O
OmniStarr · Cybersecurity Consulting & IT Services
Hiring Cybersecurity Architect (IAM / PAM / Active Directory) in Phoenix
📍 Phoenix, AZFull-timeHybrid📅 11 juin 2026
Description du poste
OmniStarr is a U.S.-based cybersecurity consulting firm founded in 2012, supporting more than 200 clients across the financial services, healthcare, and public sectors with compliance, data protection, and security architecture design services. With 350 employees across 12 U.S. offices, our Phoenix location at 2200 N Central Ave operates in a modern coworking space designed for collaborative work, with secure meeting rooms and dedicated quiet zones for focused project work. We are currently hiring a senior Cybersecurity Architect specialized in Identity and Access Management (IAM), Privileged Access Management (PAM), and Active Directory administration to join our security practice, in a hybrid role based in Phoenix.
### Role Core Responsibilities
You will lead the design, deployment, and maintenance of identity and access security solutions for our clients, with measurable performance targets aligned with industry best practices:
1. Design and deploy custom IAM and PAM architectures for enterprise clients, guaranteeing 99.95% service uptime and full compliance with applicable regulations (NIST SP 800-63, HIPAA, PCI-DSS, depending on client sector). You will own the full project lifecycle from scoping to production deployment and post-launch support.
2. Optimize existing on-premise and cloud Active Directory environments for clients, identifying and remediating vulnerabilities related to privileged accounts, excessive access rights, and non-compliant configurations, with a target of 40% reduction in critical vulnerabilities within the first 6 months of taking on a client engagement.
3. Develop and implement Role-Based Access Control (RBAC) policies and Identity Governance and Administration (IGA) solutions fully aligned with client business needs, to reduce the risk of unauthorized access to sensitive data by 30% within the first year of deployment.
4. Manage and maintain client-deployed IAM/PAM platforms (Okta, CyberArk, Saviynt, Azure AD, AWS IAM), resolving incidents within a maximum 2-hour window during business hours, and documenting all interventions to ensure operational continuity for client teams.
5. Conduct regular identity and access audits, producing detailed reports for client compliance teams and executive leadership to anticipate regulatory controls and security audits.
6. Train both internal OmniStarr teams and client technical staff on IAM/PAM best practices, delivering at least 4 training sessions per quarter, with content adapted to the skill level of participants.
7. Lead migration projects for on-premise Active Directory environments to cloud platforms (Azure AD, AWS IAM), adhering to allocated timelines and budgets, with a target 100% success rate for all assigned migrations, with no end-user service interruptions.
8. Participate in identity-related security incident response, coordinating with internal SOC teams and client security teams, and proposing corrective actions to prevent incident recurrence.
### Work Environment & Culture
This hybrid role requires 3 days per week of on-site work at our Phoenix office, with 2 flexible remote days dedicated to client project work or technical documentation. You will join a team of 12 experienced cybersecurity architects working in a flat, collaborative structure where all team members are encouraged to share ideas and propose improvements to our service offerings. OmniStarr prioritizes continuous learning: every employee receives an annual budget dedicated to certifications and professional conferences, and we host monthly knowledge-sharing sessions on the latest security threats and solution updates. There is no mandatory overtime, and we prioritize work-life balance for all team members.
### Candidate Requirements
To qualify for this role, you must have:
- At least 7 years of professional experience in cybersecurity, with a minimum of 4 years focused on IAM, PAM, and Active Directory design and deployment projects
- Proficiency with Okta, CyberArk, Saviynt, Microsoft Active Directory, Azure AD, and AWS IAM platforms
- Strong working knowledge of NIST security frameworks, HIPAA, and PCI-DSS regulations (experience with healthcare or financial services clients is a plus)
- Ability to write clear, structured technical documentation for both technical and non-technical stakeholders
- Valid work authorization in the United States
- A bachelor's degree in Computer Science, Information Security, or a related field is required; a master's degree or relevant certifications (CISSP, CISM, Okta Certified Professional, CyberArk Certified Defender) are strong assets
### Technical Skills Required
You must have hands-on experience with the following tools and frameworks: IAM, PAM, Microsoft Active Directory, Okta, CyberArk, Saviynt, Azure AD, AWS IAM, RBAC, IGA, NIST SP 800-63, HIPAA, PCI-DSS, PowerShell, Python, SIEM, Splunk.
### Compensation & Benefits
We offer a competitive annual salary between $130,000 and $165,000 USD, adjusted based on your years of experience and held certifications. In addition to base pay, you will be eligible for an annual performance bonus of up to 15% of your base salary, calculated based on company performance and individual project results. Benefits include:
- 80% coverage of health insurance premiums for you and your dependents
- 25 paid vacation days per year, plus 10 paid RTT days and 5 paid days annually for training or conference participation
- Flexible hybrid work schedule with no mandatory in-office days beyond the 3-day weekly requirement
- $3,000 annual budget for professional training and certifications
- Company profit-sharing program for all full-time employees
- Provided work equipment: latest-generation laptop, full licenses for all required security tools, and a stipend for home office setup
### Career Growth Opportunities
This role offers clear progression paths: you can evolve to a Lead Cybersecurity Architect position, then to Director of the IAM/PAM Practice, or move into a senior client advisory role for enterprise accounts. You will work on diverse projects for clients across all sectors, giving you the opportunity to develop expertise in cutting-edge identity security technologies. A 6-month mentorship program will be offered during your onboarding to support your integration and skill development.
### Hiring Process & Next Steps
To apply, submit your resume and a brief overview of your most significant IAM/PAM project experience to [email protected]. Our recruitment team will review your application within 10 business days and contact you for a 30-minute phone screening if your profile matches the role requirements. This will be followed by a 1-hour technical interview with the IAM team, where you will be asked to solve a real-world PAM deployment case study. If successful, you will meet the Cybersecurity Practice Director for a 45-minute discussion about your motivations and career goals at OmniStarr. We will then verify your professional references, and extend a formal job offer. The target start date is within 4 weeks of contract signing, with a 2-week onboarding period dedicated to learning our internal tools and service offerings.
### Role Core Responsibilities
You will lead the design, deployment, and maintenance of identity and access security solutions for our clients, with measurable performance targets aligned with industry best practices:
1. Design and deploy custom IAM and PAM architectures for enterprise clients, guaranteeing 99.95% service uptime and full compliance with applicable regulations (NIST SP 800-63, HIPAA, PCI-DSS, depending on client sector). You will own the full project lifecycle from scoping to production deployment and post-launch support.
2. Optimize existing on-premise and cloud Active Directory environments for clients, identifying and remediating vulnerabilities related to privileged accounts, excessive access rights, and non-compliant configurations, with a target of 40% reduction in critical vulnerabilities within the first 6 months of taking on a client engagement.
3. Develop and implement Role-Based Access Control (RBAC) policies and Identity Governance and Administration (IGA) solutions fully aligned with client business needs, to reduce the risk of unauthorized access to sensitive data by 30% within the first year of deployment.
4. Manage and maintain client-deployed IAM/PAM platforms (Okta, CyberArk, Saviynt, Azure AD, AWS IAM), resolving incidents within a maximum 2-hour window during business hours, and documenting all interventions to ensure operational continuity for client teams.
5. Conduct regular identity and access audits, producing detailed reports for client compliance teams and executive leadership to anticipate regulatory controls and security audits.
6. Train both internal OmniStarr teams and client technical staff on IAM/PAM best practices, delivering at least 4 training sessions per quarter, with content adapted to the skill level of participants.
7. Lead migration projects for on-premise Active Directory environments to cloud platforms (Azure AD, AWS IAM), adhering to allocated timelines and budgets, with a target 100% success rate for all assigned migrations, with no end-user service interruptions.
8. Participate in identity-related security incident response, coordinating with internal SOC teams and client security teams, and proposing corrective actions to prevent incident recurrence.
### Work Environment & Culture
This hybrid role requires 3 days per week of on-site work at our Phoenix office, with 2 flexible remote days dedicated to client project work or technical documentation. You will join a team of 12 experienced cybersecurity architects working in a flat, collaborative structure where all team members are encouraged to share ideas and propose improvements to our service offerings. OmniStarr prioritizes continuous learning: every employee receives an annual budget dedicated to certifications and professional conferences, and we host monthly knowledge-sharing sessions on the latest security threats and solution updates. There is no mandatory overtime, and we prioritize work-life balance for all team members.
### Candidate Requirements
To qualify for this role, you must have:
- At least 7 years of professional experience in cybersecurity, with a minimum of 4 years focused on IAM, PAM, and Active Directory design and deployment projects
- Proficiency with Okta, CyberArk, Saviynt, Microsoft Active Directory, Azure AD, and AWS IAM platforms
- Strong working knowledge of NIST security frameworks, HIPAA, and PCI-DSS regulations (experience with healthcare or financial services clients is a plus)
- Ability to write clear, structured technical documentation for both technical and non-technical stakeholders
- Valid work authorization in the United States
- A bachelor's degree in Computer Science, Information Security, or a related field is required; a master's degree or relevant certifications (CISSP, CISM, Okta Certified Professional, CyberArk Certified Defender) are strong assets
### Technical Skills Required
You must have hands-on experience with the following tools and frameworks: IAM, PAM, Microsoft Active Directory, Okta, CyberArk, Saviynt, Azure AD, AWS IAM, RBAC, IGA, NIST SP 800-63, HIPAA, PCI-DSS, PowerShell, Python, SIEM, Splunk.
### Compensation & Benefits
We offer a competitive annual salary between $130,000 and $165,000 USD, adjusted based on your years of experience and held certifications. In addition to base pay, you will be eligible for an annual performance bonus of up to 15% of your base salary, calculated based on company performance and individual project results. Benefits include:
- 80% coverage of health insurance premiums for you and your dependents
- 25 paid vacation days per year, plus 10 paid RTT days and 5 paid days annually for training or conference participation
- Flexible hybrid work schedule with no mandatory in-office days beyond the 3-day weekly requirement
- $3,000 annual budget for professional training and certifications
- Company profit-sharing program for all full-time employees
- Provided work equipment: latest-generation laptop, full licenses for all required security tools, and a stipend for home office setup
### Career Growth Opportunities
This role offers clear progression paths: you can evolve to a Lead Cybersecurity Architect position, then to Director of the IAM/PAM Practice, or move into a senior client advisory role for enterprise accounts. You will work on diverse projects for clients across all sectors, giving you the opportunity to develop expertise in cutting-edge identity security technologies. A 6-month mentorship program will be offered during your onboarding to support your integration and skill development.
### Hiring Process & Next Steps
To apply, submit your resume and a brief overview of your most significant IAM/PAM project experience to [email protected]. Our recruitment team will review your application within 10 business days and contact you for a 30-minute phone screening if your profile matches the role requirements. This will be followed by a 1-hour technical interview with the IAM team, where you will be asked to solve a real-world PAM deployment case study. If successful, you will meet the Cybersecurity Practice Director for a 45-minute discussion about your motivations and career goals at OmniStarr. We will then verify your professional references, and extend a formal job offer. The target start date is within 4 weeks of contract signing, with a 2-week onboarding period dedicated to learning our internal tools and service offerings.
Compétences requises
IAMPAMActive DirectoryOktaCyberArkSaviyntAzure ADAWS IAMRBACIGANIST SP 800-63HIPAAPCI-DSSPowerShellPythonSIEMSplunk
Postuler
Détails du poste
- TypeFull-time
- Lieu de travailHybrid
- ExpérienceSenior
- FormationBachelor's degree in Computer Science, Information Security, or related field
- Publiée le11 juin 2026
Entreprise
O
OmniStarr