Security Architect

Project Role : Security Architect
Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.
Must have skills : Ping Identity
Good to have skills : NA
Minimum 7.5 year(s) of experience is required
Educational Qualification : 15 years full time education

Summary: Experience in IAM/SI architecture and engineering.The SI Engineer/Architect will be responsible for end-to-end design, development, and delivery of Identity & Access Management (IAM), Directory Services, Privileged Access Management (PAM), Public Key Infrastructure (PKI), and Cloud integration projects. The role involves solution architecture, hands-on engineering, enhancement of existing platforms, and ensuring alignment with enterprise security standards. Roles & Responsibilities: Lead and execute SI initiatives across IAM, IGA, PAM, AD, PKI, and cloud platforms. -Translate business requirements into scalable, secure technical designs. -Develop integration workflows, custom connectors, APIs, and automation scripts. -Coordinate with cross-functional teams for seamless deployment and project success. -Provide LLD/HLD documents, integration diagrams, and architectural artefacts. Design, configure, and implement SailPoint IdentityIQ modules (LCM, Compliance Manager, Certifications). Develop custom rules, workflows, connectors, aggregation tasks, and provisioning logic. Identity lifecycle automation (joiner/mover/leaver), RBAC, role modelling, SoD policies. Upgrade, optimize, and troubleshoot large-scale SailPoint environments. -Ping Federate, PingOne, PingID MFA, Ping Directory, PingOne Cloud Platform -Architect, deploy, and manage SSO, MFA, and federation solutions. -Configure OAuth, OIDC, SAML integrations across enterprise applications. -Implement adaptive authentication, MFA policies and conditional access. -Manage Ping Directory objects, synchronization, schema updates, and data modelling. -Develop custom authentication flows using PingFlows, APIs, hooks, and automation toolkits. -Semperis, AD, Azure AD / Entra ID -Strengthen AD and AAD security posture using Semperis Directory Services Protector (DSP) and DRA. -Monitor and respond to AD anomalies, replication issues, and identity threats. -AD/AAD architecture, GPO design, OU modelling, DNS/DHCP dependencies. -Implement conditional access, identity protection, SSO integrations and secure hybrid identity. -PKI EBCA, Venafi, Microsoft CA -Architect and maintain enterprise PKI solutions for certificates, keys, signing, TLS/SSH. -Integrate Venafi Trust Protection Platform (TPP) for certificate automation. -Manage EBCA-based CA/RA operations, policy enforcement and lifecycle governance. -Create certificate issuance workflows and automate renewal processes using APIs. -Privileged Access Management (PAM) -HashiCorp Vault, Thycotic Secret Server)- Architect and manage PAM platforms for secrets, credentials, and privileged session governance. -Implement automated secret rotation, vaulting, token-based access, and workflow policies. -Integrate PAM systems with servers, databases, DevOps pipelines, and cloud services. -Develop automation using Vault API, Secret Server API, CLI, or Terraform. -Implement IAM, security, and identity federation in cloud environments. -Manage cloud directory services, access policies, and role-based permissions. -Integration of cloud services with Ping, SailPoint, PAM, PKI, and AD. -Support cloud-native security tools (Azure Identity Protection, AWS IAM, Oracle IAM). -Enterprise Architecture & Governance -Define architecture patterns, guardrails, and integration standards. -Conduct security assessments, gap analysis, and technical risk reviews. -Ensure solutions comply with enterprise security controls and regulatory standards. -Create roadmaps for identity modernization and architecture transformation. Professional & Technical Skills: -Strong hands-on expertise in SailPoint IIQ, Ping Identity suite, and AD/AAD. -Experience with Semperis, PAM systems (HashiCorp, Thycotic), Venafi/EBCA/MS PKI. -Solid understanding of cloud IAM (Azure, AWS, Oracle). -Proficiency in scripting (PowerShell, Python, Bash) and REST/SOAP APIs. -Excellent documentation and stakeholder communication skills. -SailPoint Certified Engineer -Ping Identity Professional/Architect -Microsoft Identity & Access Administrator (SC-300) -AWS / Azure Security Certifications -HashiCorp Vault Associate -Venafi or PKI-specific certifications Additional Information: - The candidate should have minimum 7.5 years of experience in Identity and Access Management (IAM) Operations. - This position is based at our Bengaluru office. - A 15 years full time education is required.