Senior Information Security Architect - Cloud IAM
Company: First American
Location: Santa Ana
Posted on: April 1, 2026
|
|
|
Job Description:
Who We Are Join a team that puts its People First! Since 1889,
First American (NYSE: FAF) has held an unwavering belief in its
people. They are passionate about what they do, and we are equally
passionate about fostering an environment where all feel welcome,
supported, and empowered to be innovative and reach their full
potential. Our inclusive, people-first culture has earned our
company numerous accolades, including being named to the Fortune
100 Best Companies to Work For® list for ten consecutive years. We
have also earned awards as a best place to work for women,
diversity and LGBTQ employees, and have been included on more than
50 regional best places to work lists. First American will always
strive to be a great place to work, for all. For more information,
please visit www.careers.firstam.com. What We Do Remote Work
Welcome We are seeking a highly skilled Senior IAM Security
Architect to join our information security architecture team. This
role requires deep expertise in the design, implementation, and
management of IAM security controls, with a focus on identity
protection across cloud environments. The ideal candidate will have
a strong background in AWS, Azure, and Entra ID (formerly Azure
AD), and possess at least 5 years of experience in IAM related
security risk assessment and threat modeling. The Senior IAM
Security Architect will be responsible for ensuring the secure and
efficient designs for governance of user & non-human identities,
access controls, and security policies within the organization.
This role will also focus on establishing a Zero Trust identity
posture, implementing behavioral risk assessments, and driving
automation for identity security. Expertise in Single Sign-On
(SSO), Multi-Factor Authentication (MFA), and modern authentication
protocols is essential. What You'll Do: Participate in the design
of secure IAM architectures across multiple platforms (AWS, Azure,
Entra ID), ensuring all components align with best practices and
organizational security requirements. Design security controls for
IAM, including user authentication, authorization, role management,
identity federation, and privilege management across cloud and
hybrid environments. Lead the design and evolution of CIAM
architecture that supports secure, scalable, and customer-centric
identity services across web, mobile, and API-based platforms.
Establish and maintain a Zero Trust security model for IAM,
ensuring that all access requests are continuously verified,
regardless of location or network. Integrate Zero Trust principles
with cloud-native security tools and IAM platforms (e.g., AWS,
Azure, Entra ID) to ensure seamless, secure, and dynamic access
control. Automate risk-based access controls and adaptive
authentication based on behavioral signals, ensuring a dynamic
response to security events. Establish and enforce least privilege
access principles for all roles across cloud and on-prem
environments, ensuring users only have the minimal access necessary
to perform their job functions. Design and implement Just-in-Time
(JIT) access control mechanisms to dynamically grant access based
on user needs, significantly reducing standing permission sets.
Design SSO solutions that provide seamless and secure access to
enterprise applications, ensuring a frictionless user experience
while maintaining high security standards. Lead the adoption of
modern authentication protocols (e.g., OAuth 2.0, OpenID Connect,
SAML) for secure, scalable, and standardized access management
across applications and systems. Design MFA solutions to enhance
authentication security, applying risk-based policies to ensure
strong protection for sensitive data and critical resources.
Develop and integrate IAM security controls with cloud platforms
such as AWS, Azure, and Entra ID, ensuring secure access management
across both public and hybrid cloud environments. Leverage native
security features of cloud platforms (e.g., AWS IAM, Azure AD,
Entra ID) to design scalable, secure, and automated IAM solutions.
Lead the migration process from Hybrid Active Directory to Entra-ID
based authentication to ensure minimal disruption and proper
synchronization and federation across systems. Develop and maintain
security governance frameworks for IAM, focusing on identity
lifecycle management, role-based access control (RBAC), user
provisioning, deprovisioning, and enforcement of least privilege.
Ensure proper identity governance and access reviews are conducted
regularly, documenting changes and exceptions as part of compliance
audits. Collaborate with cross-functional teams, including
application security, network security, infrastructure, and DevOps,
to integrate IAM security best practices across systems and
services. Stay up to date on the latest IAM trends, security
threats, and technology advancements to continuously improve IAM
practices and solutions. Implement security automation tools and
workflows to improve efficiency and reduce manual efforts in
identity management and access control. What You'll Bring:
Bachelor’s degree in computer science, Information Security, or
related field. 7 years of experience in IAM security, including at
least 5 years of experience in IAM risk assessment, threat
modeling, and security control design. Preferred Certified
Information Systems Security Professional (CISSP) or Certified
Identity and Access Manager (CIAM) or other relevant IAM/security
certification. Proven expertise in implementing and securing IAM
solutions in cloud environments such as AWS, Azure, and Entra ID.
Knowledge in GCP would be a nice to have. In-depth knowledge of IAM
security best practices, identity governance, and access management
policies. Hands-on experience in conducting security risk
assessments and threat modeling for IAM systems. Demonstrated
experience in establishing least privilege access and implementing
Just-in-Time (JIT) access controls across cloud and on-premises
environments. Expertise in implementing and managing a Zero Trust
security posture for IAM, with hands-on experience in identity
validation, continuous authentication, and risk-based access
controls. Strong expertise with IAM platforms such as Microsoft
Entra ID (Azure AD), AWS IAM, Azure Active Directory. Experience
with cloud security, integrating IAM systems with AWS, Azure, and
hybrid environments. Strong understanding of IAM security controls,
including role-based access control (RBAC), attribute-based access
control (ABAC), policy enforcement, and Just-in-Time (JIT)
provisioning. Experience in implementing and managing SSO and MFA,
with expertise in modern authentication protocols such as OAuth
2.0, OpenID Connect, and SAML. Experience in architecting and
operating CIAM solutions at enterprise scale (customer-facing
portals, mobile apps, APIs). Pay Range: $148,600.00 - $198,200.00
Annually This hiring range is a reasonable estimate of the base pay
range for this position at the time of posting. Pay is based on a
number of factors which may include job-related knowledge, skills,
experience, business requirements and geographic location. Note
that the following statements only apply to candidates who will be
working from an unincorporated area within Los Angeles County.
First American will consider for employment all qualified
applicants, including those with arrest or conviction records, in a
manner consistent with the requirements of applicable state and
local laws (e.g., the Los Angeles County Fair Chance Ordinance for
Employers and the California Fair Chance Act). First American
intends to conduct a review of an applicant’s criminal history in
connection with a conditional offer. First American reasonably
believes that a criminal history may have a direct, adverse and
negative relationship with the following material job duties for
this position potentially resulting in the withdrawal of the
conditional offer of employment: handling of confidential,
proprietary or trade secret information belonging to First American
or its customers, administrating or facilitating financial
transactions, and the ability to meet customer-imposed criminal
history requirements. What We Offer By choice, we don’t simply
accept individuality – we embrace it, we support it, and we thrive
on it! Our People First Culture celebrates diversity, equity and
inclusion not simply because it’s the right thing to do, but also
because it’s the key to our success. We are proud to foster an
authentic and inclusive workplace For All. You are free and
encouraged to bring your entire, unique self to work. First
American is an equal opportunity employer in every sense of the
term. Based on eligibility, First American offers a comprehensive
benefits package including medical, dental, vision, 401k, PTO/paid
sick leave and other great benefits like an employee stock purchase
plan.
Keywords: First American, Lancaster , Senior Information Security Architect - Cloud IAM, IT / Software / Systems , Santa Ana, California
