Cybersecurity SME
Share
Job Location:
Raleigh, WV - USA
Monthly Salary:
Not Disclosed
Posted on:
10 hours ago
Vacancies:
1 Vacancy
Job Summary
senior Cybersecurity SME specializing in next-generation Identity & Access across human employees AI agents IoT/OT devices and applications. You will advise clients architect solutions and lead delivery in an MSSP contextdesigning multi-tenant automated identity services aligned to Zero Trust improving security outcomes and accelerating time to value. Youll partner with sales solution architects and operations to shape offerings win pursuits and ensure reliable operations at scale.
Client Advisory & Architecture (Employees AI Agents IoT/OT Apps)
Assess identity maturity and define target architectures spanning workforce customer workload and machine identities under Zero Trust (NIST SP 800 207).
Design adaptive access (risk-based context-aware passwordless/FIDO2 device trust continuous authentication) across web mobile and legacy apps.
Establish identity for AI agents and automations (service principals scoped tokens data access guardrails human-in-the-loop approvals auditability).
Implement workload identity (mTLS SPIFFE/SPIRE PKI certificate lifecycle secretless auth) for microservices and platforms (Kubernetes serverless edge).
Engineer IoT/OT device identity (x.509 provisioning TPM/secure elements attestation) and integrate with gateways/brokers.
Integrate IGA PAM CIEM/permissions management and ITDR to reduce excessive privileges and lateral movement risk. Apply ABAC/ReBAC and policy as code (e.g. OPA) for APIs and event driven architectures.
MSSP Solution Design & Delivery
Create multi-tenant reference architectures and runbooks for managed identity services (onboarding steady state incident management offboarding).
Integrate identity telemetry with SIEM/SOAR/MDR (e.g. Microsoft Sentinel Splunk QRadar) to enable ITDR and automated response.
Define SLAs/SLOs KPIs and cost models; ensure observability resiliency and controlled change for identity services.
Lead complex migrations and consolidations (tenant to tenant hybrid/coexistence M&A).
Operations & Continuous Improvement
Establish control health monitoring for identity platforms; drive automation to reduce toil and MTTR.
Partner with SOC/MDR to tune detections (impossible travel consent phishing anomalous token use) and reduce false positives.
Lead blameless post incidents; convert findings into hardened patterns and playbooks.
Governance Risk & Compliance
Operationalize Join Move Leave and access reviews at scale; integrate with HRIS and ITSM.
Map controls to NIST 800 63/207 NIST CSF 2.0 ISO 27001 SOC 2 PCI DSS HIPAA (as applicable).
Prove compliance via evidence automation and continuous control validation.
Pre Sales Workshops & Proposals
Lead discovery demos and architecture workshops; craft SOWs/LOEs and respond to RFP/RFIs for managed identity services.
Present to executive and technical stakeholders; quantify risk reduction and ROI.
Contribute reusable assets (patterns reference architectures calculators) to speed pursuits.
8 years in cybersecurity with 5 years in Identity & Access; 3 years in consulting/MSSP client facing roles.
Deep knowledge of SAML OAuth 2.0 OpenID Connect SCIM FIDO2/WebAuthn and certificate-based auth.
Hands on with major platforms: Microsoft Entra ID (Azure AD) Okta Ping ForgeRock; IGA (SailPoint Saviynt); PAM (CyberArk BeyondTrust).
Cloud & workload identity across Azure AWS GCP (federation workload identity; secrets managementVault/Key Vault/Secrets Manager).
Experience implementing CIEM/permissions management (e.g. Entra Permissions Management/CloudKnox Veza Sonrai) and ITDR.
Knowledge of API/microservices authorization (OPA service mesh mTLS SPIFFE/SPIRE) plus Kubernetes RBAC/Gatekeeper/Kyverno.
Proven integration of identity with SIEM/SOAR/MDR and automation playbooks.
Excellent communication and stakeholder management skills
Client Advisory & Architecture (Employees AI Agents IoT/OT Apps)
Assess identity maturity and define target architectures spanning workforce customer workload and machine identities under Zero Trust (NIST SP 800 207).
Design adaptive access (risk-based context-aware passwordless/FIDO2 device trust continuous authentication) across web mobile and legacy apps.
Establish identity for AI agents and automations (service principals scoped tokens data access guardrails human-in-the-loop approvals auditability).
Implement workload identity (mTLS SPIFFE/SPIRE PKI certificate lifecycle secretless auth) for microservices and platforms (Kubernetes serverless edge).
Engineer IoT/OT device identity (x.509 provisioning TPM/secure elements attestation) and integrate with gateways/brokers.
Integrate IGA PAM CIEM/permissions management and ITDR to reduce excessive privileges and lateral movement risk. Apply ABAC/ReBAC and policy as code (e.g. OPA) for APIs and event driven architectures.
MSSP Solution Design & Delivery
Create multi-tenant reference architectures and runbooks for managed identity services (onboarding steady state incident management offboarding).
Integrate identity telemetry with SIEM/SOAR/MDR (e.g. Microsoft Sentinel Splunk QRadar) to enable ITDR and automated response.
Define SLAs/SLOs KPIs and cost models; ensure observability resiliency and controlled change for identity services.
Lead complex migrations and consolidations (tenant to tenant hybrid/coexistence M&A).
Operations & Continuous Improvement
Establish control health monitoring for identity platforms; drive automation to reduce toil and MTTR.
Partner with SOC/MDR to tune detections (impossible travel consent phishing anomalous token use) and reduce false positives.
Lead blameless post incidents; convert findings into hardened patterns and playbooks.
Governance Risk & Compliance
Operationalize Join Move Leave and access reviews at scale; integrate with HRIS and ITSM.
Map controls to NIST 800 63/207 NIST CSF 2.0 ISO 27001 SOC 2 PCI DSS HIPAA (as applicable).
Prove compliance via evidence automation and continuous control validation.
Pre Sales Workshops & Proposals
Lead discovery demos and architecture workshops; craft SOWs/LOEs and respond to RFP/RFIs for managed identity services.
Present to executive and technical stakeholders; quantify risk reduction and ROI.
Contribute reusable assets (patterns reference architectures calculators) to speed pursuits.
8 years in cybersecurity with 5 years in Identity & Access; 3 years in consulting/MSSP client facing roles.
Deep knowledge of SAML OAuth 2.0 OpenID Connect SCIM FIDO2/WebAuthn and certificate-based auth.
Hands on with major platforms: Microsoft Entra ID (Azure AD) Okta Ping ForgeRock; IGA (SailPoint Saviynt); PAM (CyberArk BeyondTrust).
Cloud & workload identity across Azure AWS GCP (federation workload identity; secrets managementVault/Key Vault/Secrets Manager).
Experience implementing CIEM/permissions management (e.g. Entra Permissions Management/CloudKnox Veza Sonrai) and ITDR.
Knowledge of API/microservices authorization (OPA service mesh mTLS SPIFFE/SPIRE) plus Kubernetes RBAC/Gatekeeper/Kyverno.
Proven integration of identity with SIEM/SOAR/MDR and automation playbooks.
Excellent communication and stakeholder management skills
Required Skills:
NIST 800 63/207 NIST CSF 2.0 ISO 27001 SOC 2 PCI DSS HIPAAMTTR
