UST
Website:
ust.com
Job details:
Role Description
Identity Security Architect
Function: Security Architecture & Engineering
Reports to: Head of Security Architecture & Engineering
Location: India (Trivandrum, Hyderabad or Bangalore)
Role Overview
UST is seeking an Identity Security Architect to own the enterprise identity security strategy, architecture, and roadmap across its global environment. This is a hybrid role that includes ownership of identity security architecture, implementation, service ownership of IGA and responsible for defining how identity operates as the core security control plane across workforce, non-human, and AI-driven identities in cloud, on-premises, and hybrid contexts.
The role sits within the Security Architecture & Engineering function and is central to advancing UST's Zero Trust posture and identity governance maturity.
In addition to the architecture mandate, this role carries direct service ownership of the enterprise IGA platform -accountable for its operational health, roadmap delivery, vendor relationship, and business outcomes.
Key Responsibilities
- Identity Strategy & Architecture
- Own the enterprise identity security architecture spanning IGA, IAM, PAM, and CIAM domains
- Define and maintain reference architectures, standards, guardrails, and the multi-year identity roadmap
- Govern and evolve the enterprise identity technology ecosystem - including IGA, IAM, and PAM platforms- ensuring continued alignment to business and security strategy
- IGA Platform Architecture & Service Ownership
Responsibilities
Own and architect the enterprise IGA platform - accountable for platform strategy, roadmap, day-to-day service health, and stakeholder outcomes. Specific responsibilities include:
- Joiner Mover Leaver lifecycle design and governance
- Access certification and entitlement governance
- RBAC/ABAC models and SoD policy enforcement
- Scalable provisioning and deprovisioning patterns for workforce and service identities
- Define and track service KPIs and SLAs - provisioning cycle time, certification completion rates, orphaned account ratios
- Manage the IGA platform vendor relationship, licensing, and renewal lifecycle
- Own the IGA change and release process in coordination with Security Engineering and IT Operations
- Act as the escalation point for IGA platform issues, audit findings, and access governance exceptions
- Non-Human Identity (NHI) Security
- Define the architecture and controls governing machine identities - service accounts, API keys, workload identities, bots, containers, and serverless functions
- Establish full lifecycle governance for NHIs: ownership, creation, rotation, and decommissioning
- Design and enforce secrets management, workload identity federation, and JIT access models for machine identities
- AI & Agentic Identity Security
- Define the identity security architecture for AI agents, copilots, and autonomous automation frameworks - including third-party GenAI integrations
- Establish guardrails for identity attribution, least privilege access, and data access governance for AI pipelines
- Address emerging risks including:
- Prompt injection leading to privilege misuse
- Uncontrolled API key exposure
- Unauthorized data access by AI systems
- Integration & Identity Ecosystem Design
- Architect identity integrations across cloud platforms (Azure, AWS, GCP), directory services (AD, LDAP), and enterprise applications (HRMS, ERP, SaaS)
- Define federation patterns (SAML, OAuth 2.0, OIDC), API-based provisioning (SCIM), SSO, adaptive authentication, and workload identity
- Zero Trust & Risk Alignment
- Embed identity controls into UST's Zero Trust architecture
- Apply identity-centric threat modelling to address privilege escalation, identity compromise, and lateral movement
- Ensure alignment with ISO 27001, NIST CSF, GDPR, and applicable client-driven compliance requirements
- Identity Threat Detection
- Extend detection coverage across human and non-human identities - anomalous access, service account misuse, and credential abuse
- Integrate identity signals with EDR/XDR, SIEM, and UEBA platforms
- Architecture Governance
- Lead architecture review boards; govern design decisions, standards, and exceptions
- Maintain architecture documentation, blueprints, and decision records
- Ensure consistency with enterprise architecture and security engineering standards
- Stakeholder Collaboration
- Partner with Security Engineering, Cloud, Application, and Infrastructure teams to ensure identity architecture is embedded in all the deliveries.
- Provide architectural guidance and oversight across transformation, migration, and platform programs
Required Experience
- 10+ years in IT/security, with at least 5 years in IAM/IGA architecture at enterprise scale
- Proven delivery on identity transformation programs - not just advisory
- Hands-on depth with enterprise IGA platforms
- Strong working knowledge of Entra ID, Okta, or equivalent IAM platforms
- Experience securing non-human identities: service accounts, API keys, workload identities, secrets vaults
- Solid grounding in SAML, OAuth 2.0, OIDC, and SCIM
- Familiarity with Cloud IAM across AWS, Azure, and GCP
- Risk and compliance alignment experience -ISO 27001, NIST CSF, GDPR
- Exposure to AI/ML identity risks is a strong differentiator
What Good Looks Like
The right candidate thinks in architecture, not tickets. They can hold a conversation with a CISO about strategic direction and shift registers with an engineering team about federation patterns. They bring a point of view on NHI and agentic identity - areas where most enterprises are still catching up - and can translate that into executable, governed architecture. On the IGA side, they are comfortable owning a service end to end: platform health, vendor cadence, SLAs, and audit accountability.
Preferred Qualifications
- Relevant certifications on Enterprise IGA platforms
- Experience with PAM, Identity Protection and/or identity analytics platforms
- Exposure to large-scale digital transformation or M&A-driven identity consolidation programs
Skills
identity governance and administration,zero trust security,identity security,pam,ciam,zero trust architecture,
Click on Apply to know more.