IAM Expert Solution Architect

At Ensono, our Purpose is to be a relentless ally, disrupting the status quo and unleashing our clients to Do Great Things!  We enable our clients to achieve key business outcomes that reshape how our world runs. As an expert technology adviser and managed service provider with cross-platform certifications, Ensono empowers our clients to keep up with continuous change and embrace innovation.

We can Do Great Things because we have great Associates. The Ensono Core Values unify our diverse talents and are woven into how we do business. These five traits are the key to achieving our purpose:

Honesty, Reliability, Curiosity, Collaboration, and Passion.

About the role and what you'll be doing:

The IAM Solution Architect is a senior role with broad domain expertise responsible for assessing IAM-related needs as they relate to migration and landing zone exits. This role provides end-to-end architecture leadership for IAM integration work in support of large-scale application migrations to AWS, Microsoft Azure, and strategic data centers.

We want all new Associates to succeed in their roles at Ensono. That's why we've outlined the job requirements below. To be considered for this role, it's important that you meet all Required Qualifications. If you do not meet all of the Preferred Qualifications, we still encourage you to apply. 

KEY RESPONSIBILITIES

• Stand up an IAM team that accelerates application migrations by delivering standard IAM patterns and implementation across:

  • Authentication and federation

  • Authorization integration

  • Secret management

  • Identity governance and administration

  • Privileged access management (PAM) integration

  • Migration readiness and cutover support for IAM controls

  • Development of accelerators and self-service tools to help in the migration

• Design and govern the technical IAM architecture for migration workloads

• Assess current state IAM landscape and define target state architecture aligned to enterprise standards

• Develop IAM integration patterns that are reusable across multiple application migrations

• Build and deploy common scaffolding services such as logging, monitoring, secrets management, integration services, shared storage, middleware components, and platform utilities

• Ensure these services are production ready, secure, and consumable by application teams

• Document consumption patterns and onboarding procedures

• Define and approve security baselines and minimum compliance standards for IAM controls

• Provide technical guidance and mentorship to IAM Engineers

• Collaborate with infrastructure and platform BAU teams to ensure alignment with enterprise standards

REQUIRED SKILLS & QUALIFICATIONS

• 10+ years of experience in Identity and Access Management

• Deep expertise across IAM domains with hands-on experience in the following platforms:

  • Privileged Access Management: CyberArk (EPV, PSM, PTA, CCP), HashiCorp Vault (secrets engine, dynamic secrets, encryption as a service)

  • Authentication/Identity Providers (IDP): ForgeRock (AM, IDM, DS, IG), RSA (SecurID, Identity Governance & Lifecycle)

  • User Access & Entitlement Management: SailPoint (IdentityIQ, IdentityNow), ESF (Enterprise Security Framework)

• Strong experience with cloud IAM services (AWS IAM, Azure AD/Entra ID, etc.)

• Knowledge of security frameworks and compliance requirements (SOX, GDPR, etc.)

• Experience designing IAM solutions for large-scale enterprise migrations

• Strong understanding of Active Directory, LDAP, SAML, OAuth, OpenID Connect

• Excellent communication skills with ability to translate technical concepts for various audiences

• Experience in financial services or highly regulated industries strongly preferred

• Relevant certifications preferred:

  • CISSP, CISM

  • Cloud certifications (AWS, Azure)

  • CyberArk Certified Delivery Engineer

  • SailPoint Certified IdentityIQ Engineer

Ensono is a place to make better happen – for our clients and for your career. You can do great things through innovation or collaboration, by learning or volunteering, or to promote diversity and inclusion. You can do great things for your own health or for a healthier planet. Whatever it means to you to do great things we want Ensono to be the place you can do it. 

We are a client-facing business, but we do encourage clients to allow us to work remotely most of the time so if you are not required to be on a client site, you can choose to work from home or in our Ensono offices.

Some of our benefits include:

• Unlimited Paid Days Off

• Three health plan options

• 401k with company match

• Eligibility for dental, vision, short and long-term disability, life and AD&D coverage, and flexible spending accounts

• Family Forming Benefit including fertility coverage and adoption/surrogacy reimbursement

• Paid childbearing and paternal leave

• Education Reimbursement, Student Loan Assistance or 529 College Funding

• Sabbatical leave

• Wellness program

• Flexible work schedule

As of the date of this posting, a good faith estimate of the current pay scale for this role is $140,000 to $182,000 annually based on a full-time schedule. Please note that placement in the range may vary based on numerous factors including but not limited to skills, experience, internal equity, and business needs. In addition to base salary, other compensation programs, depending on eligibility, include an annual bonus plan based on company and individual performance and an equity grant under our Associate Equity Appreciation Program.

Ensono is an Equal Opportunity/Affirmative Action employer. We are committed to providing equal employment to our Associates and building a diverse and inclusive workforce. All qualified applicants will be considered without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, or other legally protected basis, in accordance with applicable law.

Pay transparency nondiscrimination statement/posting OFCCP’s pay transparency policy can be found on OFCCP’s website.

If you need accommodation at any point during the application or interview process, please let your recruiter know or email [email protected].