Job Details

Job Title: Principal IAM Architect/Manager

Location: Bay Area or Phoenix or Honolulu (onsite 2 days a week required)

Type: Contract-to-Hire

About the Role

We are seeking a Principal IAM Architect/Manager to lead the design, implementation, and evolution of enterprise security frameworks across a complex hybrid environment. This individual will play a critical role in strengthening identity, access, and endpoint security while partnering closely with cross-functional teams in an enterprise setting.

This is a highly technical, hands-on role suited for someone who thrives in a fast-paced, security-first environment and is comfortable owning initiatives end-to-end.

Note: No C2C or C2H arrangements will be considered. This is a direct contract engagement only. No agencies.

What You'll Do

• Redesign corporate user lifecycle management
• Rearchitect legacy Active Directory and lead migration to InTune
• Design and implement advanced security frameworks, including Active Directory Tiered Administrative Models and Pass-the-Hash mitigation strategies
• Lead efforts across Privileged Access Management (PAM)Privileged Workstations, and Identity Management, leveraging just-in-time (JIT) access models
• Build and deploy hardened system images using Microsoft Deployment Toolkit (MDT) and Autopilot
• Administer and optimize Microsoft Defender for Identity and Intune for hybrid device management
• Develop, enforce, and continuously improve security policies, standards, and best practices
• Oversee and secure hybrid identity environments spanning Azure, AWS, and GCP
• Utilize SIEM tools for threat detection, hunting, and response, incorporating knowledge of modern attack frameworks
• Lead endpoint protection strategies and perform infrastructure and application threat modeling
• Participate in and/or lead red team exercises to evaluate system resilience
• Provide technical leadership and mentorship to junior engineers
• Collaborate cross-functionally to drive security initiatives and continuous improvement

Required Skills & Experience

• Strong experience with Active Directory security architecture and enterprise identity management. Enhanced Security Admin Environment (ESAE) architecture (oftern referred to as red forest, admin forest, or hardened forest)
• Hands-on expertise with Privileged Access Management (PAM) solutions
• Deep knowledge of Microsoft security stack (Intune, Defender for Identity, MDT, Autopilot)
• Experience managing hybrid cloud environments (Azure required; AWS/GCP a plus)
• Proven experience with SIEM tools and threat detection/response
• Solid understanding of endpoint security and threat modeling methodologies
• Experience implementing security frameworks and best practices at scale
• Ability to lead technical initiatives and mentor team members
• Strong troubleshooting skills and a proactive approach to problem-solving
• Familiarity with Zero Trust architecture principles
• Background in large-scale enterprise environments
• Prior experience as a Team Lead or Manager
• Ability to discover and reverse engineer networks without documentation
• Prior experience working cross functionally with teams outside of IT with evidence of creating relationships with business leaders
• Exposure to compliance frameworks (e.g., NIST, CIS)

These Skills Are a Plus

• Use of AI for scripting and documentation (Cursor)
• Experience with Maritime
• Experience with CMMC

Additional Details

• Contract-to-hire engagement
• Group travel to shipping sites over the next 18 months (Honolulu, Phoenix, Oakland, Alaska)
• Enterprise environment with complex hybrid infrastructure
• Opportunity to influence and modernize security posture at scale