The Senior Identity Application Architect, CIAM/IAM, is responsible for leading the architecture, design, and evolution of identity solutions that support secure, scalable, and resilient customer and workforce access across the organization.
This role defines target-state architecture and implementation patterns for customer identity and access management and enterprise identity and access management, including authentication, authorization, federation, lifecycle orchestration, delegated administration, and identity data flows across cloud and enterprise platforms.
The architect partners with cybersecurity, infrastructure, application owners, product teams, and business stakeholders to translate business, security, privacy, and user experience requirements into practical identity architectures. This role also provides technical leadership for integrations across platforms such as Okta, Auth0, Azure, AWS, Salesforce, ServiceNow, and custom applications, with an emphasis on security, reliability, maintainability, and business enablement.
Duties/Responsibilities
Lead the architecture and design of CIAM and IAM solutions supporting secure customer, partner, and workforce identity use cases across digital and enterprise environments, including authentication, authorization, federation, lifecycle automation, and secure access patterns.
Define reference architectures, technical standards, guardrails, and integration patterns for identity services and applications using protocols and technologies such as OAuth 2.0, OpenID Connect, SAML, SCIM, LDAP, REST APIs, webhooks, and event-driven architectures.
Architect and guide implementation of identity-enabled applications, APIs, portals, and workflows, including customer onboarding, workforce onboarding, joiner-mover-leaver processes, access requests, delegated administration, MFA, identity proofing, registration, account recovery, consent, and progressive profiling.
Drive architecture decisions for identity data models, directory strategy, attribute governance, role, group, and policy design, and integrations across HR, CRM, ITSM, cloud, and other enterprise platforms.
Evaluate and improve identity platforms, integrations, and access patterns to reduce risk, technical debt, and operational friction while ensuring resilience, scalability, observability, auditability, privacy, and compliance by design.
Produce architecture diagrams, standards, roadmaps, decision records, and implementation guidance, and lead design reviews, governance activities, and stakeholder communication to align delivery with security requirements and strategic objectives.
Mentor engineers and administrators, collaborate with vendors and internal teams, and stay current on IAM and CIAM trends, threats, standards, and capabilities to drive continuous improvement and informed architectural recommendations.
Education and Experience
Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, Software Engineering, or a related field, or equivalent practical experience.
8+ years of progressive experience in identity and access management, application security, or enterprise architecture, including significant experience designing identity solutions in complex environments.
5+ years of experience architecting or leading implementations for CIAM and/or IAM platforms, including authentication, federation, authorization, and lifecycle orchestration use cases.
Practical experience designing integrations across identity providers, cloud platforms, customer-facing applications, HR systems, CRM platforms, IT service management systems, and related enterprise applications.
Expertise in platforms and services such as Okta, Auth0, Microsoft Entra ID, AWS, Azure, Salesforce, ServiceNow, or comparable identity and business platforms.
Demonstrated success in leading technical design for secure APIs, identity-aware applications, and event-driven or service-based integrations.
Required certification in at least one relevant identity or cybersecurity discipline, such as CISSP, CCSP, IDPro, Okta Certified Administrator or Developer, Microsoft SC-300, AWS Security Specialty, or comparable credentials.
Minimum Required
Required Knowledge, Skills, Abilities
Strong expertise in IAM and CIAM architecture, including authentication, authorization, federation, identity lifecycle management, provisioning and deprovisioning, delegated administration, and access governance concepts.
Deep understanding of identity standards and protocols, including OAuth 2.0, OpenID Connect, SAML, SCIM, and related token, session, and federation concepts.
Experience designing customer identity journeys with attention to registration, login, MFA, passwordless options, account recovery, consent, profile management, and user experience.
Experience designing enterprise IAM patterns for role-based access, attribute-based access, entitlement management, least privilege, and segregation of duties.
Strong understanding of identity-related security principles, including session security, secrets protection, API security, bot and fraud considerations, logging, monitoring, threat modeling, and auditability.
Ability to define architecture roadmaps, target states, transition plans, and decision frameworks for identity modernization initiatives.
Experience working across engineering, infrastructure, security, product, and business teams to align requirements and drive implementation outcomes.
Ability to review solution designs and code or configuration patterns at the right level to ensure architectural alignment without owning every implementation detail.
Familiarity with modern software and platform engineering practices, including CI/CD, infrastructure as code, automated testing, observability, and secure development practices.
Demonstrated willingness and ability to adopt AI-assisted engineering tools for code generation, code review, test creation, and developer productivity, using tools such as Claude, GitHub Copilot, Cursor, or similar technologies in a secure and effective manner.
Strong written and verbal communication skills, including the ability to present architecture decisions, tradeoffs, and recommendations to technical and executive stakeholders.
Strong problem-solving skills and the ability to diagnose complex identity, integration, and access issues across distributed systems.
Demonstrated experience addressing emerging identity control challenges related to agentic AI, non-human identities, machine identities, and modern IAM governance patterns.
Skills Required
- Bachelor's degree in Computer Science, IT, Cybersecurity, Software Engineering, or equivalent experience
- 8+ years progressive experience in identity and access management, application security, or enterprise architecture
- 5+ years architecting or leading CIAM and/or IAM platform implementations (authentication, federation, authorization, lifecycle orchestration)
- Practical experience integrating identity across identity providers, cloud platforms, customer apps, HR systems, CRM, and ITSM
- Expertise with Okta, Auth0, Microsoft Entra ID (Azure AD), AWS, Azure, Salesforce, ServiceNow or comparable platforms
- Deep knowledge of protocols and standards: OAuth 2.0, OpenID Connect, SAML, SCIM, LDAP, REST APIs, webhooks, event-driven architectures
- Required certification in at least one identity or cybersecurity discipline (CISSP, CCSP, IDPro, Okta Certified, Microsoft SC-300, AWS Security Specialty, or comparable)
- Demonstrated success leading technical design for secure APIs, identity-aware applications, and event/service-based integrations
- Experience designing customer identity journeys and IAM patterns: MFA, passwordless, account recovery, consent, RBAC, ABAC, entitlement management
- Familiarity with modern engineering practices: CI/CD, infrastructure as code, automated testing, observability, secure development
- Strong communication, stakeholder alignment, architecture roadmapping, mentoring engineers and administrators
AHEAD Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about AHEAD and has not been reviewed or approved by AHEAD.
-
Retirement Support — 401(k) contributions are matched dollar-for-dollar on the first $5,000 each year, with matching made each pay period and immediate 100% vesting. This structure signals above-standard employer support for retirement savings.
-
Affordable Benefits — Medical options include low employee premiums for PPO and HDHP plans, and the HDHP adds employer HSA funding plus a dollar-for-dollar HSA match up to stated amounts. Dental and vision plans list very low per-paycheck costs, helping keep overall healthcare spend manageable.
-
Wellbeing & Lifestyle Benefits — No-cost telemedicine (including virtual mental health when enrolled), free Calm access for the employee and dependents, and an EAP with counseling are included. Company-paid life and disability plus voluntary protections (legal/ID, pet insurance) and other extras round out a comprehensive set of supports.
AHEAD Insights
What We Do
AHEAD builds platforms for digital business. By weaving together cloud infrastructure, intelligent operations, and modern applications, we help enterprises deliver on the promise of digital transformation.






