Hiring Cybersecurity Architect (IAM / PAM / Active Directory) in Phoenix

### Company Context
OmniStarr is a leading provider of cybersecurity and identity management solutions for Fortune 500 enterprises operating in the healthcare, financial services, and technology sectors across the United States. With 120+ security experts spread across our offices in Phoenix, Irving, and Charlotte, we deliver end-to-end security architecture design, deployment, and managed services for clients handling sensitive regulated data, including HIPAA-covered entities and PCI DSS-compliant organizations. Our team specializes in reducing identity-related risk, which accounts for over 60% of all enterprise security incidents according to Verizon's 2024 Data Breach Investigations Report.

### Role Introduction
We are hiring a Senior Cybersecurity Architect focused on IAM, PAM, and Active Directory to join our enterprise security team in a hybrid capacity, with primary office location flexibility across Phoenix AZ, Irving TX, or Charlotte NC. In this role, you will own the design, deployment, and ongoing optimization of identity and access management architectures for both internal OmniStarr infrastructure and our external client base, ensuring full compliance with NIST SP 800-63, SOC 2, and HIPAA regulatory requirements. You will work closely with client security teams, our SOC analysts, and cloud engineering teams to eliminate identity-related attack vectors and reduce unauthorized access risk across all managed environments.

### Key Responsibilities
1. Design and deploy scalable IAM/PAM architectures across on-premise and cloud (AWS, Azure) environments for 30+ enterprise clients, guaranteeing 99.95% uptime for identity services and resolving access-related incidents within 2 hours per defined SLAs.
2. Administer and optimize hybrid Active Directory infrastructures, including Group Policy Object (GPO) management, domain trust configuration, AD replication, and migration of 10,000+ end users to Azure AD, with zero service disruption for critical client business operations.
3. Implement RBAC and IGA policies aligned with client regulatory requirements, reducing unauthorized access risk by 40% across all deployed projects within the first 12 months of implementation.
4. Deploy and configure PAM solutions (CyberArk, BeyondTrust) to secure privileged accounts, automating 80% of password rotation workflows and temporary access requests, eliminating risks of stolen privileged credentials.
5. Conduct regular security audits of IAM/PAM/AD environments, identify vulnerabilities, and deliver prioritized remediation plans, with 100% of critical vulnerabilities resolved within 72 hours of discovery.
6. Collaborate with SOC and SIEM (Splunk, QRadar) teams to integrate IAM/PAM/AD event logs into intrusion detection systems, reducing average time to detect abnormal access incidents by 60% across managed client environments.
7. Develop technical documentation for all deployed architectures, and deliver training to internal teams and client administrators on identity management best practices, achieving a minimum training satisfaction score of 4.7/5 from all attendees.
8. Participate in security incident response related to identity compromises, conduct forensic investigations, and implement corrective measures to reduce incident recurrence, maintaining an annual identity-related incident recurrence rate of less than 5%.

### Work Environment & Culture
OmniStarr prioritizes a collaborative, low-bureaucracy work environment focused on continuous skill development. You will work alongside 12 other certified security architects with CISSP, CISM, and CyberArk certifications, with access to fully paid annual certification budgets, monthly threat intelligence workshops, and opportunities to attend global cybersecurity conferences including RSA, Black Hat, and Identity Europe. Our hybrid model requires 3 days per week in your assigned office (Phoenix, Irving, or Charlotte based on your residence) and 2 days of remote work, with flexible start and end times to accommodate personal commitments, and no mandatory after-work events. We are committed to diversity and inclusion, with a dedicated equity committee that ensures equitable pay, promotion opportunities, and mentorship programs for underrepresented groups in tech.

### Candidate Requirements
- 7+ years of professional experience in cybersecurity, with a minimum of 4 years focused specifically on IAM, PAM, and Active Directory architecture and administration.
- Proven hands-on expertise with the following tools: Active Directory (on-premise and hybrid), Azure AD, AWS IAM, CyberArk/BeyondTrust (PAM), SailPoint/Okta (IGA), LDAP, Kerberos, SSO, MFA, and Zero Trust Architecture.
- Working knowledge of compliance frameworks including NIST SP 800-63, HIPAA, SOC 2, and PCI DSS, with experience designing architectures that meet these regulatory requirements.
- Experience integrating IAM solutions with SIEM platforms (Splunk, QRadar) and intrusion detection systems.
- Preferred certifications: CISSP, CISM, CEH, Microsoft Certified: Identity and Access Administrator Associate, CyberArk Certified Defender/Administrator.
- Excellent written and verbal communication skills in English, with the ability to translate technical security concepts for non-technical stakeholders and client teams.
- Ability to manage multiple concurrent projects, meet strict deadlines, and prioritize tasks based on risk severity.

### Technical Skills
This role requires hands-on proficiency with real, industry-standard tools only: Active Directory, Azure AD, AWS IAM, CyberArk, BeyondTrust, SailPoint, Okta, LDAP, Kerberos, SSO, MFA, Splunk, QRadar, Zero Trust Architecture, NIST SP 800-63, SOC 2, HIPAA, PCI DSS.

### Benefits & Compensation
We offer a competitive total compensation package aligned with US market standards for senior cybersecurity architects:
- Base salary: $130,000 - $165,000 per year, based on experience and relevant certifications
- Annual performance bonus: up to 15% of base salary
- 90% employer-paid health insurance for you and your dependents
- 5% employer-matched retirement savings plan
- 20 days of paid time off per year, plus 10 days of paid sick leave
- $2,500 annual learning budget for certifications, courses, and conference attendance
- Hybrid work model with 2 remote days per week
- Provided work equipment including laptop, dual monitors, and licenses for all required security tools
- 50% reimbursement for gym memberships and wellness activities

### Career Growth Opportunities
OmniStarr offers a clear, structured career progression path for senior technical staff:
- 6-month and 12-month performance reviews with clear promotion criteria to Lead Cybersecurity Architect, IAM/PAM Practice Lead, or Senior Cybersecurity Consultant roles
- Access to exclusive internal training programs on emerging identity security trends including AI-powered IAM and decentralized identity solutions
- Opportunities to lead large-scale client projects for Fortune 100 organizations in the healthcare and financial services sectors
- Mentorship program with senior security leaders to support your professional development goals

### Hiring Process & Next Steps
The full recruitment process takes a maximum of 2 weeks and follows 4 clear steps:
1. 30-minute initial phone screen with our talent acquisition team to validate your experience and career motivations
2. 1-hour technical interview with the Cybersecurity Practice Lead, including a practical case study on designing an IAM architecture for a 5,000-user healthcare organization
3. Final interview with the Director of Operations and a member of the architecture team to confirm cultural and team fit
4. Reference and certification verification, followed by an official job offer within 48 hours of completing all interview steps

To apply, send your updated CV to [email protected] with the subject line "Candidature Cybersecurity Architect IAM/PAM/AD - [Your Full Name]". We review all applications within 5 business days, and only shortlisted candidates will be contacted for the next steps.