IT Security Architect-IAM & PAM

Pay Range:

$100,000.00 - $165,000.00

Supervisory Organization:

Head of Info/Network Security

Country:

United States of America

Address:

1401 PACIFIC AVE

City:

DALLAS, TX 75202

FLSA:

Exempt

Professionals:

02 - Professional (EEO-4-United States of America), 2F - Professionals - System & Service Planners (EEO-SubCategory)

General Summary:

The IT Security Architect – IAM/PAM is responsible for designing, implementing, and governing enterprise identity, authentication, authorization, and privileged access controls to protect the Agency’s mission-critical systems, data, and infrastructure. This role serves as the technical authority and subject matter expert for Identity and Access Management (IAM) and Privileged Access Management (PAM), with a strong emphasis on CyberArk and Zero Trust principles.

The Security Architect ensures that identity-centric security requirements are embedded into enterprise, segment, and solution architectures across the full system development life cycle (SDLC). The role partners closely with IT operations, application teams, cloud and infrastructure teams, compliance, audit, and business stakeholders to reduce identity-related risk, enforce least privilege, protect Security Sensitive Information (SSI), PII, PHI, and PCI data, and ensure alignment with regulatory and architectural standards.

This position provides architectural leadership, risk-based decision-making, and hands-on technical guidance to improve the confidentiality, integrity, and availability of Agency information assets considered through the lens of identity, access, and privilege.

Essential Duties and Responsibilities:

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Serve as the enterprise architect and technical lead for Identity and Access Management (IAM) and Privileged Access Management (PAM) capabilities, including workforce, privileged, service, and application identities.
• Design, implement, and maintain CyberArk PAM solutions, including Privileged Vault, PSM, PSMP, EPM, Secrets Management, and PAM-as-a-Service (as applicable).
• Define and enforce privileged access standards, including least privilege, just-in-time access, credential vaulting, session monitoring, and privileged credential rotation.
• Architect identity lifecycle management (joiner/mover/leaver), access provisioning, de-provisioning, role-based access control (RBAC), and access certification processes.
• Integrate IAM and PAM controls with on-premises, cloud, SaaS, and hybrid environments, including Active Directory, Azure AD / Entra ID, cloud IaaS/PaaS platforms, and critical applications.
• Design secure authentication mechanisms, including MFA, conditional access, privileged MFA, and adaptive risk-based access controls.
• Develop and maintain IAM- and PAM-focused reference architectures, standards, patterns, and technical design documents aligned to enterprise architecture frameworks.
• Ensure identity and privileged access controls are embedded into system and application designs throughout the acquisition and SDLC processes.
• Evaluate new systems, integrations, and architectural changes to assess identity-related risk and impact to the existing security posture.
• Determine security control requirements for systems and networks with a strong emphasis on identity, authentication, authorization, and privileged access.
• Apply Zero Trust Architecture principles, including identity-centric trust decisions, continuous verification, and least privilege enforcement.
• Perform security architecture reviews, threat modeling, and risk assessments focused on identity compromise, credential misuse, and privilege escalation.
• Define IAM and PAM security requirements to support regulatory and audit obligations (e.g., NIST 800-53, PCI-DSS, HIPAA, CJIS, TSA SSI, PII/PHI).
• Support internal and external audits by providing architectural artifacts, control mappings, and evidence related to IAM and PAM controls.
• Analyze audit findings and control gaps and lead remediation strategies in coordination with technical and business stakeholders.
• Contribute to Change Advisory Board (CAB) activities by assessing identity and access impacts of proposed changes.
• Provide architectural oversight and escalation support for IAM and PAM operational issues in a 24x7 environment.
• Partner with security operations and incident response teams during investigations involving compromised accounts, credential theft, or unauthorized access.
• Ensure logging, monitoring, and alerting for identity and privileged access activity are integrated with SIEM and security monitoring platforms.
• Guide secure configuration, hardening, and lifecycle management of IAM and PAM infrastructure components.
• Act as the IAM/PAM subject matter expert for internal teams, project managers, and external vendors.
• Lead and influence cross-functional teams without direct authority to achieve secure-by-design outcomes.
• Stay current on IAM, PAM, and identity threat trends, emerging technologies, and industry best practices.
• Contribute to the Agency’s long-term identity security roadmap and maturity improvement initiatives.
• Performs other related duties as assigned.

MINIMUM KNOWLEDGE, SKILLS, AND ABILITIES REQUIRED

Note: An equivalent combination of related education and experience may be substituted for the below stated minimums excluding High School Diploma, GED, Licenses, or Certifications.

• Bachelor’s degree from an accredited college or university in Computer Science, Information Systems, Cybersecurity, or a related field, or equivalent combination of education and experience.
• Seven (7) years of progressive experience in enterprise IT and information security, to include five (5) years in complex, multi-tiered IT environments.
• Demonstrate hands-on experience with IAM and PAM solutions.
• Experience supporting regulated environments subject to audit and compliance requirements.
• CISSP or CISM required (or equivalent).
• CyberArk certifications (e.g., Defender, Sentry, or PAM-related certifications) strongly preferred.
• Additional IAM, cloud, or Zero Trust certifications are a plus.
• Valid Texas Class A, B, or C driver’s license, no Driving While Intoxicated (DWI) conviction within the last sixty (60) consecutive months, not more than one (1) DWI on driving record, and not more than three (3) convictions of moving violations within the last thirty-six (36) months to operate DART non-revenue vehicles, or drive in the course and scope of job.
• Deep expertise in Privileged Access Management (PAM), with strong hands-on experience administering and architecting CyberArk solutions.
• Strong knowledge of Identity and Access Management concepts, including authentication, authorization, federation, MFA, RBAC, and access governance.
• Advanced understanding of Active Directory, Azure AD / Entra ID, LDAP, Kerberos, and identity integrations.
• Experience integrating IAM/PAM with Windows, Linux, databases, network devices, cloud platforms, and enterprise applications.
• Knowledge of Zero Trust Architecture and identity-centric security models.
• Familiarity with SIEM integration, logging, session monitoring, and privileged activity analytics.
• Working knowledge of scripting and automation (e.g., PowerShell, Python) to support identity and privilege workflows.
• Strong knowledge of NIST 800-53, NIST CSF, ISO 27001/27002, and related security frameworks.
• Understanding of regulatory requirements affecting identity and privileged access, including PCI-DSS, HIPAA, CJIS, and protection of PII/PHI.
• Experience supporting vulnerability management, penetration testing, and audit remediation efforts.
• Strong architectural and analytical skills with the ability to translate business requirements into secure technical designs.
• Excellent written and verbal communication skills, including the ability to explain complex security concepts to non-technical stakeholders.
• Proven ability to work independently, manage multiple initiatives, and operate effectively in a fast-paced, mission-critical environment.
• Demonstrated judgment and decision-making capabilities in high-risk security scenarios.

WORKING CONDITIONS

Works in an environment where there is minimum exposure to dust, noise, or temperature. May be moderately exposed to unpleasant working conditions to include dust, noise, temperature, weather, petroleum products, and chemicals while visiting DART's operating facilities, assuming incumbent is observing all policies and procedures, safety precautions and regulations, and using all protective clothing and devices provided.

Note: The above statements are intended to describe the general nature and level of work being performed by people assigned to this job. The statements are not intended to be an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All employees may perform other duties as assigned.

DART is proud to be an Equal Employment Opportunity Employer, supporting diversity in the workplace. M/F/D/V

Open until qualified applicants are identified.