Emergent, LLC

Lead Discovery Architect – Cyber Compliance, GRC

Emergent, LLC

full-time

Posted on:

Location Type: Hybrid

Location: United States

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

AzureCloudCyber SecurityKubernetesNeo4jOpenShiftPythonTerraform

About the role

  • The Lead Discovery Architect of our Cyber Strike Pods anchors the Assessment-Led Operating Model by converting raw telemetry into defensible decisions and prioritized, time-bound remediation plans aligned to NIST SP 800-207 and the CISA Zero Trust Maturity Model.
  • The Lead Discovery Architect leads high-velocity discovery assessments to find flaws and architect the cybersecurity foundations required to sever attack paths across on-premises Active Directory, Entra ID (Azure AD), and the emerging world of Agentic AI.
  • This role operates as the discovery authority and chief architect for a multi-disciplinary pod, owning technical direction, quality, and executive communications across assessment, prioritization, and proof-of-remediation.
  • Given the U.S. Public Sector context, this role works within ATO constraints and handles sensitive data appropriately while coordinating with compliance owners (e.g., FISMA/FedRAMP/CMMC) to ensure evidence and artifacts support accreditation updates.
  • Direct technical discovery within Active Directory (AD) and Entra ID.
  • Convert raw telemetry into Executive Identity Risk Scorecards.
  • Articulate "Choke Point Saturation" and "Attack Path Depth," proving to Agency CISOs that an adversary can achieve Full Domain Takeover in an average of 3.2 hops.
  • Own and deliver executive readouts/whiteboard sessions to translate graph-theory findings into business impact, time-to-fix, and outcome-based roadmaps with clear owners and due dates.
  • Identify the Shadow Admins and unmanaged GPOs that must be remediated before IAM/PAM tools can be effectively deployed and map each finding to specific identity control objectives and preconditions for IAM/PAM efficacy.
  • Identify specific Choke Points that represent 80% of a client's risk (e.g., GPO links, Service Account rotation, and Tiered Admin restrictions).
  • Lead hands-on proofs-of-remediation for the top choke points and measure impact before scale-out.
  • Map identified risks to specific hardening or maturity services and OEM solution pathways (Ping Identity, Aembit, Zscaler, Delinea, Hydden).
  • Sequence work to minimize operational disruption and define “no-regrets” controls and fast-path wins.
  • Utilize tools like Hydden to identify the risks of orphaned service principals, Automated Service Accounts, and Shadow AI agents that create unmonitored backdoors into critical workloads.
  • Recommend lifecycle controls, least-privilege scopes, and continuous discovery for NHIs across clouds and platforms.
  • Move clients from static, password-based security to a context-aware Zero Trust architecture, ensuring "Least Privilege" is enforced by technical control, not just policy.
  • Analyze the structural integrity of the bridge between on-prem AD and Entra ID, identifying high-risk configurations such as identifying the compromise of an on-prem helpdesk account can lead to a total takeover of the M365/Azure tenant.
  • Convert technical debt into actionable demand for our high margin Hardening & Maturity Services.
  • Move clients from "Reactive" (D+) to "Optimized" (A) postures.
  • Document runbooks and operating-level agreements that sustain gains post-engagement.
  • Build and maintain reusable discovery and hardening automation (PowerShell, Microsoft Graph API, KQL, Neo4j/Cypher, Terraform/Policy-as-Code) and steward a Git-based pattern library/playbooks for repeatable execution.
  • Define, track, and report identity resilience KPIs/OKRs (e.g., Mean Attack Path Length, Shadow Admin density, Credential Exposure rate, CA policy coverage) and establish a leadership inspection cadence.
  • Support mentorship of pod engineers to develop identity security expertise, operational judgment, and technical ownership.
  • Coordinate with SOC, IR, Cloud Platform, and Enterprise Architecture to sequence changes safely and ensure durable ownership.
  • Ensure alignment to U.S. Public Sector requirements (e.g., NIST SP 800-53 controls, CISA directives/BODs, agency-specific ATO conditions) and produce evidence artifacts to support audits and accreditations.
  • Perform all other duties, as assigned.

Requirements

  • Bachelor’s Degree in an IT-related field or equivalent work experience, required.
  • 12-15 years of progressive experience in Cyber consulting.
  • 5+ years leading hands-on identity modernization engagements.
  • Proven experience leading automation architecture for high-volume, factory-style transformations (hundreds to thousands of workloads).
  • Demonstrated experience and ownership of reusable automation assets and playbooks (version-controlled, peer-reviewed).
  • Hands-on experience operating in hybrid environments spanning on-prem virtualization, Kubernetes/OpenShift platforms, and public cloud services.
  • Deep, practical experience with Microsoft identity/security stack: Entra ID Protection, Conditional Access, PIM, Entra ID Governance, Defender for Identity, Microsoft Sentinel (SIEM), and Microsoft 365 Defender.
  • Experience in U.S. Public Sector environments and frameworks (NIST SP 800-207/800-53, FedRAMP, CMMC) is highly desirable.
  • Deep proficiency with Active Directory (on-prem) and Entra ID (Cloud).
  • Understanding of and/or ability to learn proficient use of BloodHound, PingCastle, and Purple Knight is mandatory
  • Hands-on proficiency with Microsoft Defender for Identity, Entra Permissions Management (CIEM), Microsoft Sentinel, and Microsoft 365 Defender.
  • Fluency in PowerShell, KQL, Python, and Neo4j/Cypher for data-driven analysis and automation.
  • Deep understanding of NIST 800-207 and the technical requirements for implementing a Zero Trust identity perimeter.
  • Ability to translate Zero Trust principles into enforceable controls (Conditional Access patterns, PIM guardrails, device trust, continuous evaluation).
  • Ability to see an environment through the eyes of an attacker such as nodes, edges, and "Pass-the-Hash" opportunities where others see "Users and Groups"
  • Ability to write and interpret complex Cypher and KQL to quantify attack paths, choke points, and control efficacy; familiarity with MITRE ATT&CK and threat modeling (e.g., STRIDE).
  • Ability to translate a complex graph-theory finding into a compelling business case for identity modernization.
  • Skilled at building decision-ready artifacts (scorecards, roadmaps, architecture decision records) that drive action.
  • Exceptional written and verbal communication skills, with the ability to translate complex automation concepts into executive-level and non-technical narratives.
  • A mindset oriented toward product thinking – treating automation as a long-lived platform rather than a one-time migration tool with strong DevOps hygiene (Git, PRs, CI) and change management discipline to ensure safe rollout at scale.
Benefits
  • Comprehensive Health, Dental, and Vision plans
  • Premier 401k retirement plan with corporate matching and a 529 college saving plan
  • Tax-advantaged Health Savings Account and Dependent Care Flexible Spending Account options
  • Legal Resources
  • Generous work/life balance opportunities supported by a PTO bank, paid holidays, leave programs and additional flex time off
  • Employee referral program
  • Employee recognition, gift and reward program
  • Tuition reimbursement for continuing education
  • Remote or hybrid work options
  • Engaging company events such as team building activities, annual awards and kick-off parties
  • Health and wellness-focused activities
  • Relaxation Spaces
  • In-office gourmet coffee, tea, fresh fruit and healthy snacks
  • Corporate GREEN approach – tracking energy consumption for reduction and purchasing only environmentally friendly products for our offices
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
identity modernizationautomation architecturedata-driven analysisZero Trust principlesgraph-theory analysisKQLPythonNeo4j/CypherPowerShellMicrosoft identity/security stack
Soft Skills
executive communicationmentorshipproduct thinkingdecision-makingtranslating complex conceptsoperational judgmenttechnical ownershipcollaborationleadershipproblem-solving
Certifications
Bachelor’s Degree in IT-related fieldNIST SP 800-207FedRAMPCMMC