Customer Identity & Access Management (CIAM) Security Architecture Lead

Benefits

Additional Information

IDEXX's Cyber Security and Information Security teams enable a resilient, adaptable, and security-aware enterprise-supporting the technology that delivers trusted products and solutions to customers worldwide. The Customer Identity & Access Management (CIAM) Security Architecture Lead is a senior, high-impact role within the Information Security organization , serving as the primary architectural authority and technical visionary for customer identity across IDEXX's customer-facing ecosystem. This role is responsible for assessing, strengthening, and evolving a secure, scalable, and unified CIAM architecture that supports multiple products, customer types, and integration models-while delivering a consistent, friction-aware customer experience. IDEXX has an existing Auth0 implementation in place; however, this role will lead a comprehensive review and re-architecture of the current environment to ensure it is securely implemented, properly configured, and aligned to enterprise-scale requirements and long-term CIAM vision. While Auth0 is the current CIAM platform, this role maintains a platform-agnostic security architecture perspective, ensuring IDEXX can evolve, extend, or transition CIAM platforms as business, risk, or regulatory needs change . You will bridge executive strategy and hands-on engineering execution-defining not only what is built, but how customer identity integrates into IDEXX's broader cyber security architecture, ensuring identity is a business enabler, not a constraint. In this role, your key responsibilities will include... CIAM Security Architecture & Platform Leadership: Serve as the security architecture authority for customer identity and access management across all customer-facing products Assess the existing Auth0 deployment and lead remediation, reconfiguration, and architectural improvements to meet enterprise security and scale requirements Design and evolve an enterprise CIAM architecture that remains portable across other CIAM platforms (e.g., Okta CIAM, Ping Identity, ForgeRock, Microsoft Entra ID) Establish CIAM security standards, reference architectures, control requirements, and guardrails aligned with Zero Trust principles and enterprise security strategy Strategic Roadmap & Vision Develop and maintain a multi-year CIAM roadmap aligned with enterprise goals and digital transformation initiatives Define future-state capabilities including SSO, MFA, passwordless authentication, adaptive authentication, modern RBAC/ABAC models, and expansion across B2B and B2C use cases Ensure the roadmap addresses remediation of current-state gaps while enabling long-term scalability and consistency Authentication, Authorization & Federation Architect and govern secure authentication and authorization patterns across diverse customer use cases Design and implement federated identity integrations using OIDC, OAuth 2.0, and SAML Support customer-managed and federated identity scenarios, including trust boundary definition, assurance levels, and delegated administration models Multi-Tenant, Admin & Delegated Access Models Architect secure multi-tenant CIAM models supporting multiple products, customers, and environments Design layered administrative and delegated access controls for internal operations and customer administrators Ensure administrative access adheres to least privilege, separation of duties, and strong auditability Integrations, System Accounts & Non-Human Identity Architect CIAM solutions supporting both human customer identities and system, service, and integration accounts Define secure API authentication, token lifecycle management, system to system (internal and external) authentication patterns and non-interactive access patterns Security Controls, Risk & Governance Define and validate security controls, configurations, and assurance requirements for CIAM implementations Ensure CIAM solutions integrate with the broader security ecosystem including SIEM/SOAR, IAM/IGA, monitoring, and fraud detection platforms Partner with GRC, Security Operations, and Product Security teams to perform threat modeling, support audits, and reduce identity-related risk Cross-Functional Leadership & Communication Act as the primary CIAM security advisor to Product, Marketing, IT, Engineering, and Platform teams Translate complex identity and security requirements into clear, consumable architectural guidance Communicate CIAM strategy, risk posture, and progress to VP-level and executive leadership What You Will Need To Succeed... 8+ years of experience in CIAM/IAM with at least 3 years in a lead or security architecture capacity Demonstrated experience assessing, remediating, and scaling existing CIAM implementations in complex environments Deep hands-on experience with Auth0 and at least one additional Tier-1 CIAM platform (e.g., Okta CIAM, Ping Identity, ForgeRock, Microsoft Entra ID) Expertise in OIDC, OAuth 2.0, SAML, FIDO2/ WebAuthn , and SCIM Loc

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at idexx? Share your experience