Principal IAM Architect

We’re in an unbelievably exciting area of tech and are fundamentally reshaping the data storage industry. Here, you lead with innovative thinking, grow along with us, and join the smartest team in the industry.

This type of work—work that changes the world—is what the tech industry was founded on. So, if you're ready to seize the endless opportunities and leave your mark, come join us.

SHOULD YOU ACCEPT THIS CHALLENGE...

…. Do you lie awake at night, thinking of NIST SP800-63-3? Do you get shivers when you hear the words “service account”? Does “zero trust” actually mean something to you? As they say, Identity is the new perimeter, and it could be your new frontier here at Pure Storage.

The Global Information Security Office (GISO) at Pure is seeking an Identity and Access Management (IAM) Architect with a proven track record of designing and implementing IAM solutions. You will utilize your strong technical competencies to provide the highest level of implementation capability and technical consultation throughout the organization. You will collaborate with security, IT, engineering, and business teams to develop safe and sane identity processes and solutions while overseeing identity governance, authentication, authorization, privileged access management. You will oversee change management and provide secure baseline configurations, detect errors, and perform validation prior to implementation. This is an activist role, not an “ivory tower” role.

Our ideal candidate plays a pivotal role in safeguarding enterprise digital assets, fostering a secure and seamless user experience, and ensuring regulatory compliance within an ever-evolving technological landscape. As a technical leader, you will drive the creation of the IAM roadmap, design, and partner on the maturity of Pure Storage’s Identity and Access Management platforms and capabilities. 

What You’ll Do

• Lead the design and implementation of enterprise-wide identity and access management solutions, using comprehensive expertise in Okta and AWS Identity Center.
• Develop and maintain IAM reference architectures, roadmaps, and best practices to guide technology decisions.
• Establish platform architecture and design documentation describing business requirements, support processes, platform design, data flow, component interactions, API designs, and related features required by engineers, DevOps, QA, and Operations teams.
• Lead the evaluation, selection, and integration of IAM technologies.
• Define policies and processes for identity governance, access recertification, role-based access control (RBAC), and attribute-based access control (ABAC).
• Collaborate with business partners and the leadership team to understand organizational security goals and lead the creation of technical product roadmaps, including security best practices and emerging technologies that ensure our identity and access management platforms are industry-leading.
• Implement identity governance policies to safeguard sensitive data while maintaining regulatory compliance.
• Conduct regular and comprehensive audits of the existing identity management infrastructure, including Okta and AWS Identity Center, implementing enhancements to proactively identify and mitigate any potential vulnerabilities or security risks.
• Evaluate and implement Zero Trust security models that involve continuously verifying and validating user identities and devices before granting access to sensitive resources, thereby minimizing the risk of potential breaches.
• Manage vendor relationships, understand vendor product roadmaps, and be able to socialize and plan for the impact of vendor changes on our solutions.
• Provide mentorship and technical leadership to junior team members, promoting a culture of continuous learning, experimentation, and refinement within the Identity domain.

What you bring to the team:

• 12+ years of security engineering experience, 8+ years of Security & Identity architecture experience.
• Knowledge of Zero Trust security models and principles of least privilege.
• Proven track record in a specialized technical leadership role, with extensive experience architecting and implementing sophisticated identity and access management solutions using Okta.
• Advanced hands-on proficiency in Okta and standard authN/Z technologies, encompassing their functionalities, configurations, and platform administration.
• Profound understanding of identity protocols and standards such as FIDO2/WebAuthN, SAML, OpenID Connect, OAuth, Kerberos, and LDAP, with hands-on expertise in integrating them with Okta.
• Experience designing resiliency and scalable technologies and implementing passwordless capabilities for large companies.
• Effective collaboration with diverse cross-functional teams and senior stakeholders within a technical setting.
• Experience with identity governance and administration (IGA) tools such as SailPoint or Saviynt.
• Excellent communication and stakeholder management skills.

Preferred Qualifications:

• Relevant certifications in Okta, alongside general certifications such as CISSP, CISM, or other relevant qualifications.
• Experience implementing solutions involving cloud technologies such as AWS and Azure.
• Familiarity with SCIM, deprecation of Active Directory, and centralizing secrets management.
• Experience with SSH certificate authentication for cloud and on-premise workloads, privileged access management (PAM), and Identity Governance and Administration (IGA).
• We are primarily an in-office environment and therefore, you will be expected to work from the Lehi, UT office in compliance with Pure’s policies, unless you are on PTO, or work travel, or other approved leave.

The annual base salary range is: $155.000– $233,000.

Salary ranges are determined based on role, level and location. For positions open to candidates in multiple geographical locations, the base salary range is reflective of the labor market across the applicable locations. 

This role may be eligible for incentive pay and/or equity. 

And because we understand the value of bringing your full and best self to work, we offer a variety of perks to manage a healthy balance, including flexible time off, wellness resources, and company-sponsored team events - check out purebenefits.com for more information. 

There is no application deadline and we accept applications on an ongoing basis until the job is filled.

{INCLUDE ONE OF THE BELOW FOR POSTING LOCATION IDENTIFICATION}

 #LI-ONSITE

WHAT YOU CAN EXPECT FROM US:

• Pure Innovation: We celebrate those who think critically, like a challenge and aspire to be trailblazers.
• Pure Growth: We give you the space and support to grow along with us and to contribute to something meaningful. We have been Named Fortune's Best Large Workplaces in the Bay Area™, Fortune's Best Workplaces for Millennials™ and certified as a Great Place to Work®!
• Pure Team: We build each other up and set aside ego for the greater good.

And because we understand the value of bringing your full and best self to work, we offer a variety of perks to manage a healthy balance, including flexible time off, wellness resources and company-sponsored team events. Check out purebenefits.com for more information.

ACCOMMODATIONS AND ACCESSIBILITY:

Candidates with disabilities may request accommodations for all aspects of our hiring process. For more on this, contact us at TA-Ops@purestorage.com if you’re invited to an interview.

WHERE DIFFERENCES FUEL INNOVATION:

We’re forging a future where everyone finds their rightful place and where every voice matters. Where uniqueness isn’t just accepted but embraced. That’s why we are committed to fostering the growth and development of every person, cultivating a sense of community through our Employee Resource Groups and advocating for inclusive leadership. At Pure Storage, diversity, equity, inclusion and sustainability are part of our DNA because we believe our people will shape the next chapter of our success story.​ 

Pure Storage is proud to be an equal opportunity employer. We strongly encourage applications from Indigenous Peoples, racialized people, people with disabilities, people from gender and sexually diverse communities, and people with intersectional identities. We also encourage you to apply even if you feel you don’t match all of the role criteria. If you think you can do the job and feel you’re a good match, please apply.