Skip to main content
Back to jobs

IAM Solution Architect

External
Metromakro logoMetromakro · Pune, India
Full-timeOn-site2w ago
AWSAzureCI/CDComplianceGCPGDPR
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role

Responsibilities

  • Identity & Access Architecture (Entra ID & Active Directory)
  • Define and own the hybrid identity architecture across Microsoft Entra ID and On‑Prem Active Directory
  • Design secure authentication and authorization models: Conditional Access
  • MFA and authentication strengths
  • Passwordless authentication (FIDO2, Windows Hello for Business)
  • Define hybrid identity patterns including Entra Connect and authentication models
  • Establish identity standards and guardrails aligned with Zero Trust architecture
  • Privileged Access Management (CyberArk)
  • Define and drive Privileged Access Management (PAM) architecture using CyberArk, aligned with the enterprise IAM strategy
  • Lead the design and implementation of privileged access controls across: Servers
  • Endpoints
  • Databases
  • Applications
  • Integrate PAM with Access Management capabilities: SSO
  • MFA
  • Microsoft Entra ID
  • Integrate CyberArk with the broader enterprise security ecosystem, including: SIEM platforms
  • ITSM tools
  • Define and enforce least privilege and Zero Trust principles across infrastructure and endpoints
  • Drive secrets management strategy for applications using: CyberArk Conjur
  • CyberArk CCP
  • Collaborate with application, infrastructure, and DevOps teams to enable secure credential management and automation
  • Provide architectural guidance for CyberArk EPM‑based endpoint privilege control
  • Solution Design & Integration
  • Design secure integrations between: Entra ID
  • Active Directory
  • CyberArk PAM platforms
  • On‑prem, cloud, and SaaS applications
  • Define application onboarding patterns: SSO and federation
  • Privileged access flows
  • Secrets consumption models
  • Ensure solutions are scalable, resilient, and auditable
  • Architecture, Strategy & Governance
  • Define the PAM roadmap and maturity model, aligned with IAM and enterprise security strategy
  • Establish standards for: Privileged account onboarding
  • Password rotation
  • Session recording and monitoring
  • Drive risk reduction initiatives, including: Removal of standing administrative access
  • Credential hardening
  • Ensure audit readiness and compliance for privileged access: SOX
  • ISO
  • GDPR
  • Participate in threat modeling, security reviews, and risk assessments
  • Leadership & Collaboration
  • Act as the design authority for identity and PAM solutions
  • Partner with: IAM and PAM engineering teams
  • Security architecture
  • Cloud and infrastructure teams
  • Application owners
  • Review and approve technical designs and implementations
  • Provide architectural guidance and mentorship to senior engineers
  • Required Skills & Expertise
  • CyberArk & PAM
  • Strong expertise in CyberArk PAS, EPM, CCP, and Conjur
  • Deep understanding of privileged access risks, controls, and governance models
  • Hands‑on experience designing and integrating PAM solutions at enterprise scale
  • Microsoft Identity
  • Microsoft Entra ID (P2)
  • Conditional Access and Identity Protection
  • Privileged Identity Management (PIM)
  • Entra Connect and hybrid authentication
  • Active Directory security and tiered admin models
  • Operating Systems & Platforms
  • Strong knowledge of: Windows privilege models
  • Unix/Linux privilege models
  • Active Directory security concepts
  • Automation & Integration
  • Hands‑on experience with automation and integration using: REST APIs
  • PowerShell
  • Python
  • Experience integrating PAM into CI/CD and automated workflows
  • Security & Architecture
  • Zero Trust architecture
  • Least privilege enforcement
  • Identity‑based and privileged access attack techniques and mitigations

Requirements

  • Exposure to cloud PAM use cases across: Azure
  • AWS
  • GCP
  • Experience with DevOps and cloud‑native environments
  • CyberArk certifications: Sentry
  • CDE
  • Microsoft security certifications (SC‑300, AZ‑500)
  • CISSP or equivalent
  • Graduation OR Post Graduation

Additional Information

Solution Architect - Microsoft Entra ID, Active Directory & CyberArk PAM Role Summary We are seeking an experienced Solution Architect to define and drive the identity and privileged access management (PAM) architecture across a hybrid Microsoft Entra ID and On‑Prem Active Directory environment, with deep expertise in CyberArk PAM solutions. This role owns the end‑to‑end design, integration, and governance of identity and privileged access controls, ensuring alignment with enterprise IAM strategy, Zero Trust principles, and regulatory requirements. The architect will work closely with IAM engineers, security teams, infrastructure, application owners, and DevOps teams to deliver secure, scalable, and compliant solutions.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Metromakro? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect