Security Architect

Identity Security Architect – Kerberos & Authentication Discovery

MUST HAVE VALID ACTIVE SC CLEARANCE

(Hybrid)

£660 / day (Inside IR35)

We’re looking for an Identity Security Architect with deep Kerberos and IAM / password lifecycle expertise to lead a focused discovery of our authentication landscape. You’ll assess current-state architecture, uncover risks, and design clear, logical recommendations to strengthen authentication and password management across a complex enterprise.

• Lead a structured discovery of authentication, Kerberos, and password management processes.
• Analyse and document existing Kerberos implementations across AD, Windows, and Linux.
• Map application and service dependencies, highlighting gaps and architectural risks.
• Review password-reset flows, service account behaviour, and identity lifecycle processes.
• Evaluate SPN hygiene, delegation models, ticket lifetimes, encryption types, and trust relationships.
• Produce concise, high-quality architecture documentation and remediation recommendations.
• Work with technical teams to validate findings and support Kerberos integrations.
• Define clear, repeatable processes for authentication and password management.

• Deep, hands‑on Kerberos expertise (SPNs, delegation, ticketing, trusts).
• Strong background in identity security architecture and authentication design.
• Practical experience with password reset and IAM lifecycle processes.
• Skilled with troubleshooting tools (klist, setspn, Wireshark, event logs).
• Excellent analytical thinking and documentation—able to break down complex systems logically.
• Strong communicator comfortable engaging both technical and non‑technical teams.

• Experience in government or regulated environments.
• Familiarity with IAM platforms, password management, or privileged access tools.
• Background in authentication risk analysis and remediation planning.