Job Title: IAM - Senior Lead / Architect
Location(s): Seattle, WA
Description- 15+ years of experience required.
What You'll Do- Define and own the target-state architecture and reference designs for the enterprise identity security platform across BeyondTrust (Password Safe, EPM, PRA), Microsoft Entra ID, Active Directory, and SailPoint IdentityNow (IDN).
- Lead the architecture and deployment strategy for large-scale identity security modernization initiatives, including privileged access transformation, identity governance modernization, cloud identity adoption, Active Directory and hybrid identity modernization, and Zero Trust identity implementations.
- Establish architecture standards, design patterns, integration blueprints, and governance guardrails for engineering teams, while serving as the design authority through architecture and design reviews.
- Develop migration and deployment strategies, including sequencing, cutover planning, rollback procedures, and risk mitigation, to transition large user populations and enterprise systems to modern identity platforms with minimal business disruption.
- Architect integrations across identity platforms, cloud environments (Azure, AWS, GCP), and enterprise/SaaS applications using APIs and identity standards such as SAML, OAuth 2.0/OpenID Connect (OIDC), SCIM, Kerberos, and LDAP.
- Drive enterprise adoption of phishing-resistant authentication and least-privilege privileged access management (PAM) architecture.
- Collaborate with engineering, security architecture, cloud/platform teams, product management, and program management to convert architectural vision into executable delivery roadmaps.
- Provide technical leadership to engineering teams by reviewing solution designs and implementations to ensure compliance with architectural and security standards.
- Identify, document, and communicate architectural risks, dependencies, and trade-offs to technical teams and executive stakeholders.
- Ensure identity security solutions align with enterprise security, compliance, and data governance requirements.
- Utilize AI-powered tools to improve architecture analysis, solution evaluation, and technical documentation.
Required Qualifications- Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or equivalent experience.
- 15+ years of experience in security or identity engineering, including significant experience as an Identity or Security Architect in large enterprise environments.
- Proven experience leading enterprise-scale identity security modernization initiatives from architecture through production deployment.
- Deep expertise in at least two of the following platforms, with working knowledge of the others:
- BeyondTrust
- Microsoft Entra ID
- Active Directory
- Okta
- SailPoint IdentityNow (IDN)
- Strong knowledge of identity and access management concepts, including:
- Authentication and authorization protocols (SAML, OAuth 2.0/OIDC, SCIM, Kerberos, LDAP)
- Identity federation
- Multi-factor authentication (MFA) and phishing-resistant authentication
- Role-Based and Attribute-Based Access Control (RBAC/ABAC)
- Least privilege principles
- Tiered administration
- Zero Trust architecture
- Experience designing and executing identity integrations and migrations across hybrid and multi-cloud environments.
- Experience establishing enterprise architecture standards and serving as the design authority across multiple engineering teams.
- Excellent communication and stakeholder management skills with the ability to present architectural decisions and trade-offs to both technical and executive audiences.
- Ability to work independently in a fast-paced environment managing multiple concurrent initiatives.
Preferred Qualifications- Industry certifications such as CISSP, SABSA, TOGAF, Microsoft Identity & Access Administrator (SC-300), or SailPoint Certified Engineer.
- Experience with Infrastructure as Code (Terraform, Ansible) and CI/CD pipelines supporting identity platform deployments.
- Experience with Identity Threat Detection and Response (ITDR) and integrating identity telemetry into SIEM/SOAR platforms.
- Experience supporting large-scale retail, e-commerce, or other high-transaction enterprise environments.