Senior Architect, Identity & Security

Senior Architect, Identity & Security

West Monroe is seeking a Senior Architect, Identity & Security to lead cross‑functional teams in the design, remediation, and modernization of complex identity and cloud infrastructure solutions. This role focuses on securing and transforming critical IT environments for a diverse portfolio of clients, helping them navigate Active Directory modernizations, cloud identity migrations, and security hardening initiatives.

• Partner with consultants and client leadership to architect, build, and deploy secure and modern Active Directory and Microsoft Entra .
• Assess current‑state identity environments and processes, interview stakeholders, define critical requirements, and present practical solution strategies and roadmaps to client executives.
• Lead the technical design of future‑state Active Directory (AD DS) and Entra , including privileged access management (PAM) design, tiered administrative access models, and identity consolidation strategies.
• Establish and enforce identity architecture standards, best practices, and governance to deliver secure, compliant, and consistent solutions aligned with industry benchmarks (e.g., CIS and Microsoft baselines).
• Lead security assessment and remediation planning, consolidating findings from tools (e.g., Purple Knight, Maester, CIS Benchmark‑based assessments) to create and manage prioritized, risk‑based remediation backlogs.
• Provide expert technical oversight for security remediation initiatives, such as hardening domain controllers, remediating privileged access, resolving Entra Connect sync issues, and restricting legacy protocols.
• Develop detailed implementation plans, migration strategies, and remediation backlogs for AD restructuring, consolidation, identity synchronization, and legacy decommissioning.
• Establish and manage engagement‑level governance, quality, and risk, including defining quantitative success criteria, RACI, and clear communications to technical and executive stakeholders.
• Support key decision‑making on project direction, including technology selections, team work streams, and delivery methodologies.
• Mentor junior consultants on technical best practices, solution design, and client engagement.
• Assist business development efforts through proposals, pre‑sales technical discovery, and client presentations.

• Bachelor’s degree in a relevant field preferred, or equivalent experience required.
• Prior consulting experience preferred.
• 8–12+ years of experience in IT architecture, engineering, and/or security with a deep focus on identity solutions.
• Expert‑level knowledge of Active Directory Domain Services (AD DS) design, security, and administration.
• Strong experience with Microsoft Entra , including Entra Connect, Conditional Access, modern authentication methods, and Privileged Identity Management (PIM).
• Proven experience leading identity migrations, AD remediations, and consolidation projects.
• Experience designing and implementing hybrid authentication patterns between AD DS and Microsoft Entra .
• Proficiency in implementing enterprise Privileged Access Management (PAM) solutions and tiered administrative access models.
• Hands‑on experience with AD and Entra  assessment tools and hardening methodologies.
• Proficiency with AD security hardening techniques (KRBTGT rotations, restricting NTLM, LAPS, RBKCD, LDAP signing, etc.).
• Familiarity with migration and directory protection tools (e.g., Quest On‑Demand Migration) and identity‑driven application dependencies.
• Strong communication, presentation, client management, and team leadership skills.
• Willingness to travel for out‑of‑town client engagements.

• Familiarity with compliance standards (e.g., NIST, HIPAA, ISO).
• Advanced scripting for automation and analysis (e.g., Power Shell).
• Knowledge of Infrastructure as Code (Terraform) and Dev Sec Ops  practices.
• Familiarity with application dependency and network flow mapping tools.
• Experience with Active Directory resilience and recovery tooling.
• Experience migrating from on‑premises Active Directory Certificate Services to cloud‑native PKI solutions.
• Familiarity with enterprise Identity Governance and…