Principal Technical Consultant - Identity Focused Security Architect

AHEAD builds platforms for digital business. By weaving together advances in cloud infrastructure, automation and analytics, and software delivery, we help enterprises deliver on the promise of digital transformation.

At AHEAD, we prioritize creating a culture of belonging, where all perspectives and voices are represented, valued, respected, and heard. We create spaces to empower everyone to speak up, make change, and drive the culture at AHEAD.

We are an equal opportunity employer, and do not discriminate based on an individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, marital status, or any other protected characteristic under applicable law, whether actual or perceived.

We embrace all candidates that will contribute to the diversification and enrichment of ideas and perspectives at AHEAD.

The Principal Technical Consultant (PTC) Identity Focused Security Architect is a hands-on delivery leader who designs and leads identity solution implementations in client environments. This role is not purely advisory. You will own identity workstreams end to end, driving architecture, implementation planning, execution oversight, and stakeholder alignment, primarily across Microsoft identity (Active Directory and Entra ID), IGA, and modern authentication patterns (SSO, MFA, passwordless). Experience with other IAM platforms (e.g., Okta) is a strong plus, and PAM experience is a plus as well.

Core responsibilities (Must-haves) :
• Identity architecture and implementation leadership
• Lead identity workstreams from discovery and current state analysis through target state architecture, implementation planning, delivery oversight, and closeout.
• Design and deliver Microsoft identity solutions with a deep focus on Active Directory and Microsoft Entra ID, including hybrid identity patterns where applicable.
• Drive the technical approach for modern authentication and federation capabilities, including SSO, MFA, and passwordless.
• Identity Governance and Administration (IGA) delivery
• Lead and or execute IGA-focused deliverables such as:
• Joiner mover-leaver lifecycle processes
• Provisioning and deprovisioning patterns
• Access request workflows where applicable
• Role and policy model improvement to reduce risk and increase operational clarity
• Access control model design
• Apply and communicate access control methodologies, including RBAC, ABAC, and PBAC, translating business requirements into implementable identity and authorization designs.
• Client-facing consulting and execution
• Own day-to-day technical leadership with clients: requirements sessions, whiteboarding, design reviews, implementation coordination, and executive-ready communication.
• Coordinate delivery across client stakeholders (engineering teams through senior security leaders) to align on priorities, sequencing, and execution plans.
• Produce clear, high-quality deliverables (architecture diagrams, implementation plans, runbooks, and decision documentation).

Required qualifications (absolute musts):
• Strong Microsoft identity architecture and implementation experience, especially Active Directory and Entra ID.
• Hands-on IGA knowledge and delivery experience in real client environments.
• Strong understanding of access control methodologies: RBAC, ABAC, PBAC.
• Strong authentication expertise: SSO, MFA, passwordless, with design and implementation level understanding.
• Demonstrated ability to lead implementation, not just advise: planning, execution oversight, and delivery ownership.
• Proven client-facing consulting capability: stakeholder management, clear communication, and whiteboard-ready technical leadership.

Plus scope responsibilities (nice to haves):
• Support implementations or integrations with other IAM platforms (Okta or comparable solutions).
• Contribute to or support PAM initiatives (Privileged Access Management), such as privileged access workflows, vaulting patterns, and privileged lifecycle controls, when in scope.

Preferred qualifications:
• Experience implementing or supporting Okta or similar IAM platforms.
• PAM experience (Privileged Access Management).
• Scripting or automation exposure (PowerShell, Python) to support identity integrations and operationalization.

What success looks like:
• Clients receive identity architectures that are implementable, not theoretical, backed by an execution plan, and delivered outcomes.
• Identity workstreams are delivered smoothly with strong coordination, clear documentation, and stakeholder alignment.
• Authentication and governance controls measurably improve security posture while supporting business usability.

The compensation range indicated in this posting reflects the On-Target Earnings (“OTE”) for this role, which includes a base salary and any applicable target bonus amount. This OTE range may vary based on the candidate’s relevant experience, qualifications, and geographic location.

Why AHEAD:

Through our daily work and internal groups like Moving Women AHEAD and RISE AHEAD, we value and benefit from diversity of people, ideas, experience, and everything in between.

We fuel growth by stacking our office with top-notch technologies in a multi-million-dollar lab, by encouraging cross department training and development, sponsoring certifications and credentials for continued learning.

USA Employment Benefits include:
- Medical, Dental, and Vision Insurance
- 401(k)
- Paid company holidays
- Paid time off
- Paid parental and caregiver leave
- Plus more! See benefits https://www.aheadbenefits.com/ for additional details.