Workforce Identity and Access Management Architect

Cloud Security Services is currently looking for an experienced Workforce Identity and Access Management (IAM) Solution Architect & Engineer for our client. Our client requires an experienced Workforce Identity and Access Management (IAM) Solution Architect & Engineer to develop solution patterns to onboard / migrate / convert applications to the client’s target state workforce IAM architecture. The right candidate must have a strong background in designing IAM architecture for large, complex and global IAM environments that includes operational technology. This is a 3-month remote project. 

Responsibilities:   

• Development of omni-channel (Digital, Voice, Paper) standard patterns based on the target state IAM solution architecture and eco-system for client workforce members 

• Continue to drive workforce IAM solution architecture and scoping of engineering design and scoping to support the transformation initiative 
• Create engineering diagrams to support the overall solution architecture 
• Provide infrastructure-as-code examples to support the engineering diagrams 
• Maintain and update the overall solution architecture 
• Assist in building application consumption inventories and identify inventory and use cases for other IAM assets that are "unknown" 
• Solution Architecture and Engineering Diagrams for technical discovery and integration with other systems (e.g., CMDB and ITSM) 
• Support the development of basic use cases / role models for Day 1 (Birthright) access 
• Create engineering diagrams for implementation into IDMS 
• Solution Architecture Updates to Reflect Contractor Authoritative Decision 
• Support the implementation for target state digital identity records for employees, contractors and robots 
• Provide access management architecture and engineering services 
• Support the architecture and engineering for IDMS compliance across business sectors 
• Support architecture and engineering for enhancing access recertifications for better end user experience 
• Support AD / AAD architecture and engineering requirements 
• Covers the following pattern categories for IAM; 

• Registration / Onboarding 
• Authentication 
• Authorization 
• Third-party Service/API Access & Authorization 
• Invitation-Based User Registration 
• User Access Delegation 
• User De-provisioning 
• Helpdesk Processes 
• Omnichannel Services "Overlay" 

• Evaluation of current processes against the defined industry and leading practices including industry standards such as the National Institute for Standards and Technology (NIST) Special Publication (SP) 800-63; Digital Authentication, NIST Cybersecurity Framework (CSF) and NIST SP 800-53; Security and Privacy Controls   

Required Skills:     

• Senior and experienced IAM Architect (5-7 years) in creating solution architecture and engineering (design pattern diagrams) 
• Good understanding of IAM 
• Intimately familiar with IAM related protocols such as SAML, SPML, XACML, SCIM, OpenID and OAuth 
• Strong experience with Directories, SSO, Federation, Delegated administration, API gateways, SOA services 
• Experience with App Gateways, App Proxies 
• Good understanding of MFA, PAM and Risk Based Authentication 
• Deep technical understanding of IAM solutions across multiple vendors. Like Microsoft, Okta and Quest 
• Experience with NIST SP800-63 Digital Authentication Standard 
• Ability to work across teams  

Preferred Skills:    

• Business outcomes mindset 
• Directory services design experience such as AD and AAD 
• Excellent interpersonal communication skills with strong spoken and written English 
• Scripting experience 
• Implementation experience 
• Collaborative team worker 
• Flexibility to accommodate working across different time-zones   

Preferred Education:       

Bachelor’s in Computer Science