Identity Access Management Architect

Reporting directly to the Head of Cloud Security, you will serve as the IAM Architect across our workforce, customer, and partner domains. We’ve moved past the basics; our stack is built on Zero Trust principles, featuring SPIRE, Open Policy Agent (OPA), and a custom-built group management engine. We need a leader who can navigate the space between high-level strategy and deep-stack execution. 

You will own the full IAM lifecycle, evolving our existing infrastructure into a scalable, modern ecosystem that serves as a competitive advantage for our operations.

In this role you will

• Develop and champion the target-state IAM architecture and roadmap, ensuring alignment with overall business strategy and security requirements.
• Lead the evaluation, selection, and deployment of new IAM products and technologies (IGA, PAM, AM, Directory Services).
• Define and govern IAM policies, standards, and procedures with cloud first infrastructure.
• Provide architectural guidance for complex access control models, role engineering, and segregation of duties (SoD) enforcement.
• Architect solutions for Federation/SSO, ensuring secure and seamless access for partners and customers.
• A deep understanding of access models such as RBAC, ABAC, PBAC.

Required qualifications

• 10+ years of progressive experience in Information Security, with at least 4 years focused on architecting and implementing IAM solutions in a large enterprise environment.
• Expert-level knowledge of at least one major Cloud Identity Provider (e.g., Azure, AWS IAM) and/or a major Customer Identity and Access Management (CIAM) platform.
• Deep understanding of core IAM protocols: SAML, OAuth 2.0, OpenID Connect (OIDC), SCIM, and LDAP.
• Technical Skills (must have experience in at least some of the following areas):
• Identity Governance and Administration (IGA): SailPoint, Saviynt, Conductor One, or similar.
• Privileged Access Management (PAM): CyberArk, HashiCorp Vault, Delinea, or similar.
• Multi-Factor Authentication (MFA): FIDO2/WebAuthn, biometric solutions, or platform-native MFA tools.
• API Security: Protecting APIs using OAuth scopes and claims.

Soft Skills: Strong analytical, problem-solving, and communication skills. Ability to create clear, concise documentation (architecture diagrams, design documents).

Desirable qualifications 

• Proven ability to lead complex IAM solutions from concept to production. 
• Ability to influence and collaborate with other areas of the business.

The base salary range for this position is  $191,000 - $277,000 per Year. Aurora’s pay ranges are determined by role, level, and location. Within the range, the successful candidate’s starting base pay will be determined based on factors including job-related skills, experience, qualifications, relevant education or training, and market conditions. These ranges may be modified in the future. The successful candidate will also be eligible for an annual bonus, equity compensation, and benefits.