IAM Solutions Architect (Remote)

Company: UNFI
Location: Providence
Posted on: January 20, 2025

Job Description:

Job Overview:The function of the IAM Solution Architect is to partner with the Product Management team and Enterprise/Security/IT Architects to create the overall technical vision of a full IT solution to support the business goal. This role is responsible for, in partnership with IT peers, design, planning, implementing the solution. This role will also partner with operations teams to provide support and evaluate the solution to ensure continuous improvement of the solution. The IAM Solution Architect stays up to date on the latest technologies, security best practices and deployment strategies both in the cloud and on premise. Core functions include assessing existing deployments for remediation efforts regarding availability, recoverability, security and. This position is responsible for architecting, designing, engineering, coordinating and cost forecastingsolutions for the Identity & Access Management (IAM) area, including directory services, authentication/authorization, privileged access management, identity lifecycle management and cloud identity services. This position is highly collaborative, interactsfrequently with IT and business leadership and possesses excellent communication skills.Job Responsibilities:Solution Architecture
Formulate the technical strategy and roadmaps as required to develop, build, and support the company s IAM strategy including on-premises, IaaS, PaaS, and SaaS products.
Responsible for ensuring that IAM solutions are focused on standards development, stability, security, efficiency, upgrades, migrations, Disaster Recovery, and system integration/inter-operability.
Establish governance and enforce quality IAM standards for cloud software and infrastructure architectures (IaaS, PaaS and SaaS).
Collaborate with stakeholder teams to define use cases, goals, objectives, and architecture to support the business needs.
Initiates solution ideation and execution to drive the creation and ongoing improvement of solutions with product managers, as well as 3rd-party technology providers.
Collaborate with IT architects to ensure solutions meet the enterprise standards for architecture, engineering, quality, and security.
Engage and align recommendations to senior IT leadership team.
Understand the current state of the organization-wide architecture
Identify key business drivers and technology capabilities required to achieve optimal state.
Work closely with IT peers and act as a liaison between key business, and IT experts
Ensure alignment between business strategies, information technology roadmap, and technical and tactical deployment plans.
Drive POC s, vendor evaluations and comparisons for the right solution
Maintains records to document architecture and technology portfolio as well as revisions to enterprise artifacts.
Provide architectural guidance to the product teamPeople Leadership
Provide IAM consultation services to enterprise and IT teams
Explain technical issues and IT solution strategies to stakeholders and other IT professionals
Serve as IAM SME for the extended Infrastructure team and help develop internal knowledge
Mentor and coach engineers, administrators, and developers to ensure that architecture and requirements best practices are followed.Job Requirements:Education/Certification:
Bachelor s degree in computer science or a related discipline desired, or relevant IAM Engineering work experience.
Masters in IT Management strongly preferred.
Industry Cybersecurity or IAM certifications such as CISSP, ISC2+, GSEC, GISF, GCIA and GISP or equivalent
Relevant product certifications such as CyberArk, SailPoint, Microsoft, AWS Certified Cloud PractitionerExperience:
6-10+ years
professional experience working as an architect in large scale identity environments (10,000 users minimum).
6+ years
experience in as an IAM Engineer/Architect in a large complex on-premises/cloud hybrid identity environment
6+ years
experience with directory services, authentication/authorization, privileged access management, identity lifecycle management and/or cloud identity services: Active Directory, Azure AD/SSO/MFA, Azure Identity Framework, AWS cloud native, CyberArk, SailPoint IIQ, Oracle OUD, LDAP, etc.
6+ years of experience with Amazon Web Services (AWS), and Google Cloud Platform (GCP) with enterprise-level web/SaaS applications and IaaS/PaaS architecture within AWS, and GCP.
Highly engaged technologist with broad experience across a variety of operations and services, including infrastructure as code, CI/CD pipelines, real-time OLTP systems, heterogeneous environments (Linux & windows), serverless & containerizeddeployments, and zero trust security. Familiarity with cloud tools including Terraform, CHEF, Ansible, etc. preferred.
6+ years of hands-on engineering experience with the following IAM domains:Cloud
Experience designing Azure Conditional Access policies, Azure SSO, Azure MFA and Identity federation using AD Connect and/or ADFS
Experience supporting AWS identity federation and AWS governance
Experience securing applications with cloud access security broker (CASB)
Experience managing an Azure B2C tenant for external users, including design and creation of Azure B2C policies, Azure forms and workflows using the Azure Identity FrameworkDirectory Services
Experience designing Active Directory Group Policies, fine-grain password policies, AD Sites, Time Service(NTP), DNS and AD replication topology, with Active Directory 2016 functional forest level
Experience with AD delegated administration tools such as Quest ARS, RMAD, GPO Admin, Enterprise Reporter
Experience applying security standards using automated processes to prevent misuse of stale accounts, compromise of passwords or escalation of permissions, such as identifying and disabling stale accountsIdentity Lifecycle Management
Experience with SailPoint Identity IQ
Experience integration SailPoint IIQ with enterprise applications and IAM solutions
Understanding and experience in Java application development, Beanshell, Linux/Unix, Windows, scripting (Bash, PowerShell, Perl), SQL, LDAP, and web services
Experience developing custom workflows for joiners, leavers and movers
Experience connecting applications to SailPoint for automated provisioning/deprovisioning and access reviews
Experience with designing and implementing Role Based Access Control using technical and business rolesPrivileged Access Management
Extensive experience architecting, designing and implementing CyberArk products for a complex enterprise environment with multiple domains and platforms
Experience integrating CyberArk with various applications using out of the box and custom connectors
Experience rolling out privileged access to administrative users to maximize security and operational efficiency
Experience using CyberArk to secure remote access for vendors
Experience with architecting and designing for Security Constraints, Resiliency, High-Availability, Fault Tolerance, and ScalabilityKnowledge / Skills and Abilities:
Proficient with industry security frameworks such as NIST, ISO 17799, CIS, etc.
Proficient with one or more regulatory requirements and laws such as, but not limited to, PCI, Federal Financial Institutions Examination Council (FFIEC), Sarbanes-Oxley (SOX), HIPAA, GDPR and GLBA.
Proficient with implementation of zero trust principles
Knowledge of ITIL and able to follow established processes for ITSM
Knowledge of relational databases (Oracle, MSSQL, MySQL, etc)
Knowledge of enterprise systems (SAP, PeopleSoft, Cherwell)
Ability to create and articulate target and reference architectures and product, capability roadmaps.
Working knowledge of design patterns and appreciation of the purpose and the practices of Agile
Excellent verbal and written communications skills to collaborate with leadership and stake holders
Knowledge of web services standards and related technologies
Instill best practices and standards across technical and business teams
Proven ability to contribute to the development of strategic technology direction and architecture vision for a large organization
Ability to think across IT solutions in a multi-platform environment and define potential impact.
Strong analytical, problems-solving and conceptual skills.
Strong project management skills; experience organizing, planning and executing large-scale projects from vision through implementation, involving internal and external resources.
Strong teamwork and interpersonal skills; ability to communicate and influence at all management levels and with both technical and non-technical individuals and successfully manage in a cross-functional environment and remote locations.
Strong leadership and communication skills with a focus on the ability to leverage technology as a business enabler.
Good judgment is required for this position as there may be times when direct supervision may not be immediately availableAll qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity or expression, national origin, disability, or protected veteran status. UNFI is an Equal Opportunity employer committed to creating an inclusive and respectful environment for all. - M/F/Veteran/Disability. VEVRAA Federal Contractor.Additional InformationSchedule: Full-time

Keywords: UNFI, Newton , IAM Solutions Architect (Remote), Other , Providence, Massachusetts