IAM Architect - Okta
Position Overview
We are growing! GuidePoint Security is hiring an Access Management Architect to join our implementation team on a full-time basis. This is a fully remote role where we are looking for deep expertise in Okta platform solutions, with particular emphasis on Okta Access Gateway (OAG), Okta Workflows, and API development.
The Access Management Architect is responsible for designing and architecting enterprise-grade Identity and Access Management (IAM) solutions with a primary focus on Okta. This role ensures secure authentication, authorization, and access governance across cloud and on-premises applications for large, complex enterprise environments. The architect will lead technical design efforts, working closely with security, infrastructure, DevOps, and application teams to implement advanced access management architectures and best practices.
Key Responsibilities
Identity & Access Management Platform Operations
Design, deploy, configure, and manage complex Okta environments including Universal Directory, Lifecycle Management, Workflows, and API Access Management
Architect and implement Okta Access Gateway (OAG) solutions for header-based authentication and legacy application integration
Design and manage user lifecycle governance including provisioning, deprovisioning, and access certification workflows
Architect authentication policies, authorization rules, access workflows, and security controls for enterprise-scale deployments
Implement and oversee Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Adaptive Authentication across diverse application portfolios
Ensure adherence to least-privilege and Zero-Trust principles for all user and application identities
Modern Access Management & Identity
Lead implementation of modern IAM capabilities such as:
Just-in-Time (JIT) access provisioning
Conditional Access and risk-based authentication
API access management and OAuth/OIDC flows
Cloud-native identity federation
Identity lifecycle automation and governance
Passwordless and phishing-resistant authentication
Workforce and customer identity management (CIAM)
Design and build automated identity workflows using Okta Workflows for application onboarding, user access requests, and complex business processes
Architect low-code/no-code automation solutions to streamline identity operations
Technical Architecture & Engineering
Lead technical architecture and design for large-scale, complex Okta implementations across global enterprises
Design integration patterns between Okta and AD/LDAP, cloud directories, SIEM, SCIM provisioning, SAML/OIDC applications, and cloud services (AWS/Azure/GCP)
Architect Okta Access Gateway (OAG) deployments for securing legacy and on-premises applications
Design and implement complex Okta Workflows solutions including custom connectors, API integrations, and multi-step automation processes
Develop custom integrations and automation using API development languages including Python, JavaScript/Node.js, PowerShell, and REST APIs
Architect identity providers (IdP), service providers (SP), federation protocols, and API gateways for complex enterprise requirements
Design access governance policies, role-based access control (RBAC), and attribute-based access control (ABAC) frameworks
Architect directory synchronization, identity federation, and hybrid identity solutions for complex organizational structures
Lead identity threat detection, anomaly monitoring, and security incident response architecture
Create technical architecture documentation, solution designs, and implementation roadmaps for enterprise clients
Project Oversight & Client Success
Lead technical architecture on very large and complex IAM transformation projects
Provide both strategic and tactical oversight on either a single large client engagement or multiple smaller projects concurrently
Provide technical guidance and mentorship to delivery team members
Identify and mitigate technical and project risks, escalating issues when necessary
Develop and refine standard operating procedures (SOPs) and templates to improve consistency and quality across engagements
Create and maintain technical architecture documentation, implementation guides, and best practice frameworks
Minimum Qualifications
Bachelor's degree in Computer Science, Information Security, or related field — or equivalent work experience
5–7+ years of experience in Identity and Access Management engineering or Consulting
Extensive hands-on experience with Okta including Universal Directory, Lifecycle Management, Workflows, and API Access Management
Proven experience designing and implementing Okta Access Gateway (OAG) solutions
Strong experience developing complex Okta Workflows including custom connectors and API integrations
Proficiency in API development languages including Python, JavaScript/Node.js, and PowerShell
Experience with REST API development and integration
Proven track record leading technical architecture on large-scale, complex IAM projects for enterprise organizations
Strong understanding of identity governance, SSO protocols (SAML, OIDC, OAuth), MFA, and access certification
Experience with Windows/Linux server administration and Active Directory
Deep knowledge of common security frameworks and access control principles
Demonstrated ability to design and document complex technical architectures
Preferred Qualifications
5-7+ years of IT Professional services and consulting experience
Experience with very large and complex enterprise IAM transformations
Professional certifications such as:
Okta Certified Professional / Okta Certified Administrator / Okta Certified Consultant (highly preferred)
CISSP, CISM, Security+, CCSP, or similar
Advanced experience with Okta Workflows including helper flows, error handling, and performance optimization
Experience with additional API development languages such as Java, Go, or Ruby
Experience with Microsoft Entra ID (formerly Azure AD) including Conditional Access and Identity Protection (nice-to-have)
Working knowledge of Ping Identity solutions (PingFederate, PingOne, or PingAccess) (nice-to-have)
Exposure to modern IAM capabilities:
Passwordless authentication (FIDO2, WebAuthn, passkeys)
Decentralized identity and verifiable credentials
Identity threat detection and response (ITDR)
API security and OAuth 2.0 / OpenID Connect
Experience with CI/CD pipelines and Infrastructure as Code (Terraform, CloudFormation)
Experience with containerization and orchestration (Docker, Kubernetes)
The Team
Coming to the Access Management team means working on the leading edge in the IAM space. As an Access Management Architect, you will be partnering with other engineers and architects to help some of the largest companies in the US implement their own identity and access management programs. You will lead technical architecture on complex, enterprise-scale Okta implementations, from participating in assessments to full delivery of IAM platforms. Your leadership and expertise are critical to providing our customers with the guidance they need, and the excellence they expect from GuidePoint Security.
We partner with the largest vendors in the space to ensure that the latest training is always available to our team. High level communication and collaboration are the standard. Mentorship at all levels, from Senior Architects to Junior Engineers, is foundational to our culture. We don't just talk about work life balance; we facilitate it with an unlimited PTO benefit.
We understand that in order to retain our talented team, leadership must provide regular feedback and coaching. We recruit new members to the team with the understanding that opportunities for growth are important. Whether your goals include future leadership opportunities, becoming an Architect or even moving to another discipline within security in time, the leadership team is focused on partnering with you to help achieve them.
About the job
Apply for this position
IAM Architect - Okta
Position Overview
We are growing! GuidePoint Security is hiring an Access Management Architect to join our implementation team on a full-time basis. This is a fully remote role where we are looking for deep expertise in Okta platform solutions, with particular emphasis on Okta Access Gateway (OAG), Okta Workflows, and API development.
The Access Management Architect is responsible for designing and architecting enterprise-grade Identity and Access Management (IAM) solutions with a primary focus on Okta. This role ensures secure authentication, authorization, and access governance across cloud and on-premises applications for large, complex enterprise environments. The architect will lead technical design efforts, working closely with security, infrastructure, DevOps, and application teams to implement advanced access management architectures and best practices.
Key Responsibilities
Identity & Access Management Platform Operations
Design, deploy, configure, and manage complex Okta environments including Universal Directory, Lifecycle Management, Workflows, and API Access Management
Architect and implement Okta Access Gateway (OAG) solutions for header-based authentication and legacy application integration
Design and manage user lifecycle governance including provisioning, deprovisioning, and access certification workflows
Architect authentication policies, authorization rules, access workflows, and security controls for enterprise-scale deployments
Implement and oversee Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Adaptive Authentication across diverse application portfolios
Ensure adherence to least-privilege and Zero-Trust principles for all user and application identities
Modern Access Management & Identity
Lead implementation of modern IAM capabilities such as:
Just-in-Time (JIT) access provisioning
Conditional Access and risk-based authentication
API access management and OAuth/OIDC flows
Cloud-native identity federation
Identity lifecycle automation and governance
Passwordless and phishing-resistant authentication
Workforce and customer identity management (CIAM)
Design and build automated identity workflows using Okta Workflows for application onboarding, user access requests, and complex business processes
Architect low-code/no-code automation solutions to streamline identity operations
Technical Architecture & Engineering
Lead technical architecture and design for large-scale, complex Okta implementations across global enterprises
Design integration patterns between Okta and AD/LDAP, cloud directories, SIEM, SCIM provisioning, SAML/OIDC applications, and cloud services (AWS/Azure/GCP)
Architect Okta Access Gateway (OAG) deployments for securing legacy and on-premises applications
Design and implement complex Okta Workflows solutions including custom connectors, API integrations, and multi-step automation processes
Develop custom integrations and automation using API development languages including Python, JavaScript/Node.js, PowerShell, and REST APIs
Architect identity providers (IdP), service providers (SP), federation protocols, and API gateways for complex enterprise requirements
Design access governance policies, role-based access control (RBAC), and attribute-based access control (ABAC) frameworks
Architect directory synchronization, identity federation, and hybrid identity solutions for complex organizational structures
Lead identity threat detection, anomaly monitoring, and security incident response architecture
Create technical architecture documentation, solution designs, and implementation roadmaps for enterprise clients
Project Oversight & Client Success
Lead technical architecture on very large and complex IAM transformation projects
Provide both strategic and tactical oversight on either a single large client engagement or multiple smaller projects concurrently
Provide technical guidance and mentorship to delivery team members
Identify and mitigate technical and project risks, escalating issues when necessary
Develop and refine standard operating procedures (SOPs) and templates to improve consistency and quality across engagements
Create and maintain technical architecture documentation, implementation guides, and best practice frameworks
Minimum Qualifications
Bachelor's degree in Computer Science, Information Security, or related field — or equivalent work experience
5–7+ years of experience in Identity and Access Management engineering or Consulting
Extensive hands-on experience with Okta including Universal Directory, Lifecycle Management, Workflows, and API Access Management
Proven experience designing and implementing Okta Access Gateway (OAG) solutions
Strong experience developing complex Okta Workflows including custom connectors and API integrations
Proficiency in API development languages including Python, JavaScript/Node.js, and PowerShell
Experience with REST API development and integration
Proven track record leading technical architecture on large-scale, complex IAM projects for enterprise organizations
Strong understanding of identity governance, SSO protocols (SAML, OIDC, OAuth), MFA, and access certification
Experience with Windows/Linux server administration and Active Directory
Deep knowledge of common security frameworks and access control principles
Demonstrated ability to design and document complex technical architectures
Preferred Qualifications
5-7+ years of IT Professional services and consulting experience
Experience with very large and complex enterprise IAM transformations
Professional certifications such as:
Okta Certified Professional / Okta Certified Administrator / Okta Certified Consultant (highly preferred)
CISSP, CISM, Security+, CCSP, or similar
Advanced experience with Okta Workflows including helper flows, error handling, and performance optimization
Experience with additional API development languages such as Java, Go, or Ruby
Experience with Microsoft Entra ID (formerly Azure AD) including Conditional Access and Identity Protection (nice-to-have)
Working knowledge of Ping Identity solutions (PingFederate, PingOne, or PingAccess) (nice-to-have)
Exposure to modern IAM capabilities:
Passwordless authentication (FIDO2, WebAuthn, passkeys)
Decentralized identity and verifiable credentials
Identity threat detection and response (ITDR)
API security and OAuth 2.0 / OpenID Connect
Experience with CI/CD pipelines and Infrastructure as Code (Terraform, CloudFormation)
Experience with containerization and orchestration (Docker, Kubernetes)
The Team
Coming to the Access Management team means working on the leading edge in the IAM space. As an Access Management Architect, you will be partnering with other engineers and architects to help some of the largest companies in the US implement their own identity and access management programs. You will lead technical architecture on complex, enterprise-scale Okta implementations, from participating in assessments to full delivery of IAM platforms. Your leadership and expertise are critical to providing our customers with the guidance they need, and the excellence they expect from GuidePoint Security.
We partner with the largest vendors in the space to ensure that the latest training is always available to our team. High level communication and collaboration are the standard. Mentorship at all levels, from Senior Architects to Junior Engineers, is foundational to our culture. We don't just talk about work life balance; we facilitate it with an unlimited PTO benefit.
We understand that in order to retain our talented team, leadership must provide regular feedback and coaching. We recruit new members to the team with the understanding that opportunities for growth are important. Whether your goals include future leadership opportunities, becoming an Architect or even moving to another discipline within security in time, the leadership team is focused on partnering with you to help achieve them.