Active Directory & Identity and Access Management Architect

Eviden, part of the Atos Group, with an annual revenue of circa € 5 billion is a global leader in data-driven, trusted and sustainable digital transformation. As a next generation digital business with worldwide leading positions in digital, cloud, data, advanced computing and security, it brings deep expertise for all industries in more than 47 countries. By uniting unique high-end technologies across the full digital continuum with 47,000 world-class talents, Eviden expands the possibilities of data and technology, now and for generations to come.

Active Directory & Identity and Access Management Architect

We are looking for an experienced Active Directory & IAM Architect to lead the design and implementation of a comprehensive Identity and Access Management (IAM) strategy with a strong focus on Privileged Access Management (PAM), fully deployed on-premises. The role involves securing and managing Active Directory environments, implementing PAM solutions, and ensuring that all identity and access-related processes align with best security practices and compliance requirements, all within an on-premises infrastructure.

Key Responsibilities:

• Lead the design and deployment of a secure Active Directory (AD) infrastructure, ensuring high availability, redundancy, and compliance within an on-premises environment.
• Architect and implement a complete Identity and Access Management (IAM) framework to manage users, groups, roles, and policies on an on-premises basis.
• Implement and manage Privileged Access Management (PAM) solutions such as CyberArk, BeyondTrust, or similar, ensuring that privileged accounts and access are fully controlled, monitored, and secured.
• Oversee the deployment and management of Active Directory Federation Services (ADFS), LDAP, and Kerberos for secure authentication and internal identity federation.
• Design and enforce multi-factor authentication (MFA) and single sign-on (SSO) solutions strictly within the on-premises environment.
• Lead the implementation of role-based access control (RBAC) and attribute-based access control (ABAC) for IAM processes, ensuring robust identity governance.
• Ensure that all identity-related processes, including user provisioning, de-provisioning, and identity lifecycle management, are executed using on-premises tools and platforms.
• Collaborate with security and networking teams to align IAM solutions with the overall on-premises security architecture.
• Design, configure, and manage Active Directory replication, trust relationships, group policies, and organizational units (OUs).
• Develop and document technical solutions for on-premises IAM and PAM systems, including architecture diagrams, deployment guides, and SOPs.
• Continuously monitor and assess Active Directory and PAM systems for security vulnerabilities and operational performance.

Required Skills & Experience:

• Minimum 5-7 years of experience in Active Directory architecture and IAM within an on-premises environment.
• Proven experience with Privileged Access Management (PAM) tools such as CyberArk, BeyondTrust, or other enterprise-level on-premises solutions.
• Deep expertise in managing and securing Active Directory environments, including replication, trusts, and group policies.
• Experience in implementing multi-factor authentication (MFA) and single sign-on (SSO) within an on-premises framework.
• Familiarity with role-based access control (RBAC) and attribute-based access control (ABAC) models.
• Experience with identity lifecycle management, including user provisioning and de-provisioning, specifically within a controlled on-premises environment.
• Knowledge of network security protocols such as Kerberos, LDAP, and SSL/TLS for securing internal communications.
• Strong understanding of security compliance standards (NIST, ISO 27001, GDPR) and their implementation in on-premises systems.

Preferred Certifications:

• Certified Information Systems Security Professional (CISSP)
• Certified Identity and Access Manager (CIAM)
• Microsoft Certified: Active Directory Services
• CyberArk Certified Trustee or Expert
• Certified Information Security Manager (CISM)
• CompTIA Security+, Certified Ethical Hacker (CEH)
• IAM or PAM related certifications

Soft Skills:

• Strong analytical skills to troubleshoot complex IAM and security issues in on-premises environments.
• Excellent communication skills to engage with technical teams and executives.
• Ability to document and communicate technical solutions clearly for both technical and non-technical stakeholders.
• Collaborative mindset to work effectively with cross-functional teams.
• Strategic and proactive in identifying and addressing security risks and compliance requirements.

Technical Environment & Tools:

• IAM: CyberArk, BeyondTrust, Thycotic, Microsoft Identity Manager (on-premises)
• AD: Active Directory, ADFS, LDAP, Kerberos
• PAM: CyberArk, BeyondTrust, Thycotic (on-premises solutions)
• MFA: Microsoft Authenticator, RSA, or similar MFA tools for on-premises integration
• Identity Standards: SAML, OAuth, OpenID Connect, SCIM (on-premises integrations)
• Protocols: LDAP, Kerberos, SSL/TLS, RADIUS

Additional Notes:

• Clearance: Candidates must be able to obtain NATO SECRET clearance or equivalent.

Travel: Occasional travel may be required for on-premises implementation, testing, and assessments

             Why Join Us?

• Training and Certifications: Access to continuous learning and career development opportunities.
•  Flexible working environment
• Competitive salary and benefits package.
• Reimbursement: Get a yearly fixed amount for reimbursement.
•  Performance Bonus: Earn an annual performance bonus based on your achievements.
•  Career Advancement: Explore numerous opportunities for professional growth and career advancement.
• Extra Vacation Days: Take advantage of additional vacation days to relax and recharge.

Let’s grow together.