IAM Architect (Forgerock & Entra)

Introduction

Maryland Benefits (MD Benefits) is a dynamic, cloud-based platform. This enterprise-wide digital service allows organizations to build, test, host, operate, and integrate mission-driven applications, data, and emerging technologies. MD Benefits offers cloud-based Platform-as-a-Service (PaaS) capabilities, a shared data architecture, and product development services, all developed by the State of Maryland to help multiple agencies deliver and manage health, human, and social service benefits and programs. On July 1, 2025, the operation of the MD Benefits shared platform and statewide applications transitioned from the Department of Human Services (DHS) to the Department of Information Technology (DoIT).

***This is a contractual position, with limited benefits***

***All hires need to be eligible to work in the U.S., either as a U.S. Citizen or those who have a Permanent Resident or green card, as the state of Maryland does not have the ability to sponsor employees***

***Applicants are required to submit an up-to-date and accurate resume.***

Main Purpose

We are looking for a highly experienced IAM/Security Architect to lead the design and implementation of our identity, access, and security framework on Amazon Web Services (AWS). As the subject matter expert, you will be responsible for creating a cohesive and secure IAM strategy that integrates leading identity platforms, including ForgeRock, SailPoint, and Microsoft Entra ID. You will play a critical role in defining the security posture of our cloud environment, ensuring that access to our critical systems is secure, compliant, and governed by modern best practices.

Responsibilities

• IAM Architecture: Design and architect a comprehensive IAM framework on AWS. Develop solutions for identity lifecycle management, access governance, privileged access management (PAM), and single sign-on (SSO) leveraging AWS IAM Identity Center and other native services.
• Platform Integration: Lead the technical architecture for integrating ForgeRock for customer identity (CIAM), SailPoint for identity governance and administration (IGA), and Microsoft Entra ID for workforce identity into our AWS ecosystem.
• Security Governance: Define and enforce cloud security policies, standards, and patterns for identity and access management. Develop a long-term strategic roadmap for the evolution of the IAM program to meet future business needs and address emerging threats.
• Technical Leadership: Serve as the senior technical expert for all matters related to identity and cloud security. Provide guidance and mentorship to engineering and operations teams, and conduct architectural reviews to ensure solutions are secure, resilient, and scalable.
• Compliance and Risk Management: Ensure the IAM architecture meets all relevant compliance and regulatory requirements (e.g., NIST, CIS). Work with security operations teams to ensure that IAM systems provide adequate logging and monitoring to detect and respond to security threats.

Minimum Qualifications

• Experience: A minimum of 10-12 years of experience in cybersecurity, with at least 7 years in a dedicated IAM Architect role.
• Technical Skills:
• Expert-level knowledge of AWS security services (IAM, Identity Center, KMS, Security Hub, Secrets Manager).
• Demonstrated hands-on architectural experience with ForgeRock, SailPoint, AND Microsoft Entra ID.
• Deep understanding of modern authentication and authorization standards such as SAML, OAuth 2.0, and OIDC.
• Experience with Privileged Access Management (PAM) solutions (e.g., CyberArk, Delinea).
• Certifications:
• AWS Certified Security - Speciality certification is a strong plus.