Hiring Cybersecurity Architect (IAM / PAM / Active Directory) in Phoenix

Omnistarr is a global enterprise technology and cybersecurity services provider, delivering tailored security, cloud and digital transformation solutions to 500+ mid-market and enterprise clients across financial services, healthcare, public sector and manufacturing industries in North America, EMEA and APAC. With a team of 1,200+ security, engineering and consulting professionals, we help organizations mitigate evolving cyber risks while meeting strict regulatory and operational requirements. We are seeking an experienced Cybersecurity Architect specializing in Identity and Access Management (IAM), Privileged Access Management (PAM) and Active Directory to join our identity security practice, supporting both internal infrastructure and client deployment projects.

This hybrid role is based in Phoenix, AZ, with optional in-office flexibility at our Irving, TX or Charlotte, NC locations if preferred, with 3 days of in-office collaboration per week and 2 days of remote work for focused project delivery. You will report directly to the Head of Identity Security, collaborating with cloud engineering, threat hunting, client delivery and compliance teams to design, implement and optimize identity security frameworks that reduce risk and meet global regulatory obligations.

Your core responsibilities will include:
1. Designing, deploying and optimizing end-to-end IAM, PAM and Active Directory architectures for 200+ enterprise client environments, ensuring 99.95% uptime for critical identity services and reducing unauthorized access incidents by 40% across managed portfolios within the first 12 months of engagement.
2. Developing and enforcing Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) policies aligned with NIST SP 800-63, GDPR, HIPAA and SOX compliance requirements, conducting quarterly access reviews to eliminate overprivileged accounts and reduce privilege creep by 30% annually for all managed environments.
3. Leading the implementation and integration of IGA (Identity Governance and Administration) tools including SailPoint IdentityNow, Saviynt and Azure AD Identity Governance, automating provisioning and deprovisioning workflows to cut manual access request processing time from 48 hours to under 4 hours for client teams.
4. Architecting and hardening on-premises and cloud-hosted Active Directory environments (including Azure AD DS, AWS Managed Microsoft AD) to mitigate common attack vectors such as Kerberoasting, Pass-the-Hash and Golden Ticket attacks, reducing AD-related security incidents by 60% across client deployments within the first year.
5. Designing and deploying PAM solutions including CyberArk PAS, BeyondTrust PAM and Azure AD PIM, implementing just-in-time (JIT) privilege access, session monitoring and credential vaulting for 10,000+ privileged accounts, ensuring 100% auditability of all privileged activity for compliance reporting and incident response.
6. Collaborating with cross-functional security, DevOps and cloud engineering teams to integrate identity security controls into CI/CD pipelines, ensuring all cloud workloads and containerized applications adhere to zero-trust identity principles before deployment to production environments.
7. Conducting comprehensive security assessments of existing IAM, PAM and AD infrastructures, identifying misconfigurations, orphaned accounts and policy gaps, delivering detailed remediation roadmaps with prioritized action items to reduce identity-related risk scores by 25% per assessment cycle.
8. Serving as a subject matter expert for client and internal stakeholder meetings, presenting technical architecture proposals, compliance status updates and incident response recommendations to C-level executives and IT leadership teams across multiple industries.
9. Developing and delivering training materials and workshops for client security operations teams, enabling them to independently manage day-to-day IAM, PAM and AD operations, reducing post-implementation support tickets by 45% within 6 months of project completion.

Our work environment prioritizes collaboration, continuous learning and work-life balance. We offer flexible core hours between 9AM and 3PM local time to accommodate team collaboration across North American time zones, with no mandatory overtime except for critical incident response, which is compensated with equivalent paid time off. We invest heavily in employee growth, with an annual professional development budget of $5,000 per team member for certifications, industry conferences and specialized training, plus regular internal knowledge-sharing sessions and quarterly security innovation hackathons.

To qualify for this role, you must have a minimum of 7 years of professional experience in cybersecurity, with at least 5 years focused on IAM, PAM and Active Directory architecture and implementation. You must have hands-on experience deploying and managing at least 3 enterprise IAM/IGA tools (SailPoint, Saviynt, Azure AD Identity Governance, ForgeRock) and 2 PAM platforms (CyberArk, BeyondTrust, Azure AD PIM), plus deep expertise in on-premises, hybrid and cloud-hosted Active Directory environments, with proven experience mitigating common AD attack vectors. A strong understanding of zero-trust architecture, the NIST Cybersecurity Framework, and regulatory requirements including HIPAA, GDPR and SOX is required, along with the ability to translate complex technical concepts to non-technical stakeholders. A bachelor’s degree in Computer Science, Information Security, Cybersecurity or a related field is required; professional certifications including CISSP, CISM, CyberArk Certified Defender/Engineer, SailPoint Certified IdentityNow Engineer are strongly preferred. Experience working in hybrid cloud environments (AWS, Azure, GCP) and with containerized workloads (Docker, Kubernetes) is a plus.

We offer a competitive total rewards package to support your well-being and career growth. The base salary for this role ranges from $145,000 to $185,000 annually, adjusted for experience, relevant certifications and location, plus a performance-based annual bonus of up to 15% of base salary. We cover 100% of employer-paid medical, dental and vision insurance premiums for employees, plus 80% of premium costs for dependents. Our 401(k) plan includes a 6% employer match with immediate vesting, plus flexible spending accounts for healthcare and dependent care. You will receive a $1,000 annual remote work stipend to cover home office equipment, high-speed internet or co-working space costs, plus the aforementioned professional development budget. We also offer an employee assistance program, mental health support benefits, and an annual wellness reimbursement of $500 for gym memberships, fitness equipment or wellness activities.

Career growth at Omnistarr is structured and supported by personalized development plans. You can progress along the individual contributor track to Senior Cybersecurity Architect, Identity Security Practice Lead and Principal Architect roles, or transition to management tracks including Director of Identity Security and Chief Information Security Officer (CISO) with the right experience and performance. We support internal mobility across security practice areas, so you can pivot to cloud security, threat hunting or security operations if your interests evolve. You will also have the opportunity to lead high-profile client projects, present at industry conferences with full company sponsorship, and mentor junior security team members.

Our hiring process is designed to be transparent and respectful of your time, with no unnecessary assessment rounds. The first step is a 30-minute initial screening call with our talent acquisition team to discuss your background and alignment with the role. Next, you will complete a 60-minute technical interview with the Identity Security Practice Lead, where you will walk through a past IAM/PAM/AD architecture project and solve a real-world scenario related to Active Directory hardening and access policy design. This is followed by a 45-minute behavioral interview with the Head of Cybersecurity to assess cultural fit, collaboration style and approach to incident response. The final step is a 30-minute call with our client engagement team to discuss project requirements and stakeholder expectations for the roles you will support. We aim to extend formal offers within 5 business days of the final interview, with a flexible start date within 4 weeks of offer acceptance. To apply, send your resume and a brief 2-3 sentence note highlighting your most relevant IAM/PAM/AD architecture project to [email protected], or call 508-407-0460 with any questions about the role or hiring process.