About us: Intuitive is an innovation-led engineering company delivering business outcomes for 100s of Enterprises globally. With the reputation of being a Tiger Team & a Trusted Partner of enterprise technology leaders, we help solve the most complex Digital Transformation challenges across following Intuitive Superpowers: Modernization & Migration Application & Database Modernization Platform Engineering (IaC/EaC, DevSecOps & SRE) Cloud Native Engineering, Migration to Cloud, VMware Exit FinOps Data & AI/ML Data (Cloud Native / DataBricks / Snowflake) Machine Learning, AI/GenAI Cybersecurity Infrastructure Security Application Security Data Security AI/Model Security SDx & Digital Workspace (M365, G-suite) SDDC, SD-WAN, SDN, NetSec, Wireless/Mobility Email, Collaboration, Directory Services, Shared Files Services Intuitive Services: Professional and Advisory Services Elastic Engineering Services Managed Services Talent Acquisition & Platform Resell Services About the job: Title: Azure Security & IAM Architect Start Date: Immediate Position Type: Full-time Employment/ Contract Location : Remote across USA/ Canada Position Summary We are seeking a highly skilled and experienced Azure Security and Identity and Access Management (IAM) Security Architect to lead the design, implementation, and governance of our enterprise Azure and IAM strategy. The ideal candidate will have deep technical knowledge of Azure Security Architecture, authentication, authorization, identity governance, and privileged access management across cloud and on-premises environments. This role plays a critical part in ensuring secure, compliant, and seamless access to corporate systems and data. Key Responsibilities Design and implement IAM architectures and strategies aligned with enterprise security goals. Lead the development and automation of identity lifecycle processes (Joiner-Mover-Leaver). Develop and enforce policies for authentication, authorization, and access control. Collaborate with cloud and application teams to integrate IAM best practices into deployments. Design and support SSO, federation, and identity integration across SaaS, IaaS, and on-prem platforms. Design a Zero Trust access model for a hybrid workforce accessing SaaS and on-prem apps Implement and manage Privileged Access Management (PAM) solutions. Perform risk assessments on identity infrastructure and implement appropriate security controls. Ensure compliance with security frameworks and regulatory requirements (e.g., NIST, ISO, GDPR, SOX). Evaluate and recommend IAM tools and technologies. Participate in incident response efforts related to identity threats or breaches. Integrate AWS IAM with Azure AD for SSO and conditional access enforcement Required Skills and Expertise Azure infra threat Modeling and Risk Assessment skills Azure Security Strategy and Architecture Design Network Security Architecture Azure Security Services Expertise: Microsoft Defender for Cloud, Microsoft Sentinel, Key Vault, Azure Firewall, DDoS Protection, Security Center, and Azure Policy. Expertise in IAM concepts including RBAC, ABAC, PBAC, JML, role engineering, JML process automation, Conditional access, Entitlement management, PSM, PIM, PAM, and access certification. Hands-on experience with protocols like SAML 2.0, OAuth 2.0, OIDC, LDAP, and Kerberos. Strong knowledge of directory services (Active Directory, Azure AD, LDAP). Deep experience with IGA platforms (e.g., SailPoint, Saviynt, One Identity). PAM tools such as CyberArk, BeyondTrust, Delinea. Cloud IAM solutions: Azure AD / Entra ID, AWS IAM, GCP IAM. Experience designing Zero Trust and Conditional Access architectures. Understanding of IAM-related compliance frameworks: NIST 800-53/63, ISO 27001, HIPAA, SOX, GDPR. Threat modeling and identity-centric risk mitigation strategies. Strong communication and collaboration skills across technical and business teams. Expertise with Top IAM Tools & Platforms - Identity Governance and Administration (IGA) Examples SailPoint Lifecycle management, compliance, access certification Saviynt Cloud-native IGA with fine-grained access for apps and infra - Privileged Access Management (PAM) Examples CyberArk Vaulting, session recording, Just-in-Time (JIT) access BeyondTrust Endpoint privilege management and session monitoring Delinea (formerly Thycotic) Azure PIM - Authentication & Federation Tools Examples Keycloak Open-source OIDC/OAuth2 identity provider Auth0 (now part of Okta) Shibboleth federation via SAML Preferred Qualifications Relevant certifications: CISSP, GIAC, Azure Security Engineer, AWS Security Specialty, Identity-focused certifications. Experience working in large-scale, multi-cloud, enterprise environments. Key Tools and Technologies IGA: SailPoint, Saviynt, One Identity PAM: CyberArk, BeyondTrust, Delinea Cloud IAM: Azure AD / Entra ID, AWS IAM, GCP IAM SSO and Federation: Okta, Ping Identity, ForgeRock, Auth0, Keycloak Directory Services: Active Directory, OpenLDAP, Azure AD DS
Job Title
Azure Security & IAM Architect