Cybersecurity Identity and Access Management Architect

at Michael Baker International
Location Pittsburgh, PA
Date Posted December 1, 2021
Category Default
Job Type Full-time


DESCRIPTION Michael Baker International is seeking an Identity and Access Management Architect to join our Cybersecurity team. The successful candidate will be an integral part of the Office of Chief Information Security Officer (OCISO) and will play a vital role in designing solutions that enhance the protective model at (MBI) advancing our global security posture. They will be responsible to define critical strategic defense layers needed to enable detect/defend capabilities safeguarding MBI intellectual property and informational resources as well as to Investigate and recommend technical solutions encompassing regulatory compliance with defined cybersecurity goals achieving cohesive solutions designed to continuously improve our controls vs. evolving threats and risks. They will also align CSIAM direction/priorities ensuring support across business and IT objectives ultimately driving comprehensive solutions while adhering to the principals that support executing as “Good Stewards” of MBI investments.

This role will oversee all design and deployment aspects of Michael Baker International enterprise Identity and Access Management (IAM) stack as well as ensure security policies and best practices are followed for all Infrastructure deployments. The Identity and Access Management Architect will collaborate with the CIO team to help elevate cybersecurity understanding and provide guidance in driving increased cybersecurity capabilities integration across all platforms and continuously examine methods to improve detect/defend including AI enabled ecosystems focused on safeguarding data across multiple platforms, instances, endpoints, and views. They will need to think outside the traditional box on how MBI protects against threats and manages security risk to internal stakeholders and our clients and provide strategic cloud cybersecurity enabling innovation goals and objectives.

Preferred locations are Pittsburgh, PA or Alexandria, VA, but this position is open to other locations across the U.S.

Essential Duties & Responsibilities:

  • Lead Cybersecurity Identity and Access Management (IAM) efforts, provide technical vision, ensuring visibility, policy enforcement, detection and protection elements are integrated into each solution
  • Lead the efforts in securing systems/infrastructure in MBI cloud environments, both in Microsoft Azure and Amazon AWS
  • Deep knowledge of IAM discipline approaches driving consistency across solutions
  • Work closely with the other organizations across ITS and the business driving cybersecurity requirements across all solutions
  • Serves as a technical subject matter (SME) on cyber/systems security matters
  • Support the development of cybersecurity technical roadmaps and documentation to drive constant cyber transformation and improvements in MBI detect/defend capabilities
  • Collaborate using information and knowledge sharing networks and professional relationships to achieve common goals
  • Provide insights and support CISO leadership defining (MBI) overall security roadmap and support business planning, requirements, and investment case definition to direct the implementation of security measures
  • Review and evaluate the design and operational effectiveness of security controls and countermeasures used to protect MBI applications, services, and solutions
  • Review security technologies, tools and services and make recommendations for their use based on security, financial and operational criteria
  • Participate in change control process to identify and mitigate impacts to information security controls


  • Bachelor’s Degree in Computer Science, Information Systems, or other related field (or equivalent work experience)
  • 5-10 years of combined hands-on IT and security architecture development and implementation work experience with a broad exposure to infrastructure/network and multi-platform environments
  • Experience deploying IAM solutions like Sailpoint, Okta, Thycotic, CyberArk, or similar technologies
  • Experience with Role Based Access Control (RBAC) principles
  • Experience with RBAC tools in Azure and AWS as well as ‘on-premises’
  • Clear expertise implementing solutions for defense industrial base (DIB) members
  • Previous and/or current relationships with DSIE or NDISAC member companies and peer engineers
  • Strong understanding of architecture-level information security and appropriate use enforcement technology solutions
  • Strong understanding and experience with design/implementation of advanced malware detection/prevention, mobile device virtualization/MDM, cloud security management, structured and unstructured database encryption, mobile application and remote API security, fine-grained application authorization and access control, security event visualization, big data user and entity behavior analytics, and active adversary deception
  • Strong working understanding of contemporary security theory and application (including vulnerabilities, exploitation techniques and attack vectors)
  • Strong understanding of systems development life-cycle to lead multi-functional projects or initiatives
  • Strong familiarity with Federal compliance standards such as NIST 800-53, 800-171, FIPS 140-2 & FedRAMP
  • Knowledge of laws, regulations, and standards relevant to the US Government and Defense Industrial Base (DIB) industry
  • Design and build of defense-in-depth architecture solutions ensuring visibility, policy enforcement, scalability, and maximizing detect/defend capabilities
  • Open mind regarding technical solutions with no allegiance towards particular vendor rather a knowledge of required capabilities and functional operations

Any one or more of these or other industry recognized certifications:

  • GIAC Cyber Defense
  • Cisco Certified Network Professional Security (CCNP Security) 
  • Certified Information Systems Security Professional - Information Systems Security Engineering Professional (CISSP-ISSEP)