Senior IT Architect Identity and Access Management

Job Summary

We are seeking an experienced IAM Architect to lead the strategy, design, governance, and evolution of our enterprise identity ecosystem. This role serves as the technical authority for identity architecture, ensuring secure, scalable, and compliant access across on-premises, cloud, and SaaS environments. The IAM Architect partners closely with security leadership, engineering teams, application owners, and compliance stakeholders to deliver identity solutions that balance strong security controls, user experience, and business agility.

This role is pivotal in building a secure digital front door that protects enterprise assets while enabling employees, partners, and customers. The architect bridges high-level business requirements with deep technical execution, ensuring the IAM framework supports cloud transformation, Zero Trust principles, and regulatory obligations.

• Lead the architecture, design, and implementation of enterprise IAM capabilities, including Identity Governance and Administration (IGA), Privileged Access Management (PAM), and Customer IAM (CIAM)
• Develop and implement IAM policies, standards, and reference architectures for hybrid and multi-cloud environments, including SSO, identity federation (SAML, OIDC, OAuth 2.0), API security, SCIM provisioning, and directory services
• Drive adoption of modern authentication controls, including passwordless, passkeys, and phishing-resistant authentication
• Design and implement controls for non-human and machine identities, including service principals, secrets management, and PKI-based authentication
• Develop automated identity lifecycle management workflows, including joiner-mover-leaver (JML) processes, to reduce manual effort and improve security posture
• Onboard new applications by defining identity, authentication, authorization, and access requirements including Secure SaaS integrations and design Conditional Access policies
• Architect IAM controls to support SOX, NIST, and other regulatory frameworks, including segregation of duties (SoD), RBAC models, access certifications, privileged access controls, and audit logging
• Ensure IAM architectures are audit-defensible and capable of producing required evidence for internal and external audits
• Continuously monitor and improve identity security posture, detection capabilities, and response readiness
• Lead identity architecture reviews and provide mentorship and technical guidance to junior IAM engineers and analysts
• Produce high-quality documentation, including architecture diagrams, design decision records, standards, and implementation guidance
• Communicate complex identity and security concepts effectively to engineering teams, business stakeholders, and senior leadership
• Identify and implement automation to improve Identity Operations and Services

Bachelor’s degree in Computer science, Information Security, or Engineering PREFERRED

• 10+ years in Cybersecurity, with at least 5 years specifically focused on IAM architecture, design and implementation
• Experience with major IAM platforms and hands-on experience with enterprise IAM technologies such IGA, SSO, PAM, Phish-resistant MFA, CIAM
• Strong knowledge of identity protocols such as SAML, OAuth2, OIDC, LDAP, Kerberos
• Hands on experience in cloud identity and hybrid environments
• Experience implementing Zero Trust or similar modern security models
• Strong written and verbal communication and excellent problem-solving and analytical skills
• Self-motivated and capable of working independently in a fast-paced operational environment
• CISSP or other relevant security certifications PREFERRED
• Microsoft Identity or IAM Vendor Security certifications PREFERRED

• Competitive pay
• Paid training
• Benefits eligibility begins on your first day
• Transit subsidies
• Flexible work schedule, paid holidays and paid time off
• Access to discounts at fitness clubs and an on-site wellness center at our headquarters in Houston
• Professional growth and development programs including tuition reimbursement
• 401(k) Savings Plan featuring a company match dollar-for-dollar up to 6% and a company contribution of 3% regardless of your contribution

Job Type: Full Time

Posting

Start Date:

04/23/2026

Posting End Date: 05/08/2026

• 60-1.4(a), 60-300.5(a), and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, or national origin. Moreover, these regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, sexual orientation, gender identity or national origin, protected veteran status or disability.