AHEAD Logo

AHEAD

Identity Application Architect

Posted 2 Days Ago
Be an Early Applicant
Remote
Hiring Remotely in United States
145K-175K Annually
Senior level
Remote
Hiring Remotely in United States
145K-175K Annually
Senior level
Lead architecture and design of CIAM and IAM solutions across customer, partner, and workforce use cases. Define reference architectures, integration patterns, and identity data models. Guide implementations (Okta, Auth0, Entra ID, cloud, CRM, ITSM), ensure security, scalability, compliance, and mentor teams while producing roadmaps and standards.
The summary above was generated by AI
AHEAD builds platforms for digital business. By weaving together advances in cloud infrastructure, automation and analytics, and software delivery, we help enterprises deliver on the promise of digital transformation.
 
At AHEAD, we prioritize creating a culture of belonging, where all perspectives and voices are represented, valued, respected, and heard. We create spaces to empower everyone to speak up, make change, and drive the culture at AHEAD. 
 
We are an equal opportunity employer, and do not discriminate based on an individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, marital status, or any other protected characteristic under applicable law, whether actual or perceived. 
 
We embrace all candidates that will contribute to the diversification and enrichment of ideas and perspectives at AHEAD. 

The Senior Identity Application Architect, CIAM/IAM, is responsible for leading the architecture, design, and evolution of identity solutions that support secure, scalable, and resilient customer and workforce access across the organization. 

This role defines target-state architecture and implementation patterns for customer identity and access management and enterprise identity and access management, including authentication, authorization, federation, lifecycle orchestration, delegated administration, and identity data flows across cloud and enterprise platforms. 

The architect partners with cybersecurity, infrastructure, application owners, product teams, and business stakeholders to translate business, security, privacy, and user experience requirements into practical identity architectures. This role also provides technical leadership for integrations across platforms such as Okta, Auth0, Azure, AWS, Salesforce, ServiceNow, and custom applications, with an emphasis on security, reliability, maintainability, and business enablement. 

Duties/Responsibilities

    • Lead the architecture and design of CIAM and IAM solutions supporting secure customer, partner, and workforce identity use cases across digital and enterprise environments, including authentication, authorization, federation, lifecycle automation, and secure access patterns. 

    • Define reference architectures, technical standards, guardrails, and integration patterns for identity services and applications using protocols and technologies such as OAuth 2.0, OpenID Connect, SAML, SCIM, LDAP, REST APIs, webhooks, and event-driven architectures. 

    • Architect and guide implementation of identity-enabled applications, APIs, portals, and workflows, including customer onboarding, workforce onboarding, joiner-mover-leaver processes, access requests, delegated administration, MFA, identity proofing, registration, account recovery, consent, and progressive profiling. 

    • Drive architecture decisions for identity data models, directory strategy, attribute governance, role, group, and policy design, and integrations across HR, CRM, ITSM, cloud, and other enterprise platforms. 

    • Evaluate and improve identity platforms, integrations, and access patterns to reduce risk, technical debt, and operational friction while ensuring resilience, scalability, observability, auditability, privacy, and compliance by design. 

    • Produce architecture diagrams, standards, roadmaps, decision records, and implementation guidance, and lead design reviews, governance activities, and stakeholder communication to align delivery with security requirements and strategic objectives. 

    • Mentor engineers and administrators, collaborate with vendors and internal teams, and stay current on IAM and CIAM trends, threats, standards, and capabilities to drive continuous improvement and informed architectural recommendations. 

Education and Experience

    Minimum Required 

    • Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, Software Engineering, or a related field, or equivalent practical experience. 

    • 8+ years of progressive experience in identity and access management, application security, or enterprise architecture, including significant experience designing identity solutions in complex environments. 

    • 5+ years of experience architecting or leading implementations for CIAM and/or IAM platforms, including authentication, federation, authorization, and lifecycle orchestration use cases. 

    • Practical experience designing integrations across identity providers, cloud platforms, customer-facing applications, HR systems, CRM platforms, IT service management systems, and related enterprise applications. 

    • Expertise in platforms and services such as Okta, Auth0, Microsoft Entra ID, AWS, Azure, Salesforce, ServiceNow, or comparable identity and business platforms. 

    • Demonstrated success in leading technical design for secure APIs, identity-aware applications, and event-driven or service-based integrations. 

    • Required certification in at least one relevant identity or cybersecurity discipline, such as CISSP, CCSP, IDPro, Okta Certified Administrator or Developer, Microsoft SC-300, AWS Security Specialty, or comparable credentials. 

Required Knowledge, Skills, Abilities

    • Strong expertise in IAM and CIAM architecture, including authentication, authorization, federation, identity lifecycle management, provisioning and deprovisioning, delegated administration, and access governance concepts. 

    • Deep understanding of identity standards and protocols, including OAuth 2.0, OpenID Connect, SAML, SCIM, and related token, session, and federation concepts. 

    • Experience designing customer identity journeys with attention to registration, login, MFA, passwordless options, account recovery, consent, profile management, and user experience. 

    • Experience designing enterprise IAM patterns for role-based access, attribute-based access, entitlement management, least privilege, and segregation of duties. 

    • Strong understanding of identity-related security principles, including session security, secrets protection, API security, bot and fraud considerations, logging, monitoring, threat modeling, and auditability. 

    • Ability to define architecture roadmaps, target states, transition plans, and decision frameworks for identity modernization initiatives. 

    • Experience working across engineering, infrastructure, security, product, and business teams to align requirements and drive implementation outcomes. 

    • Ability to review solution designs and code or configuration patterns at the right level to ensure architectural alignment without owning every implementation detail. 

    • Familiarity with modern software and platform engineering practices, including CI/CD, infrastructure as code, automated testing, observability, and secure development practices. 

    • Demonstrated willingness and ability to adopt AI-assisted engineering tools for code generation, code review, test creation, and developer productivity, using tools such as Claude, GitHub Copilot, Cursor, or similar technologies in a secure and effective manner. 

    • Strong written and verbal communication skills, including the ability to present architecture decisions, tradeoffs, and recommendations to technical and executive stakeholders. 

    • Strong problem-solving skills and the ability to diagnose complex identity, integration, and access issues across distributed systems. 

    • Demonstrated experience addressing emerging identity control challenges related to agentic AI, non-human identities, machine identities, and modern IAM governance patterns. 

The compensation range indicated in this posting reflects the On-Target Earnings (“OTE”) for this role, which includes a base salary and any applicable target bonus amount. This OTE range may vary based on the candidate’s relevant experience, qualifications, and geographic location.  
 
Why AHEAD:
 
Through our daily work and internal groups like Moving Women AHEAD and RISE AHEAD, we value and benefit from diversity of people, ideas, experience, and everything in between.
 
We fuel growth by stacking our office with top-notch technologies in a multi-million-dollar lab, by encouraging cross department training and development, sponsoring certifications and credentials for continued learning.
 
USA Employment Benefits include: 
- Medical, Dental, and Vision Insurance 
- 401(k) 
- Paid company holidays 
- Paid time off 
- Paid parental and caregiver leave 
- Plus more! See benefits https://www.aheadbenefits.com/ for additional details. 
 
Use of AI:
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, assessing responses, or to capture recordings and create transcriptions or summaries during interviews. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans.
 
If you would like more information about how your data is processed, please refer to the Candidate Privacy Notice or contact us at [email protected]
 
You may opt-out of the review or analysis of your application and resume by AI tools by using the General Application. Please include the role you wish to apply for in the Additional Information field. You may also choose to opt-out of recording and transcription at any time, including after joining an interview.  Candidates will not be penalized for choosing to opt-out.

Similar Jobs

20 Minutes Ago
In-Office or Remote
2 Locations
258K-624K Annually
Senior level
258K-624K Annually
Senior level
Artificial Intelligence • Cloud • Information Technology • Consulting
Define and execute global channel strategy for Security & SASE across partner types. Provide strategic leadership, governance, and partner standards; influence GEO execution; represent HPE at partner and analyst forums; align cross-functional GTM, product, and sales teams; incubate and scale channel programs to drive partner adoption, mindshare, and measurable growth.
Top Skills: NetworkingSaseSecurity
21 Minutes Ago
In-Office or Remote
10 Locations
175K-412K Annually
Senior level
175K-412K Annually
Senior level
Artificial Intelligence • Cloud • Information Technology • Consulting
Customer-facing presales role designing and demonstrating SASE, Zero Trust, SD‑WAN, and cloud security solutions. Lead technical discovery, run demos/POCs, respond to RFPs, integrate HPE + Juniper portfolios, and support sales pursuits while providing product feedback.
Top Skills: Aruba CentralAWSAzureBgpCasbClearpassDemDnsEdgeconnect Sd-WanGCPHpe Aruba Networking SaseHttp/SIds/IpsIpsecJuniper SrxNext-Generation FirewallOauthOidcOspfSAMLSaseSd-WanSseSsl-VpnSsoSwgTcp/IpTlsZero TrustZtna
21 Minutes Ago
In-Office or Remote
11 Locations
175K-412K Annually
Senior level
175K-412K Annually
Senior level
Artificial Intelligence • Cloud • Information Technology • Consulting
Customer-facing presales role designing and demonstrating SASE, Zero Trust, SD‑WAN and cloud-delivered security solutions. Lead technical discovery, deliver demos/POCs/workshops, respond to RFPs, and collaborate with sales, partners, and engineering. Provide field feedback and travel regionally to support deals and events.
Top Skills: Aruba CentralAWSAzureBgpCasbCcnpCisspClearpassDemDnsEdgeconnect Sd-WanGCPHpe Aruba NetworkingHttp/SIds/IpsIpsecJuniper SrxNext-Generation FirewallOauthOidcOspfSAMLSaseSd-WanSecurity+SseSsl-VpnSsoSwgTcp/IpTlsZero TrustZtna

What you need to know about the Boston Tech Scene

Boston is a powerhouse for technology innovation thanks to world-class research universities like MIT and Harvard and a robust pipeline of venture capital investment. Host to the first telephone call and one of the first general-purpose computers ever put into use, Boston is now a hub for biotechnology, robotics and artificial intelligence — though it’s also home to several B2B software giants. So it’s no surprise that the city consistently ranks among the greatest startup ecosystems in the world.

Key Facts About Boston Tech

  • Number of Tech Workers: 269,000; 9.4% of overall workforce (2024 CompTIA survey)
  • Major Tech Employers: Thermo Fisher Scientific, Toast, Klaviyo, HubSpot, DraftKings
  • Key Industries: Artificial intelligence, biotechnology, robotics, software, aerospace
  • Funding Landscape: $15.7 billion in venture capital funding in 2024 (Pitchbook)
  • Notable Investors: Summit Partners, Volition Capital, Bain Capital Ventures, MassVentures, Highland Capital Partners
  • Research Centers and Universities: MIT, Harvard University, Boston College, Tufts University, Boston University, Northeastern University, Smithsonian Astrophysical Observatory, National Bureau of Economic Research, Broad Institute, Lowell Center for Space Science & Technology, National Emerging Infectious Diseases Laboratories

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account