Job Overview:

The function of the IAM Solution Architect is to partner with the Product Management team and Enterprise/Security/IT Architects to create the overall technical vision of a full IT solution to support the business goal. This role is responsible for, in partnership with IT peers, design, planning, implementing the solution. This role will also partner with operations teams to provide support and evaluate the solution to ensure continuous improvement of the solution. The IAM Solution Architect stays up to date on the latest technologies, security best practices and deployment strategies both in the cloud and on premise. Core functions include assessing existing deployments for remediation efforts regarding availability, recoverability, security and. This position is responsible for architecting, designing, engineering, coordinating and cost forecasting solutions for the Identity & Access Management (IAM) area, including directory services, authentication/authorization, privileged access management, identity lifecycle management and cloud identity services. This position is highly collaborative, interacts frequently with IT and business leadership and possesses excellent communication skills.

Job Responsibilities:

Solution Architecture

• Formulate the technical strategy and roadmaps as required to develop, build, and support the company’s IAM strategy including on-premises, IaaS, PaaS, and SaaS products.

• Responsible for ensuring that IAM solutions are focused on standards development, stability, security, efficiency, upgrades, migrations, Disaster Recovery, and system integration/inter-operability.

• Establish governance and enforce quality IAM standards for cloud software and infrastructure architectures (IaaS, PaaS and SaaS).

• Collaborate with stakeholder teams to define use cases, goals, objectives, and architecture to support the business needs.

• Initiates solution ideation and execution to drive the creation and ongoing improvement of solutions with product managers, as well as 3rd-party technology providers.

• Collaborate with IT architects to ensure solutions meet the enterprise standards for architecture, engineering, quality, and security.

• Engage and align recommendations to senior IT leadership team.

• Understand the current state of the organization-wide architecture

• Identify key business drivers and technology capabilities required to achieve optimal state.

• Work closely with IT peers and act as a liaison between key business, and IT experts

• Ensure alignment between business strategies, information technology roadmap, and technical and tactical deployment plans.

• Drive POC’s, vendor evaluations and comparisons for the right solution

• Maintains records to document architecture and technology portfolio as well as revisions to enterprise artifacts.

• Provide architectural guidance to the product team

People Leadership

• Provide IAM consultation services to enterprise and IT teams

• Explain technical issues and IT solution strategies to stakeholders and other IT professionals

• Serve as IAM SME for the extended Infrastructure team and help develop internal knowledge

• Mentor and coach engineers, administrators, and developers to ensure that architecture and requirements best practices are followed.

Job Requirements:

Education/Certification:

• Bachelor’s degree in computer science or a related discipline desired, or relevant IAM Engineering work experience.

• Masters in IT Management strongly preferred.

• Industry Cybersecurity or IAM certifications such as CISSP, ISC2+, GSEC, GISF, GCIA and GISP or equivalent

• Relevant product certifications such as CyberArk, SailPoint, Microsoft, AWS Certified Cloud Practitioner

Experience:

• 6-10+ years’ professional experience working as an architect in large scale identity environments (10,000 users minimum).

• 6+ years’ experience in as an IAM Engineer/Architect in a large complex on-premises/cloud hybrid identity environment

• 6+ years’ experience with directory services, authentication/authorization, privileged access management, identity lifecycle management and/or cloud identity services: Active Directory, Azure AD/SSO/MFA, Azure Identity Framework, AWS cloud native, CyberArk, SailPoint IIQ, Oracle OUD, LDAP, etc.

• 6+ years of experience with Amazon Web Services (AWS), and Google Cloud Platform (GCP) with enterprise-level web/SaaS applications and IaaS/PaaS architecture within AWS, and GCP.

• Highly engaged technologist with broad experience across a variety of operations and services, including infrastructure as code, CI/CD pipelines, real-time OLTP systems, heterogeneous environments (Linux & windows), serverless & containerized

deployments, and zero trust security. Familiarity with cloud tools including Terraform, CHEF, Ansible, etc. preferred.

• 6+ years of hands-on engineering experience with the following IAM domains:

Cloud

• Experience designing Azure Conditional Access policies, Azure SSO, Azure MFA and Identity federation using AD Connect and/or ADFS

• Experience supporting AWS identity federation and AWS governance

• Experience securing applications with cloud access security broker (CASB)

• Experience managing an Azure B2C tenant for external users, including design and creation of Azure B2C policies, Azure forms and workflows using the Azure Identity Framework

Directory Services

• Experience designing Active Directory Group Policies, fine-grain password policies, AD Sites, Time Service

(NTP), DNS and AD replication topology, with Active Directory 2016 functional forest level

• Experience with AD delegated administration tools such as Quest ARS, RMAD, GPO Admin, Enterprise Reporter

• Experience applying security standards using automated processes to prevent misuse of stale accounts, compromise of passwords or escalation of permissions, such as identifying and disabling stale accounts

Identity Lifecycle Management

• Experience with SailPoint Identity IQ

• Experience integration SailPoint IIQ with enterprise applications and IAM solutions

• Understanding and experience in Java application development, Beanshell, Linux/Unix, Windows, scripting (Bash, PowerShell, Perl), SQL, LDAP, and web services

• Experience developing custom workflows for joiners, leavers and movers

• Experience connecting applications to SailPoint for automated provisioning/deprovisioning and access reviews

• Experience with designing and implementing Role Based Access Control using technical and business roles

Privileged Access Management

• Extensive experience architecting, designing and implementing CyberArk products for a complex enterprise environment with multiple domains and platforms

• Experience integrating CyberArk with various applications using out of the box and custom connectors

• Experience rolling out privileged access to administrative users to maximize security and operational efficiency

• Experience using CyberArk to secure remote access for vendors

• Experience with architecting and designing for Security Constraints, Resiliency, High-Availability, Fault Tolerance, and Scalability

Knowledge / Skills and Abilities:

• Proficient with industry security frameworks such as NIST, ISO 17799, CIS, etc.

• Proficient with one or more regulatory requirements and laws such as, but not limited to, PCI, Federal Financial Institutions Examination Council (FFIEC), Sarbanes-Oxley (SOX), HIPAA, GDPR and GLBA.

• Proficient with implementation of zero trust principles

• Knowledge of ITIL and able to follow established processes for ITSM

• Knowledge of relational databases (Oracle, MSSQL, MySQL, etc)

• Knowledge of enterprise systems (SAP, PeopleSoft, Cherwell)

• Ability to create and articulate target and reference architectures and product, capability roadmaps.

• Working knowledge of design patterns and appreciation of the purpose and the practices of Agile

• Excellent verbal and written communications skills to collaborate with leadership and stake holders

• Knowledge of web services standards and related technologies

• Instill best practices and standards across technical and business teams

• Proven ability to contribute to the development of strategic technology direction and architecture vision for a large organization

• Ability to think across IT solutions in a multi-platform environment and define potential impact.

• Strong analytical, problems-solving and conceptual skills.

• Strong project management skills; experience organizing, planning and executing large-scale projects from vision through implementation, involving internal and external resources.

• Strong teamwork and interpersonal skills; ability to communicate and influence at all management levels and with both technical and non-technical individuals and successfully manage in a cross-functional environment and remote locations.

• Strong leadership and communication skills with a focus on the ability to leverage technology as a business enabler.

• Good judgment is required for this position as there may be times when direct supervision may not be immediately available

All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity or expression, national origin, disability, or protected veteran status. UNFI is an Equal Opportunity employer committed to creating an inclusive and respectful environment for all. - M/F/Veteran/Disability. VEVRAA Federal Contractor.

Additional Information

• Schedule: Full-time