Hiring Cybersecurity Architect (IAM/PAM/Active Directory) in Phoenix

OmniStarr is a US-based technology and financial services firm operating across 12 states, serving more than 200 enterprise clients in the banking, healthcare and retail sectors. We specialize in secure digital payment solutions and cloud infrastructure services, with a team of 450 employees dedicated to delivering compliant, high-performance tools for our customers. Our security team is at the core of our operations, ensuring all our products and internal systems meet the strictest regulatory and performance standards.

We are currently hiring a Cybersecurity Architect specializing in Identity and Access Management (IAM), Privileged Access Management (PAM) and Active Directory for a hybrid role based in Phoenix, AZ, with occasional travel required to our Irving, TX and Charlotte, NC offices for cross-team project alignment. This role reports directly to our Director of Information Security and will be responsible for designing, implementing and maintaining the identity and access control frameworks that protect our entire digital ecosystem.

Your core responsibilities will include:
1. Designing and deploying end-to-end IAM/PAM/Active Directory architectures covering more than 12,000 internal and external users and 3,000 business application resources, with a target service uptime of 99.95% for all identity-related services.
2. Developing and maintaining Role-Based Access Control (RBAC) policies aligned with NIST SP 800-63 guidelines and sector-specific regulations including PCI DSS, SOX and GDPR for our European client operations, with a goal of reducing unauthorized privileged access incidents by 40% within the first 12 months of tenure.
3. Managing and optimizing hybrid Active Directory infrastructure, including on-premise domain controllers, Azure AD Connect synchronization and Group Policy Object (GPO) management, with a maximum 30-minute incident response time for critical outages during business hours.
4. Administering enterprise PAM solutions (CyberArk, BeyondTrust) for all privileged accounts, including automated password rotation, session recording and audit reporting to meet compliance requirements for external audits.
5. Participating in internal and third-party security audits, providing full technical documentation for identity and access controls, and implementing vulnerability remediation plans within 10 business days of audit finding identification.
6. Delivering training sessions for IT support, business unit leads and new employees on IAM best practices, with a target training satisfaction score of 4.2/5 or higher for all sessions delivered.
7. Collaborating with software development teams to integrate access control checks into CI/CD pipelines, with a goal of reducing hardcoded credential vulnerabilities in production code by 60% within 18 months.
8. Monitoring identity and privileged access activity via Splunk and Microsoft Sentinel, tuning detection rules to maintain a false positive rate below 5% for access-related alerts.

The work environment for this role is hybrid: you will spend 3 days per week at our Phoenix office, with 2 days of remote work per week, and up to 4 days per quarter of travel to our Texas and North Carolina offices for project workshops. Our security team operates with a high degree of autonomy, with weekly syncs to align on priorities and monthly cross-functional meetings with the infrastructure and compliance teams. We prioritize continuous learning: all team members receive an annual budget of $3,000 for conference attendance, certifications and training platforms, and we regularly host internal knowledge-sharing sessions led by external security experts.

To qualify for this role, you must have:
- A bachelor's degree in Computer Science, Information Security or a related technical field (master's degree preferred)
- 5+ years of professional experience in cybersecurity architecture, with at least 3 years focused specifically on IAM, PAM and Active Directory administration
- Proven experience implementing IGA (Identity Governance and Administration) solutions such as SailPoint or similar tools
- Deep knowledge of NIST SP 800-63, PCI DSS, SOX and GDPR requirements related to identity and access management
- Strong documentation skills, with the ability to produce clear technical architecture diagrams and compliance reports for both technical and non-technical stakeholders
- Preferred certifications: CISSP, CISM, Certified Identity and Access Manager (CIAM) or equivalent

The compensation package for this role includes an annual base salary between $145,000 and $175,000, adjusted based on your years of specialized experience, plus an annual performance bonus of up to 15% of your base salary. We cover 100% of health insurance premiums (medical, dental, vision) for you and your dependents, offer 25 days of paid time off plus 10 company-paid holidays per year, and provide a 6% employer match on your 401(k) contributions. We also provide all necessary professional equipment, including a laptop, dual monitors and security tokens for PAM access.

Career growth opportunities for this role are strong: you will have the chance to specialize in emerging areas such as zero trust architecture and cloud security posture management (CSPM), or to advance to a senior leadership role such as Lead Security Architect or Director of Identity Security. We support internal mobility, so you can also apply for roles in our product security or compliance teams if you wish to broaden your expertise.

The recruitment process for this role proceeds as follows:
1. Submit your resume and a brief cover letter outlining your relevant IAM/PAM/AD experience to Abhishek Devdhar at [email protected], or call 508-407-0460 for any pre-application questions.
2. First round: 30-minute phone screen with our talent acquisition team to confirm alignment between your experience and the role requirements.
3. Second round: 1-hour 15-minute technical interview with the security team, including a practical case study on designing a PAM solution for a hybrid cloud environment.
4. Third round: 45-minute interview with the Chief Information Security Officer to discuss cultural fit and long-term career goals.
We will review all applications within 10 business days of receipt. The targeted start date for this role is within 4 weeks of contract signing, with a 2-week onboarding program to familiarize you with our tools, processes and team structure.