissioning.

• Establish and manage engagement-level governance quality and risk management including defining quantitative success criteria RACI and managing all technical stakeholder communications.

• Support key decision-making on project direction including technology selections team workstreams and delivery methodologies.

• Mentor junior consultants on technical best practices solution design and client engagement.

• Assist business development efforts through proposals pre-sales technical discovery and client presentations.

Qualifications:

• Bachelors degree in a relevant field preferred or equivalent experience required.

• Prior experience in consulting preferred.

• 812 years of experience in IT architecture engineering and/or security with a deep focus on identity solutions.

• Expert-level knowledge of Active Directory Domain Services (AD DS) design security and administration including: domain/forest architecture sites/replication DNS Group Policy (GPO) management DC virtualization safeguards and forest recovery principles.

• Strong experience with Microsoft Entra ID (formerly Azure AD) including Entra Connect Conditional Access and Privileged Identity Management (PIM).

• Proven experience leading on-prem to cloud identity migrations AD remediations and/or consolidation projects.

• Proficiency in designing and implementing Privileged Access Management (PAM) solutions (including typical platforms like CyberArk/Delinea) and Tiered Access Models (EAM).

• Hands-on experience with AD security assessment tools (e.g. Purple Knight PingCastle) and hardening methodologies (CIS Benchmarks Microsoft baselines).

• Proficiency with AD security hardening techniques such as LAPS adoption resource-based Kerberos constrained delegation remediation (RBKCD) and LDAP signing configuration.

• Familiarity with migration tools (e.g. Quest On-Demand Migration) and identity-driven application dependencies.

• Strong communication (written and verbal) presentation client management and team leadership skills.

• Willingness to travel for out-of-town client engagements.

Bonus skills:

• Familiarity with compliance standards (e.g. NIST HIPAA ISO).

• Advanced scripting for automation and analysis (e.g. PowerShell).

• Knowledge of Infrastructure as Code (Terraform) and DevSecOps practices.

• Experience with remediation techniques (e.g. KRBTGT password rotation NTLM restriction Group Policy cleanup).

• Familiarity with application dependency mapping tools (e.g. Device42 Faddom).

• Familiarity with enterprise Identity Governance and Administration (IGA) platforms (e.g. SailPoint Saviynt) to manage and improve periodic access certifications (e.g. moving from spreadsheets to a tool) and run detective Segregation of Duties (SoD) reports.

• Experience automating identity lifecycles by replacing nightly batch files from a Human Resources Information System (HRIS) with Application Programming Interface (API)-driven syncs or establishing governance for non-employee/contractor identities.

• Understanding of System for Cross-domain Identity Management (SCIM) or API-based provisioning to automate Joiner-Mover-Leaver (JML) workflows for Software as a Service (SaaS) apps expanding beyond just core directories and email.

• Familiarity with security event logging (i.e. security information and event management (SIEM) integration with Active Directory and other tier 0 assets).

• Familiarity with common customer identity and access management (CIAM) platforms (Microsoft Entra External ID Okta Auth0 etc.) and their migration/implementation patterns.

• Professional certifications (e.g. Microsoft Identity/SC series CISSP CyberArk/Delinea).

What to Expect

• A collaborative flexible and outcomes-driven consulting environment.

• A culture that values inclusion diverse perspectives and teamwork.

• A business-focused and industry-specific approach to deploying technology that helps clients tackle their most significant challenges and deliver tangible results free from rigid hierarchies.

Ready to get started Join the team and make an impact.