Identity Application Architect

AHEAD builds platforms for digital business. By weaving together advances in cloud infrastructure, automation and analytics, and software delivery, we help enterprises deliver on the promise of digital transformation.

At AHEAD, we prioritize creating a culture of belonging, where all perspectives and voices are represented, valued, respected, and heard. We create spaces to empower everyone to speak up, make change, and drive the culture at AHEAD.

We are an equal opportunity employer, and do not discriminate based on an individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, marital status, or any other protected characteristic under applicable law, whether actual or perceived.

We embrace all candidates that will contribute to the diversification and enrichment of ideas and perspectives at AHEAD.

The Senior Identity Application Architect, CIAM/IAM, is responsible for leading the architecture, design, and evolution of identity solutions that support secure, scalable, and resilient customer and workforce access across the organization.

This role defines target-state architecture and implementation patterns for customer identity and access management and enterprise identity and access management, including authentication, authorization, federation, lifecycle orchestration, delegated administration, and identity data flows across cloud and enterprise platforms.

The architect partners with cybersecurity, infrastructure, application owners, product teams, and business stakeholders to translate business, security, privacy, and user experience requirements into practical identity architectures. This role also provides technical leadership for integrations across platforms such as Okta, Auth0, Azure, AWS, Salesforce, ServiceNow, and custom applications, with an emphasis on security, reliability, maintainability, and business enablement.

Duties/Responsibilities

Lead the architecture and design of CIAM and IAM solutions supporting secure customer, partner, and workforce identity use cases across digital and enterprise environments, including authentication, authorization, federation, lifecycle automation, and secure access patterns.

Define reference architectures, technical standards, guardrails, and integration patterns for identity services and applications using protocols and technologies such as OAuth 2.0, OpenID Connect, SAML, SCIM, LDAP, REST APIs, webhooks, and event-driven architectures.

Architect and guide implementation of identity-enabled applications, APIs, portals, and workflows, including customer onboarding, workforce onboarding, joiner-mover-leaver processes, access requests, delegated administration, MFA, identity proofing, registration, account recovery, consent, and progressive profiling.

Drive architecture decisions for identity data models, directory strategy, attribute governance, role, group, and policy design, and integrations across HR, CRM, ITSM, cloud, and other enterprise platforms.

Evaluate and improve identity platforms, integrations, and access patterns to reduce risk, technical debt, and operational friction while ensuring resilience, scalability, observability, auditability, privacy, and compliance by design.

Produce architecture diagrams, standards, roadmaps, decision records, and implementation guidance, and lead design reviews, governance activities, and stakeholder communication to align delivery with security requirements and strategic objectives.

Mentor engineers and administrators, collaborate with vendors and internal teams, and stay current on IAM and CIAM trends, threats, standards, and capabilities to drive continuous improvement and informed architectural recommendations.

Education and Experience

Minimum Required

Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, Software Engineering, or a related field, or equivalent practical experience.

8+ years of progressive experience in identity and access management, application security, or enterprise architecture, including significant experience designing identity solutions in complex environments.

5+ years of experience architecting or leading implementations for CIAM and/or IAM platforms, including authentication, federation, authorization, and lifecycle orchestration use cases.

Practical experience designing integrations across identity providers, cloud platforms, customer-facing applications, HR systems, CRM platforms, IT service management systems, and related enterprise applications.

Expertise in platforms and services such as Okta, Auth0, Microsoft Entra ID, AWS, Azure, Salesforce, ServiceNow, or comparable identity and business platforms.

Demonstrated success in leading technical design for secure APIs, identity-aware applications, and event-driven or service-based integrations.

Required certification in at least one relevant identity or cybersecurity discipline, such as CISSP, CCSP, IDPro, Okta Certified Administrator or Developer, Microsoft SC-300, AWS Security Specialty, or comparable credentials.

Required Knowledge, Skills, Abilities

Strong expertise in IAM and CIAM architecture, including authentication, authorization, federation, identity lifecycle management, provisioning and deprovisioning, delegated administration, and access governance concepts.

Deep understanding of identity standards and protocols, including OAuth 2.0, OpenID Connect, SAML, SCIM, and related token, session, and federation concepts.

Experience designing customer identity journeys with attention to registration, login, MFA, passwordless options, account recovery, consent, profile management, and user experience.

Experience designing enterprise IAM patterns for role-based access, attribute-based access, entitlement management, least privilege, and segregation of duties.

Strong understanding of identity-related security principles, including session security, secrets protection, API security, bot and fraud considerations, logging, monitoring, threat modeling, and auditability.

Ability to define architecture roadmaps, target states, transition plans, and decision frameworks for identity modernization initiatives.

Experience working across engineering, infrastructure, security, product, and business teams to align requirements and drive implementation outcomes.

Ability to review solution designs and code or configuration patterns at the right level to ensure architectural alignment without owning every implementation detail.

Familiarity with modern software and platform engineering practices, including CI/CD, infrastructure as code, automated testing, observability, and secure development practices.

Demonstrated willingness and ability to adopt AI-assisted engineering tools for code generation, code review, test creation, and developer productivity, using tools such as Claude, GitHub Copilot, Cursor, or similar technologies in a secure and effective manner.

Strong written and verbal communication skills, including the ability to present architecture decisions, tradeoffs, and recommendations to technical and executive stakeholders.

Strong problem-solving skills and the ability to diagnose complex identity, integration, and access issues across distributed systems.

Demonstrated experience addressing emerging identity control challenges related to agentic AI, non-human identities, machine identities, and modern IAM governance patterns.

The compensation range indicated in this posting reflects the On-Target Earnings (“OTE”) for this role, which includes a base salary and any applicable target bonus amount. This OTE range may vary based on the candidate’s relevant experience, qualifications, and geographic location.

Why AHEAD:

Through our daily work and internal groups like Moving Women AHEAD and RISE AHEAD, we value and benefit from diversity of people, ideas, experience, and everything in between.

We fuel growth by stacking our office with top-notch technologies in a multi-million-dollar lab, by encouraging cross department training and development, sponsoring certifications and credentials for continued learning.

USA Employment Benefits include:

- Medical, Dental, and Vision Insurance

- 401(k)

- Paid company holidays

- Paid time off

- Paid parental and caregiver leave

- Plus more! See benefits https://www.aheadbenefits.com/ for additional details.

Use of AI:

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, assessing responses, or to capture recordings and create transcriptions or summaries during interviews. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans.

If you would like more information about how your data is processed, please refer to the Candidate Privacy Notice or contact us at privacy@ahead.com.

You may opt-out of the review or analysis of your application and resume by AI tools by using the General Application. Please include the role you wish to apply for in the Additional Information field. You may also choose to opt-out of recording and transcription at any time, including after joining an interview. Candidates will not be penalized for choosing to opt-out.