Senior Architect, Identity & Security

Overview

Are you ready to make an impact? West Monroe is seeking a Senior Architect, Identity & Security to lead cross-functional teams in the design, remediation, and modernization of complex identity and cloud infrastructure solutions. This role focuses on securing and transforming critical IT environments for a diverse portfolio of clients, helping them navigate complex Active Directory modernizations, cloud identity migrations, and security hardening initiatives.

This opportunity provides technical leadership in transforming complex IT environments across key industry verticals, including Healthcare, Financial Services, Private Equity, and High Tech. While the scope spans hybrid and cloud identity, the work is particularly grounded in Active Directory as a core Tier 0 platform, with strong Microsoft Entra  to design and operate modern hybrid identity patterns.

• Partner with consultants and client leadership to architect, build, and deploy secure and modern Active Directory and Microsoft Entra .
• Assess current-state identity environments and processes, interview stakeholders, define critical requirements, and present practical solution strategies and roadmaps to client executives.
• Lead the technical design of future-state Active Directory (AD DS) and Entra , including privileged access management (PAM) design, tiered administrative access models (e.g., Microsoft’s Enterprise Access Model (EAM)), and identity consolidation strategies.
• Establish and enforce identity architecture standards, best practices, and governance to deliver secure, compliant, and consistent solutions aligned with industry benchmarks (e.g., CIS and Microsoft baselines).
• Lead security assessment and remediation planning, including consolidating findings from tools (e.g., Purple Knight, Maester, CIS Benchmark-based configuration assessments (e.g., CIS-CAT)) to create and manage prioritized, risk-based remediation backlogs.
• Provide expert technical oversight for security remediation initiatives, such as hardening domain controllers, remediating privileged access, resolving Entra Connect sync issues, and restricting legacy protocols.
• Develop detailed implementation plans, migration strategies, and remediation backlogs (e.g., in Smartsheet or similar project management tools) for AD restructuring, AD consolidation, identity synchronization, and legacy decommissioning.
• Establish and manage engagement-level governance, quality, and risk, including defining quantitative success criteria, RACI, and clear communications to both technical and executive stakeholders.
• Support key decision-making on project direction, including technology selections, team work streams, and delivery methodologies.
• Mentor junior consultants on technical best practices, solution design, and client engagement.
• Assist business development efforts through proposals, pre-sales technical discovery, and client presentations.

• Bachelor’s degree in a relevant field preferred, or equivalent experience required.
• Prior experience in consulting preferred.
• 8–12+ years of experience in IT architecture, engineering, and/or security with a deep focus on identity solutions.
• Expert-level knowledge of Active Directory Domain Services (AD DS) design, security, and administration, including: domain/forest architecture, sites/replication, DNS, Group Policy (GPO) management, DC virtualization safeguards, and forest recovery principles.
• Strong experience with Microsoft Entra  (formerly Azure AD), including Entra Connect, Conditional Access, modern authentication methods, and Privileged Identity Management (PIM).
• Proven experience leading identity migrations (including on-premises to cloud, cross-forest restructurings, and Tenant-to-Tenant (cross-tenant) consolidations), AD remediations, and/or consolidation projects.
• Experience designing and implementing hybrid authentication patterns between AD DS and Microsoft Entra , including pass-through authentication (PTA), Seamless SSO, Cloud Kerberos Trust, and phishing-resistant authentication methods.
• Proficiency in designing and implementing enterprise Privileged Access Management (PAM) solutions (including typical…