Role Overview

The IAM Solution Architect defines and drives the identity and privileged access management (PAM) architecture across a hybrid Microsoft Entra ID and On-Prem Active Directory environment, with deep expertise in CyberArk PAM solutions. This role owns the end-to-end design, integration, and governance of identity and privileged access controls, ensuring alignment with enterprise IAM strategy, Zero Trust principles, and regulatory requirements. The architect works closely with IAM engineers, security teams, infrastructure, application owners, and DevOps teams to deliver secure, scalable, and compliant solutions.

Responsibilities

Identity & Access Architecture

Define and own the hybrid identity architecture across Microsoft Entra ID and On-Prem Active Directory.
Design secure authentication and authorization models, including Conditional Access, MFA, and passwordless authentication (FIDO2, Windows Hello for Business).
Define hybrid identity patterns including Entra Connect and authentication models.
Establish identity standards and guardrails aligned with Zero Trust architecture.

Privileged Access Management (CyberArk)

Define and drive PAM architecture using CyberArk, aligned with the enterprise IAM strategy.
Lead the design and implementation of privileged access controls across servers, endpoints, databases, and applications.
Integrate PAM with Access Management capabilities such as SSO, MFA, and Microsoft Entra ID.
Integrate CyberArk with the broader enterprise security ecosystem, including SIEM platforms and ITSM tools.
Define and enforce least privilege and Zero Trust principles across infrastructure and endpoints.
Drive secrets management strategy for applications using CyberArk Conjur and CyberArk CCP.
Provide architectural guidance for CyberArk EPM-based endpoint privilege control.

Solution Design & Integration

Design secure integrations between Entra ID, Active Directory, CyberArk PAM platforms, and various on-prem, cloud, and SaaS applications.
Define application onboarding patterns for SSO, federation, privileged access flows, and secrets consumption models.
Ensure solutions are scalable, resilient, and auditable.

Strategy & Governance

Define the PAM roadmap and maturity model aligned with enterprise security strategy.
Establish standards for privileged account onboarding, password rotation, and session recording.
Drive risk reduction initiatives, including the removal of standing administrative access and credential hardening.
Ensure audit readiness and compliance for privileged access (SOX, ISO, GDPR).
Participate in threat modeling, security reviews, and risk assessments.

Leadership & Collaboration

Act as the design authority for identity and PAM solutions.
Partner with IAM/PAM engineering, security architecture, cloud/infrastructure teams, and application owners.
Review and approve technical designs and implementations while providing mentorship to senior engineers.

Required Skills & Expertise

CyberArk & PAM: Strong expertise in CyberArk PAS, EPM, CCP, and Conjur; deep understanding of privileged access risks and governance models.
Microsoft Identity: Microsoft Entra ID (P2), Conditional Access, Identity Protection, Privileged Identity Management (PIM), Entra Connect, and Active Directory security/tiered admin models.
Operating Systems: Strong knowledge of Windows and Unix/Linux privilege models and Active Directory security concepts.
Automation & Integration: Hands-on experience with REST APIs, PowerShell, and Python; experience integrating PAM into CI/CD workflows.
Security Architecture: Expertise in Zero Trust architecture, least privilege enforcement, and identity-based attack mitigations.

Preferred Qualifications

Exposure to cloud PAM use cases across Azure, AWS, or GCP.
Experience with DevOps and cloud-native environments.
CyberArk certifications (Sentry, CDE).
Microsoft security certifications (SC-300, AZ-500).
CISSP or equivalent professional certification.

Education

Graduation or Post Graduation in a relevant field.

IAM Solution Architect