West Monroe · 1 day ago
Senior Architect, Identity & Security
Seattle, WA
Full-time
Hybrid
Senior Level, Lead/Staff
$203K/yr - $239K/yr
8+ years expWest Monroe is a global business and technology consulting firm passionate about creating measurable value for clients. They are seeking a Senior Architect, Identity & Security to lead cross-functional teams in designing and modernizing identity and cloud infrastructure solutions, focusing on securing critical IT environments for diverse clients.
Business DevelopmentConsultingInformation ServicesInformation TechnologyService Industry
Responsibilities
Partner with consultants and client leadership to architect, build, and deploy secure and modern Active Directory and Microsoft Entra ID solutions
Assess current-state identity environments and processes, interview stakeholders, define critical requirements, and present practical solution strategies and roadmaps to client executives
Lead the technical design of future-state Active Directory (AD DS) and Entra ID architectures, including privileged access management (PAM) design, tiered administrative access models (e.g., Microsoft’s Enterprise Access Model (EAM), and identity consolidation strategies
Establish and enforce identity architecture standards, best practices, and governance to deliver secure, compliant, and consistent solutions aligned with industry benchmarks (e.g., CIS and Microsoft baselines)
Lead security assessment and remediation planning, including consolidating findings from tools (e.g., Purple Knight, Maester, CIS Benchmark-based configuration assessments (e.g., CIS-CAT)) to create and manage prioritized, risk-based remediation backlogs
Provide expert technical oversight for security remediation initiatives, such as hardening domain controllers, remediating privileged access, resolving Entra Connect sync issues, and restricting legacy protocols
Develop detailed implementation plans, migration strategies, and remediation backlogs (e.g., in Smartsheet or similar project management tools) for AD restructuring, AD consolidation, identity synchronization, and legacy decommissioning
Establish and manage engagement-level governance, quality, and risk, including defining quantitative success criteria, RACI, and clear communications to both technical and executive stakeholders
Support key decision-making on project direction, including technology selections, team workstreams, and delivery methodologies
Mentor junior consultants on technical best practices, solution design, and client engagement
Assist business development efforts through proposals, pre-sales technical discovery, and client presentations
Qualification
Required
8–12+ years of experience in IT architecture, engineering, and/or security with a deep focus on identity solutions
Expert-level knowledge of Active Directory Domain Services (AD DS) design, security, and administration, including: domain/forest architecture, sites/replication, DNS, Group Policy (GPO) management, DC virtualization safeguards, and forest recovery principles
Strong experience with Microsoft Entra ID (formerly Azure AD), including Entra Connect, Conditional Access, modern authentication methods, and Privileged Identity Management (PIM)
Proven experience leading identity migrations (including on-premises to cloud, cross-forest restructurings, and Tenant-to-Tenant (cross-tenant) consolidations), AD remediations, and/or consolidation projects
Experience designing and implementing hybrid authentication patterns between AD DS and Microsoft Entra ID, including pass-through authentication (PTA), Seamless SSO, Cloud Kerberos Trust, and phishing-resistant authentication methods
Proficiency in designing and implementing enterprise Privileged Access Management (PAM) solutions (including typical platforms like CyberArk, Delinea, or similar) and tiered administrative access models (e.g., Tier 0/1/2, Microsoft's Enterprise Access Model (EAM))
Hands-on experience with Active Directory and Microsoft Entra ID security assessment and testing tools (e.g., Purple Knight, PingCastle, Maester, Microsoft Defender for Identity or similar AD threat detection platforms) and hardening methodologies (e.g., CIS Benchmarks and Microsoft security baselines)
Proficiency with AD security hardening techniques such as KRBTGT password rotations, restricting NTLM, Group Policy object (GPO) cleanup, Local Administrator Password Solution (LAPS), implementing resource-based Kerberos constrained delegation (RBKCD), and configuring LDAP signing
Familiarity with migration and directory protection tools (e.g., Quest On-Demand Migration) and identity-driven application dependencies
Strong communication (written and verbal), presentation, client management, and team leadership skills
Willingness to travel for out-of-town client engagements
Preferred
Bachelor's degree in a relevant field preferred, or equivalent experience required
Prior experience in consulting preferred
Familiarity with compliance standards (e.g., NIST, HIPAA, ISO)
Advanced scripting for automation and analysis (e.g., PowerShell)
Knowledge of Infrastructure as Code (Terraform) and DevSecOps practices
Familiarity with application dependency and network flow mapping tools (e.g., Device42, Faddom) used to discover AD-integrated application dependencies and support migration planning or micro segmentation boundaries
Familiarity with Active Directory resilience and recovery tooling (e.g., Semperis, ADEngine) is a plus
Experience migrating from on-premises Active Directory Certificate Services (AD CS) to cloud-native PKI solutions is a plus
Familiarity with enterprise Identity Governance and Administration (IGA) platforms (e.g., SailPoint, Saviynt) to manage and improve periodic access certifications (e.g., moving from spreadsheets to a tool) and run detective Segregation of Duties (SoD) reports
Experience automating identity lifecycles by replacing nightly batch files from a Human Resources Information System (HRIS) with Application Programming Interface (API)-driven syncs or establishing governance for non-employee/contractor identities
Understanding of System for Cross-domain Identity Management (SCIM) or API-based provisioning to automate Joiner-Mover-Leaver (JML) workflows for Software as a Service (SaaS) apps, expanding beyond just core directories and email
Experience with Tier-0 threat monitoring and detection strategies, including security event logging and SIEM integration with Active Directory and other Tier 0 assets
Professional certifications (e.g., Microsoft Identity/SC series, CISSP, CyberArk, Delinea)
Occasional exposure to CIAM platforms (e.g., Microsoft Entra External ID, Okta, Auth0) and associated migration/implementation patterns is a plus but not a core requirement
Benefits
Employees (and their families) are covered by medical, dental, vision, and basic life insurance.
Employees are able to enroll in our company’s 401k plan.
Employees can purchase shares from our employee stock ownership program.
Employees are eligible to receive annual bonuses.
Employees will also receive unlimited flexible time off.
Employees will receive ten paid holidays throughout the calendar year.
Eligibility for ten weeks of paid parental leave will also be available upon hire date.
Company
West Monroe
West Monroe offers digital transformation, analytics, cloud, cyber security, business advisory, and management consulting services.
1001-5000 employees
H1B Sponsorship
West Monroe has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (4)
2024 (2)
2023 (2)
2022 (10)
2021 (7)
Funding
Current Stage
Late StageTotal Funding
unknownKey Investors
MSD Partners
2021-10-15Series Unknown
2020-01-07Acquired
Leadership Team
Gil Mermelstein
Chief Executive Officer
Kevin McCarty
Co-Founder & Executive Chairman of West Monroe
Recent News
Company data provided by crunchbase