PENNYMAC
Identity and Access Management (IAM) Architect
PENNYMAC, Houston, Texas, United States, 77246
Identity and Access Management (IAM) Architect
Join to apply for the
Identity and Access Management (IAM) Architect
role at
PENNYMAC PENNYMAC
is a specialty financial services firm focused on the production and servicing of U.S. mortgage loans and the management of investments related to the U.S. mortgage market. At Pennymac, our people are the foundation of our success and we work toward a unified goal of helping millions of Americans achieve homeownership through the complete mortgage journey. A Typical Day
As an IAM Architect, you will be the principal owner and strategic visionary for our enterprise-wide IAM ecosystem. You will design, build, and maintain the architectural foundation that secures our corporate data and enables our global workforce. You will architect a modern, scalable, and resilient identity fabric, leveraging industry-leading platforms to support our zero‑trust security model and drive business agility. Key Responsibilities
Strategic Architecture & Platform Oversight:
Provide high‑level oversight of all company identity platforms. Design, own, and evolve the enterprise identity architecture and strategic roadmap, encompassing Workforce and Customer IAM (CIAM). Develop and maintain high‑level and low‑level design documents, standards, and patterns for our core identity platforms. Design robust identity patterns for internal application development and off‑the‑shelf applications.
Implementation & Technical Leadership:
Lead the architectural design of complex federation patterns using Multi‑factor Authentication, SAML 2.0, OAuth 2.0, and OpenID Connect (OIDC) to securely integrate a diverse portfolio of SaaS, cloud applications, and internal applications. Drive and oversee platform improvements, including IDP consolidation and cleanup of existing identity providers. Serve as the senior technical expert on projects involving identity, authentication, and authorization. Provide expert‑level troubleshooting for the most complex identity‑related issues.
Governance, Security & Continuous Improvement:
Partner with the InfoSec team to define and enforce IAM policies, controls, and best practices aligned with a zero‑trust framework. Maintain a strong awareness of security issues and considerations around identity platforms and lead efforts to mitigate and remediate risks. Lead Active Directory management and cleanup initiatives, including modernization, de‑nesting groups, identifying risky service accounts, and performing remediation of over‑privileged accounts and SPNs. Ensure all identity solutions meet stringent security requirements and comply with regulatory standards (e.g., SOX, GDPR, CCPA).
Collaboration & Mentorship:
Collaborate closely with application owners, infrastructure engineers, Infosec, and business stakeholders to translate requirements into secure and scalable identity solutions. Mentor and guide senior engineers, fostering technical excellence and professional growth. Clearly articulate and present complex architectural concepts to technical and non‑technical audiences, including executive leadership.
Qualifications
Required Qualifications
5+ years in a senior role focused specifically on Identity and Access Management. 5+ years of deep, hands‑on experience with Microsoft Active Directory architecture and management. 3+ years of hands‑on experience with SAML IDP/Brokers (e.g., ADFS, Okta, Entra ID, OneLogin). Expert‑level architectural experience with Okta, Active Directory/Entra ID, and Okta (Auth0). Proven experience designing and implementing complex identity federation solutions using SAML 2.0, OAuth 2.0, and OIDC. Experience integrating identity services with enterprise SaaS applications, cloud‑native services, and legacy systems. Ability to conceptualize, design, and implement identity models across systems, ensuring least‑privileged RBAC, strong naming conventions, and rich identity metadata. Proficiency in PowerShell or other scripting/automation languages. Experience architecting identity solutions for major cloud platforms (AWS, GCP). Familiarity with JIRA, ServiceNow, or other ITSM systems.
Preferred Qualifications
Relevant industry certifications (e.g., Okta Certified Technical Architect, Microsoft Certified: Identity and Access Administrator Associate/Expert, CISSP). Knowledge of Infrastructure as Code (IaC) principles and tools (e.g., Terraform). Experience with adjacent security domains, such as Privileged Access Management (PAM) and Identity Governance & Administration (IGA).
Benefits
Comprehensive Medical, Dental, and Vision Paid Time Off Programs including vacation, holidays, illness, and parental leave Wellness Programs, Employee Recognition Programs, and onsite gyms and café‑style dining (select locations) Retirement benefits, life insurance, 401k match, and tuition reimbursement Philanthropy Programs including matching gifts, volunteer grants, charitable grants, and corporate sponsorships Compensation
Individual salary may vary based on multiple factors including specific role, geographic location, and skills and experience as defined below: Lower in range – Building skills and experience in the role Mid‑range – Experience and skills align with proficiency in the role Higher in range – Experience and skills add value above typical requirements of the role Some roles may be eligible for performance‑based compensation and/or stock‑based incentives awarded to employees based on company and individual performance. Salary
$110,000 – $175,000 Work Model
OFFICE
#J-18808-Ljbffr
Join to apply for the
Identity and Access Management (IAM) Architect
role at
PENNYMAC PENNYMAC
is a specialty financial services firm focused on the production and servicing of U.S. mortgage loans and the management of investments related to the U.S. mortgage market. At Pennymac, our people are the foundation of our success and we work toward a unified goal of helping millions of Americans achieve homeownership through the complete mortgage journey. A Typical Day
As an IAM Architect, you will be the principal owner and strategic visionary for our enterprise-wide IAM ecosystem. You will design, build, and maintain the architectural foundation that secures our corporate data and enables our global workforce. You will architect a modern, scalable, and resilient identity fabric, leveraging industry-leading platforms to support our zero‑trust security model and drive business agility. Key Responsibilities
Strategic Architecture & Platform Oversight:
Provide high‑level oversight of all company identity platforms. Design, own, and evolve the enterprise identity architecture and strategic roadmap, encompassing Workforce and Customer IAM (CIAM). Develop and maintain high‑level and low‑level design documents, standards, and patterns for our core identity platforms. Design robust identity patterns for internal application development and off‑the‑shelf applications.
Implementation & Technical Leadership:
Lead the architectural design of complex federation patterns using Multi‑factor Authentication, SAML 2.0, OAuth 2.0, and OpenID Connect (OIDC) to securely integrate a diverse portfolio of SaaS, cloud applications, and internal applications. Drive and oversee platform improvements, including IDP consolidation and cleanup of existing identity providers. Serve as the senior technical expert on projects involving identity, authentication, and authorization. Provide expert‑level troubleshooting for the most complex identity‑related issues.
Governance, Security & Continuous Improvement:
Partner with the InfoSec team to define and enforce IAM policies, controls, and best practices aligned with a zero‑trust framework. Maintain a strong awareness of security issues and considerations around identity platforms and lead efforts to mitigate and remediate risks. Lead Active Directory management and cleanup initiatives, including modernization, de‑nesting groups, identifying risky service accounts, and performing remediation of over‑privileged accounts and SPNs. Ensure all identity solutions meet stringent security requirements and comply with regulatory standards (e.g., SOX, GDPR, CCPA).
Collaboration & Mentorship:
Collaborate closely with application owners, infrastructure engineers, Infosec, and business stakeholders to translate requirements into secure and scalable identity solutions. Mentor and guide senior engineers, fostering technical excellence and professional growth. Clearly articulate and present complex architectural concepts to technical and non‑technical audiences, including executive leadership.
Qualifications
Required Qualifications
5+ years in a senior role focused specifically on Identity and Access Management. 5+ years of deep, hands‑on experience with Microsoft Active Directory architecture and management. 3+ years of hands‑on experience with SAML IDP/Brokers (e.g., ADFS, Okta, Entra ID, OneLogin). Expert‑level architectural experience with Okta, Active Directory/Entra ID, and Okta (Auth0). Proven experience designing and implementing complex identity federation solutions using SAML 2.0, OAuth 2.0, and OIDC. Experience integrating identity services with enterprise SaaS applications, cloud‑native services, and legacy systems. Ability to conceptualize, design, and implement identity models across systems, ensuring least‑privileged RBAC, strong naming conventions, and rich identity metadata. Proficiency in PowerShell or other scripting/automation languages. Experience architecting identity solutions for major cloud platforms (AWS, GCP). Familiarity with JIRA, ServiceNow, or other ITSM systems.
Preferred Qualifications
Relevant industry certifications (e.g., Okta Certified Technical Architect, Microsoft Certified: Identity and Access Administrator Associate/Expert, CISSP). Knowledge of Infrastructure as Code (IaC) principles and tools (e.g., Terraform). Experience with adjacent security domains, such as Privileged Access Management (PAM) and Identity Governance & Administration (IGA).
Benefits
Comprehensive Medical, Dental, and Vision Paid Time Off Programs including vacation, holidays, illness, and parental leave Wellness Programs, Employee Recognition Programs, and onsite gyms and café‑style dining (select locations) Retirement benefits, life insurance, 401k match, and tuition reimbursement Philanthropy Programs including matching gifts, volunteer grants, charitable grants, and corporate sponsorships Compensation
Individual salary may vary based on multiple factors including specific role, geographic location, and skills and experience as defined below: Lower in range – Building skills and experience in the role Mid‑range – Experience and skills align with proficiency in the role Higher in range – Experience and skills add value above typical requirements of the role Some roles may be eligible for performance‑based compensation and/or stock‑based incentives awarded to employees based on company and individual performance. Salary
$110,000 – $175,000 Work Model
OFFICE
#J-18808-Ljbffr