Software Architect (Azure)

Undelucram.ro on behalf of:EPAM RomaniaEPAM is a leading global provider of digital platform engineering and development services. We are committed to having a positive impact on our customers, our employees, and our communities. We embrace a dynamic and inclusive culture. Here you will collaborate with multi-national teams, contribute to a myriad of innovative projects that deliver the most creative and cutting-edge solutions, and have an opportunity to continuously learn and grow. No matter where you are located, you will join a dedicated, creative, and diverse community that will help you discover your fullest potential.We are seeking a Software Architect with expertise in systems architecture to lead Azure-based identity and access management solutions.You will focus on migrating authentication from on-premises Active Directory to Microsoft Entra ID and strengthen your knowledge in Identity Governance and Administration tools such as SailPoint. This role offers the opportunity to influence architectural strategies and collaborate with diverse teams to secure and optimize access management across applications. Join us to shape the future of IAM architecture in the BeSEE region and drive innovation in cloud security.ResponsibilitiesOwn and maintain the Azure architectural vision and roadmap for the BeSEE region aligned with global IAM strategiesDefine target architecture and principles for Microsoft Entra ID, IGA, PAM, and access provisioningProvide architectural leadership across workstreams ensuring technical consistency in IAM designs and implementationsDesign solutions to replace legacy custom authorization mechanisms including those based on IGA Identity Service and replicated IGA database tablesDevelop migration strategies for applications managed through custom IGA profilesPropose and implement secure and compliant solutions for managing generic accounts across applicationsPerform technical inventory and mapping of legacy custom IGA components such as APIs, sync jobs, role logic, web services, and database jobsTranslate legacy entitlement logic into sustainable IGA constructs using SailPoint workflows and PAM entitlementsStandardize connector onboarding and provisioning processes through reusable design templates and onboarding kitsLead or guide the development of custom connectors using Java/Beanshell, PowerShell, SCIM, SAP JCo, and RESTReview provisioning workflows, access request logic, and birthright provisioning with detailed code analysisPackage IAM artefacts for CI/CD pipelines using tools like Azure DevOps and GitLab while promoting secure-by-design practicesCollaborate with Transformation Office, Program Managers, Security Architects, Engineers, and Business Leads for alignment and supportAdvise project teams on architectural decisions ensuring alignment with future-state architectureLead the definition of IAM solution blueprints, patterns, and guardrails to support scalable, secure, and compliant implementationsTranslate business and security requirements into architectural models and reference implementationsReview and validate solution designs from vendors and internal teamsIdentify architectural risks and dependencies and define mitigation strategies proactivelySupport architecture governance processes for IAM and contribute to key documentation such as diagrams, roadmaps, design standards, and integration principlesRequirementsExperience of 5+ years in systems architecture with a focus on identity and access managementProven leadership experience in managing architectural roadmaps and cross-functional teamsBackground in migrating authentication systems from on-premises Active Directory to Microsoft Azure Entra IDSkills in designing and implementing IGA and PAM solutions, with familiarity in SailPoint workflowsCompetency in developing and reviewing custom connectors and provisioning workflowsKnowledge of CI/CD processes and tools, including Azure DevOps and GitLabUnderstanding of technical architecture governance and risk managementCapability to translate complex business and security requirements into technical architecturesAdvanced proficiency in English (B2+/C1)Nice to haveCertifications in Microsoft Azure or identity and access management domainsExpertise in custom connector development with Java, PowerShell, or SCIMExperience with SAP JCo integrationFamiliarity with secure-by-design principles in cloud environmentsBackground in implementing identity governance tools beyond SailPointWe offerWe believe that the greatest strength of the company is its people. EPAM is fully committed to help its employees to reach their full potential and achieve their professional goals through continues learning. With this in mind, we would like to introduce to you few of the many opportunities and services which we believe will help you expand your current knowledge:Full access to cutting-edge tools and technologiesCompetitive compensation depending on experience and skillsAll-around Social package: professional & soft skills training, medical & family care programs, sportsRelocation opportunitiesFree English classesUnlimited access to LinkedIn learning solutionsContinuous experience exchange with experts and professionals worldwideFriendly team and comfortable working environmentEngineering, corporate, and social events within and outside the CompanyFlexible working scheduleOpportunities for self-realization