Sr Cybersecurity Architect, IdentityWork Mode: Onsite
Location:Onsite 4 -Kohler, WI
OpportunityJoin the Kohler Cybersecurity team in a key role shaping the future of identity across the enterprise. As part of the Identity & Access Management function, this position will lead the evolution of Kohler's identity architecture across hybrid, cloud, and SaaS environments.
The Cybersecurity team is seeking a Cloud Identity Sr Architect to drive the transition to a cloud-centric identity model (Entra ID / Azure AD, SaaS integration, identity governance, and privileged access) while modernizing legacy identity platforms and strengthening enterprise access controls.
This role serves as a trusted advisor to engineering teams, infrastructure, and business partners, ensuring identity is embedded as a foundational control in all digital initiatives.
Key Responsibilities- Lead the evolution of hybrid identity architecture (Active Directory �12 Entra ID), including directory optimization, trust rationalization, and secure synchronization patterns
- Serve as the enterprise authority on Active Directory architecture, security hardening, and integration into modern identity platforms
- Define and maintain the enterprise identity architecture roadmap, aligning legacy identity systems with a cloud-first strategy
- Design and implement cloud identity solutions across Entra ID, SaaS applications, and hybrid environments
- Drive adoption of modern authentication controls (MFA, Conditional Access, passwordless, identity protection)
- Establish and enforce identity design standards and patterns across applications, infrastructure, and integrations
- Partner with application and infrastructure teams to embed secure identity patterns into new and existing solutions
- Drive maturity of identity governance capabilities leveraging SailPoint, including lifecycle management, access certification, role modeling, and policy-based provisioning
- Lead strategy for privileged access management across on-prem and cloud (AD Tier 0, Entra PIM, service accounts, and administrative controls)
- Advance least privilege and Zero Trust identity models across the enterprise
- Troubleshoot and resolve identity-related issues across authentication, federation, provisioning, and SSO
- Identify opportunities to reduce identity risk and improve user experience through monitoring and optimization
- Contribute to automation and scalability using PowerShell, Graph API, and workflow-based tooling
- Act as a subject matter advisor on identity risks, controls, and best practices
Additional DetailsThis role operates within a globally distributed cybersecurity and identity team, working closely with engineering, infrastructure, business stakeholders, and audit/compliance partners.
The position balances hands-on engineering with strategic ownership, driving modernization while maintaining operational stability.
Success in this role looks like:- A clearly defined and executed hybrid-to-cloud identity strategy, reducing reliance on legacy AD constructs
- SailPoint-enabled identity governance operating with consistent certification, entitlement clarity, and policy enforcement
- Strong control over privileged access, with reduced standing privilege and improved visibility into high-risk identities
Overall Objectives of the Team- Enable secure digital transformation through modern identity architecture
- Operationalize enterprise identity governance (SailPoint) to improve access visibility, certification, and policy enforcement
- Reduce enterprise risk by strengthening authentication, authorization, and privileged access controls
- Deliver scalable, automated identity solutions that improve both security posture and user experience
- Operate as a trusted cybersecurity partner across IT and business teams
- Evolve toward Zero Trust principles, with identity as the core control plane
- Maintain operational excellence while driving continuous improvement and automation
Skills/RequirementsTechnical Competency Requirements- Deep experience with Active Directory architecture, design, and security
- Experience with Microsoft Entra ID (Azure AD) or similar identity providers
- Strong understanding of authentication protocols (Kerberos, LDAP, SAML, OAuth, OIDC)
- Experience with SSO integrations and identity federation
- Knowledge of Conditional Access, MFA, and identity protection capabilities
- Experience operating in hybrid identity environments (AD + Entra ID)
Identity Governance & Privileged Access- Experience with identity lifecycle management (Joiner/Mover/Leaver processes)
- Exposure to access reviews, RBAC, and entitlement design
- Knowledge of identity governance platforms (SailPoint preferred)
- Strong understanding of privileged access models (PIM, PAM, least privilege, Tier 0 control)
Security & Framework Alignment- Working knowledge of NIST, CIS, or ISO 27001 frameworks
- Ability to translate identity risk into practical controls and business impact
Automation & Engineering- Experience with PowerShell, scripting, or API-based automation
- Ability to design scalable, automated identity operations
Education and Experience Requirements- Bachelor's degree in Information Systems, Engineering, or related field (or equivalent experience)
- 8+ years of IT or cybersecurity experience, with strong focus on identity and infrastructure
- Experience working with enterprise identity platforms and SaaS integrations
- Certifications such as Microsoft SC-300, CISSP, or equivalent are a plus
Key Success Traits- Strong ability to connect identity controls to business risk and enterprise outcomes
- Operates with ownership and accountability across both strategy and execution
- Effective communicator across technical and non-technical stakeholders
- Acts as a technical anchor and mentor, elevating the broader identity capability
- Focused on continuous improvement, simplification, and automation
- Collaborative, pragmatic, and results-oriented
#LI-DNI
Applicants must be authorized to work in the US without requiring sponsorship now or in the future.We believe in supporting you from the moment you join us, which is why Kohler offers day 1 benefits. This means you'll have access to your applicable benefit programs from your first day on the job, with no waiting period. The salary range for this position is $145,350 - $228,450. The specific salary offered to a candidate may be influenced by a variety of factors including the candidate's experience, their education, and the work location. In addition, this position is eligible for a performance bonus/variable incentive compensation.
