IAM Architect - Okta (Remote in the US)

Position Overview

We are growing! GuidePoint Security is hiring an Access Management Architect to join our implementation team on a full-time basis. This is a fully remote role where we are looking for deep expertise in Okta platform solutions, with particular emphasis on Okta Access Gateway (OAG), Okta Workflows, and API development.

The Access Management Architect is responsible for designing and architecting enterprise-grade Identity and Access Management (IAM) solutions with a primary focus on Okta. This role ensures secure authentication, authorization, and access governance across cloud and on-premises applications for large, complex enterprise environments. The architect will lead technical design efforts, working closely with security, infrastructure, DevOps, and application teams to implement advanced access management architectures and best practices.

Key Responsibilities

Identity & Access Management Platform Operations

• Design, deploy, configure, and manage complex Okta environments including Universal Directory, Lifecycle Management, Workflows, and API Access Management
• Architect and implement Okta Access Gateway (OAG) solutions for header-based authentication and legacy application integration
• Design and manage user lifecycle governance including provisioning, deprovisioning, and access certification workflows
• Architect authentication policies, authorization rules, access workflows, and security controls for enterprise-scale deployments
• Implement and oversee Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Adaptive Authentication across diverse application portfolios
• Ensure adherence to least-privilege and Zero-Trust principles for all user and application identities

Modern Access Management & Identity 

• Lead implementation of modern IAM capabilities such as:
• Just-in-Time (JIT) access provisioning
• Conditional Access and risk-based authentication
• API access management and OAuth/OIDC flows
• Cloud-native identity federation
• Identity lifecycle automation and governance
• Passwordless and phishing-resistant authentication
• Workforce and customer identity management (CIAM)
• Design and build automated identity workflows using Okta Workflows for application onboarding, user access requests, and complex business processes
• Architect low-code/no-code automation solutions to streamline identity operations

Technical Architecture & Engineering

• Lead technical architecture and design for large-scale, complex Okta implementations across global enterprises
• Design integration patterns between Okta and AD/LDAP, cloud directories, SIEM, SCIM provisioning, SAML/OIDC applications, and cloud services (AWS/Azure/GCP)
• Architect Okta Access Gateway (OAG) deployments for securing legacy and on-premises applications
• Design and implement complex Okta Workflows solutions including custom connectors, API integrations, and multi-step automation processes
• Develop custom integrations and automation using API development languages including Python, JavaScript/Node.js, PowerShell, and REST APIs
• Architect identity providers (IdP), service providers (SP), federation protocols, and API gateways for complex enterprise requirements
• Design access governance policies, role-based access control (RBAC), and attribute-based access control (ABAC) frameworks
• Architect directory synchronization, identity federation, and hybrid identity solutions for complex organizational structures
• Lead identity threat detection, anomaly monitoring, and security incident response architecture
• Create technical architecture documentation, solution designs, and implementation roadmaps for enterprise clients

Project Oversight & Client Success

• Lead technical architecture on very large and complex IAM transformation projects
• Provide both strategic and tactical oversight on either a single large client engagement or multiple smaller projects concurrently
• Provide technical guidance and mentorship to delivery team members
• Identify and mitigate technical and project risks, escalating issues when necessary
• Develop and refine standard operating procedures (SOPs) and templates to improve consistency and quality across engagements
• Create and maintain technical architecture documentation, implementation guides, and best practice frameworks

Minimum Qualifications

• Bachelor's degree in Computer Science, Information Security, or related field — or equivalent work experience
• 5–7+ years of experience in Identity and Access Management engineering or Consulting
• Extensive hands-on experience with Okta including Universal Directory, Lifecycle Management, Workflows, and API Access Management
• Proven experience designing and implementing Okta Access Gateway (OAG) solutions
• Strong experience developing complex Okta Workflows including custom connectors and API integrations
• Proficiency in API development languages including Python, JavaScript/Node.js, and PowerShell
• Experience with REST API development and integration
• Proven track record leading technical architecture on large-scale, complex IAM projects for enterprise organizations
• Strong understanding of identity governance, SSO protocols (SAML, OIDC, OAuth), MFA, and access certification
• Experience with Windows/Linux server administration and Active Directory
• Deep knowledge of common security frameworks and access control principles
• Demonstrated ability to design and document complex technical architectures

Preferred Qualifications

• 5-7+ years of IT Professional services and consulting experience
• Experience with very large and complex enterprise IAM transformations
• Professional certifications such as:
• Okta Certified Professional / Okta Certified Administrator / Okta Certified Consultant (highly preferred)
• CISSP, CISM, Security+, CCSP, or similar
• Advanced experience with Okta Workflows including helper flows, error handling, and performance optimization
• Experience with additional API development languages such as Java, Go, or Ruby
• Experience with Microsoft Entra ID (formerly Azure AD) including Conditional Access and Identity Protection (nice-to-have)
• Working knowledge of Ping Identity solutions (PingFederate, PingOne, or PingAccess) (nice-to-have)
• Exposure to modern IAM capabilities:
• Passwordless authentication (FIDO2, WebAuthn, passkeys)
• Decentralized identity and verifiable credentials
• Identity threat detection and response (ITDR)
• API security and OAuth 2.0 / OpenID Connect
• Experience with CI/CD pipelines and Infrastructure as Code (Terraform, CloudFormation)
• Experience with containerization and orchestration (Docker, Kubernetes)

The Team

Coming to the Access Management team means working on the leading edge in the IAM space. As an Access Management Architect, you will be partnering with other engineers and architects to help some of the largest companies in the US implement their own identity and access management programs. You will lead technical architecture on complex, enterprise-scale Okta implementations, from participating in assessments to full delivery of IAM platforms. Your leadership and expertise are critical to providing our customers with the guidance they need, and the excellence they expect from GuidePoint Security.

We partner with the largest vendors in the space to ensure that the latest training is always available to our team. High level communication and collaboration are the standard. Mentorship at all levels, from Senior Architects to Junior Engineers, is foundational to our culture. We don't just talk about work life balance; we facilitate it with an unlimited PTO benefit.

We understand that in order to retain our talented team, leadership must provide regular feedback and coaching. We recruit new members to the team with the understanding that opportunities for growth are important. Whether your goals include future leadership opportunities, becoming an Architect or even moving to another discipline within security in time, the leadership team is focused on partnering with you to help achieve them.