IAM Architect - Access Management / CIAM
Position Overview
We are growing! GuidePoint Security is hiring an Access Management Architect to join our implementation team on a full-time basis. This is a fully remote role where we are looking for relevant experience with Okta, Ping Identity, and Microsoft Entra ID (formerly Azure AD). Okta experience HIGHLY preferred.
The Access Management Architect is responsible for designing, deploying, administering, and optimizing enterprise-grade Identity and Access Management (IAM) solutions with a primary focus on Okta, Ping Identity, and Microsoft Entra ID. This role ensures secure authentication, authorization, and access governance across cloud and on-premises applications. The architect will work closely with security, infrastructure, DevOps, and application teams to implement and maintain advanced access management controls and best practices.
Key Responsibilities:
Identity & Access Management Platform Operations
Deploy, configure, manage, and support Okta, Auth0, Ping Identity (PingFederate, PingOne, PingOne AIC), and Microsoft Entra ID environments
Manage user lifecycle governance including provisioning, deprovisioning, and access certification workflows
Maintain authentication policies, authorization rules, access workflows, and security controls
Implement and oversee Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Adaptive Authentication
Ensure adherence to least-privilege and Zero-Trust principles for all user and application identities
Modern Access Management & Identity
Support modern IAM capabilities such as:
Just-in-Time (JIT) access provisioning
Conditional Access and risk-based authentication
API access management and OAuth/OIDC flows
Cloud-native identity federation
Identity lifecycle automation and governance
Passwordless and phishing-resistant authentication
Workforce and customer identity management (CIAM)
Assist in building automated identity workflows for application onboarding and user access requests
Technical Implementation & Engineering
Integrate IAM platforms with AD/LDAP, cloud directories, SIEM, SCIM provisioning, SAML/OIDC applications, and cloud services (AWS/Azure/GCP)
Onboard new applications, SaaS platforms, APIs, and services to Okta, Ping Identity, and Entra ID
Configure identity providers (IdP), service providers (SP), federation protocols, and API gateways
Develop automation for user provisioning, access reviews, and monitoring using PowerShell, Python, or REST APIs
Implement access governance policies, role-based access control (RBAC), and attribute-based access control (ABAC)
Configure and maintain directory synchronization, identity federation, and hybrid identity architectures
Support identity threat detection, anomaly monitoring, and security incident response
Project Oversight & Client Success
Champion projects from an ownership perspective, taking full accountability for successful delivery and client outcomes
Drive client customer satisfaction by maintaining proactive communication, managing expectations, and ensuring quality deliverables
Provide strategic oversight across multiple concurrent projects, ensuring alignment with client objectives and timelines
Enhance delivery team efficiency through mentorship, technical guidance, and process optimization
Ensure appropriate staffing on projects by assessing technical requirements and team capabilities
Identify and mitigate project risks, escalating issues when necessary to maintain project health
Collaborate with project managers and leadership to optimize resource allocation and project planning
Conduct regular project health checks and implement corrective actions to keep engagements on track
Foster strong client relationships through technical excellence and consultative approach
Lead post-implementation reviews and capture lessons learned to continuously improve delivery practices
Develop and refine standard operating procedures (SOPs) and templates to improve consistency and quality across engagements
Create and maintain technical documentation, implementation guides, and best practice frameworks
Standardize delivery methodologies and tooling to enhance team productivity and client outcomes
Presales Support & Business Development
Provide technical expertise during the presales process to support new business opportunities
Assist with project scoping activities, including technical discovery and requirements gathering
Develop Level of Effort (LOE) estimates for proposed IAM implementations and engagements
Contribute to Statement of Work (SOW) development, ensuring technical accuracy and feasibility
Support proposal development with technical content, solution architectures, and implementation approaches
Act as a liaison between the sales organization and delivery practice to ensure smooth handoffs
Participate in client-facing presentations and technical demonstrations during the sales cycle
Provide subject matter expertise to address technical questions and concerns from prospective clients
Collaborate with sales teams to identify opportunities for service expansion and upsell within existing accounts
Minimum Qualifications
Bachelor's degree in Computer Science, Information Security, or related field — or equivalent work experience
3–5+ years of experience in Identity and Access Management engineering or Consulting
Hands-on experience with Okta (Universal Directory, Lifecycle Management, Workflows, API Access Management)
Experience implementing Microsoft Entra ID including Conditional Access, Identity Protection, and Entra Connect
Working knowledge of Ping Identity solutions (PingFederate, PingOne, or PingAccess)
Strong understanding of identity governance, SSO protocols (SAML, OIDC, OAuth), MFA, and access certification
Experience with Windows/Linux server administration and Active Directory
Familiarity with scripting (PowerShell, Python) and REST APIs
Knowledge of common security frameworks and access control principles
Preferred Qualifications
3-5 years of IT Professional services and consulting experience
Professional certifications such as:
Okta Certified Professional / Okta Certified Administrator / Okta Certified Consultant
Microsoft Certified: Identity and Access Administrator Associate
Ping Identity Certified Professional
CISSP, CISM, Security+, CCSP, or similar
Exposure to modern IAM capabilities:
Passwordless authentication (FIDO2, WebAuthn, passkeys)
Decentralized identity and verifiable credentials
Identity threat detection and response (ITDR)
API security and OAuth 2.0 / OpenID Connect
The Team
Coming to the Access Management team means working on the leading edge in the IAM space. As an Access Management Architect, you will be partnering with other engineers and architects to help some of the largest companies in the US implement their own identity and access management programs. From participating in assessments to full delivery of IAM platforms, you can expect to be involved at all levels of interaction with our customers. Your leadership and expertise are critical to providing our customers with the guidance they need, and the excellence they expect from GuidePoint Security.
We partner with the largest vendors in the space to ensure that the latest training is always available to our team. High level communication and collaboration are the standard. Mentorship at all levels, from Senior Architects to Junior Engineers, is foundational to our culture. We don't just talk about work life balance; we facilitate it with an unlimited PTO benefit.
We understand that in order to retain our talented team, leadership must provide regular feedback and coaching. We recruit new members to the team with the understanding that opportunities for growth are important. Whether your goals include future leadership opportunities, becoming an Architect or even moving to another discipline within security in time, the leadership team is focused on partnering with you to help achieve them.
IAM Architect - Access Management / CIAM
Position Overview
We are growing! GuidePoint Security is hiring an Access Management Architect to join our implementation team on a full-time basis. This is a fully remote role where we are looking for relevant experience with Okta, Ping Identity, and Microsoft Entra ID (formerly Azure AD). Okta experience HIGHLY preferred.
The Access Management Architect is responsible for designing, deploying, administering, and optimizing enterprise-grade Identity and Access Management (IAM) solutions with a primary focus on Okta, Ping Identity, and Microsoft Entra ID. This role ensures secure authentication, authorization, and access governance across cloud and on-premises applications. The architect will work closely with security, infrastructure, DevOps, and application teams to implement and maintain advanced access management controls and best practices.
Key Responsibilities:
Identity & Access Management Platform Operations
Deploy, configure, manage, and support Okta, Auth0, Ping Identity (PingFederate, PingOne, PingOne AIC), and Microsoft Entra ID environments
Manage user lifecycle governance including provisioning, deprovisioning, and access certification workflows
Maintain authentication policies, authorization rules, access workflows, and security controls
Implement and oversee Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Adaptive Authentication
Ensure adherence to least-privilege and Zero-Trust principles for all user and application identities
Modern Access Management & Identity
Support modern IAM capabilities such as:
Just-in-Time (JIT) access provisioning
Conditional Access and risk-based authentication
API access management and OAuth/OIDC flows
Cloud-native identity federation
Identity lifecycle automation and governance
Passwordless and phishing-resistant authentication
Workforce and customer identity management (CIAM)
Assist in building automated identity workflows for application onboarding and user access requests
Technical Implementation & Engineering
Integrate IAM platforms with AD/LDAP, cloud directories, SIEM, SCIM provisioning, SAML/OIDC applications, and cloud services (AWS/Azure/GCP)
Onboard new applications, SaaS platforms, APIs, and services to Okta, Ping Identity, and Entra ID
Configure identity providers (IdP), service providers (SP), federation protocols, and API gateways
Develop automation for user provisioning, access reviews, and monitoring using PowerShell, Python, or REST APIs
Implement access governance policies, role-based access control (RBAC), and attribute-based access control (ABAC)
Configure and maintain directory synchronization, identity federation, and hybrid identity architectures
Support identity threat detection, anomaly monitoring, and security incident response
Project Oversight & Client Success
Champion projects from an ownership perspective, taking full accountability for successful delivery and client outcomes
Drive client customer satisfaction by maintaining proactive communication, managing expectations, and ensuring quality deliverables
Provide strategic oversight across multiple concurrent projects, ensuring alignment with client objectives and timelines
Enhance delivery team efficiency through mentorship, technical guidance, and process optimization
Ensure appropriate staffing on projects by assessing technical requirements and team capabilities
Identify and mitigate project risks, escalating issues when necessary to maintain project health
Collaborate with project managers and leadership to optimize resource allocation and project planning
Conduct regular project health checks and implement corrective actions to keep engagements on track
Foster strong client relationships through technical excellence and consultative approach
Lead post-implementation reviews and capture lessons learned to continuously improve delivery practices
Develop and refine standard operating procedures (SOPs) and templates to improve consistency and quality across engagements
Create and maintain technical documentation, implementation guides, and best practice frameworks
Standardize delivery methodologies and tooling to enhance team productivity and client outcomes
Presales Support & Business Development
Provide technical expertise during the presales process to support new business opportunities
Assist with project scoping activities, including technical discovery and requirements gathering
Develop Level of Effort (LOE) estimates for proposed IAM implementations and engagements
Contribute to Statement of Work (SOW) development, ensuring technical accuracy and feasibility
Support proposal development with technical content, solution architectures, and implementation approaches
Act as a liaison between the sales organization and delivery practice to ensure smooth handoffs
Participate in client-facing presentations and technical demonstrations during the sales cycle
Provide subject matter expertise to address technical questions and concerns from prospective clients
Collaborate with sales teams to identify opportunities for service expansion and upsell within existing accounts
Minimum Qualifications
Bachelor's degree in Computer Science, Information Security, or related field — or equivalent work experience
3–5+ years of experience in Identity and Access Management engineering or Consulting
Hands-on experience with Okta (Universal Directory, Lifecycle Management, Workflows, API Access Management)
Experience implementing Microsoft Entra ID including Conditional Access, Identity Protection, and Entra Connect
Working knowledge of Ping Identity solutions (PingFederate, PingOne, or PingAccess)
Strong understanding of identity governance, SSO protocols (SAML, OIDC, OAuth), MFA, and access certification
Experience with Windows/Linux server administration and Active Directory
Familiarity with scripting (PowerShell, Python) and REST APIs
Knowledge of common security frameworks and access control principles
Preferred Qualifications
3-5 years of IT Professional services and consulting experience
Professional certifications such as:
Okta Certified Professional / Okta Certified Administrator / Okta Certified Consultant
Microsoft Certified: Identity and Access Administrator Associate
Ping Identity Certified Professional
CISSP, CISM, Security+, CCSP, or similar
Exposure to modern IAM capabilities:
Passwordless authentication (FIDO2, WebAuthn, passkeys)
Decentralized identity and verifiable credentials
Identity threat detection and response (ITDR)
API security and OAuth 2.0 / OpenID Connect
The Team
Coming to the Access Management team means working on the leading edge in the IAM space. As an Access Management Architect, you will be partnering with other engineers and architects to help some of the largest companies in the US implement their own identity and access management programs. From participating in assessments to full delivery of IAM platforms, you can expect to be involved at all levels of interaction with our customers. Your leadership and expertise are critical to providing our customers with the guidance they need, and the excellence they expect from GuidePoint Security.
We partner with the largest vendors in the space to ensure that the latest training is always available to our team. High level communication and collaboration are the standard. Mentorship at all levels, from Senior Architects to Junior Engineers, is foundational to our culture. We don't just talk about work life balance; we facilitate it with an unlimited PTO benefit.
We understand that in order to retain our talented team, leadership must provide regular feedback and coaching. We recruit new members to the team with the understanding that opportunities for growth are important. Whether your goals include future leadership opportunities, becoming an Architect or even moving to another discipline within security in time, the leadership team is focused on partnering with you to help achieve them.