EPAM is a leading global provider of digital platform engineering and development services. We are committed to having a positive impact on our customers, our employees, and our communities. We embrace a dynamic and inclusive culture. Here you will collaborate with multi-national teams, contribute to a myriad of innovative projects that deliver the most creative and cutting-edge solutions, and have an opportunity to continuously learn and grow. No matter where you are located, you will join a dedicated, creative, and diverse community that will help you discover your fullest potential.
We are seeking a Software Architect with expertise in systems architecture to lead Azure-based identity and access management solutions.
You will focus on migrating authentication from on-premises Active Directory to Microsoft Entra ID and strengthen your knowledge in Identity Governance and Administration tools such as SailPoint. This role offers the opportunity to influence architectural strategies and collaborate with diverse teams to secure and optimize access management across applications. Join us to shape the future of IAM architecture in the BeSEE region and drive innovation in cloud security.
Responsibilities
- Own and maintain the Azure architectural vision and roadmap for the BeSEE region aligned with global IAM strategies
- Define target architecture and principles for Microsoft Entra ID, IGA, PAM, and access provisioning
- Provide architectural leadership across workstreams ensuring technical consistency in IAM designs and implementations
- Design solutions to replace legacy custom authorization mechanisms including those based on IGA Identity Service and replicated IGA database tables
- Develop migration strategies for applications managed through custom IGA profiles
- Propose and implement secure and compliant solutions for managing generic accounts across applications
- Perform technical inventory and mapping of legacy custom IGA components such as APIs, sync jobs, role logic, web services, and database jobs
- Translate legacy entitlement logic into sustainable IGA constructs using SailPoint workflows and PAM entitlements
- Standardize connector onboarding and provisioning processes through reusable design templates and onboarding kits
- Lead or guide the development of custom connectors using Java/Beanshell, PowerShell, SCIM, SAP JCo, and REST
- Review provisioning workflows, access request logic, and birthright provisioning with detailed code analysis
- Package IAM artefacts for CI/CD pipelines using tools like Azure DevOps and GitLab while promoting secure-by-design practices
- Collaborate with Transformation Office, Program Managers, Security Architects, Engineers, and Business Leads for alignment and support
- Advise project teams on architectural decisions ensuring alignment with future-state architecture
- Lead the definition of IAM solution blueprints, patterns, and guardrails to support scalable, secure, and compliant implementations
- Translate business and security requirements into architectural models and reference implementations
- Review and validate solution designs from vendors and internal teams
- Identify architectural risks and dependencies and define mitigation strategies proactively
- Support architecture governance processes for IAM and contribute to key documentation such as diagrams, roadmaps, design standards, and integration principles
Requirements
- Experience of 5+ years in systems architecture with a focus on identity and access management
- Proven leadership experience in managing architectural roadmaps and cross-functional teams
- Background in migrating authentication systems from on-premises Active Directory to Microsoft Azure Entra ID
- Skills in designing and implementing IGA and PAM solutions, with familiarity in SailPoint workflows
- Competency in developing and reviewing custom connectors and provisioning workflows
- Knowledge of CI/CD processes and tools, including Azure DevOps and GitLab
- Understanding of technical architecture governance and risk management
- Capability to translate complex business and security requirements into technical architectures
- Advanced proficiency in English (B2+/C1)
Nice to have
- Certifications in Microsoft Azure or identity and access management domains
- Expertise in custom connector development with Java, PowerShell, or SCIM
- Experience with SAP JCo integration
- Familiarity with secure-by-design principles in cloud environments
- Background in implementing identity governance tools beyond SailPoint
We offer
- We believe that the greatest strength of the company is its people. EPAM is fully committed to help its employees to reach their full potential and achieve their professional goals through continues learning. With this in mind, we would like to introduce to you few of the many opportunities and services which we believe will help you expand your current knowledge:
- Full access to cutting-edge tools and technologies
- Competitive compensation depending on experience and skills
- All-around Social package: professional & soft skills training, medical & family care programs, sports
- Relocation opportunities
- Free English classes
- Unlimited access to LinkedIn learning solutions
- Continuous experience exchange with experts and professionals worldwide
- Friendly team and comfortable working environment
- Engineering, corporate, and social events within and outside the Company
- Flexible working schedule
- Opportunities for self-realization
