CrawlJobs Logo
Microsoft Corporation Logo Microsoft Corporation · IT - Administration

Enterprise Identity Architect

United Kingdom, Multiple Locations · Job Posted May 30, 2026
Apply Position
Job Link Share

Job Description

We are seeking an Enterprise Identity Architect with deep, hands-on expertise in Identity & Access Management (IAM) across complex, multitenant, and multiforest estates in the UK defence sector. The role will lead the unravelling of a complex identity landscape, establish a single authoritative master identity model spanning OFFICIAL to SECRET domains, and drive a secure, standards aligned roadmap built on Zero Trust and defence policy frameworks (including ASP 240 and relevant JSPs).

Job Responsibility

  • Enterprise Identity Architecture: Define and own end to end IAM reference architectures for OFFICIAL and SECRET domains, including enclave segregation, trust models, and boundary controls
  • Design authoritative identity sources and golden record schemas (HR, ERP, clearance systems), lifecycle policies (joiner/mover/leaver), and attribute governance
  • Specify RBAC/ABAC models, entitlement catalogues, role mining, separation of duties (SoD) and privileged access patterns (PAW tiers, admin forest, bastion models)
  • Technical Strategy & Delivery: Lead consolidation/modernisation across Microsoft Entra ID (Azure AD), on Prem AD, MIM/Entra ID Governance, and third-party IGA (SailPoint/Saviynt)
  • Architect MFA/password less (FIDO2/YubiKey, smartcard/PIV equivalents), Conditional Access, risk based access, device trust, PIM and PAM (CyberArk/Beyond Trust)
  • Own identity integration for critical apps (cloud, on Prem, legacy, air gapped) and cross domain access patterns via controlled brokers/guards
  • Security, Compliance & Defence Governance: Map designs and evidence to ASP 240 and applicable JSP guidelines (e.g., JSP 440 Security, JSP 604 Information/IA policies or successors), NCSC guidance, ISO/IEC 27001, and Zero Trust principles
  • Produce and maintain HLD/LLD, Control Matrices, Risk/Threat Models (STRIDE/ATT&CK), Security Cases, Transition Plans, and Operational Runbooks
  • Support audits, Design Reviews, IAO/SIRO approvals, security testing, and accreditation evidence
  • Change & Stakeholder Leadership: Run workshops to untangle legacy identity estates, discover shadow entitlements, and align business/mission owners to a single operating model
  • Coach engineering and operations teams
  • establish guardrails, patterns, and reference implementations
  • guide devsecops integration for identity

Requirements

  • Proven record of accomplishment leading largescale IAM transformations in the Defence Sector with mixed classification environments (OFFICIAL, OFFICIALSENSITIVE, SECRET)
  • Deep expertise with Microsoft Entra ID (Azure AD), Entra Connect/Cloud Sync, MIM/Entra ID Governance, Conditional Access, PIM, tenant to tenant and hybrid patterns
  • Active Directory (multi‑forest consolidation, trusts, tiered admin, admin forests), DNS/PKI (enterprise and offline PKI, CRL/OCSP, HSMs FIPS 140‑2/3)
  • PIM , PAW and PAM
  • MFA/password less (FIDO2, smartcards, CAC/PIVstyle credentials), credential hygiene, Kerberos/NTLM deprecation strategies
  • Zero Trust identity controls, RBAC/ABAC, and policy as code approaches
  • Aligning all Zero Trust / Master identity to Enterprise Service Model
  • Demonstrable success unravelling complex identity estates (e.g., multiple AD forests, conflicting schemas, brittle sync, overlapping personas) and delivering a master identity model with clean source of truth and lifecycle automation
  • Experience defining cross domain identity patterns for air gapped or highside environments, including guardmediated flows, brokers, one way trust, and offline credential issuance
  • Strong documentation: HLD/LLD, architecture decision records, control mappings (JSP/ASP/NCSC), test plans, migration & decommission plans
  • Candidates must show experience aligning to ASP 240 (client/authority security policy 240) or equivalent Authority Security Policy requirements, plus: JSP 440 (security) and JSP 604 (information/IA) or successor policy frameworks
  • NCSC guidance (e.g., MFA, device identity, protective monitoring, cloud security), HMG SPF, ISO/IEC 27001, NIST SP 800‑63 (Digital Identity), NIST SP 800‑207 (Zero Trust)
  • Evidence generation for assurance/accreditation, including control narratives, test evidence, residual risk statements, and operational handover
  • Baseline: Active DV clearance required at starts
  • Ability to work in secure facilities (up to SECRET), follow need to know, and comply with JSP/ASP handling procedures
  • Willingness to undergo additional customer specific vetting and adhere to personnel security obligations

Nice to have

  • Cross domain solutions (CDS) exposure, data diodes/guards integration with identity
  • Logging & Threat Detection integration
  • Experience migrating from ADFS and legacy IdPs to modern standards (OIDC/SAML)
  • Familiarity with supply chain and partner access hardening (B2B, external identities)
  • Prior work with highside enclaves, break glass and operational segregation (PAW, tiering, jump hosts)
Microsoft Corporation - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Enterprise Identity Architect

8 matching positions

Solution Architect – Enterprise SaaS (Pre Sales)

Location
Location
Canada
Salary
Salary:
Not provided
myticas.com Logo
Myticas Consulting
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong enterprise SaaS background with comprehensive end-to-end product architecture experience
  • Strong technical foundation in core banking domains, including modernization, pricing, billing, and systems architecture across retail, corporate, and commercial banking
  • Experience designing scalable, secure, and reliable systems using microservices, APIs, and integration frameworks
  • Proficiency in software design principles, CI/CD pipelines, containerization (Docker, Kubernetes), and automation tooling
  • Knowledge of identity management, encryption, and regulatory frameworks (SOC 2, GDPR, ISO 27001)
  • Ability to produce clear, detailed architecture design documents
Job Responsibility
Job Responsibility
  • Guide banks through the adoption of enterprise SaaS
  • Articulate the business value of the Client’s platform within the context of each bank’s end-to-end architecture
  • Work collaboratively across the Client ecosystem, and in partnership with customers and industry partners
  • Demonstrate passion for solving complex business problems through technology and communicating technology impacts through a business lens
  • Enhance Customer Value Through Strategic Engagement & Innovation
  • Drive Enterprise SaaS Architecture Excellence
  • Foster High-Performing Cross-Functional Collaboration
  • Collaborate with internal business and technical SMEs and stakeholders
  • Act as an external client-facing resource to ensure successful outcomes and solution adoption
  • Act as a technical pre-sales partner by shaping solution narratives, tailoring demos, and guiding prospects through architectural considerations
  • Fulltime
Read More
Arrow Right

Enterprise Security Architect

Enterprise Security Architect role at HPE's Cybersecurity team responsible for d...
Location
Location
United States , Spring
Salary
Salary:
117500.00 - 270000.00 USD / Year
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years in security architecture, solution architecture, or related roles in large, complex enterprises
  • Deep experience with on-premises infrastructure security (data centers, networks, OT/ICS, mainframes, Windows/Linux servers)
  • Strong knowledge of cloud security (AWS/Azure/GCP) and hybrid architecture models
  • Detailed understanding of enterprise security domains: identity and access, network security, data protection, and application security
  • In-depth experience with security frameworks (NIST CSF, ISO 27001, CIS Controls, OWASP)
  • Bachelor's or master's degree in computer science, Engineering, Cybersecurity, or related field
  • Certifications such as CISSP, SABSA, TOGAF, CCSK, or CCSP are a plus
Job Responsibility
Job Responsibility
  • Define and maintain enterprise security reference architectures, patterns, and standards for on-prem, hybrid, and cloud environments
  • Conduct architecture risk assessments and security design reviews for major technology programs
  • Design secure architectures for data centers, networks, servers, OT/ICS, IT infrastructure and legacy business platforms
  • Guide the secure modernization of on-prem workloads and public cloud platforms (AWS/Azure/GCP)
  • Drive Zero Trust principles and identity-centric security models across enterprise systems
  • Establish design patterns for data classification, encryption, and data loss prevention
  • Provide security guidance for emerging AI/ML platforms and use cases, including data privacy, model security, and responsible use
  • Partner with enterprise architects, engineering teams, infrastructure, and compliance to embed security early in designs
  • Act as a trusted advisor to technology leaders and mentor engineers on secure design practices
  • Practice champion secure-by-design thinking and drive adoption across the enterprise
What we offer
What we offer
  • Health & Wellbeing benefits
  • Personal & Professional Development programs
  • Unconditional Inclusion environment
  • Comprehensive benefits suite supporting physical, financial and emotional wellbeing
  • Fulltime
Read More
Arrow Right

Identity and Access Management Engineer

Do you have experience designing and implementing Identity and Access Management...
Location
Location
Australia , Melbourne
Salary
Salary:
Not provided
easygo.io Logo
Easygo Gaming
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum 3-5 years hands-on experience administering and architecting enterprise Identity and Access Management systems, particularly Okta or similar IAM platforms
  • Advanced technical expertise with modern identity protocols and standards including OIDC (OpenID Connect), SAML, and SCIM implementations
  • Proven experience managing Google Workspace as an Identity Provider, including application integrations and access management
  • Demonstrated ability to design identity architectures that balance security requirements with user experience and operational efficiency
  • Track record of successfully evaluating, selecting, and implementing identity technologies in production environments
  • Experience configuring SSO integrations for SaaS and enterprise applications using federated identity protocols
  • Strong understanding of authentication mechanisms including Multi-Factor Authentication (MFA), passwordless authentication, and passkey technologies
  • Practical knowledge of authorization models, role-based access control (RBAC), and attribute-based access control (ABAC) concepts
Job Responsibility
Job Responsibility
  • Design and architect enterprise identity and access management solutions that scale across nearly 2,000 global employees while maintaining security and operational efficiency
  • Serve as the organization's IAM subject matter expert, providing authoritative guidance on identity technologies, standards, and best practices to stakeholders across IT, Security, and Development teams
  • Develop comprehensive identity architecture roadmaps to uplift and modernize access control systems across the organization, aligning with business growth and security requirements
  • Evaluate, procure, and implement identity tools and platforms to continuously enhance IAM capabilities and address evolving organizational needs
  • Manage and optimize Google Workspace as the primary Identity Provider, ensuring seamless integration with enterprise applications and services
  • Configure and maintain enterprise identity systems including Okta and related IAM platforms, implementing OIDC, SAML, and SCIM integrations for application access
  • Provide expert consultation to product and engineering teams on customer-facing authentication systems, advising on MFA implementation, passkey adoption, and secure authentication flows
  • Design and enforce access control policies and authorization frameworks in alignment with least privilege and zero trust principles
  • Lead identity-related projects from conception to deployment, managing stakeholder expectations and delivering measurable improvements to identity operations
  • Automate identity lifecycle management processes including provisioning, de-provisioning, and access recertification workflows
What we offer
What we offer
  • In-house baristas serving free coffee, tea, fresh juices, and smoothies
  • Daily catered breakfast and regular company-wide events
  • Snack walls and drink fridges on every floor
  • Fun /modern office spaces with pool tables, table tennis, gaming consoles, and an F1 simulator
  • Access to our Employee Assistance Program for you and your loved ones
  • 9,000+ courses on our Learning & Development platform
  • One paid volunteer day per year
  • Weekly Wednesday massages by professional masseuses
  • Team budgets for lunches and activities to celebrate achievements
  • Social sports teams and participation in Corporate Games
  • Fulltime
Read More
Arrow Right

AI Solution Architect

Design expert responsible for creating end-to-end solution architectures that in...
Location
Location
India , Chennai
Salary
Salary:
Not provided
hogarth.com Logo
Hogarth
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Expert knowledge of enterprise integration patterns
  • Hands-on experience designing and implementing solutions using agentic frameworks (LangGraph, CrewAI, Microsoft AutoGen, Semantic Kernel)
  • Proficiency in working with vector stores and Retrieval-Augmented Generation (RAG) models
  • Experience designing AI systems on cloud platforms (Azure, AWS, GCP) with capabilities for hybrid deployments
  • Ability to align solution architecture with business and enterprise architecture using methodologies such as TOGAF
  • Strong knowledge in designing RESTful, GraphQL, and gRPC APIs, and applying microservices architecture principles
  • Understanding of enterprise-grade security requirements, including encryption, identity and access management (IAM), SOC2/GDPR compliance
  • 7–12 years solution architecture
  • 3+ years AI/ML systems
  • Enterprise experience required
Job Responsibility
Job Responsibility
  • Design enterprise-grade agentic AI solutions
  • Create integration strategies with existing systems
  • Define multi-agent communication patterns
  • Establish security and governance models
  • Conduct technology assessments and recommendations
  • Create technical documentation and standards
  • Support pre-sales and client technical engagements
What we offer
What we offer
  • Attractive package
  • relocation benefits
  • Fulltime
Read More
Arrow Right

IAM Senior Engineer - Active Directory/Entra ID

HPE Global IT is seeking a highly skilled Senior Active Directory (AD), Entra ID...
Location
Location
India , Bangalore
Salary
Salary:
Not provided
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent experience)
  • 10+ years of IT or cybersecurity experience
  • 7+ years focused on AD, Entra ID, and Azure identity engineering in enterprise-scale environments
  • Deep hands-on experience managing multi-forest AD environments (schema, replication, delegation, GPOs, DNS, DHCP)
  • Strong expertise with Entra ID and hybrid identity integration (Entra Connect / Cloud Sync, federation, SSO)
  • Hands-on experience with Azure governance, RBAC, PIM, and access policy enforcement
  • Experience implementing conditional access, passwordless, and phishing-resistant MFA in Entra and Azure
  • Proficiency in PowerShell scripting, Graph API, and Azure automation for identity management and reporting
  • Solid understanding of authentication protocols (Kerberos, NTLM, LDAP, SAML, OIDC, OAuth2)
  • Familiarity with Zero Trust, tiered admin models, and directory hardening practices
Job Responsibility
Job Responsibility
  • Engineer, deploy, and optimize Active Directory, Entra ID, and Azure identity services across enterprise-scale hybrid environments
  • Design and manage multi-forest AD architectures, including schema extensions, replication, delegation, and hardening
  • Implement and maintain cross-domain and cross-tenant synchronization between AD and Entra ID using Entra Connect or Cloud Sync
  • Engineer secure authentication and federation flows leveraging Kerberos, NTLM, SAML, OIDC, and OAuth2
  • Implement and enhance conditional access, MFA, passwordless, and FIDO2 authentication methods in Entra and Azure environments
  • Support Zero Trust Directory Security through tiered administration, least privilege, and delegated access controls
  • Partner with cloud and infrastructure teams to ensure secure integration of Azure resources with enterprise identity services
  • Maintain and secure domain controllers, DNS, DHCP, and Group Policy Objects (GPOs) across global environments
  • Manage Azure AD tenants, subscriptions, and resource access controls (RBAC, PIM, Entra roles)
  • Integrate on-prem AD with Azure workloads, Microsoft 365, Intune, and other SaaS applications
What we offer
What we offer
  • Health & Wellbeing benefits
  • Personal & Professional Development programs
  • Unconditional Inclusion environment
  • Comprehensive suite of benefits supporting physical, financial and emotional wellbeing
  • Fulltime
Read More
Arrow Right

Software Engineer, Enterprise Identity

OpenAI’s Enterprise Identity team builds the trust and control layer that enable...
Location
Location
United States , San Francisco
Salary
Salary:
185000.00 - 385000.00 USD / Year
openai.com Logo
OpenAI
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience building and operating production backend systems
  • Exposure to authentication, identity, or access control in real-world environments
  • Comfort working with identity protocols such as OAuth 2.0, SAML, SCIM, SSO and OIDC
  • Solid backend engineer (Python preferred)
  • Experience designing reliable systems, writing clean APIs, and thinking carefully about security, privacy and correctness
  • Has operated and worked in high-traffic and large scale systems
  • Likes owning problems end-to-end, from design through production, and learning new domains as needed to deliver high-quality results
  • Motivated by the opportunity to help shape how enterprises securely access and govern the use of frontier AI technologies
Job Responsibility
Job Responsibility
  • Architect and build the next generation of enterprise authentication and authorization infrastructure, powering secure integrations across SAML, OIDC, and OAuth 2.0
  • Design and deliver core enterprise identity capabilities — including SSO, SCIM provisioning, RBAC, and delegated access — that enable organizations to manage access with confidence at scale
  • Evolve the identity data model and system architecture to support complex, real-world enterprise structures spanning teams, domains, subsidiaries, and global organizations
  • Partner closely with go-to-market, security, and product teams to shape identity features that meet the needs of customers ranging from fast-growing startups to multinational enterprises
  • Build high-leverage tools, APIs, and primitives that make it easy for engineering teams across OpenAI to integrate enterprise identity seamlessly into their products
What we offer
What we offer
  • Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts
  • Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)
  • 401(k) retirement plan with employer match
  • Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)
  • Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees
  • 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)
  • Mental health and wellness support
  • Employer-paid basic life and disability coverage
  • Annual learning and development stipend to fuel your professional growth
  • Daily meals in our offices, and meal delivery credits as eligible
  • Fulltime
Read More
Arrow Right

Security Cloud Solution Architect

Microsoft is hiring security professionals to drive customer cloud security adop...
Location
Location
Germany , Multiple Locations
Salary
Salary:
Not provided
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Significant technical experience in Security, identity, or data security and understanding of architectures at enterprise-scale
  • Good understanding of the overall Cybersecurity Market and the competitive landscape
  • Understanding of the current Threat Landscape and current attack vendors (State of Cybersecurity)
  • In-depth knowledge/ Subject Matter Expertise in one or more of the following solutions or competitive products: Entra ID (former Azure Active Directory), Defender for Identity, Defender for Office, Defender for Endpoint, Defender for Cloud, Microsoft Purview (esp. Azure Information Protection OR eDiscovery OR Data loss prevention OR Insider Risk Management), Microsoft Sentinel, Copilot for Security
  • Customer focused mindset enjoying the work with customers (internal or external) as a trusted technical advisor aiming for realizing the value for the customer
  • English skills required, German skills are a plus
  • Relationship Building
  • Problem Solving
  • Collaboration and Communication
  • Customer Focus
Job Responsibility
Job Responsibility
  • Drive customer transformation on the Azure and Microsoft 365 Platform
  • Own the overall technical relationship and strategy between the customer and Microsoft
  • Own security, data security or identity customer engagements, including architecture, technical readiness, implementation, and optimization in production
  • Deliver pro-active support delivery services through the customer’s unified contract
  • Have security discussions with customer decision makers such as CISOs, Enterprise Security Architects, Enterprise Architects, IT and Security Management, and Developers to drive Security as an enabler for cloud workloads in Azure and Microsoft 365
  • Fulltime
Read More
Arrow Right

Ai Technical Architect

Location
Location
United States , Auburn Hills
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 20+ years in software engineering with 5+ years focused on AI/ML systems
  • 3+ years hands-on experience architecting and shipping production LLM and agentic AI applications
  • Demonstrated success leading enterprise-scale AI platform builds with measurable business outcomes
  • Track record architecting scalable cloud-native systems on AWS in regulated or large-enterprise environments
  • Experience leading technical teams, mentoring engineers, and engaging executive stakeholders
  • Bachelor's or Master's degree in Computer Science, AI/ML, or a related technical field
  • Expert proficiency with LangGraph, LangChain, and agent orchestration frameworks
  • Deep experience with Amazon Bedrock, SageMaker, and Amazon Q, including Bedrock Agents and Knowledge Bases
  • Hands-on experience with Model Context Protocol (MCP), function calling, tool use, and structured output patterns
  • Strong command of prompt engineering, evaluation harnesses, fine-tuning, and model optimization
Job Responsibility
Job Responsibility
  • Design the enterprise AI platform architecture spanning the LLM API gateway, GPU and compute allocation pools, sandbox provisioning, model registry, and security gate automation
  • Define infrastructure standards, API gateway patterns, and reference architectures consumed by all AI delivery towers and partner integrations
  • Establish guardrails for token metering, rate limiting, audit logging, DLP validation, SAST, DAST, dependency scanning, and model card review embedded in CI/CD
  • Review security posture across all AI workloads with mapping to NIST AI RMF, AWS Well-Architected (including the Machine Learning Lens), and applicable enterprise compliance baselines
  • Architect multi-agent systems using LangGraph, LangChain, and Model Context Protocol (MCP) for complex workflow orchestration, planning, and tool use
  • Define patterns for ReAct, Chain-of-Thought, Tree-of-Thoughts, and agent-to-agent coordination across enterprise and customer-facing use cases
  • Design and optimize Retrieval-Augmented Generation (RAG) systems, embedding strategies, and semantic search across structured and unstructured enterprise data
  • Establish MLOps and AgentOps practices for deployment, evaluation, observability, and continuous improvement of agents and models in production
  • Architect solutions on Amazon Bedrock, Amazon SageMaker, Amazon Q, Bedrock Agents, and Bedrock Knowledge Bases
  • Define infrastructure patterns using Amazon EKS, AWS Lambda, ECS Fargate, API Gateway, EventBridge, SNS/SQS, Kinesis, S3, DynamoDB, Aurora, Redshift, Athena, OpenSearch, and Kendra
  • Fulltime
Read More
Arrow Right