Senior Identity Architect - Mergers and Acquisitions

Senior Identity Architect - Mergers and Acquisitions

About GlobalFoundries

GlobalFoundries is a leading full-service semiconductor foundry providing a unique combination of design, development, and fabrication services to some of the world’s most inspired technology companies. With a global manufacturing footprint spanning three continents, GlobalFoundries makes possible the technologies and systems that transform industries and give customers the power to shape their markets. For more information, visit www.gf.com.

Introduction:

The Senior Identity Architect is a strategic technical leader responsible for shaping, modernizing, and securing the enterprise’s identity foundation. This role provides architecture authority, thought leadership, and long-range design direction across Active Directory, PKI/ADCS, identity security controls, and core hybrid identity components. The architect leads the transformation of fragmented or legacy directory infrastructures into a resilient, secure by design, Zero Trust–aligned identity architecture that underpins the enterprise.
While the role partners closely with IAM, IGA, and PAM teams, it serves primarily as the architectural strategist and advisor, ensuring these platforms align to a hardened, modern identity core.

What You’ll Do:

1. Enterprise Active Directory Architecture Leadership

• Serve as the principal architect for enterprise Active Directory, defining the target-state directory architecture, security posture, and modernization roadmap.

• Lead the redesign of forest/domain structures, trust models, OU/GPO architecture, delegated administration boundaries, and identity tiering strategies.

• Define and govern enterprise AD security baselines, including Kerberos hardening, NTLM deprecation, LDAP signing and channel binding, and privileged boundary isolation.

• Champion the modernization of authentication and directory services, aligning AD architecture with Zero Trust principles, cloud integration, and long-range platform evolution.

• Conduct architectural reviews of legacy dependencies and drive consolidation, domain retirement, and architectural debt remediation across the identity estate.

2. PKI / ADCS Architecture & Trust Modernization

• Architect and maintain the enterprise PKI (ADCS) platform, including CA hierarchy design, certificate template governance, crypto policy modernization, and lifecycle automation.

• Establish the strategic direction for certificate-based identity across servers, endpoints, applications, workloads, and cloud platforms.

• Ensure PKI resilience through well-defined backup, recovery, and continuity strategies, and integrate certificate trust anchors into hybrid identity architectures.

• Provide expert guidance on emerging identity trust technologies, cryptographic standards, and modernization approaches.

3. Identity Security & Resilience Architecture

• Define architecture patterns for identity threat detection, integrating signals from MDI/Defender for Identity, SIEM, and endpoint platforms.

• Lead the establishment of hardened administrative models, including PAW/ESAE principles, JEA/JIT frameworks, and secure workflows for privileged actions.

• Develop and validate forest recovery, CA recovery, and domain controller rebuild procedures, ensuring high resilience under disaster scenarios.

4. Architectural Guidance for Saviynt IGA

• Provide architectural alignment and design expertise to IGA teams, ensuring Saviynt’s role models, SoD policies, connector mapping, and JML workflows integrate cleanly with AD/Entra/PKI structures.

• Partner with IGA platform owners to optimize identity data models, attribute governance, and SCIM/API integrations for consistency and accuracy.

• Contribute architectural insight to reviews of entitlements, application onboarding patterns, and identity lifecycle automation.

5. Architectural Guidance for PAM

• Collaborate with PAM engineering teams to align privileged access onboarding with AD tiering, admin roles, PKI trust models, and hardened delegation frameworks.

• Ensure PAM adoption (CyberArk/BeyondTrust/Entra PIM) reinforces and benefits from architectural improvements in AD and PKI.

• Provide design oversight for break-glass identities, credential vaulting strategies, and session protection models.

6. Strategic Thought Leadership & Enterprise Influence

• Act as a senior advisor and thought leader, communicating architectural risks, opportunities, and long-term identity strategy to engineering, security, and leadership teams.

• Produce and maintain reference architectures, strategy documents, roadmaps, governance frameworks, and executive-level recommendations.

• Represent identity architecture in cross-functional working groups, design review boards, and modernization governance forums.

• Mentor engineers, elevate identity security skills across teams, and influence adoption of modern architectural patterns.

Required Qualifications

• 10–12+ years of deep, hands-on architectural leadership across Active Directory, PKI/ADCS, and enterprise identity security.

• Demonstrated experience leading modernization of large, legacy AD environments, including restructuring, consolidation, and hardening initiatives.

• Expert knowledge of AD internals: Kerberos, LDAP, trust relationships, replication, GPO architecture, delegated administration, administrative tiering, and boundary isolation.

• Experience architecting and operating enterprise PKI, CA hierarchy redesign, certificate lifecycle management, and cryptographic best practices.

• Proven ability to define enterprise-wide architecture standards, produce formal design documentation, and influence long-range identity strategies.

• Strong understanding of identity threat detection, Zero Trust identity design, and modern identity security controls.

• Strong proficiency in PowerShell, Microsoft Graph, automation pipelines, and policy-as-code approaches.

Preferred Qualifications

• Certifications such as SC‑100, SC‑300, AZ‑500, CISSP, or relevant PKI/AD specializations.

• Experience with hybrid identity modernization: AADC to Cloud Sync, workload identities, Conditional Access modernization, and passwordless adoption.

• Experience with SOX, GDPR, or regulated environments requiring strict identity controls.

GlobalFoundries is an equal opportunity employer, cultivating a diverse and inclusive workforce. We believe having a multicultural workplace enhances productivity, efficiency and innovation whilst our employees feel truly respected, valued and heard.

As an affirmative employer, all qualified applicants are considered for employment regardless of age, ethnicity, marital status, citizenship, race, religion, political affiliation, gender, sexual orientation and medical and/or physical abilities.

All offers of employment with GlobalFoundries are conditioned upon the successful completion of background checks, medical screenings as applicable and subject to the respective local laws and regulations.