Corporate Security Architect

Responsibilities

Identity Architecture & Okta Administration

• Own Northwood's Okta environment end-to-end, including tenant configuration, application integrations, lifecycle management, MFA policy enforcement, and directory synchronization.
• Design and maintain Northwood's SSO architecture, ensuring all corporate and government-facing applications are integrated into a consistent, auditable authentication framework.
• Develop and enforce adaptive authentication policies, step-up MFA configurations, and risk-based access controls aligned to the sensitivity of the systems being accessed.
• Manage Okta workflows and automation to support user provisioning, deprovisioning, and access change processes across the employee and contractor lifecycle.
• Maintain Okta system health, audit logging, and integration reliability, ensuring identity telemetry flows into Northwood's SIEM for continuous monitoring.

RBAC & Access Governance

• Design and implement role-based access control frameworks across Northwood's corporate systems, cloud environments, and government workloads, ensuring access is granted on a least-privilege and need-to-know basis.
• Define and maintain role taxonomies, access request workflows, and entitlement review processes that satisfy CMMC, FedRAMP, and NIST 800-171 access control requirements.
• Conduct periodic access reviews and certification campaigns, working with system owners to validate that entitlements remain appropriate and revoke unnecessary access.
• Develop and maintain access control documentation, including role definitions, provisioning procedures, and audit evidence required for compliance assessments.
• Enforce segregation of duties controls across critical systems, identifying and remediating access conflicts that create compliance or operational risk.

MDM Management & Provisioning

• Architect, deploy, and manage a unified Mobile Device Management (MDM) solution across macOS, Windows, Linux, and iOS/Android endpoints, ensuring consistent security baselines and configuration compliance across all device types.
• Establish and maintain OS-level hardening benchmarks (CIS, DISA STIG) across macOS, Windows, and Linux endpoints, translating requirements into enforced MDM policies and automated remediation workflows
• Define and enforce MDM configuration profiles, compliance policies, and conditional access rules across all managed platforms in alignment with CMMC, NIST 800-53, and organizational security standards

SSO & Application Integration

• Lead SSO onboarding for new SaaS applications, internal tools, and government-facing platforms, ensuring integrations conform to Northwood's authentication standards and security policies.
• Evaluate and enforce SAML, OIDC, and OAuth 2.0 implementation standards across integrated applications, identifying and remediating misconfigurations that introduce identity risk.
• Partner with the Security Engineering Lead to ensure Okta log ingestion, anomaly detection, and identity-based alerting are functioning and continuously tuned within the SIEM environment.
• Support integration of identity controls with endpoint management platforms, ensuring device trust policies are enforced as part of access decisions.

Privileged Access & Secrets Management

• Design and maintain privileged access management controls for administrative accounts, service accounts, and break-glass access procedures across corporate and government environments.
• Define and enforce service account governance standards, including credential rotation policies, least-privilege scoping, and audit logging requirements.
• Collaborate with the Product Security Lead on secrets management integration with identity controls, ensuring service-to-service authentication conforms to zero-trust principles.

Compliance & Cross-Functional Collaboration

• Ensure Northwood's IAM environment satisfies access control requirements across CMMC Level 2, FedRAMP, SOC 2, and ITAR, providing audit evidence and control documentation to the GRC Lead as needed.
• Partner with the GRC Lead to support access control–related audit activities, including evidence collection, assessor walkthroughs, and remediation of identified deficiencies.
• Collaborate with the network engineering team to ensure identity-aware network access controls and Zero Trust policies are consistently enforced across Cloudflare and on-premises environments.
• Develop and maintain IAM architecture documentation, including data flow diagrams, integration maps, and access control matrices that reflect Northwood's current environment.

Basic Qualifications

• 3+ years of hands-on IAM engineering experience, with demonstrated ownership of Okta administration in a production environment.
• Deep Okta expertise, including SSO configuration, lifecycle management, MFA policy enforcement, adaptive authentication, Okta Workflows, and SIEM log integration.
• Strong understanding of SSO protocols including SAML 2.0, OIDC, and OAuth 2.0, with hands-on experience troubleshooting and hardening integrations.
• Experience designing and implementing RBAC frameworks, including role taxonomy development, entitlement reviews, and access certification processes.
• Familiarity with privileged access management concepts, including service account governance, least-privilege enforcement, and administrative access controls.
• Understanding of IAM requirements within government compliance frameworks, including NIST 800-171 access control and identification and authentication control families.
• Experience integrating identity platforms with endpoint management, cloud environments, and security monitoring tooling.
• Ability to obtain and maintain a TS/SCI clearance.
• U.S. citizenship or status as a lawful permanent resident required to conform with ITAR export regulations.

Preferred Qualifications

• Active TS clearance or higher.
• Experience operating Okta in AWS GovCloud or Microsoft GCC environments, including tenant configuration for government workload access controls.
• Familiarity with Okta Identity Governance (OIG) or similar identity governance and administration (IGA) platforms.
• Experience with Cloudflare Zero Trust access policies and integration with Okta for identity-aware network access enforcement.
• Hands-on experience with privileged access management platforms such as CyberArk, BeyondTrust, or equivalent.
• Background in aerospace, defense, critical infrastructure, or other government-adjacent regulated environments.
• Experience supporting CMMC, FedRAMP, or SOC 2 audits in an IAM engineering capacity.
• Okta Certified Administrator, Okta Certified Professional, or equivalent identity platform certification.
• CISSP, CISM, or equivalent professional security certification.