NT

IAM Architect (Entra ID-Focused) Hybrid in Plano

Job summary

Plano

Work model

Hybrid
2 days ago
Job description

Req ID: 373981

NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now.

We are currently seeking an IAM Architect (Entra ID-Focused) to join our team in Plano, Texas (US-TX), United States (US).

Senior IAM Architect with deep expertise in Microsoft Entra ID, leading enterprise identity architecture with a primary focus on cloud identity, conditional access, zero trust, and hybrid identity. Complements Entra ID leadership with strong experience in SailPoint, CyberArk, and PKI.

Role Summary

The Senior IAM Architect is responsible for defining and delivering enterprise identity strategy with a primary focus on Microsoft Entra ID (Azure AD). This role will architect identity platforms, conditional access frameworks, and zero trust controls, while integrating SailPoint (IGA), CyberArk (PAM), and PKI services into a unified identity ecosystem.

The role partners with Security, Cloud, DevOps, and Application teams to ensure identity-first security, automation, and compliance, with Entra ID as the central control plane for workforce, application, and external identities.

Key Responsibilities

Entra ID Architecture & Strategy (Primary Focus)

  • Define and own the enterprise Entra ID architecture, including tenant design, identity governance, and security baselines.
  • Design and implement Conditional Access policies, Zero Trust models, and identity protection controls.
  • Architect hybrid identity solutions (Entra Connect, cloud sync) and identity lifecycle integration across on-prem and cloud.
  • Lead SSO and federation strategy using SAML, OAuth, and OIDC across SaaS and custom applications.
  • Design B2B and B2C identity solutions, including guest access governance and external identity management.
  • Standardize role-based and attribute-based access models aligned to Entra ID capabilities.

Identity Governance & Administration (SailPoint)

  • Integrate SailPoint with Entra ID for identity lifecycle management, provisioning, and certification campaigns.
  • Design role models, entitlement mapping, and automated joiner/mover/leaver workflows.

Privileged Access Management (CyberArk)

  • Align CyberArk PAM strategy with Entra ID, including privileged identity governance and least privilege enforcement.
  • Design secure onboarding patterns for service accounts and privileged access workflows.

PKI and Identity Security Services

  • Define PKI trust architecture and integrate certificate-based authentication with Entra ID.
  • Lead certificate lifecycle automation for users, devices, and workloads.

Automation and Cloud Integration

  • Drive automation of identity processes using SCIM, Graph API, and Infrastructure as Code (Terraform).
  • Enable identity integration across Azure, AWS, and GCP using Entra ID as the identity provider.

Security, Risk, and Compliance

  • Translate compliance and regulatory requirements into Entra ID controls and policies.
  • Lead access reviews, audit readiness, and continuous monitoring of identity risks.

Leadership & Delivery

  • Provide architectural leadership, design governance, and mentorship to IAM engineering teams.
  • Partner with stakeholders to embed identity into enterprise cloud and application strategies.

Required Qualifications

  • 10+ years of IAM experience with strong emphasis on Entra ID / Azure AD architecture and engineering.
  • Demonstrated expertise in:
    • Conditional Access, Identity Protection, and Zero Trust
    • Hybrid identity (AD + Entra ID)
    • Federation (SAML, OAuth, OIDC) and SSO integrations
  • Hands-on experience integrating Entra ID with SailPoint and CyberArk.
  • Strong understanding of identity lifecycle management and access governance.
  • Experience with automation using PowerShell, Microsoft Graph API, Python, or Terraform.
  • Working knowledge of PKI and certificate-based authentication.
  • SIEM/Security monitoring tools experience.

Preferred Qualifications

  • Microsoft certifications: Azure/Entra Identity (SC-300 or equivalent).
  • Experience with Zero Trust implementation frameworks.
  • Experience with Workday or HR-driven identity lifecycle integration.
  • Familiarity with cloud-native security and workload identity (Kubernetes, service principals, managed identities).

Soft Skills

  • Strong communicator with the ability to translate complex identity concepts into business value.
  • Strategic thinker with hands-on technical depth in Entra ID.
  • Proven ability to drive identity transformation programs at scale.

About NTT DATA

NTT DATA is a $30 billion business and technology services leader, serving 75% of the Fortune Global 100. We are committed to accelerating client success and positively impacting society through responsible innovation. As a Global Top Employer, we have experts in more than 50 countries.

NTT DATA is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.