
Senior IAM Architect
Posted 3 days ago

Posted 3 days ago
This is a fully remote position, open to applicants in Czechia.
• Take charge of the enterprise IAM architecture strategy, target state, and roadmap for cloud, on-premises, and hybrid environments, in alignment with Zero Trust and security standards.
• Act as the IAM technical authority, providing hands-on architectural leadership for infrastructure, cloud, and platform security initiatives.
• Create and document comprehensive IAM capabilities, encompassing IGA, access management, PAM, secrets management, and non-human identities.
• Establish integration patterns and reference architectures; assess build versus buy options and emerging IAM technologies (such as passwordless authentication, AI/agentic identities, and decentralized identity) to offer scalable services across applications, infrastructure, and DevOps tools.
• Design authentication and authorization mechanisms (including SSO, MFA, RBAC/ABAC) and standardize protocols (OAuth2/OIDC, SAML, SCIM, LDAP).
• Oversee IAM platform design and integration in cloud/hybrid settings (e.g., Microsoft Entra ID, Active Directory, SailPoint, PingFederate/Ping Identity, AWS IAM, CyberArk, or similar).
• Define identity lifecycle controls (covering joiner/mover/leaver processes, provisioning, access certifications, and role/entitlement modeling).
• Identify IAM risks and architectural deficiencies; establish constraints and mitigation strategies, and drive remediation through the roadmap and delivery items.
• Ensure IAM controls and integrations comply with security and regulatory standards (such as NIST SP 800-63, ISO 27001, SOC 2, GDPR) and facilitate audit activities.
• Collaborate with business stakeholders to align IAM outcomes with enterprise objectives and effectively communicate decisions and trade-offs to senior leadership.
• Extensive experience in identity and access management, ideally at the architecture level; however, IAM Engineers looking to progress to an architecture role will also be considered.
• Strong expertise across core IAM domains: IGA (lifecycle, certifications), access management (SSO/MFA), Conditional Access, PAM, and non-human identity (workload/service identities), with practical experience in one or more enterprise IAM platforms (e.g., Microsoft Entra ID/Azure AD, Okta, Ping, SailPoint) and integration across cloud/hybrid environments.
• In-depth knowledge of authentication and authorization patterns and protocols: OAuth 2.0/OIDC, SAML 2.0, SCIM, and LDAP/AD.
• Comprehensive understanding of cloud IAM (AWS, Azure, and/or GCP), including identity federation and least-privilege design principles.
• Experience in assessing IAM risks and security controls, defining mitigations, and supporting audits and compliance requirements (e.g., NIST/ISO).
• Strong analytical, problem-solving, and communication skills, capable of engaging effectively with both technical and non-technical stakeholders.
• A collaborative team player who quickly adapts to changing priorities while maintaining a keen attention to detail.
• Funding available to support your self-development.
• 5 weeks of paid vacation.
• Fully remote work model.
• Flexible working hours.
• On-site canteen & home office meal vouchers.
• Pension plan or DIP contributions.
• Discounted phone plans & company product discounts.
• Multisport Card & cafeteria program.
Miratech
Delan Associates Inc.
Salesforce
Get handpicked remote jobs straight to your inbox weekly.