Identity & Access Management (IAM) Architect – PKI Modernization

S

Stratford Solutions Inc.

Identity & Access Management (IAM) Architect – PKI Modernization

Brooklyn, NY
Full Time
Paid
  • Responsibilities

    Job Title: Identity & Access Management (IAM) Architect – PKI Modernization

    Location: 2 Metrotech Brooklyn, NY

    Labor Category: Specialist 3

    Job Type: Contract

    Duration: 12 Months

    Work schedule: Normal business hours Monday-Friday 9am to 5pm, 35 hours/week (not including mandatory unpaid meal break after 6 hours of work).

    Pay Rate: $100 to $110 per hour

    SCOPE OF SERVICES:

    • Assess and develop a roadmap for Client disparate directories consolidation
    • Provide guidance and implementation support for integration with Entra and other IAM security enhancements.
    • Architect and implement Citywide-level PKI modernization, including infrastructure changes for reduced certificate lifespans
    • Advice on governance, compliance, lifecycle management and automation of digital certificates
    • Lead migration planning, risk assessment, and mitigation for directories and PKI modernization
    • Perform technical knowledge transfer, upskilling internal teams on new infrastructure and practices

    TASKS:

    • PKI Architecture, Engineering and Administrator – 40%
    • Entra ID Architecture, Engineering and Administrator – 30%
    • Directory Architecture, Engineering and Administrator – 20%
    • IAM Level 3 Technical Support – 10%

     

    MANDATORY SKILLS/EXPERIENCE Note: Candidates who do not have the mandatory skills will not be considered.

    • 12 years in IAM architect, engineering, administration and operations with focus on directory services and PKI
    • Deep expertise in Active Directory (on-prem and hybrid), Entra ID, and eDirectory
    • Hands-on experience in designing and operating Microsoft PKI, including certificate authority management, certificate lifecycle, and automation
    • Solid understanding of modern authentication/authorization protocols (OAuth, SAML, Kerberos, etc.)
    • Experience with security roadmap development, risk assessment, and compliance (NIST, ISO, SOX or PCI-DSS)
    • Strong documentation, communication, and stakeholder management skills.

     

    DESIRABLE SKILLS/EXPERIENCE:

    • Experience with cloud PKI services
    • Familiarity with Entra ID Governance, Conditional Access Policy, and modern security controls
    • Experience automating PKI workflows (API/script-based certificate management)
    • Multi-forest, multi-tenant IAM architecture expertise
    • Prior experience working with NYC agency
    • Working knowledge of enterprise ITSM, change management, and project management methodologies

     

    SPECIAL REQUIREMENTS: N/A

    • Ability to work cross-functionality with technical and business stakeholders in a complex enterprise
    • Availability to provide after-hours support to critical migrations and incident response