Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Senior Principal/Architect (Identity & Security)

$225k - $304k

West Monroe

Are you ready to make an impact?

Senior Principal/Architect (Identity & Security) 

Overview

West Monroe is seeking a Senior Principal/Architect (Identity & Security) to lead cross-functional teams in the design, remediation, and modernization of complex identity and cloud infrastructure solutions. This role focuses on securing and transforming critical IT environments for a diverse portfolio of clients, helping them navigate complex Active Directory modernizations, cloud identity migrations, and security hardening initiatives. This opportunity provides technical leadership in transforming complex IT environments across key industry verticals, including Healthcare, Financial Services, Private Equity, and High Tech. While the scope spans hybrid and cloud identity, the work is particularly grounded in Active Directory as a core Tier 0 platform, with strong Microsoft Entra ID expertise to design and operate modern hybrid identity patterns. 

Responsibilities

  • Partner with consultants and client leadership to  architect, build, and deploy secure and modern Active Directory and Microsoft Entra ID solutions. 

  • Assess current-state identity environments and processes, interview stakeholders, define critical requirements, and present practical solution strategies and roadmaps to client executives. 

  • Lead the technical design of future-state Active Directory (AD DS) and Entra ID architectures, including privileged access management (PAM) design, tiered administrative access models (e.g., Microsoft’s Enterprise Access Model (EAM)), and identity consolidation strategies. 

  • Establish and enforce identity architecture standards, best practices, and governance to deliver secure, compliant, and consistent solutions aligned with industry benchmarks (e.g., CIS and** Microsoft baselines)**. 

  • Lead security assessment and remediation planning, including  consolidating findings from tools (e.g., Purple Knight, Maester, CIS Benchmark-based configuration assessments (e.g., CIS-CAT)) to create and manage prioritized, risk-based remediation backlogs. 

  • Provide  expert technical oversight for security remediation initiatives, such as hardening domain controllers, remediating privileged access, resolving Entra Connect sync issues, and restricting legacy protocols. 

  • Develop detailed implementation plans, migration strategies, and  remediation backlogs (e.g., in Smartsheet or similar project management tools) for AD restructuring, AD consolidation, identity synchronization, and legacy decommissioning. 

  • Establish and manage engagement-level  governance, quality, and risk , including defining quantitative success criteria, RACI, and clear communications to both technical and executive stakeholders. 

  • Support key decision-making on project direction, including technology selections, team workstreams, and delivery methodologies. 

  • Mentor junior consultants on technical best practices, solution design, and client engagement. 

  • Assist business development efforts through proposals, pre-sales technical discovery, and client presentations. 

Qualifications

  • Bachelor’s degree in a relevant field preferred, or equivalent experience required. 

  • Prior experience in consulting preferred. 

  • 8–12+ years of experience in IT architecture, engineering, and/or security with a deep focus on identity solutions. 

  • Expert-level knowledge of  Active Directory Domain Services (AD DS)design, security, and administration, including: domain/forest architecture,  sites/replication, DNS, Group Policy (GPO) management, DC virtualization safeguards, and forest recovery principles. 

  • Strong experience with  Microsoft Entra ID (formerly Azure AD), including Entra Connect, Conditional Access, modern authentication methods, and Privileged Identity Management (PIM). 

  • Proven experience leading identity migrations (including on-premises to cloud, cross-forest restructurings, and Tenant-to-Tenant (cross-tenant) consolidations), AD remediations, and/or consolidation projects. 

  • Experience designing and implementing hybrid authentication patterns between AD DS and Microsoft Entra ID, including pass-through authentication (PTA), Seamless SSO, Cloud Kerberos Trust, and phishing-resistant authentication methods. 

  • Proficiency in designing and implementing enterprise  Privileged Access Management (PAM)solutions (including typical platforms like CyberArk, Delinea, or similar) and  tiered administrative access models (e.g., Tier 0/1/2, Microsoft’s Enterprise Access Model (EAM)). 

  • Hands-on experience with Active Directory and Microsoft Entra ID security assessment and testing tools (e.g., Purple Knight, PingCastle, Maester, Microsoft Defender for Identity or similar AD threat detection platforms) and hardening methodologies (e.g., CIS Benchmarks and Microsoft security baselines). 

  • Proficiency with AD security hardening techniques such as KRBTGT password rotations, restricting NTLM, Group Policy object (GPO) cleanup, Local Administrator Password Solution (LAPS), implementing resource-based Kerberos constrained delegation (RBKCD), and configuring LDAP signing. 

  • Familiarity with migration and directory protection tools (e.g., Quest On-Demand Migration) and identity-driven application dependencies. 

  • Strong communication (written and verbal), presentation, client management, and team leadership skills. 

  • Willingness to travel for out-of-town client engagements. 

  • Bonus skills:

  • Familiarity with compliance standards (e.g., NIST, HIPAA, ISO). 

  • Advanced scripting for automation and analysis (e.g.,  PowerShell ). 

  • Knowledge of  Infrastructure as Code (Terraform)and  DevSecOps practices. 

  • Familiarity with application dependency and network flow mapping tools (e.g., Device42, Faddom) used to discover AD-integrated application dependencies and support migration planning or microsegmentation boundaries. 

  • Familiarity with Active Directory resilience and recovery tooling (e.g., Semperis, ADEngine) is a plus. 

  • Experience migrating from on-premises Active Directory Certificate Services (AD CS) to cloud-native PKI solutions is a plus. 

  • Familiarity with enterprise  Identity Governance and Administration (IGA)platforms (e.g., SailPoint, Saviynt) to manage and improve periodic access certifications (e.g., moving from spreadsheets to a tool) and run detective Segregation of Duties (SoD) reports. 

  • Experience  automating identity lifecycles by replacing nightly batch files from a Human Resources Information System (HRIS) with Application Programming Interface (API)-driven syncs or establishing governance for non-employee/contractor identities. 

  • Understanding of System for Cross-domain Identity Management** (SCIM)** or API-based provisioning to automate Joiner-Mover-Leaver (JML) workflows for  Software as a Service (SaaS)apps, expanding beyond just core directories and email. 

  • Experience with Tier-0 threat monitoring and detection strategies, including security event logging and SIEM integration with Active Directory and other Tier 0 assets. 

  • Professional certifications (e.g., Microsoft Identity/SC series, CISSP, CyberArk/Delinea). 

  • Occasional exposure to CIAM platforms (e.g., Microsoft Entra External ID, Okta, Auth0) and associated migration/implementation patterns is a plus but not a core requirement. 

What to Expect

  • A collaborative, flexible, and outcomes-driven consulting environment. 

  • A culture that values inclusion, diverse perspectives, and teamwork. 

  • A business-focused and industry-specific approach to deploying technology that helps clients tackle their most significant challenges and deliver tangible results, free from rigid hierarchies. 

  • While the role spans a broad range of identity technologies and tools,  no candidate is expected to be an expert in every item listed . We are seeking deep strength in Tier-0 Active Directory security and modernization, paired with strong Microsoft Entra ID knowledge and the curiosity to rapidly master adjacent areas. 

Ready to get started? Join the team and make an impact. 

Based on pay transparency guidelines, the salary range for this role can vary based on your proximity to one of our West Monroe offices (see table below). Information on our competitive total rewards package, including our bonus structure and benefits is  here . Individual salaries are determined by evaluating a variety of factors including geography, experience, skills, education, and internal equity.

Employees (and their families) are covered by medical, dental, vision, and basic life insurance. Employees are able to enroll in our company’s 401k plan, purchase shares from our employee stock ownership program and be eligible to receive annual bonuses. Employees will also receive unlimited flexible time off and ten paid holidays throughout the calendar year. Eligibility for ten weeks of paid parental leave will also be available upon hire date. 

Seattle or Washington, D.C.

$236,300—$277,700 USD

Los Angeles

$247,500—$291,000 USD

New York City or San Francisco

$258,800—$304,200 USD

A location not listed above

$225,000—$264,500 USD

Other consultancies talk at you.

At West Monroe, we work with you.

We’re a global business and technology consulting firm passionate about creating measurable value for our clients, delivering real-world solutions.

The combination of business and technology is not new, but how we bring them together is unique. We’re fluent in both. We know that technology alone is not the answer, but how we apply it is. We rely on data to constantly adapt and solve new challenges. Actions that work today with outcomes that generate value for years to come.

At West Monroe, we zero in on the heart of the opportunity, getting to results faster and preparing people for what’s next.

You’ll feel the difference in how we work. We show up personally. We’re right there in the room with you, co-creating through the challenges. With West Monroe, collaboration isn’t a lofty promise, but a daily action. We work together with you to turn vision into clear action with lasting impact.

West Monroe **   ****is an Equal Employment Opportunity Employer **  
We believe in treating each employee and applicant for employment fairly and with dignity. We base our employment decisions on merit, experience, and potential, without regard to race, color, national origin, sex, sexual orientation, gender identity, marital status, age, religion, disability, veteran status, or any other characteristic prohibited by federal, state or local law. To learn more about diversity, equity and inclusion at West Monroe, visit  . If you require a reasonable accommodation to participate in our recruiting process, please inquire by sending an email to View email address on swooped.co .

Please review our current policy regarding use of generative artificial intelligence during the application process .

If you are based in California, we encourage you to read West Monroe’s Notice at Collection for California residents, provided pursuant to the California Consumer Privacy Act (CCPA) and linked  here .  

Vacancy posted more than 2 months ago
Similar jobs that could be interesting for youBased on the Senior Principal/Architect (Identity & Security) in San Francisco, CA vacancy
  •  ...operations worldwide.The Information Systems Security Engineer is responsible for conducting...  ...through purposeful security architecting. The ISSE will work as an integral part...  ...religion, sex, sexual orientation, gender identity, national origin/ethnicity, age, physical... 
    Principal
    Senior
    Permanent employment
    Temporary work
    Local area
    Worldwide

    Blue Origin LLC

    San Francisco, CA
    2 days ago
  • Anchorage Lending CA, LLC is seeking a seasoned backend engineer to enhance our digital asset platform. With a focus on robust security and innovative solutions, you will collaborate with teams to build high quality software for our Atlas business while ensuring efficient... 
    Senior

    Anchorage Lending CA, LLC

    San Francisco, CA
    1 day ago
  • C1 is seeking a Senior Product Marketing Manager to define how the market perceives its AI-native identity security solutions. You will lead product launches, enhance positioning, and empower sales teams with effective narratives. The ideal candidate needs a strong background... 
    Senior

    C-1 Inc

    San Francisco, CA
    17 hours ago
  • A leading identity security platform provider in San Francisco is seeking a Product Manager to define success metrics and collaborate with various teams. An ideal candidate thrives in fast-paced environments, focuses on customer success, and is aligned with the company'... 
    Senior

    C1

    San Francisco, CA
    1 day ago
  • $170k - $277k

     ...facing our everyday lives that are only enabled by a secure digital environment. Job Summary As a Principal Software Engineer within the Engineering team, you...  ..., color, family or medical care leave, gender identity or expression, genetic information, marital status... 
    Principal
    Senior
    Full time
    Work at office

    Palo Alto Networks

    San Francisco, CA
    3 days ago
  • $181.1k - $318.4k

     ...by millions of Apple customers!As a Senior Wireless MAC Standards Architect, you will be at the forefront of...  ...saving, low latency, coexistence, security, and privacy. Experience with modeling...  ..., sex, sexual orientation, gender identity, national origin, disability,... 
    Senior
    Relocation

    Apple

    San Francisco, CA
    4 days ago
  • $200k - $300k

     ...Description Who we're looking for The Senior Platform Architect (PA) is responsible for all technical...  ...design). Enterprise Architecture & Security: Deep understanding of SaaS platforms...  ...national origin, age, sex, gender, gender identity, gender expression, sexual... 
    Senior

    Ultimate LLC

    San Francisco, CA
    3 days ago
  • $140k - $160k

     ...an accommodation or an alternative application process. Senior Associate Registered Architect - AEC Consulting 6 days ago Requisition ID: 1297 Salary...  ...basis of race, color, sex, sexual orientation, gender identity, religion, national origin, age, military status, disability... 
    Senior
    Contract work
    Work at office
    Local area
    Work from home

    Marx Okubo

    San Francisco, CA
    8 hours ago
  • $217k - $298k

     ...Secure Every Identity, from AI to Human Identity is the key to unlocking the potential of AI...  ...non-human, agentic workflows. The Principal Product Manager Opportunity We are...  ...Hardware-Bound Session Security: Architecting Okta’s defense against session cookie... 
    Principal
    Local area
    Worldwide
    Flexible hours
    Shift work

    Okta

    San Francisco, CA
    19 days ago
  • $110k - $145k

     ...Beach What You'll Do Growth Architects are responsible for...  ...Context Protocol (MCP) and how to securely expose APIs and databases to...  ...Architect: $110,000 - $145,000 USD. Senior Growth Architect: $190,000...  ..., sexual orientation, gender identity / expression, national origin... 
    Senior
    Work at office
    Local area
    Home office

    BCG X

    San Francisco, CA
    4 days ago
  • A cybersecurity firm is seeking a specialist to work on cryptographic foundations to secure identity and sensitive data. You will engage in designing identity and access systems, building credentialing and key management infrastructure, and evaluating systems for vulnerabilities... 

    MEM

    San Francisco, CA
    2 days ago
  • A leading cryptographic firm in San Francisco is seeking an individual to work on cryptographic foundations that ensure secure identity management and authority delegation. The successful candidate will design mechanisms for accessing data while safeguarding it against... 

    Mem Protocol

    San Francisco, CA
    4 days ago
  • $190k - $250k

     ...days / week). Your Role As a Product Manager for Enterprise Foundations, you will own the core capabilities that power trust, security, identity, permissions, insights, and foundational UI components across Zip. You will define and deliver platform-level features that... 
    Principal
    Senior
    Work at office
    Home office
    Flexible hours
    3 days per week

    ZipHQ, Inc.

    San Francisco, CA
    4 days ago
  •  ...crypto wallet company is seeking a skilled professional to lead the core authentication infrastructure. You will design and implement security features, reducing account takeover risks and empowering product teams. Ideal candidates should have 7+ years of experience in... 
    Senior
    Remote job

    P2P

    San Francisco, CA
    4 days ago
  •  ...Senior Director, Principal Gifts About the Company Philanthropic organization supporting Indigenous culture & individuals Industry...  ...years' of progressive fundraising experience, with a focus on securing major or principal gifts. Strong communication skills,... 
    Principal
    Senior

    Confidential

    San Francisco, CA
    4 days ago
  • Asana is seeking an AI Prompt & Workflow Designer to lead the design and implementation of AI-driven workflows within their customer support strategies. This role includes creating chatbots, optimizing workflow performance, and working closely with various teams to integrate...
    Senior
    Work at office

    Asana

    San Francisco, CA
    17 hours ago
  •  ...day. We turn ideas into reality. We are Secure, Responsible AI & Data Protection professionals...  ..., and operate as trusted advisors to senior client stakeholders. Each Senior Manager...  ...status, sexual orientation, gender identity or expression, genetic information, marital... 
    Senior
    Work experience placement
    Live in
    Work at office
    Local area

    Accenture

    San Francisco, CA
    1 day ago
  •  ...for the role of a Product Architect (Sr PE/PE level). This is...  ...engineering time lost to security, access, and compliance...  ...For We are hiring across Principal (L7 equivalent) and Senior Principal (L8 equivalent)...  ...security domains such as identity, access control, key management... 

    Stealth AI startup

    San Francisco, CA
    5 days ago
  •  ...Technology function. This role involves a hybrid work arrangement, with four days per week in the office. The IT Manager will oversee identity management, helpdesk operations, and vendor relationships while also supervising a team of engineers. The ideal candidate will... 
    Work at office

    Altruist

    San Francisco, CA
    2 days ago
  • $210k - $256.67k

    Senior Principal - Consumer Products, Retail and Logistics Infosys Consulting is seeking a Senior...  ..., analyze deal probabilities, and secure approvals to close deals in a timely manner...  ...regard to race, color, sex, gender identity, sexual orientation, religious practices... 
    Principal
    Senior
    Contract work
    Temporary work

    Infosys Limited

    San Francisco, CA
    1 day ago
  •  ...building our Silicon Valley engineering team - a small, senior group focused on next-generation AI research and product...  ...+ years in AI/ML engineering with at least 2 years in a principal engineer or lead architect role. • Demonstrated history of building original AI systems... 
    Principal
    Work at office
    Visa sponsorship

    HOP

    San Francisco, CA
    4 days ago
  • CA For The Arts in San Francisco is looking for a Principal Gifts Officer, a vital role for managing top donors capable of significant contributions. This individual will handle a portfolio of 75-100 major gift prospects, building relationships and executing solicitations... 
    Principal
    Senior

    CA For The Arts

    San Francisco, CA
    3 days ago
  • $186k - $233k

    Revolution Medicines is seeking an experienced Statistical Programmer with over 14 years in oncology trials. The role entails leading studies, collaborating with teams, and overseeing programming support for regulatory submissions in a dynamic environment. This opportunity...
    Principal
    Senior

    Revolution Medicines

    San Francisco, CA
    23 days ago
  • Airbnb, Inc. is seeking a Senior Principal in Marketing Strategic Finance & Analytics to lead financial strategy and analytics across marketing. This role involves budget management, KPI setting, and providing analytical insights to drive growth. Ideal candidates will... 
    Principal
    Senior

    airbnb, Inc.

    San Francisco, CA
    4 days ago
  • $130k - $157k

    ADL (Anti-Defamation League) seeks a Principal Gifts Officer in San Francisco to cultivate high-value donor relationships and maximize fundraising...  ...thinking and the ability to work collaboratively with senior leadership and program teams. With a focus on gifts of $500,000... 
    Principal
    Senior

    ADL (Anti-Defamation League)

    San Francisco, CA
    17 hours ago
  • VC Stack in San Francisco is looking for a Principal-level investor to lead investment efforts and manage a team. This role requires at least 7 years of experience in venture capital, a proven track record of successful investments, and strong fundraising abilities. You... 
    Principal
    Senior

    VC Stack

    San Francisco, CA
    4 days ago
  • A disruptive startup advancing banking systems in San Francisco is seeking a talented Backend Engineer. The ideal candidate will have 6+ years of software development experience and strong skills in Go or Java. Responsibilities include developing reliable backend systems...
    Senior

    CASAP

    San Francisco, CA
    3 days ago
  • $180k - $215k

    VC Stack is seeking a Senior Investment Principal in San Francisco to manage client portfolios and drive business development. The role requires 12+ years of experience in professional services, exceptional problem-solving skills, and the ability to lead and mentor junior... 
    Principal
    Senior

    VC Stack

    San Francisco, CA
    4 days ago
  • $210k - $256.67k

    Infosys Limited is looking for a Senior Principal Consultant specializing in Consumer Products, Retail, and Logistics in San Francisco, California. This role requires 11 years of management consulting experience and a Bachelor's Degree, with expertise in business strategy... 
    Principal
    Senior

    Infosys Limited

    San Francisco, CA
    1 day ago
  • Genentech is seeking a highly motivated Senior Scientist or Principal Scientist in San Francisco to join their Synthetic Molecule Analytical Chemistry group. The role focuses on solving complex analytical challenges while working collaboratively across teams. Successful... 
    Principal
    Senior
    Relocation

    Genentech

    San Francisco, CA
    1 day ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Senior Principal/Architect (Identity & Security). Be the first to apply!