Senior Information Security Architect – Cloud IAM

First American

Senior IAM Security Architect at First American, focusing on cloud IAM security control design and automation. Leading zero trust identity posture and adapting modern security protocols.

Posted 4/30/2026full-timeRemote • 🇺🇸 United StatesSenior💰 $148,600 - $198,200 per yearWebsite

Tech Stack

Tools & technologies

AWSAzureCloudGoogle Cloud Platform

About the role

Key responsibilities & impact

Participate in the design of secure IAM architectures across multiple platforms (AWS, Azure, Entra ID), ensuring all components align with best practices and organizational security requirements.
Design security controls for IAM, including user authentication, authorization, role management, identity federation, and privilege management across cloud and hybrid environments.
Lead the design and evolution of CIAM architecture that supports secure, scalable, and customer-centric identity services across web, mobile, and API-based platforms.
Establish and maintain a Zero Trust security model for IAM, ensuring that all access requests are continuously verified, regardless of location or network.
Integrate Zero Trust principles with cloud-native security tools and IAM platforms (e.g., AWS, Azure, Entra ID) to ensure seamless, secure, and dynamic access control.
Automate risk-based access controls and adaptive authentication based on behavioral signals, ensuring a dynamic response to security events.
Establish and enforce least privilege access principles for all roles across cloud and on-prem environments, ensuring users only have the minimal access necessary to perform their job functions.
Design and implement Just-in-Time (JIT) access control mechanisms to dynamically grant access based on user needs, significantly reducing standing permission sets.
Design SSO solutions that provide seamless and secure access to enterprise applications, ensuring a frictionless user experience while maintaining high security standards.
Lead the adoption of modern authentication protocols (e.g., OAuth 2.0, OpenID Connect, SAML) for secure, scalable, and standardized access management across applications and systems.
Design MFA solutions to enhance authentication security, applying risk-based policies to ensure strong protection for sensitive data and critical resources.
Develop and integrate IAM security controls with cloud platforms such as AWS, Azure, and Entra ID, ensuring secure access management across both public and hybrid cloud environments.
Leverage native security features of cloud platforms (e.g., AWS IAM, Azure AD, Entra ID) to design scalable, secure, and automated IAM solutions.
Lead the migration process from Hybrid Active Directory to Entra-ID based authentication to ensure minimal disruption and proper synchronization and federation across systems.
Develop and maintain security governance frameworks for IAM, focusing on identity lifecycle management, role-based access control (RBAC), user provisioning, deprovisioning, and enforcement of least privilege.
Ensure proper identity governance and access reviews are conducted regularly, documenting changes and exceptions as part of compliance audits.
Collaborate with cross-functional teams, including application security, network security, infrastructure, and DevOps, to integrate IAM security best practices across systems and services.
Stay up to date on the latest IAM trends, security threats, and technology advancements to continuously improve IAM practices and solutions.
Implement security automation tools and workflows to improve efficiency and reduce manual efforts in identity management and access control.

Requirements

What you’ll need

Bachelor’s degree in computer science, Information Security, or related field
7+ years of experience in IAM security, including at least 5 years of experience in IAM risk assessment, threat modeling, and security control design
Preferred Certified Information Systems Security Professional (CISSP) or Certified Identity and Access Manager (CIAM) or other relevant IAM/security certification
Proven expertise in implementing and securing IAM solutions in cloud environments such as AWS, Azure, and Entra ID
Knowledge in GCP would be a nice to have.
In-depth knowledge of IAM security best practices, identity governance, and access management policies.
Hands-on experience in conducting security risk assessments and threat modeling for IAM systems.
Demonstrated experience in establishing least privilege access and implementing Just-in-Time (JIT) access controls across cloud and on-premises environments.
Expertise in implementing and managing a Zero Trust security posture for IAM, with hands-on experience in identity validation, continuous authentication, and risk-based access controls.
Strong expertise with IAM platforms such as Microsoft Entra ID (Azure AD), AWS IAM, Azure Active Directory.
Experience with cloud security, integrating IAM systems with AWS, Azure, and hybrid environments.
Strong understanding of IAM security controls, including role-based access control (RBAC), attribute-based access control (ABAC), policy enforcement, and Just-in-Time (JIT) provisioning.
Experience in implementing and managing SSO and MFA, with expertise in modern authentication protocols such as OAuth 2.0, OpenID Connect, and SAML.
Experience in architecting and operating CIAM solutions at enterprise scale (customer-facing portals, mobile apps, APIs).

Benefits

Comp & perks

medical
dental
vision
401k
PTO/paid sick leave
employee stock purchase plan

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

IAM securityrisk assessmentthreat modelingsecurity control designZero Trust securityJust-in-Time (JIT) access controlrole-based access control (RBAC)multi-factor authentication (MFA)OAuth 2.0OpenID Connect

Soft Skills

collaborationleadershipcommunicationorganizational skillsproblem-solving

Certifications

Certified Information Systems Security Professional (CISSP)Certified Identity and Access Manager (CIAM)