Senior Architect, Identity & Security jobs in United States
cer-icon
Apply on Employer Site
company-logo

West Monroe · 2 months ago

Senior Architect, Identity & Security

positionChicago
timeFull-time
remoteOnsite
senioritySenior Level, Lead/Staff
money$203K/yr - $239K/yr
date8+ years exp

West Monroe is a global business and technology consulting firm, and they are seeking a Senior Principal/Architect specializing in Identity & Security. This role involves leading cross-functional teams to design and modernize identity and cloud infrastructure solutions, focusing on securing critical IT environments for various clients.

Business DevelopmentConsultingInformation ServicesInformation TechnologyService Industry
check
H1B Sponsor Likelynote

Responsibilities

Partner with consultants and client leadership to architect, build, and deploy secure and modern Active Directory and Microsoft Entra ID solutions
Assess current-state identity environments and processes, interview stakeholders, define critical requirements, and present practical solution strategies and roadmaps to client executives
Lead the technical design of future-state Active Directory (AD DS) and Entra ID architectures, including Privileged Access Management (PAM) design, Tiered Administrative Access Models, and identity consolidation strategies
Establish and enforce identity architecture standards, best practices, and governance to deliver secure, compliant, and consistent solutions aligned with industry benchmarks (e.g., CIS and Microsoft baselines)
Lead security assessment and remediation planning, including consolidating findings from tools (e.g., Purple Knight, CIS scans) to create and manage prioritized, risk-based remediation backlogs
Provide expert technical oversight for security remediation initiatives, such as hardening domain controllers, remediating privileged access, resolving Entra Connect sync issues, and restricting legacy protocols
Develop detailed implementation plans, migration strategies, and remediation backlogs (e.g., in Smartsheet or similar project management tools) for AD consolidation, identity synchronization, and legacy decommissioning
Establish and manage engagement-level governance, quality, and risk management, including defining quantitative success criteria, RACI, and managing all technical stakeholder communications
Support key decision-making on project direction, including technology selections, team workstreams, and delivery methodologies
Mentor junior consultants on technical best practices, solution design, and client engagement
Assist business development efforts through proposals, pre-sales technical discovery, and client presentations

Qualification

Active Directory Domain ServicesMicrosoft Entra IDPrivileged Access ManagementIdentity migrationsSecurity assessment toolsAD security hardeningCompliance standardsScripting for automationInfrastructure as CodeClient managementCommunication skillsTeam leadership

Required

Bachelor's degree in a relevant field preferred, or equivalent experience required
8–12+ years of experience in IT architecture, engineering, and/or security with a deep focus on identity solutions
Expert-level knowledge of Active Directory Domain Services (AD DS) design, security, and administration, including: domain/forest architecture, sites/replication, DNS, Group Policy (GPO) management, DC virtualization safeguards, and forest recovery principles
Strong experience with Microsoft Entra ID (formerly Azure AD), including Entra Connect, Conditional Access, and Privileged Identity Management (PIM)
Proven experience leading 'on-prem to cloud' identity migrations, AD remediations, and/or consolidation projects
Proficiency in designing and implementing Privileged Access Management (PAM) solutions (including typical platforms like CyberArk/Delinea) and Tiered Access Models (EAM)
Hands-on experience with AD security assessment tools (e.g., Purple Knight, PingCastle) and hardening methodologies (CIS Benchmarks, Microsoft baselines)
Proficiency with AD security hardening techniques such as LAPS adoption, resource-based Kerberos constrained delegation remediation (RBKCD), and LDAP signing configuration
Familiarity with migration tools (e.g., Quest On-Demand Migration) and identity-driven application dependencies
Strong communication (written and verbal), presentation, client management, and team leadership skills
Willingness to travel for out-of-town client engagements

Preferred

Prior experience in consulting preferred
Familiarity with compliance standards (e.g., NIST, HIPAA, ISO)
Advanced scripting for automation and analysis (e.g., PowerShell)
Knowledge of Infrastructure as Code (Terraform) and DevSecOps practices
Experience with remediation techniques (e.g., KRBTGT password rotation, NTLM restriction, Group Policy cleanup)
Familiarity with application dependency mapping tools (e.g., Device42, Faddom)
Familiarity with enterprise Identity Governance and Administration (IGA) platforms (e.g., SailPoint, Saviynt) to manage and improve periodic access certifications (e.g., moving from spreadsheets to a tool) and run detective Segregation of Duties (SoD) reports
Experience automating identity lifecycles by replacing nightly batch files from a Human Resources Information System (HRIS) with Application Programming Interface (API)-driven syncs or establishing governance for non-employee/contractor identities
Understanding of System for Cross-domain Identity Management (SCIM) or API-based provisioning to automate Joiner-Mover-Leaver (JML) workflows for Software as a Service (SaaS) apps, expanding beyond just core directories and email
Familiarity with security event logging (i.e., security information and event management (SIEM) integration with Active Directory and other tier 0 assets)
Familiarity with common customer identity and access management (CIAM) platforms (Microsoft Entra External ID, Okta, Auth0, etc.) and their migration/implementation patterns
Professional certifications (e.g., Microsoft Identity/SC series, CISSP, CyberArk/Delinea)

Benefits

Medical, dental, vision, and basic life insurance
401k plan
Employee stock ownership program
Annual bonuses
Unlimited flexible time off
Ten paid holidays throughout the calendar year
Ten weeks of paid parental leave

Company

West Monroe

twittertwittertwitter
Glassdoor3.9
company-logo
West Monroe offers digital transformation, analytics, cloud, cyber security, business advisory, and management consulting services.
dateFounded in 2002
location
Chicago, Illinois, USA
people-size1001-5000 employees
web-link
https://www.westmonroe.com

H1B Sponsorship

West Monroe has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (4)
2024 (2)
2023 (2)
2022 (10)
2021 (7)

Funding

Current Stage
Late Stage
Total Funding
unknown
Key Investors
MSD Partners
2021-10-15Series Unknown
2020-01-07Acquired

Leadership Team

leader-logo
Gil Mermelstein
Chief Executive Officer
linkedin
leader-logo
Kevin McCarty
Co-Founder & Executive Chairman of West Monroe
linkedin

Recent News

PR Newswire
West Monroe Named in the 2025 Salesforce Consulting Services Landscape by Independent Research Firm
2026-01-09
PR Newswire
West Monroe Launches Agentic Transformation Service Offering, Powered by Intellio® Agent
2025-12-10
CompTIA
Strategies for retaining top tech talent is the focus of upcoming CompTIA Enterprise Webinar
2025-12-02
Company data provided by crunchbase