IAM Architect - Access Management / CIAM (Remote in the US)

Position Overview

We are growing! GuidePoint Security is hiring an Access Management Architect to join our implementation team on a full-time basis. This is a fully remote role where we are looking for relevant experience with Okta, Ping Identity, and Microsoft Entra ID (formerly Azure AD). Okta experience HIGHLY preferred.

The Access Management Architect is responsible for designing, deploying, administering, and optimizing enterprise-grade Identity and Access Management (IAM) solutions with a primary focus on Okta, Ping Identity, and Microsoft Entra ID. This role ensures secure authentication, authorization, and access governance across cloud and on-premises applications. The architect will work closely with security, infrastructure, DevOps, and application teams to implement and maintain advanced access management controls and best practices.

Key Responsibilities:

Identity & Access Management Platform Operations

• Deploy, configure, manage, and support Okta, Auth0, Ping Identity (PingFederate, PingOne, PingOne AIC), and Microsoft Entra ID environments
• Manage user lifecycle governance including provisioning, deprovisioning, and access certification workflows
• Maintain authentication policies, authorization rules, access workflows, and security controls
• Implement and oversee Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Adaptive Authentication
• Ensure adherence to least-privilege and Zero-Trust principles for all user and application identities

Modern Access Management & Identity

• Support modern IAM capabilities such as:




• Just-in-Time (JIT) access provisioning
• Conditional Access and risk-based authentication
• API access management and OAuth/OIDC flows
• Cloud-native identity federation
• Identity lifecycle automation and governance
• Passwordless and phishing-resistant authentication
• Workforce and customer identity management (CIAM)




• Assist in building automated identity workflows for application onboarding and user access requests

Technical Implementation & Engineering

• Integrate IAM platforms with AD/LDAP, cloud directories, SIEM, SCIM provisioning, SAML/OIDC applications, and cloud services (AWS/Azure/GCP)
• Onboard new applications, SaaS platforms, APIs, and services to Okta, Ping Identity, and Entra ID
• Configure identity providers (IdP), service providers (SP), federation protocols, and API gateways
• Develop automation for user provisioning, access reviews, and monitoring using PowerShell, Python, or REST APIs
• Implement access governance policies, role-based access control (RBAC), and attribute-based access control (ABAC)
• Configure and maintain directory synchronization, identity federation, and hybrid identity architectures
• Support identity threat detection, anomaly monitoring, and security incident response

Project Oversight & Client Success

• Champion projects from an ownership perspective, taking full accountability for successful delivery and client outcomes
• Drive client customer satisfaction by maintaining proactive communication, managing expectations, and ensuring quality deliverables
• Provide strategic oversight across multiple concurrent projects, ensuring alignment with client objectives and timelines
• Enhance delivery team efficiency through mentorship, technical guidance, and process optimization
• Ensure appropriate staffing on projects by assessing technical requirements and team capabilities
• Identify and mitigate project risks, escalating issues when necessary to maintain project health
• Collaborate with project managers and leadership to optimize resource allocation and project planning
• Conduct regular project health checks and implement corrective actions to keep engagements on track
• Foster strong client relationships through technical excellence and consultative approach
• Lead post-implementation reviews and capture lessons learned to continuously improve delivery practices
• Develop and refine standard operating procedures (SOPs) and templates to improve consistency and quality across engagements
• Create and maintain technical documentation, implementation guides, and best practice frameworks
• Standardize delivery methodologies and tooling to enhance team productivity and client outcomes

Presales Support & Business Development

• Provide technical expertise during the presales process to support new business opportunities
• Assist with project scoping activities, including technical discovery and requirements gathering
• Develop Level of Effort (LOE) estimates for proposed IAM implementations and engagements
• Contribute to Statement of Work (SOW) development, ensuring technical accuracy and feasibility
• Support proposal development with technical content, solution architectures, and implementation approaches
• Act as a liaison between the sales organization and delivery practice to ensure smooth handoffs
• Participate in client-facing presentations and technical demonstrations during the sales cycle
• Provide subject matter expertise to address technical questions and concerns from prospective clients
• Collaborate with sales teams to identify opportunities for service expansion and upsell within existing accounts

Minimum Qualifications

• Bachelor's degree in Computer Science, Information Security, or related field - or equivalent work experience
• 3-5+ years of experience in Identity and Access Management engineering or Consulting
• Hands-on experience with Okta (Universal Directory, Lifecycle Management, Workflows, API Access Management)
• Experience implementing Microsoft Entra ID including Conditional Access, Identity Protection, and Entra Connect
• Working knowledge of Ping Identity solutions (PingFederate, PingOne, or PingAccess)
• Strong understanding of identity governance, SSO protocols (SAML, OIDC, OAuth), MFA, and access certification
• Experience with Windows/Linux server administration and Active Directory
• Familiarity with scripting (PowerShell, Python) and REST APIs
• Knowledge of common security frameworks and access control principles

Preferred Qualifications

• 3-5 years of IT Professional services and consulting experience
• Professional certifications such as:




• Okta Certified Professional / Okta Certified Administrator / Okta Certified Consultant
• Microsoft Certified: Identity and Access Administrator Associate
• Ping Identity Certified Professional
• CISSP, CISM, Security+, CCSP, or similar




• Exposure to modern IAM capabilities:




• Passwordless authentication (FIDO2, WebAuthn, passkeys)
• Decentralized identity and verifiable credentials
• Identity threat detection and response (ITDR)
• API security and OAuth 2.0 / OpenID Connect

The Team

Coming to the Access Management team means working on the leading edge in the IAM space. As an Access Management Architect, you will be partnering with other engineers and architects to help some of the largest companies in the US implement their own identity and access management programs. From participating in assessments to full delivery of IAM platforms, you can expect to be involved at all levels of interaction with our customers. Your leadership and expertise are critical to providing our customers with the guidance they need, and the excellence they expect from GuidePoint Security.

We partner with the largest vendors in the space to ensure that the latest training is always available to our team. High level communication and collaboration are the standard. Mentorship at all levels, from Senior Architects to Junior Engineers, is foundational to our culture. We don't just talk about work life balance; we facilitate it with an unlimited PTO benefit.

We understand that in order to retain our talented team, leadership must provide regular feedback and coaching. We recruit new members to the team with the understanding that opportunities for growth are important. Whether your goals include future leadership opportunities, becoming an Architect or even moving to another discipline within security in time, the leadership team is focused on partnering with you to help achieve them.