Digital Workplace and Identity Architect

Key duties and responsibilities

• Design scalable, API-led architectures using REST, GraphQL, middleware, microservices and event-driven patterns.
• Design and develop comprehensive digital workplace architectures that align with the organization's strategic goals and objectives.
• Lead the evaluation, selection, and implementation of digital workplace tools, including collaboration platforms, communication tools, and productivity applications.
• AI Integration: Leveraging AI and machine learning to enhance identity verification and fraud detection.
• Behavioural Analytics: Using behavioural analytics to identify and respond to unusual access patterns.
• Zero Trust Principles: Implementing Zero Trust principles to ensure secure access to resources regardless of the location of the user.
• Produce high-quality HLA and HLD documentation and oversee adherence throughout project delivery.
• Work closely with product owners, engineering leads and vendors to define architectural runway for digital and commercial products.
• Facilitate vendor selection, RFP responses, and total cost of ownership (TCO) analysis for new digital and commercial technologies.
• Advocate and embed privacy-by-design, security-by-design and AI-by-design principles.
• Provide architectural guidance to delivery teams and act as Technical Design Authority (TDA) for commercial solutions.
• Contribute to maturity assessments and future-state models for [Employer hidden — view at passion-project.co.uk]’ s digital and commercial technology landscape.

Skills & experience

• Understanding IAM Principles: Knowledge of fundamental IAM concepts such as authentication, authorization, user provisioning, and de-provisioning is crucial.
• Implementation of IAM Solutions: Proficiency in implementing IAM solutions using tools like Okta, Microsoft Azure AD, Azure B2C and SailPoint.
• Implementation of Privilege Access Management Solutions: Proficiency in implementing PAM solutions using tools like Okta, Microsoft Azure AD, Delinea, Salesforce or Omada
• Expertise in Directory Services: Experience with directory services like Active Directory, Active Directory Federation Services, Entra AD, Azure B2C and LDAP, including their integration and management.
• Schema Management: Ability to design and manage directory schema to support business requirements.
• Role Based Access: Knowledge of fundamental Role Based Access concepts and best practices is crucial.
• MS Exchange: Proficiency in Microsoft Exchange and Exchange online on hybrid environments.
• Transactional email: Knowledge of transactional email concepts and platforms like Postfix, Postmark and Mailchimp.
• Teams Voice and Collaboration: Knowledge of Office 365 services such as Copilot, SharePoint, OneDrive, Teams services and endpoint devices, Teams voice services, protocols and hybrid infrastructure architecture.
• Familiarity with Security Protocols: Knowledge of protocols like SAML, OAuth, OpenID Connect, LDAP, DMARC, DKIM, SPF and RADIUS is essential for securing communications.
• Private Key Infrastructure: Knowledge of Microsoft PKI services both on premise and on Azure Cloud.
• Compliance and Standards: Understanding of industry standards and compliance requirements such as GDPR, HIPAA, and NIST.
• Knowledge of MECM: Proficiency in SCCM and Intune service deployments and integrations such as Patch My PC.
• Mobile Device Management: Knowledge mobile device management tools such as Microsoft Intune, Apple Business Manager or MaaS360.
• Programming Languages: Proficiency in languages such as Java, Python, and C# for developing customized identity solutions.
• Scripting Skills: Knowledge of scripting for automation and integration, using tools like PowerShell and Batch.
• Enterprise Mobility: Knowledge of mobile device management (MDM) and enterprise mobility management (EMM) solutions.
• Networking: Understanding of network architecture, including VPNs, firewalls, SIP and LAN/WAN configurations.
• Cybersecurity: Familiarity with cybersecurity principles and tools, such as endpoint security, identity and access management (IAM), privilege access management and data protection.
• Virtualization and VDI: Experience with virtualization technologies and virtual desktop infrastructure (VDI) solutions, such as Azure Virtual Desktop, AWS Workspaces, VMware and Citrix.
• Automation and Scripting: Ability to write scripts and automate tasks using PowerShell, Python, or similar languages.
• Knowledge of ServiceNow for customer service, case management and workflow automation.
• Deep understanding of APIs, GraphQL, microservices, middleware, ESB patterns (Azure Integration Services preferred).
• Experienced in creating HLAs and HLDs to a very high standard, operating independently and proactively.
• Strong communication skills working with PMs, BAs, engineering teams, C-suite, and business leaders globally.
• Experience with enterprise cloud platforms such as Azure, AWS or GCP.

Technical competencies

• Architecture modelling (C4, ArchiMate or equivalent).
• Understanding of DevOps practices, CI/CD, cloud hosting models and containerisation.
• Good understanding of web technologies, headless architecture, Jamstack, React, Next.js, or similar.
• Familiarity with enterprise data governance, privacy, security controls and compliance frameworks.
• Understanding of SDLC methodologies: agile, SAFe, waterfall, DevOps.