
Senior IAM Architect
Posted 2 days ago

Posted 2 days ago
This is a fully remote position, open to applicants in Romania.
• Take ownership of the enterprise IAM architecture strategy, target state, and roadmap for cloud, on-premises, and hybrid environments, ensuring alignment with Zero Trust principles and security standards.
• Act as the IAM technical authority, delivering hands-on architectural guidance across infrastructure, cloud, and platform security initiatives.
• Design and document comprehensive IAM capabilities encompassing IGA, access management, PAM, secrets management, and non-human identities.
• Establish integration patterns and reference architectures; assess build vs. buy options, as well as emerging IAM capabilities (e.g., passwordless authentication, AI-driven identities, decentralized identity) to provide scalable services across applications, infrastructure, and DevOps tools.
• Architect authentication and authorization mechanisms (SSO, MFA, RBAC/ABAC) and standardize protocols (OAuth2/OIDC, SAML, SCIM, LDAP).
• Lead the design and integration of IAM platforms in cloud/hybrid settings (e.g., Microsoft Entra ID, Active Directory, SailPoint, PingFederate/Ping Identity, AWS IAM, CyberArk or similar).
• Define identity lifecycle management controls (joiner/mover/leaver processes, provisioning, access certifications, and role/entitlement modeling).
• Identify IAM-related risks and architecture deficiencies; establish constraints and mitigation strategies, and drive remediation through the roadmap and deliverables.
• Ensure IAM controls and integrations comply with security and regulatory standards (e.g., NIST SP 800-63, ISO 27001, SOC 2, GDPR) and assist with audit activities.
• Collaborate with business stakeholders to align IAM goals with enterprise objectives and effectively communicate decisions and trade-offs to senior leadership.
• Extensive experience in identity and access management, ideally at the architecture level; however, IAM Engineers looking to move into an architectural role will also be considered.
• Strong background across key IAM domains: IGA (lifecycle and certifications), access management (SSO/MFA), Conditional Access, PAM, and non-human identities (workload/service identities), with hands-on experience in one or more enterprise IAM platforms (e.g., Microsoft Entra ID/Azure AD, Okta, Ping, SailPoint) and integration in cloud/hybrid environments.
• Profound understanding of authentication and authorization patterns and protocols, including OAuth 2.0/OIDC, SAML 2.0, SCIM, and LDAP/AD.
• Solid comprehension of cloud IAM services (AWS, Azure, and/or GCP), including identity federation and least-privilege design principles.
• Experience in evaluating IAM risks and security controls, developing mitigation strategies, and supporting audits and compliance requirements (e.g., NIST/ISO).
• Exceptional analytical, problem-solving, and communication abilities, capable of engaging effectively with both technical and non-technical stakeholders.
• A collaborative team player who adapts swiftly to evolving priorities while maintaining a keen attention to detail.
• Financial support for your self-development.
• Fully remote working model.
• Meal ticket for every day worked.
• Medical coverage to promote your health and wellbeing.
• 26 days of vacation.
MSP Hire
Perry Homes
Get handpicked remote jobs straight to your inbox weekly.