Senior Identity Architect Mergers and Acquisitions

Senior Identity Architect - Mergers and Acquisitions

About GlobalFoundries

GlobalFoundriesis a leading full-service semiconductor foundry providing a unique combination of design development and fabrication services to some of the worlds most inspired technology companies. With a global manufacturing footprint spanning three continents GlobalFoundries makes possible the technologies and systems that transform industries and give customers the power to shape their markets. For more information visit.

Introduction:

The Senior Identity Architect is a strategic technical leader responsible for shaping modernizing and securing the enterprises identity foundation. This role provides architecture authority thought leadership and long-range design direction across Active Directory PKI/ADCS identity security controls and core hybrid identity components. The architect leads the transformation of fragmented or legacy directory infrastructures into a resilient secure by design Zero Trustaligned identity architecture that underpins the enterprise.
While the role partners closely with IAM IGA and PAM teams it serves primarily as the architectural strategist and advisor ensuring these platforms align to a hardened modern identity core.

What Youll Do:

1. Enterprise Active Directory Architecture Leadership

• Serve as the principal architect for enterprise Active Directory defining the target-state directory architecture security posture and modernization roadmap.

• Lead the redesign of forest/domain structures trust models OU/GPO architecture delegated administration boundaries and identity tiering strategies.

• Define and govern enterprise AD security baselines including Kerberos hardening NTLM deprecation LDAP signing and channel binding and privileged boundary isolation.

• Champion the modernization of authentication and directory services aligning AD architecture with Zero Trust principles cloud integration and long-range platform evolution.

• Conduct architectural reviews of legacy dependencies and drive consolidation domain retirement and architectural debt remediation across the identity estate.

2. PKI / ADCS Architecture & Trust Modernization

• Architect and maintain the enterprise PKI (ADCS) platform including CA hierarchy design certificate template governance crypto policy modernization and lifecycle automation.

• Establish the strategic direction for certificate-based identity across servers endpoints applications workloads and cloud platforms.

• Ensure PKI resilience through well-defined backup recovery and continuity strategies and integrate certificate trust anchors into hybrid identity architectures.

• Provide expert guidance on emerging identity trust technologies cryptographic standards and modernization approaches.

3. Identity Security & Resilience Architecture

• Define architecture patterns for identity threat detection integrating signals from MDI/Defender for Identity SIEM and endpoint platforms.

• Lead the establishment of hardened administrative models including PAW/ESAE principles JEA/JIT frameworks and secure workflows for privileged actions.

• Develop and validate forest recovery CA recovery and domain controller rebuild procedures ensuring high resilience under disaster scenarios.

4. Architectural Guidance for Saviynt IGA

• Provide architectural alignment and design expertise to IGA teams ensuring Saviynts role models SoD policies connector mapping and JML workflows integrate cleanly with AD/Entra/PKI structures.

• Partner with IGA platform owners to optimize identity data models attribute governance and SCIM/API integrations for consistency and accuracy.

• Contribute architectural insight to reviews of entitlements application onboarding patterns and identity lifecycle automation.

5. Architectural Guidance for PAM

• Collaborate with PAM engineering teams to align privileged access onboarding with AD tiering admin roles PKI trust models and hardened delegation frameworks.

• Ensure PAM adoption (CyberArk/BeyondTrust/Entra PIM) reinforces and benefits from architectural improvements in AD and PKI.

• Provide design oversight for break-glass identities credential vaulting strategies and session protection models.

6. Strategic Thought Leadership & Enterprise Influence

• Act as a senior advisor and thought leader communicating architectural risks opportunities and long-term identity strategy to engineering security and leadership teams.

• Produce and maintain reference architectures strategy documents roadmaps governance frameworks and executive-level recommendations.

• Represent identity architecture in cross-functional working groups design review boards and modernization governance forums.

• Mentor engineers elevate identity security skills across teams and influence adoption of modern architectural patterns.

Required Qualifications

• 1012 years of deep hands-on architectural leadership across Active Directory PKI/ADCS and enterprise identity security.

• Demonstrated experience leading modernization of large legacy AD environments including restructuring consolidation and hardening initiatives.

• Expert knowledge of AD internals: Kerberos LDAP trust relationships replication GPO architecture delegated administration administrative tiering and boundary isolation.

• Experience architecting and operating enterprise PKI CA hierarchy redesign certificate lifecycle management and cryptographic best practices.

• Proven ability to define enterprise-wide architecture standards produce formal design documentation and influence long-range identity strategies.

• Strong understanding of identity threat detection Zero Trust identity design and modern identity security controls.

• Strong proficiency in PowerShell Microsoft Graph automation pipelines and policy-as-code approaches.

Preferred Qualifications

• Certifications such as SC100 SC300 AZ500 CISSP or relevant PKI/AD specializations.

• Experience with hybrid identity modernization: AADC to Cloud Sync workload identities Conditional Access modernization and passwordless adoption.

• Experience with SOX GDPR or regulated environments requiring strict identity controls.

GlobalFoundries is an equal opportunity employer cultivating a diverse and inclusive workforce. We believe having a multicultural workplace enhances productivity efficiency and innovation whilst our employees feel truly respected valued and heard.

As an affirmative employer all qualified applicants are considered for employment regardless of age ethnicity marital status citizenship race religion political affiliation gender sexual orientation and medical and/or physical abilities.

All offers of employment with GlobalFoundries are conditioned upon the successful completion of background checks medical screenings as applicable and subject to the respective local laws and regulations.