Hiring Cybersecurity Architect (IAM / PAM / Active Directory) in Phoenix

OmniStarr is a global enterprise technology consultancy with 12 years of experience delivering secure digital transformation solutions to Fortune 500 clients across finance, healthcare, critical infrastructure, and public sector markets in North America, EMEA, and APAC. With a team of 850+ security and technology professionals, we specialize in end-to-end cybersecurity solutions that meet strict regulatory requirements and reduce organizational risk. We are expanding our identity security practice and hiring a seasoned Cybersecurity Architect with deep expertise in IAM, PAM, and Active Directory to lead high-impact client engagements across our U.S. office locations. In this role, you will own the end-to-end design and deployment of enterprise identity security frameworks for a portfolio of 15+ concurrent clients, ranging from 10,000 to 200,000 end users, aligning all solutions with NIST SP 800-63, CIS Controls, GDPR, CCPA, and other relevant regulatory standards. Your core responsibilities will include: 1. Design, implement, and optimize enterprise IAM, PAM, and Active Directory frameworks for 15+ concurrent client engagements, reducing identity-related breach risk by at least 40% per client deployment. 2. Architect and deploy RBAC and ABAC models across hybrid cloud and on-premise environments, cutting unauthorized access incidents by 30% within the first 6 months of rollout. 3. Lead migration of legacy Active Directory deployments to Azure AD and hybrid Entra ID environments for clients with 10,000+ end users, maintaining 99.98% service uptime during cutover windows with zero post-migration authentication outages. 4. Configure and harden PAM solutions (including CyberArk, BeyondTrust, and Azure AD Privileged Identity Management) to manage 5,000+ privileged accounts per client, reducing privileged credential misuse risks by 60% and ensuring quarterly access reviews are completed 100% on schedule. 5. Develop and implement IGA workflows for user provisioning, deprovisioning, and access certifications, cutting manual access management overhead by 45% for client IT teams. 6. Conduct regular security assessments of IAM/PAM/AD infrastructure, identifying and remediating 95% of high and critical identity-related vulnerabilities within 72 hours of discovery. 7. Collaborate with cross-functional security, network, and DevOps teams to integrate identity security controls into CI/CD pipelines, ensuring all new applications meet identity security standards prior to production deployment. 8. Create detailed technical documentation, architecture diagrams, and client-facing training materials for all deployed identity solutions, achieving a 90%+ client satisfaction score on delivered documentation. 9. Serve as a subject matter expert for identity compromise incident response, leading root cause analysis and implementing permanent fixes to prevent recurrence. Our work environment prioritizes collaboration, flexibility, and continuous learning. This hybrid role requires 3 days per week in your assigned office (Phoenix, AZ; Irving, TX; or Charlotte, NC) and 2 days remote, with flexible scheduling for client needs. You will have access to a dedicated lab for testing the latest IAM, PAM, and AD tools without impacting live client systems, weekly knowledge-sharing sessions with our global identity security practice, and no mandatory after-hours on-call shifts for non-critical incidents. We also offer cybersecurity employee resource groups, mentorship from senior security leaders, and opportunities to contribute to open-source identity security projects. To qualify, you must have 7+ years of professional cybersecurity experience, with at least 5 years focused on IAM, PAM, and Active Directory architecture and implementation. You need hands-on experience with at least 2 enterprise IAM platforms (Okta, ForgeRock, Azure AD, Ping Identity), 2 PAM tools (CyberArk, BeyondTrust, Delinea, Azure AD PIM), and hybrid AD/Entra ID deployments. Proven experience designing RBAC/ABAC models and IGA workflows is required. Certifications including CISSP, CISM, Certified IAM Architect (CIAM), or MCSE: Security are strongly preferred. You must have strong knowledge of NIST SP 800-63, CIS Controls, GDPR, CCPA, and other global identity security regulations, plus excellent communication skills to present technical solutions to technical and non-technical stakeholders. Ability to obtain a U.S. government security clearance is required for public sector client work. Our compensation package includes a base salary of $145,000 to $185,000 per year (based on experience and certifications) plus a 15% annual performance bonus tied to client satisfaction and project delivery. We cover 90% of health, dental, and vision insurance premiums for you and your dependents, offer 401(k) matching up to 6% of salary, 20 days of PTO plus 10 paid holidays, and 5 paid volunteer days annually. You will also receive a $1,000 one-time home office stipend and a $3,000 annual professional development budget for certifications, conferences, and training. After 1 year of tenure, you will be eligible for our employee equity program. We offer clear career progression: high-performing architects can advance to Senior Cybersecurity Architect, Lead Security Architect, or Identity Security Practice Lead within 2 to 3 years. You will have the opportunity to lead Fortune 500 identity transformation projects, present at industry conferences (we sponsor RSA, IDSA events, and local meetups), contribute to internal identity security research, and mentor junior consultants to build your subject matter expert profile. To apply, send your resume to [email protected] or call 508-407-0460 with questions. Our team reviews all applications within 3 business days. Qualified candidates will complete a 30-minute initial phone screen with talent acquisition, followed by a 60-minute technical interview with the Identity Security Practice Lead (including a past project walkthrough and a short healthcare client case study), and a final 45-minute behavioral interview with the Cybersecurity Director. We extend offers within 10 business days of the final interview, with a start date flexible based on your notice period, typically within 4 weeks of acceptance. OmniStarr is an equal opportunity employer and encourages applicants from all backgrounds to apply.