IAM Solutions Architect (Contract)
United States
Contracted
Executive
Location: Remote, US-based (must be authorized to work in the United States)
Engagement Type: Independent Contractor
Industry: Enterprise / Financial Services
About the Role
We are looking for an IAM Solutions Architect to join a large, complex enterprise organization on a contract basis. You will serve as a technical lead and strategic advisor on the design of a next-generation, centralized authentication platform intended to replace a complex legacy identity system built over the past decade. This is a high-visibility role that requires both hands-on architectural expertise and the ability to guide engineering teams through a multi-year modernization program. The ideal candidate has designed enterprise-scale login and identity systems at Fortune 150 or global enterprise scale and understands the operational realities of running authentication infrastructure in a high-stakes environment. Experience in financial services or other highly regulated industries is a plus.
Key Responsibilities
• Lead the architecture and design of a centralized next-generation authentication platform, built in parallel with the existing production system
• Define the target-state architecture for credential consolidation across multiple business lines and product platforms
• Provide architectural guidance on the identity Abstraction Layer, a vendor-agnostic SDK library designed to decouple applications from underlying identity vendors
• Evaluate and advise on integration patterns between the Transmit platform, Transmit Mosaic (passkeys), Ping Federation, and other identity components
• Establish standards for authentication journeys, session management, MFA flows, and federation across consumer and commercial products
• Partner with security architects, application teams, and infrastructure engineers to ensure the platform meets compliance and resilience requirements
• Review existing identity journeys and connectors; document technical debt and provide remediation recommendations
• Mentor and provide technical direction to engineering teams responsible for building and maintaining the new platform
• Produce architectural decision records (ADRs), reference architectures, and roadmap documentation
Required Qualifications
• 12+ years of experience in Identity and Access Management architecture
• Demonstrated experience designing and delivering enterprise-scale centralized authentication platforms at Fortune 150 or global enterprise scale; financial services or similarly regulated environments a plus
• Deep knowledge of authentication protocols and standards: OAuth 2.0, OIDC, SAML 2.0, FIDO2/WebAuthn, and LDAP/Active Directory
• Hands-on experience with two or more enterprise identity platforms (Transmit Security, Ping Identity, ForgeRock, Okta, SailPoint, CyberArk, or equivalent)
• Experience architecting systems that consolidate credentials or unify identity across multiple applications or business lines
• Strong understanding of API security, token lifecycle management, and session architecture
• Proven ability to lead architecture decisions in complex, multi-stakeholder environments
• Experience with change management processes and operating within enterprise ITSM frameworks
Preferred Qualifications
• Hands-on experience with the Transmit Security platform
• Experience with passkey or FIDO2 implementations at scale
• Familiarity with SDK abstraction or facade design patterns for identity integrations
• Exposure to multi-product credential federation across large, complex enterprises
• Relevant certifications: CISSP, CIAM, Ping Certified Architect, or equivalent
• Familiarity with SOX, PCI-DSS, or FFIEC compliance frameworks
Contractor Requirements
• Must be based in the United States and authorized to work without sponsorship
• Must be able to pass a background check
Engagement Type: Independent Contractor
Industry: Enterprise / Financial Services
About the Role
We are looking for an IAM Solutions Architect to join a large, complex enterprise organization on a contract basis. You will serve as a technical lead and strategic advisor on the design of a next-generation, centralized authentication platform intended to replace a complex legacy identity system built over the past decade. This is a high-visibility role that requires both hands-on architectural expertise and the ability to guide engineering teams through a multi-year modernization program. The ideal candidate has designed enterprise-scale login and identity systems at Fortune 150 or global enterprise scale and understands the operational realities of running authentication infrastructure in a high-stakes environment. Experience in financial services or other highly regulated industries is a plus.
Key Responsibilities
• Lead the architecture and design of a centralized next-generation authentication platform, built in parallel with the existing production system
• Define the target-state architecture for credential consolidation across multiple business lines and product platforms
• Provide architectural guidance on the identity Abstraction Layer, a vendor-agnostic SDK library designed to decouple applications from underlying identity vendors
• Evaluate and advise on integration patterns between the Transmit platform, Transmit Mosaic (passkeys), Ping Federation, and other identity components
• Establish standards for authentication journeys, session management, MFA flows, and federation across consumer and commercial products
• Partner with security architects, application teams, and infrastructure engineers to ensure the platform meets compliance and resilience requirements
• Review existing identity journeys and connectors; document technical debt and provide remediation recommendations
• Mentor and provide technical direction to engineering teams responsible for building and maintaining the new platform
• Produce architectural decision records (ADRs), reference architectures, and roadmap documentation
Required Qualifications
• 12+ years of experience in Identity and Access Management architecture
• Demonstrated experience designing and delivering enterprise-scale centralized authentication platforms at Fortune 150 or global enterprise scale; financial services or similarly regulated environments a plus
• Deep knowledge of authentication protocols and standards: OAuth 2.0, OIDC, SAML 2.0, FIDO2/WebAuthn, and LDAP/Active Directory
• Hands-on experience with two or more enterprise identity platforms (Transmit Security, Ping Identity, ForgeRock, Okta, SailPoint, CyberArk, or equivalent)
• Experience architecting systems that consolidate credentials or unify identity across multiple applications or business lines
• Strong understanding of API security, token lifecycle management, and session architecture
• Proven ability to lead architecture decisions in complex, multi-stakeholder environments
• Experience with change management processes and operating within enterprise ITSM frameworks
Preferred Qualifications
• Hands-on experience with the Transmit Security platform
• Experience with passkey or FIDO2 implementations at scale
• Familiarity with SDK abstraction or facade design patterns for identity integrations
• Exposure to multi-product credential federation across large, complex enterprises
• Relevant certifications: CISSP, CIAM, Ping Certified Architect, or equivalent
• Familiarity with SOX, PCI-DSS, or FFIEC compliance frameworks
Contractor Requirements
• Must be based in the United States and authorized to work without sponsorship
• Must be able to pass a background check
Apply for this position
Required*