Hiring Cybersecurity Architect (IAM / PAM / Active Directory) in Phoenix

OmniStarr is a U.S.-based global cybersecurity and digital transformation services firm with over 12 years of experience delivering tailored security solutions to more than 200 enterprise clients across finance, healthcare, critical infrastructure, and public sector sectors in North America, EMEA, and APAC. Our Phoenix office serves as a key delivery hub for our southwestern U.S. client portfolio, with a team of 28 cybersecurity and cloud engineering specialists focused on reducing organizational risk and improving operational resilience for our clients. We are a certified partner with leading identity security vendors including Okta, CyberArk, and Microsoft, and our architects regularly contribute to industry thought leadership through published research and speaking engagements at global cybersecurity conferences.

We are hiring a Senior Cybersecurity Architect specializing in Identity and Access Management (IAM), Privileged Access Management (PAM), and Microsoft Active Directory to join our hybrid Phoenix team. In this role, you will own the end-to-end design and delivery of identity security solutions for our enterprise clients, addressing critical gaps in access control, reducing identity-related breach risk, and ensuring compliance with global and industry-specific regulatory mandates. This is not a routine internal security role: you will work directly with C-level client stakeholders, lead cross-functional project teams, and have the opportunity to shape the direction of our identity security service offerings as we expand our client base in the southwestern U.S.

Key responsibilities for this role include the following measurable, client-facing tasks:
1. Design and deploy scalable, secure IAM, PAM, and Active Directory architectures for enterprise clients, ensuring solutions deliver 99.9% uptime for critical identity services and reduce unauthorized access incidents by a minimum of 40% within the first 6 months of post-implementation.
2. Conduct full-scope identity security assessments for client environments, identifying gaps in RBAC implementations, orphaned service accounts, excessive privilege allocations, and AD misconfigurations, delivering prioritized remediation roadmaps aligned with client business goals and regulatory requirements including HIPAA, PCI DSS, and NIST CSF.
3. Configure, integrate, and optimize core identity security tools including Okta, Azure AD, AWS IAM, CyberArk, and BeyondTrust, connecting them to client SIEM platforms (Splunk, IBM QRadar, Microsoft Sentinel) and EDR tools (CrowdStrike, SentinelOne) to enable real-time threat detection and automated access policy enforcement.
4. Lead the implementation of IGA workflows including automated user provisioning/deprovisioning, quarterly access certifications, and separation of duties controls, reducing manual access management overhead for client security teams by an average of 30% within the first year of deployment.
5. Develop and maintain standardized security playbooks for Active Directory hardening, PAM policy configuration, and IAM incident response, aligned with NIST SP 800-63 digital identity guidelines and Zero Trust Architecture principles, to reduce implementation time for new client projects by 25%.
6. Collaborate with client IT, security, and compliance teams to resolve identity-related security incidents, conduct quarterly access reviews, and deliver tailored training sessions for client stakeholders on identity security best practices and day-to-day tool usage.
7. Evaluate emerging identity security technologies and vendor offerings, providing evidence-based recommendations to clients for tool upgrades or new implementations that improve security posture while reducing operational costs by an average of 15% annually.
8. Support the pre-sales cybersecurity services team by contributing to RFP responses, solution design proposals, and client-facing presentations to demonstrate OmniStarr’s identity security expertise, with a target of contributing to 3-4 new client wins per year.

Our Phoenix office operates on a hybrid schedule, with 3 days per week required in-office for collaborative project work, client workshops, and team knowledge-sharing sessions, and 2 days available for remote focused work with no mandatory in-office presence. We prioritize a culture of psychological safety and continuous learning, with no mandatory overtime, flexible start and end times to accommodate personal commitments, and a clear expectation that work stays within standard business hours unless pre-approved for urgent client engagements. Our Phoenix cybersecurity team consists of 12 senior architects and engineers, with regular cross-team collaboration with our global delivery teams based in Bangalore, London, and Toronto. Our downtown Phoenix office is located in the city’s central tech district, with on-site amenities including a free gym, quiet focus rooms, a communal kitchen with complimentary organic snacks and coffee, and dedicated collaborative spaces for client workshops. We host monthly team-building events, quarterly team offsites, and an annual company retreat for all global employees.

To qualify for this role, you must meet the following minimum requirements:
- 7+ years of professional experience in cybersecurity, with at least 4 years focused on the design, implementation, and optimization of IAM, PAM, and Active Directory solutions for enterprise environments
- Hands-on experience implementing and configuring at least two major IAM platforms (Okta, Azure AD, AWS IAM, Ping Identity, ForgeRock) and two PAM tools (CyberArk, BeyondTrust, Delinea, Thycotic)
- Proven track record of reducing identity-related security risk for client or internal environments, with measurable outcomes (e.g., reduction in access-related incidents, decrease in manual access management time) that you can discuss in detail during the interview process
- Strong working knowledge of identity security standards including NIST SP 800-63, ISO 27001, and Zero Trust Architecture frameworks
- Excellent written and verbal communication skills, with experience presenting technical solutions to both technical engineering teams and non-technical C-level stakeholders
- Willingness to travel up to 10% of the time for client on-site engagements, primarily within the southwestern U.S.
Candidates with experience delivering identity security solutions to regulated industries (finance, healthcare, public sector) and those holding active industry-recognized certifications (CISSP, CISM, Okta Certified Architect, CyberArk Certified Defender, AWS Security Specialty) will be given priority consideration.

Core technical competencies required for success in this role include:
- Deep expertise in Microsoft Active Directory, including domain controller configuration, Group Policy management, LDAP, Kerberos authentication, AD hardening best practices, and migration of on-premise AD environments to hybrid or cloud-hosted models
- Proficiency in IAM and PAM tool implementation, configuration, and integration, including support for SSO, MFA, and adaptive access controls
- Mastery of core identity protocol standards including SAML 2.0, OAuth 2.0, OpenID Connect, SCIM, and RADIUS
- Experience integrating identity solutions with SIEM and EDR platforms to enable real-time monitoring and automated response to identity-related threats
- Familiarity with IGA workflows including automated user lifecycle management, access certifications, and separation of duties controls
- Understanding of regulatory requirements impacting identity security, including GDPR, HIPAA, PCI DSS, SOX, and state-specific privacy laws such as CCPA/CPRA
- Experience using infrastructure-as-code tools (Terraform, Ansible, PowerShell) to automate identity security deployments and policy configuration is a strong plus.

OmniStarr offers a market-competitive total rewards package designed to support your financial well-being, health, and professional growth. For this role, the base salary range is $145,000 to $185,000 per year, with the final offer dependent on your level of experience, relevant certifications, and performance during the interview process. In addition to base salary, all permanent full-time employees are eligible for the following benefits:
- Annual performance bonus of up to 15% of base salary, tied to individual project delivery metrics and overall company performance
- Comprehensive medical, dental, and vision insurance coverage, with 90% of employee premiums paid by OmniStarr and 70% of dependent premiums covered
- 401(k) retirement plan with a 4% company match, fully vested from your first day of employment
- 20 days of paid time off per year, plus 10 paid company holidays, 5 paid volunteer days, and 12 weeks of paid parental leave for all new parents
- Annual professional development stipend of $3,000 to cover certification costs, conference attendance, training courses, and professional association memberships
- Flexible hybrid work schedule, with no requirement to work outside of standard 9-5 business hours unless pre-approved for urgent client incidents
- Relocation assistance of up to $7,500 for candidates moving from out of state to join our Phoenix team, plus temporary housing support for up to 30 days during your move
- Free access to all OmniStarr internal training resources, including our full library of identity security and cloud security courses, and free seats to 2 industry cybersecurity conferences per year.

As a senior cybersecurity architect at OmniStarr, you will have access to a structured career progression framework with clear milestones for advancement to Lead Cybersecurity Architect, Principal Architect, or Cybersecurity Practice Manager roles within 2-3 years, based on your performance, client feedback, and business needs. We prioritize internal promotion for all leadership and senior individual contributor roles, and provide tailored mentorship, leadership training, and project leadership opportunities for employees interested in growing their responsibilities. You will also have the opportunity to contribute to our internal intellectual property library, building reusable identity security frameworks, playbooks, and tools that are used across our global client engagements, with additional compensation and public recognition for contributions to our IP portfolio. For architects interested in specializing in a specific industry or technology area, we offer dedicated subject matter expert tracks with opportunities to present at industry conferences and lead vendor partnership discussions.

The hiring process for this role is designed to be transparent and efficient, with an expected timeline of 2-3 weeks from application receipt to final offer:
1. Initial resume review by our talent acquisition team, with responses to all qualified candidates within 3 business days of submitting your application.
2. A 30-minute virtual screening call with the hiring manager, Abhishek Devdhar, to discuss your professional background, relevant project experience, and interest in the role.
3. A 2-hour technical interview panel with 2 senior cybersecurity architects and the identity security practice lead, including a hands-on scenario-based exercise where you will design an IAM/PAM solution for a mock enterprise client, followed by a Q&A session to discuss your approach and past experience.
4. A final 30-minute call with the senior leadership team to discuss team culture, long-term career goals, and compensation expectations.
All candidates will receive personalized feedback on their performance at each stage of the process, regardless of the final hiring decision. To apply, please send your resume and a 1-paragraph summary of your most relevant IAM/PAM/Active Directory project experience to [email protected] with the subject line "Cybersecurity Architect Application - [Your Full Name]". You may also reach out to Abhishek Devdhar directly via LinkedIn with any questions about the role, team, or hiring process. We review applications on a rolling basis, and this role will remain open until a qualified candidate is selected.