Job Description

Work Schedule

Standard Office Hours (40/wk)

Environmental Conditions

Office

We are seeking a seasoned

IAM Architect

with deep expertise in

on-premises Windows Active Directory

and enterprise authentication systems. This role will drive the design, integration, and strategic direction of Directory Services and IAM solutions across the organization, ensuring secure and resilient access to critical systems.


The ideal candidate has hands-on experience architecting and managing

Windows-based identity platforms

, along with a good grasp of security principles, authentication protocols, and identity governance. This position plays a key role in shaping our hybrid IAM landscape while modernizing legacy infrastructure.

###

Key Responsibilities

Lead the architecture and roadmap for

Active Directory

, directory services, and enterprise authentication platforms. Design and guide the implementation of

secure LDAP, SSO

, and

federation

across internal and external systems. Drive adoption of

multi-factor authentication (MFA)

and

password-less authentication

strategies across enterprise environments. Ensure IAM solutions align with

enterprise security policies

, regulatory standards, and architectural governance. Collaborate closely with teams in

cybersecurity, infrastructure, and application development

to embed IAM controls and capabilities. Evaluate tools and vendors for directory services, identity provisioning, and access management. Define technical standards, patterns, and operational procedures for IAM services. Partner with customers across the business to communicate IAM strategy and promote identity maturity.
###

Qualifications

Bachelor's or Master's degree

in Computer Science, Information Systems, or a related field.

10+ years of IT experience

, including

5+ years of hands-on experience with on-premises Active Directory design, management, and security

. Expert knowledge of

Group Policy, Kerberos, NTLM, DFS, Sites and Services, domain trusts

, and

AD replication

. Deep understanding of

LDAP, secure LDAP (LDAPS), SAML, Kerberos

, and

SSO

integrations. Experience working in hybrid identity environments (on-prem AD + Azure AD / ADFS integration). Solid understanding of IAM architecture, authentication flows, and enterprise identity lifecycle management. Excellent troubleshooting, documentation, and customer communication skills.

Preferred certifications

:

+

Microsoft Certified: Identity and Access Administrator Associate (SC-300)

+

Microsoft Certified: Windows Server Hybrid Administrator Associate

+

Microsoft Certified Solutions Expert (MCSE): Core Infrastructure

(legacy but valuable)

###

What We Offer

A chance to define and lead the

core identity infrastructure

of a global enterprise. Work on challenging problems in

enterprise AD, authentication, and access governance

. Competitive compensation, flexible work options, and professional development support.

Thermo Fisher Scientific is an EEO/Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status.