Identity Security Architect

Southern Company, a major U.S. energy firm, is seeking an experienced Identity Security Architect to design creative identity solutions and reduce risk. This is a primarily on-site role with 4 days per week in-office presence expected. This role will have responsibility for setting the strategic direction for identity security specifically across our various cloud tenants and in support of the company’s desire for agentic transformation. It will directly support the company’s efforts to mitigate real and potential cyber threats to the company’s facilities, personnel, technology, operations, and brand – including critical electric and gas utility infrastructure and its privately owned telecommunications network. Although the position is cloud centric there is expected to be heavy involvement with the design and security of agents and agentic use cases. There is likely future engagement with on‑prem applications as well, as legacy datastores are set for modernization and ingestion into large language models. Applicants should be well rounded in their understanding of different security disciplines such as networking, endpoint, data, cloud, application security, monitoring and, of course, identity. They should be able to align execution with an overall strategy to increase identity maturity, anticipate future requirements for complex hybrid and multi‑cloud environments, and drive identity initiatives via influence and relationships. Job Responsibilities Set strategic direction for agentic, AI, and workload identity security across the organization and advise leadership on emerging identity risks and opportunities. Define and evolve Southern Company’s agentic identity architecture, including non‑human identities (AI agents, service principals, workloads, automation, MCP servers). Collaborate with engineering and security teams to integrate SPIFFE/SPIRE‑based identity mechanisms, ensuring scalable, robust, and policy‑driven workload authentication and authorization. Serve as a trusted advisor by designing secure, scalable identity and authorization patterns that enable AI‑driven business capabilities. Align forward‑looking identity strategy with business goals across multi‑cloud, SaaS, and AI platforms. Establish identity guardrails for autonomous agents, including least privilege, intent‑bounded access, and lifecycle governance. Engage third‑party experts for architecture reviews, AI risk assessments, and emerging best practices. Influence adoption through a product‑ and enablement‑oriented approach to identity services, patterns, and platforms. Monitor and prepare for regulatory, ethical, and security impacts of AI‑driven and autonomous systems. Contribute to standards, policies, and reference architectures for human, non‑human, and agentic identity. Improve processes supporting automation, ephemerial access, workload trust, and identity observability. Lead cross‑functional initiatives involving security, AI, cloud, and engineering teams. Mentor and educate teams on modern identity, zero trust, and agent safety principles. Qualifications Required 3+ years designing or operating cloud identity architectures across multiple providers (Azure/Entra, AWS IAM, GCP IAM, SaaS). Experience building or contributing to an identity security program, including governance and standards. Strong understanding of non‑human identities: service accounts, workloads, APIs, automation, and AI agents. Hands on experience with OAuth 2.0, OIDC, token lifecycles, certificates, and trust boundaries. Understanding of authorization models beyond RBAC (claims based, policy based, attribute based). Familiarity with AI / agent execution models, delegated authority, and identity risks introduced by autonomy. Ability to translate security requirements into developer friendly architectures and patterns. Strong communication skills to position identity as a business and platform enabler. Ability to lead initiatives from concept through delivery with minimal oversight. Must pass Insider Threat Program background checks. Experience securing AI platforms, LLM integrations, or agent frameworks. Familiarity with Model Context Protocol (MCP), agent to tool authentication, or workload mediation patterns. Experience with API security, token introspection, and fine‑grained authorization. Knowledge of Zero Trust Architecture, NIST, OWASP, and cloud security frameworks. Security certifications (CISSP, CCSP, CISA, GIAC, CRISC, etc.). Awareness of nation state, supply chain, and AI enabled threat models. Interest in applying agentic and AI security concepts to critical infrastructure and energy systems. This position falls under the company’s Insider Threat Program and will have access to, and control over sensitive data, systems or assets. Enhanced personnel screening, which includes a background review, drug screen and psychological assessment, will be required if you are selected for this position. Southern Company invests in the well‑being of its employees and their families through a comprehensive total rewards strategy that includes competitive base salary, annual incentive awards for eligible employees and health, welfare and retirement benefits designed to support physical, financial, and emotional/social well‑being. This position may also be eligible for additional compensation, such as an incentive program, with the amount of any bonus/awards subject to the terms and conditions of the applicable incentive plan(s). A summary of the benefits offered for this position can be found here . Additional and specific details about total compensation and benefits will also be provided during the hiring process. Southern Company is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression or any other basis prohibited by law. Job Info Job Identification 19126 Job Category Cybersecurity Posting Date 05/18/2026, 09:55 PM Locations Alabama Power Corp HQ Georgia Power Corp HQ #J-18808-Ljbffr Southern Company