Solution Architect - IAM

Company Description

About us:

Passion for food. Hunger for tech. We make METRO digital.

Today technology is driving the world. And at METRO.digital we are driving the technology for one of the leading international wholesalers specializing in food - METRO. From e-commerce to checkout, to delivery software, we work on a wide range of products to make each day a success for our customers and colleagues. With passion and ownership, we build the future of wholesale.

You are driving to create smart solutions for customers around the globe? You want to grow in a flexible environment? Let the right career opportunity find you and join us!

Job Description

Solution Architect – Microsoft Entra ID, Active Directory & CyberArk PAM

Role Summary

We are seeking an experienced Solution Architect to define and drive the identity and privileged access management (PAM) architecture across a hybrid Microsoft Entra ID and On‑Prem Active Directory environment, with deep expertise in CyberArk PAM solutions.

This role owns the end‑to‑end design, integration, and governance of identity and privileged access controls, ensuring alignment with enterprise IAM strategy, Zero Trust principles, and regulatory requirements. The architect will work closely with IAM engineers, security teams, infrastructure, application owners, and DevOps teams to deliver secure, scalable, and compliant solutions.

Key Responsibilities

Identity & Access Architecture (Entra ID & Active Directory)

Define and own the hybrid identity architecture across Microsoft Entra ID and On‑Prem Active Directory

Design secure authentication and authorization models:

Conditional Access

MFA and authentication strengths

Passwordless authentication (FIDO2, Windows Hello for Business)

Define hybrid identity patterns including Entra Connect and authentication models

Establish identity standards and guardrails aligned with Zero Trust architecture

Privileged Access Management (CyberArk)

Define and drive Privileged Access Management (PAM) architecture using CyberArk, aligned with the enterprise IAM strategy

Lead the design and implementation of privileged access controls across:

Servers

Endpoints

Databases

Applications

Integrate PAM with Access Management capabilities:

SSO

MFA

Microsoft Entra ID

Integrate CyberArk with the broader enterprise security ecosystem, including:

SIEM platforms

ITSM tools

Define and enforce least privilege and Zero Trust principles across infrastructure and endpoints

Drive secrets management strategy for applications using:

CyberArk Conjur

CyberArk CCP

Collaborate with application, infrastructure, and DevOps teams to enable secure credential management and automation

Provide architectural guidance for CyberArk EPM‑based endpoint privilege control

Solution Design & Integration

Design secure integrations between:

Entra ID

Active Directory

CyberArk PAM platforms

On‑prem, cloud, and SaaS applications

Define application onboarding patterns:

SSO and federation

Privileged access flows

Secrets consumption models

Ensure solutions are scalable, resilient, and auditable

Architecture, Strategy & Governance

Define the PAM roadmap and maturity model, aligned with IAM and enterprise security strategy

Establish standards for:

Privileged account onboarding

Password rotation

Session recording and monitoring

Drive risk reduction initiatives, including:

Removal of standing administrative access

Credential hardening

Ensure audit readiness and compliance for privileged access:

SOX

ISO

GDPR

Participate in threat modeling, security reviews, and risk assessments

Leadership & Collaboration

Act as the design authority for identity and PAM solutions

Partner with:

IAM and PAM engineering teams

Security architecture

Cloud and infrastructure teams

Application owners

Review and approve technical designs and implementations

Provide architectural guidance and mentorship to senior engineers

Required Skills & Expertise

CyberArk & PAM

Strong expertise in CyberArk PAS, EPM, CCP, and Conjur

Deep understanding of privileged access risks, controls, and governance models

Hands‑on experience designing and integrating PAM solutions at enterprise scale

Microsoft Identity

Microsoft Entra ID (P2)

Conditional Access and Identity Protection

Privileged Identity Management (PIM)

Entra Connect and hybrid authentication

Active Directory security and tiered admin models

Operating Systems & Platforms

Strong knowledge of:

Windows privilege models

Unix/Linux privilege models

Active Directory security concepts

Automation & Integration

Hands‑on experience with automation and integration using:

REST APIs

PowerShell

Python

Experience integrating PAM into CI/CD and automated workflows

Security & Architecture

Zero Trust architecture

Least privilege enforcement

Identity‑based and privileged access attack techniques and mitigations

Nice to Have

Exposure to cloud PAM use cases across:

Azure

AWS

GCP

Experience with DevOps and cloud‑native environments

CyberArk certifications:

Sentry

CDE

Microsoft security certifications (SC‑300, AZ‑500)

CISSP or equivalent

Qualifications

Graduation OR Post Graduation