Define and own the target state architecture and reference designs for the identity security platform across BeyondTrust (Password Safe EPM PRA) Microsoft Entra ID Active Directoryand SailPoint the architecture and deployment strategy for large scale identity security modernization initiatives privileged access transformation identity governance modernization cloud identity adoption Active Directory and hybrid identity modernization and Zero Trust identity patterns Establish architecture standards design patternsteams implement against and serve as design authority through architecture and design migration and deployment strategies sequencing cutover rollback and risk mitigation for moving large user and system populations onto modern identity platforms with minimal (Azure AWS GCP) and enterprise/SaaS applications using APIs federation and provisioning standards (SAML OAuth2/OIDC SCIM Kerberos LDAP).Drive phishing resistant authentication and least privilege/PAM architecture across the enterprise. Partner with engineering leads security architecture platform/cloud teams and program management to translate architecture into delivery roadmaps and executable technical leadership and guidance to build engineers; review designs and key implementations to ensure alignment to architecture and security and document architectural risks dependencies and trade offs; present recommendations and decisions to engineering and leadership designs meet Nordstrom security compliance and data handling requirementsLeverage AI tooling to accelerate architecture analysis design documentation and solution evaluationBachelors or masters degree in Computer Science Cybersecurity Information Technology or equivalent education and experience.15 years of security or identity engineering experience including significant experience as an identity/security architect on enterprise scale experience leading large scale identity security modernization or transformation programs end to end from target state architecture through production architecture level expertise across two or more of the following with strong working knowledge of the rest: BeyondTrust Microsoft Entra ID Active Directory Okta and command of identity architecture fundamentals: authentication/authorization protocols (SAML OAuth2/OIDC SCIM Kerberos LDAP) federation MFA and phishing resistant authentication RBAC/ABAC least privilege tiered administration and Zero Trust experience designing integrations and migrations across hybrid and multi cloud environments at setting architecture standards and acting as a design authority across multiple delivery communication skills able to align engineers architects and senior leadership around architecture decisions and trade offs. Ability to operate independently in a fast paced multi workstream program with highArchitecture or security certifications such as CISSP SABSA TOGAF Microsoft Identity & Access Administrator (SC 300) or SailPoint Certified Engineer
Senior Identity Security Architect Seattle WA Define and own the target state architecture and reference designs for the identity security platform across BeyondTrust (Password Safe EPM PRA) Microsoft Entra ID Active Directoryand SailPoint the architecture and deployment strategy for large scale ...
Senior Identity Security Architect
Seattle WA
Define and own the target state architecture and reference designs for the identity security platform across BeyondTrust (Password Safe EPM PRA) Microsoft Entra ID Active Directoryand SailPoint the architecture and deployment strategy for large scale identity security modernization initiatives privileged access transformation identity governance modernization cloud identity adoption Active Directory and hybrid identity modernization and Zero Trust identity patterns Establish architecture standards design patternsteams implement against and serve as design authority through architecture and design migration and deployment strategies sequencing cutover rollback and risk mitigation for moving large user and system populations onto modern identity platforms with minimal (Azure AWS GCP) and enterprise/SaaS applications using APIs federation and provisioning standards (SAML OAuth2/OIDC SCIM Kerberos LDAP).Drive phishing resistant authentication and least privilege/PAM architecture across the enterprise. Partner with engineering leads security architecture platform/cloud teams and program management to translate architecture into delivery roadmaps and executable technical leadership and guidance to build engineers; review designs and key implementations to ensure alignment to architecture and security and document architectural risks dependencies and trade offs; present recommendations and decisions to engineering and leadership designs meet Nordstrom security compliance and data handling requirementsLeverage AI tooling to accelerate architecture analysis design documentation and solution evaluationBachelors or masters degree in Computer Science Cybersecurity Information Technology or equivalent education and experience.15 years of security or identity engineering experience including significant experience as an identity/security architect on enterprise scale experience leading large scale identity security modernization or transformation programs end to end from target state architecture through production architecture level expertise across two or more of the following with strong working knowledge of the rest: BeyondTrust Microsoft Entra ID Active Directory Okta and command of identity architecture fundamentals: authentication/authorization protocols (SAML OAuth2/OIDC SCIM Kerberos LDAP) federation MFA and phishing resistant authentication RBAC/ABAC least privilege tiered administration and Zero Trust experience designing integrations and migrations across hybrid and multi cloud environments at setting architecture standards and acting as a design authority across multiple delivery communication skills able to align engineers architects and senior leadership around architecture decisions and trade offs. Ability to operate independently in a fast paced multi workstream program with highArchitecture or security certifications such as CISSP SABSA TOGAF Microsoft Identity & Access Administrator (SC 300) or SailPoint Certified Engineer