Identity Architect - IDaaS

Our client, one of the Uks top retailers, is looking for an Identity Architect to join them on a contract basis.

The role will be assigned to the "IDaaS" / Cloud Directory project, reporting into the security architecture function. The work will be to evaluate the clients current identity position, capture baseline identity architecture and validate hypothesis for the future of the 'identity as a service' offering and define future solution architecture for the identity services.

The client are working to modernise their identity services, to ensure that they are able to support a fast moving business, modern applications and stand as a strong pillar within zero trust framework. With a complex field of identity architectures that can be adopted, we now need to determine the basis for future identity services and need to validate future technology through healthy challenge and architectural and technical validation.

Core duties

• Explore and document baseline identity architecture
• Capture identity requirements and usage scenarios, captured as a set of patterns that a future solution will need to support;
• Build out and evaluate the drivers and benefits for change
• Review, validate and build on our future identity hypothesis, refining as appropriate.
• Provide market assessment as appropriate, partnering with our procurement teams as needed;
• Capture use-cases across our identity services and perform technical validation of how they would be adopted with the hypothesis
• Provide a validated and recommended strategy solution architecture for our identity services (i.e. this is all about explaining how the elements of the solution will work together, probably vendor agnostic)
• Perform Vendor solution options to address the above (with cost, transition, benefit high level analysis)
• Complete high-level design for the deployment in a future year
• Scope and supporting costing of future project work for the future implementation of the proposed architecture
• Understand and gain alignment with related architecture strategies (including device management and platform strategies)
• Collaboratively working with other solution and enterprise architects to drive secure solutions (across people, process and technology)

Essential skills

• Self-starter, able to work in technical detail and motivate a diverse group of stakeholders to build sponsorship for significant and impactful change;
• Expert-level knowledge and experience with technical deployments of identity systems for large enterprises;
• Microsoft Active Directory;
• Microsoft Entra ID and surround
• Microsoft ecosystem;
• Experience of deploying solutions with leading Workforce Identity and Access Management solutions (Ping Identity, Okta Workforce Identity)
• Cloud IAM (GCP, AWS and Azure);
• SSO and MFA;
• Identity governance solutions and automated provisioning methods such as SCIM
• Vendor and market analysis and engagement;
• Ability to translate technical information intoRisks, Threats and vulnerabilities for both a technical and non technical audience;
• Cloud based security (AWS/GCP), with a specialism in identity management;

Desirable Skills

• Beyond Insight Privileged Access Management Platform;
• Pragmatic application of zero-trust philosophies;
• Cloud based security (GCP, AWS and Azure)
• Pentest scoping and analysis experience
• Application security
• Threat modelling