ZipRecruiter
& Access Management (IAM) Architect - PKI Modernization
ZipRecruiter, New York, New York, us, 10261
Job DescriptionJob Description
Job Title: & Access Management (IAM) Architect – PKI Modernization
Location: 2 MetrotechBrooklyn, NY
Labor Category: Specialist 3
Job Type :
Contract
Duration: 12 Months
Work schedule: Normal business hours Monday-Friday 9am to 5pm, 35 hours/week (not including mandatory unpaid meal break after 6 hours of work).
Pay Rate: $100 to $110 per hour
SCOPE OF SERVICES:
Assess and develop a roadmap for Client disparate directories consolidation
Provide guidance and implementation support for integration with Entra and other IAM security enhancements.
Architect and implement Citywide-level PKI modernization, including infrastructure changes for reduced certificate lifespans
Advice on governance, compliance, lifecycle management and automation of digital certificates
Lead migration planning, risk assessment, and mitigation for directories and PKI modernization
Perform technical knowledge transfer, upskilling internal teams on new infrastructure and practices
TASKS:
PKI Architecture, Engineering and Administrator – 40%
Entra ID Architecture, Engineering and Administrator – 30%
Directory Architecture, Engineering and Administrator – 20%
IAM Level 3 Technical Support – 10%
MANDATORY SKILLS/EXPERIENCE Note: Candidates who do not have the mandatory skills will not be considered.
12 years in IAM architect, engineering, administration and operations with focus on directory services and PKI
Deep expertise in Active Directory (on-prem and hybrid), Entra ID, and eDirectory
Hands-on experience in designing and operating Microsoft PKI, including certificate authority management, certificate lifecycle, and automation
Solid understanding of modern authentication/authorization protocols (OAuth, SAML, Kerberos, etc.)
Experience with security roadmap development, risk assessment, and compliance (NIST, ISO, SOX or PCI-DSS)
Strong documentation, communication, and stakeholder management skills.
DESIRABLE SKILLS/EXPERIENCE:
Experience with cloud PKI services
Familiarity with Entra ID Governance, Conditional Access Policy, and modern security controls
Experience automating PKI workflows (API/script-based certificate management)
Multi-forest, multi-tenant IAM architecture expertise
Prior experience working with NYC agency
Working knowledge of enterprise ITSM, change management, and project management methodologies
SPECIAL REQUIREMENTS: N/A
Ability to work cross-functionality with technical and business stakeholders in a complex enterprise
Availability to provide after-hours support to critical migrations and incident response
Job Title: & Access Management (IAM) Architect – PKI Modernization
Location: 2 MetrotechBrooklyn, NY
Labor Category: Specialist 3
Job Type :
Contract
Duration: 12 Months
Work schedule: Normal business hours Monday-Friday 9am to 5pm, 35 hours/week (not including mandatory unpaid meal break after 6 hours of work).
Pay Rate: $100 to $110 per hour
SCOPE OF SERVICES:
Assess and develop a roadmap for Client disparate directories consolidation
Provide guidance and implementation support for integration with Entra and other IAM security enhancements.
Architect and implement Citywide-level PKI modernization, including infrastructure changes for reduced certificate lifespans
Advice on governance, compliance, lifecycle management and automation of digital certificates
Lead migration planning, risk assessment, and mitigation for directories and PKI modernization
Perform technical knowledge transfer, upskilling internal teams on new infrastructure and practices
TASKS:
PKI Architecture, Engineering and Administrator – 40%
Entra ID Architecture, Engineering and Administrator – 30%
Directory Architecture, Engineering and Administrator – 20%
IAM Level 3 Technical Support – 10%
MANDATORY SKILLS/EXPERIENCE Note: Candidates who do not have the mandatory skills will not be considered.
12 years in IAM architect, engineering, administration and operations with focus on directory services and PKI
Deep expertise in Active Directory (on-prem and hybrid), Entra ID, and eDirectory
Hands-on experience in designing and operating Microsoft PKI, including certificate authority management, certificate lifecycle, and automation
Solid understanding of modern authentication/authorization protocols (OAuth, SAML, Kerberos, etc.)
Experience with security roadmap development, risk assessment, and compliance (NIST, ISO, SOX or PCI-DSS)
Strong documentation, communication, and stakeholder management skills.
DESIRABLE SKILLS/EXPERIENCE:
Experience with cloud PKI services
Familiarity with Entra ID Governance, Conditional Access Policy, and modern security controls
Experience automating PKI workflows (API/script-based certificate management)
Multi-forest, multi-tenant IAM architecture expertise
Prior experience working with NYC agency
Working knowledge of enterprise ITSM, change management, and project management methodologies
SPECIAL REQUIREMENTS: N/A
Ability to work cross-functionality with technical and business stakeholders in a complex enterprise
Availability to provide after-hours support to critical migrations and incident response