Name	Description	Retention Period
_mg	This cookie used for the user's authentication.	Session
savedjobs	This cookie stores the job offers selected as favourites by the visitor.	Session
allowedCookie	This cookie stores whether a decision has already been made to use cookies or not.	Session
allowedUserCookieCategories	This cookie stores the consent given by the visitor to the use of cookies and to the integration of third-party content (see below for selection) for current session.	Session
ASP.NET_SessionId	This cookie stores the visitors session state to ensure smooth communication between server and client.	Session
lang	This cookie stores the language chosen by the visitor for the duration of the session.	Session
sxa_site	This cookie stores the name of the site	Session
theme	This cookie stores the theme value	Session
__RequestVerificationToken	This cookie stores the visitors request verification token to ensure smooth communication between server and client.	Session

Name	Description	Retention Period
savedjobsfuture	This cookie stores the job offers selected as favourites selected by the visitor for future sessions, in case preference cookies were accepted.	30 days
consentfuture	This cookie stores the consent given by the visitor to the use of cookies and to the integration of third-party content (see below for selection) for future sessions.	390 days
langfuture	This cookie stores the language selected by the visitor for future sessions, in case preference cookies were accepted.	390 days
themefuture	This cookie stores the theme selected by the visitor for future sessions, in case preference cookies were accepted.	390 days

Name	Description	Retention Period
_ga	This cookie is used to distinguish users. We use the web analysis service Google Analytics of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google") on our website. For details, please refer to the cookie policy of Google Analytics	2 Years
_ga_property-id	This cookie is used to persist session state. We use the web analysis service Google Analytics of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google") on our website. For details, please refer to the cookie policy of Google Analytics	2 Years

Name	Description	Retention Period
YouTube	The YouTube videos embedded on these pages use a number of cookies for display. For details, please refer to the privacy policy of Google.	For details, please refer to the privacy policy of the service provider mentioned in the description.
Google Maps	The Google Maps content embedded on these pages use a number of cookies for display. For details, please refer to the privacy policy of Google.	For details, please refer to the privacy policy of the service provider mentioned in the description.
starred	The Starred feedback form offered on the career pages does not use cookies. For further information, see Starred's privacy policy.	None – for further information, please refer to Starred's privacy policy.

Solution Architect - IAM

Key Facts

Professionals
Professionals
Information Technology
Information Technology
Full time
Full time
Pune, Maharastra, India
Pune, Maharastra, India

Job Description

Solution Architect – Microsoft Entra ID, Active Directory & CyberArk PAM

Role Summary

We are seeking an experienced Solution Architect to define and drive the identity and privileged access management (PAM) architecture across a hybrid Microsoft Entra ID and On‑Prem Active Directory environment, with deep expertise in CyberArk PAM solutions.

This role owns the end‑to‑end design, integration, and governance of identity and privileged access controls, ensuring alignment with enterprise IAM strategy, Zero Trust principles, and regulatory requirements. The architect will work closely with IAM engineers, security teams, infrastructure, application owners, and DevOps teams to deliver secure, scalable, and compliant solutions.

Key Responsibilities

Identity & Access Architecture (Entra ID & Active Directory)

Define and own the hybrid identity architecture across Microsoft Entra ID and On‑Prem Active Directory
Design secure authentication and authorization models:
- Conditional Access
- MFA and authentication strengths
- Passwordless authentication (FIDO2, Windows Hello for Business)
Define hybrid identity patterns including Entra Connect and authentication models
Establish identity standards and guardrails aligned with Zero Trust architecture

Privileged Access Management (CyberArk)

Define and drive Privileged Access Management (PAM) architecture using CyberArk, aligned with the enterprise IAM strategy
Lead the design and implementation of privileged access controls across:
- Servers
- Endpoints
- Databases
- Applications
Integrate PAM with Access Management capabilities:
- SSO
- MFA
- Microsoft Entra ID
Integrate CyberArk with the broader enterprise security ecosystem, including:
- SIEM platforms
- ITSM tools
Define and enforce least privilege and Zero Trust principles across infrastructure and endpoints
Drive secrets management strategy for applications using:
- CyberArk Conjur
- CyberArk CCP
Collaborate with application, infrastructure, and DevOps teams to enable secure credential management and automation
Provide architectural guidance for CyberArk EPM‑based endpoint privilege control

Solution Design & Integration

Design secure integrations between:
- Entra ID
- Active Directory
- CyberArk PAM platforms
- On‑prem, cloud, and SaaS applications
Define application onboarding patterns:
- SSO and federation
- Privileged access flows
- Secrets consumption models
Ensure solutions are scalable, resilient, and auditable

Architecture, Strategy & Governance

Define the PAM roadmap and maturity model, aligned with IAM and enterprise security strategy
Establish standards for:
- Privileged account onboarding
- Password rotation
- Session recording and monitoring
Drive risk reduction initiatives, including:
- Removal of standing administrative access
- Credential hardening
Ensure audit readiness and compliance for privileged access:
- SOX
- ISO
- GDPR
Participate in threat modeling, security reviews, and risk assessments

Leadership & Collaboration

Act as the design authority for identity and PAM solutions
Partner with:
- IAM and PAM engineering teams
- Security architecture
- Cloud and infrastructure teams
- Application owners
Review and approve technical designs and implementations
Provide architectural guidance and mentorship to senior engineers

Required Skills & Expertise

CyberArk & PAM

Strong expertise in CyberArk PAS, EPM, CCP, and Conjur
Deep understanding of privileged access risks, controls, and governance models
Hands‑on experience designing and integrating PAM solutions at enterprise scale

Microsoft Identity

Microsoft Entra ID (P2)
Conditional Access and Identity Protection
Privileged Identity Management (PIM)
Entra Connect and hybrid authentication
Active Directory security and tiered admin models

Operating Systems & Platforms

Strong knowledge of:
- Windows privilege models
- Unix/Linux privilege models
- Active Directory security concepts

Automation & Integration

Hands‑on experience with automation and integration using:
- REST APIs
- PowerShell
- Python
Experience integrating PAM into CI/CD and automated workflows

Security & Architecture

Zero Trust architecture
Least privilege enforcement
Identity‑based and privileged access attack techniques and mitigations

Nice to Have

Exposure to cloud PAM use cases across:
- Azure
- AWS
- GCP
Experience with DevOps and cloud‑native environments
CyberArk certifications:
- Sentry
- CDE
Microsoft security certifications (SC‑300, AZ‑500)
CISSP or equivalent