Enterprise Authentication Architect

United States, New York
Permanent
Job ID: 2223

Job Description

[c. $400-500k Comp Package | Hybrid Working - 3 Days in Office]

Are you a seasoned authentication expert ready to take full ownership of enterprise-wide Single Sign-On (SSO) and Multi-Factor Authentication (MFA) solutions? Our client, a technology-driven firm operating at scale, is looking for an SSO & MFA Lead Architect (new hire) to optimise their existing Okta environment and spearhead the transition to Entra ID. This role blends high-level architecture, hands-on engineering, and direct collaboration with application developers to ensure secure and seamless authentication for a fast-paced organisation...


Key Responsibilities

  • Oversee and refine the firm’s SSO and MFA framework, serving as the go-to expert for Okta and Entra ID
  • Lead the migration from Okta to Entra ID, ensuring efficient integration across cloud and on-prem systems
  • Work closely with development teams to embed secure authentication into thousands of daily application releases
  • Architect and implement scalable authentication solutions that enhance security while minimising user friction
  • Transition legacy authentication protocols (Kerberos, NTLM, LDAP) to modern standards (SAML, OIDC, WS-Fed)
  • Strengthen authentication by adopting passwordless and phishing-resistant solutions such as biometrics, passkeys, and FIDO2
  • Diagnose and resolve complex authentication and access issues, ensuring uninterrupted operations
  • Collaborate on privileged access strategies within Entra ID, working with wider security teams


Key Requirements

  • 5+ years of experience designing and implementing enterprise authentication solutions, with deep expertise in Okta and Entra ID
  • Strong knowledge of Active Directory, Kerberos, and identity federation for hybrid cloud environments
  • Experience leading SSO platform migrations in large-scale organisations
  • Ability to engage with engineering teams to integrate secure authentication workflows across applications
  • Proficiency in conditional access, adaptive authentication, and zero-trust frameworks
  • Familiarity with privileged access management (e.g. CyberArk, Entra ID) and identity governance (e.g. SailPoint) is advantageous
  • Strong automation and API integration skills for authentication processes
  • Excellent communication skills to influence stakeholders and translate security into business value


...


Apply for this role

All fields marked with * are required.

I confirm I have a pre-existing Right to Work in this location *

Back to Job Listings