Senior Information Security Architect - IAM (Hybrid)

Join a team that puts its People First! Since 1889, First American (NYSE: FAF) has believed in its people. We foster an environment where everyone feels welcome, supported, and empowered to innovate and reach their full potential. Our inclusive culture has earned us numerous accolades, including being named to the Fortune 100 Best Companies to Work For list for ten consecutive years. We are committed to being a great place to work for all. For more information, visit www.careers.firstam.com.

We are seeking a highly skilled Senior IAM Security Architect to join our security architecture team. This role requires expertise in designing, implementing, and managing IAM security controls, focusing on identity protection in cloud environments. The ideal candidate will have a strong background in AWS, Azure, and Entra ID (formerly Azure AD), with at least 5 years of experience in IAM security risk assessment and threat modeling. Responsibilities include managing user and non-human identities, access controls, security policies, establishing a Zero Trust identity posture, implementing behavioral risk assessments, and driving automation for identity security. Knowledge of SSO, MFA, and modern authentication protocols is essential.

1. Design secure IAM architectures across platforms (AWS, Azure, Entra ID) in line with best practices.
2. Develop security controls for IAM, including authentication, authorization, role management, identity federation, and privilege management.
3. Establish and maintain a Zero Trust security model for IAM, ensuring continuous verification of access requests.
4. Integrate Zero Trust principles with cloud-native security tools and IAM platforms for seamless, secure access control.
5. Automate risk-based access controls and adaptive authentication based on behavioral signals.
6. Enforce least privilege access principles across cloud and on-prem environments.
7. Design and implement Just-in-Time (JIT) access control mechanisms.
8. Design SSO solutions for seamless and secure access to enterprise applications.
9. Lead the adoption of modern authentication protocols (OAuth 2.0, OpenID Connect, SAML).
10. Implement and manage MFA solutions with risk-based policies.
11. Develop and integrate IAM security controls with cloud platforms like AWS, Azure, and Entra ID.
12. Collaborate with cloud engineers to align IAM security with best practices and compliance standards.
13. Leverage native security features of cloud platforms to design scalable, secure, and automated IAM solutions.
14. Lead migration from Hybrid Active Directory to Entra-ID based authentication, ensuring minimal disruption.
15. Develop security governance frameworks for IAM, focusing on identity lifecycle management, RBAC, and least privilege enforcement.
16. Conduct regular identity governance and access reviews, documenting changes for compliance.
17. Work with cross-functional teams to incorporate IAM security best practices across systems.
18. Stay updated on IAM trends, threats, and technological advancements.
19. Implement automation tools to enhance efficiency in identity management and access control.

1. Bachelor's degree in computer science, Information Security, or related field.
2. Relevant certifications such as CISSP or CIAM preferred.
3. 7+ years in IAM security, with at least 5 years in risk assessment, threat modeling, and security control design.
4. Proven experience with IAM solutions in cloud environments (AWS, Azure, Entra ID).
5. Deep knowledge of IAM security best practices, governance, and policies.
6. Experience with IAM protocols like SSO, MFA, OAuth, SAML, OpenID Connect, and federation.
7. Hands-on risk assessment and threat modeling experience for IAM systems.
8. Experience establishing least privilege and JIT access controls.
9. Expertise in Zero Trust security posture, identity validation, and continuous authentication.
10. Strong skills with Microsoft Entra ID (Azure AD), AWS IAM, Azure Active Directory.
11. Experience integrating IAM with cloud security and hybrid environments.
12. Understanding of RBAC, ABAC, policy enforcement, and JIT provisioning.
13. Proficiency with SSO and MFA implementation, and familiarity with OAuth 2.0, OpenID Connect, SAML.

This role is hybrid, with three days per week in Santa Ana, CA, and may be remote for out-of-area candidates.

Pay Range: $145,000.00 - $193,325.00 annually. Compensation depends on factors including experience, skills, and location.

Our People First Culture celebrates diversity, equity, and inclusion. We support your authentic self at work and are proud to be an equal opportunity employer. We also consider applicants' criminal history in accordance with applicable laws, such as the Los Angeles County Fair Chance Ordinance and the California Fair Chance Act.

Our benefits include medical, dental, vision, 401k, PTO, sick leave, and other perks like an employee stock purchase plan.