New

Principal IAM Architect

Lehi, UT

We’re in an unbelievably exciting area of tech and are fundamentally reshaping the data storage industry. Here, you lead with innovative thinking, grow along with us, and join the smartest team in the industry.

This type of work—work that changes the world—is what the tech industry was founded on. So, if you're ready to seize the endless opportunities and leave your mark, come join us.

SHOULD YOU ACCEPT THIS CHALLENGE...

…. Do you lie awake at night, thinking of NIST SP800-63-3? Do you get shivers when you hear the words “service account”? Does “zero trust” actually mean something to you? As they say, Identity is the new perimeter, and it could be your new frontier here at Pure Storage.

The Global Information Security Office (GISO) at Pure is seeking an Identity and Access Management (IAM) Architect with a proven track record of designing and implementing IAM solutions. You will utilize your strong technical competencies to provide the highest level of implementation capability and technical consultation throughout the organization. You will collaborate with security, IT, engineering, and business teams to develop safe and sane identity processes and solutions while overseeing identity governance, authentication, authorization, privileged access management. You will oversee change management and provide secure baseline configurations, detect errors, and perform validation prior to implementation. This is an activist role, not an “ivory tower” role.

Our ideal candidate plays a pivotal role in safeguarding enterprise digital assets, fostering a secure and seamless user experience, and ensuring regulatory compliance within an ever-evolving technological landscape. As a technical leader, you will drive the creation of the IAM roadmap, design, and partner on the maturity of Pure Storage’s Identity and Access Management platforms and capabilities. 

What You’ll Do

  • Lead the design and implementation of enterprise-wide identity and access management solutions, using comprehensive expertise in Okta and AWS Identity Center.
  • Develop and maintain IAM reference architectures, roadmaps, and best practices to guide technology decisions.
  • Establish platform architecture and design documentation describing business requirements, support processes, platform design, data flow, component interactions, API designs, and related features required by engineers, DevOps, QA, and Operations teams.
  • Lead the evaluation, selection, and integration of IAM technologies.
  • Define policies and processes for identity governance, access recertification, role-based access control (RBAC), and attribute-based access control (ABAC).
  • Collaborate with business partners and the leadership team to understand organizational security goals and lead the creation of technical product roadmaps, including security best practices and emerging technologies that ensure our identity and access management platforms are industry-leading.
  • Implement identity governance policies to safeguard sensitive data while maintaining regulatory compliance.
  • Conduct regular and comprehensive audits of the existing identity management infrastructure, including Okta and AWS Identity Center, implementing enhancements to proactively identify and mitigate any potential vulnerabilities or security risks.
  • Evaluate and implement Zero Trust security models that involve continuously verifying and validating user identities and devices before granting access to sensitive resources, thereby minimizing the risk of potential breaches.
  • Manage vendor relationships, understand vendor product roadmaps, and be able to socialize and plan for the impact of vendor changes on our solutions.
  • Provide mentorship and technical leadership to junior team members, promoting a culture of continuous learning, experimentation, and refinement within the Identity domain.

What you bring to the team:

  • 12+ years of security engineering experience, 8+ years of Security & Identity architecture experience.
  • Knowledge of Zero Trust security models and principles of least privilege.
  • Proven track record in a specialized technical leadership role, with extensive experience architecting and implementing sophisticated identity and access management solutions using Okta.
  • Advanced hands-on proficiency in Okta and standard authN/Z technologies, encompassing their functionalities, configurations, and platform administration.
  • Profound understanding of identity protocols and standards such as FIDO2/WebAuthN, SAML, OpenID Connect, OAuth, Kerberos, and LDAP, with hands-on expertise in integrating them with Okta.
  • Experience designing resiliency and scalable technologies and implementing passwordless capabilities for large companies.
  • Effective collaboration with diverse cross-functional teams and senior stakeholders within a technical setting.
  • Experience with identity governance and administration (IGA) tools such as SailPoint or Saviynt.
  • Excellent communication and stakeholder management skills.

Preferred Qualifications:

  • Relevant certifications in Okta, alongside general certifications such as CISSP, CISM, or other relevant qualifications.
  • Experience implementing solutions involving cloud technologies such as AWS and Azure.
  • Familiarity with SCIM, deprecation of Active Directory, and centralizing secrets management.
  • Experience with SSH certificate authentication for cloud and on-premise workloads, privileged access management (PAM), and Identity Governance and Administration (IGA).
  • We are primarily an in-office environment and therefore, you will be expected to work from the Lehi, UT office in compliance with Pure’s policies, unless you are on PTO, or work travel, or other approved leave.

 

The annual base salary range is: $130,000– $207,000.

Salary ranges are determined based on role, level and location. For positions open to candidates in multiple geographical locations, the base salary range is reflective of the labor market across the applicable locations. 

This role may be eligible for incentive pay and/or equity. 

And because we understand the value of bringing your full and best self to work, we offer a variety of perks to manage a healthy balance, including flexible time off, wellness resources, and company-sponsored team events - check out purebenefits.com for more information. 

There is no application deadline and we accept applications on an ongoing basis until the job is filled.

{INCLUDE ONE OF THE BELOW FOR POSTING LOCATION IDENTIFICATION}

 #LI-ONSITE

WHAT YOU CAN EXPECT FROM US:

  • Pure Innovation: We celebrate those who think critically, like a challenge and aspire to be trailblazers.
  • Pure Growth: We give you the space and support to grow along with us and to contribute to something meaningful. We have been Named Fortune's Best Large Workplaces in the Bay Area™, Fortune's Best Workplaces for Millennials™ and certified as a Great Place to Work®!
  • Pure Team: We build each other up and set aside ego for the greater good.

And because we understand the value of bringing your full and best self to work, we offer a variety of perks to manage a healthy balance, including flexible time off, wellness resources and company-sponsored team events. Check out purebenefits.com for more information.

ACCOMMODATIONS AND ACCESSIBILITY:

Candidates with disabilities may request accommodations for all aspects of our hiring process. For more on this, contact us at TA-Ops@purestorage.com if you’re invited to an interview.

WHERE DIFFERENCES FUEL INNOVATION:

We’re forging a future where everyone finds their rightful place and where every voice matters. Where uniqueness isn’t just accepted but embraced. That’s why we are committed to fostering the growth and development of every person, cultivating a sense of community through our Employee Resource Groups and advocating for inclusive leadership. At Pure Storage, diversity, equity, inclusion and sustainability are part of our DNA because we believe our people will shape the next chapter of our success story.​ 

Pure Storage is proud to be an equal opportunity employer. We strongly encourage applications from Indigenous Peoples, racialized people, people with disabilities, people from gender and sexually diverse communities, and people with intersectional identities. We also encourage you to apply even if you feel you don’t match all of the role criteria. If you think you can do the job and feel you’re a good match, please apply.

Create a Job Alert

Interested in building your career at Pure Storage? Get future opportunities sent straight to your email.

Apply for this job

*

indicates a required field

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf


Education

Select...
Select...
Select...

Select...
Personal Information Policy *

Wonder how or why Pure collects or uses any information you provide? Check out our Applicant & Candidate Personal Information Protection Notice.

Select...

US export law restricts Pure from employing citizens of sanctioned nations (such as Syria, Cuba, Iran, and North Korea FULL LIST) who do not hold a second nationality or permanent residence in a non-sanctioned nation.  Does this rule affect your employment by Pure?

Select...
Select...

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Pure Storage’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.