Principal, Cyber Security: Active Directory Security Architect
Northern Trust, Chicago, IL, United States
About Northern Trust:
Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.
Northern Trust is proud to provide innovative financial services and guidance to the world’s most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service.
We are seeking a highly skilled Active Directory Security Architect with deep expertise in architecting, designing secure, resilient, and compliant Active Directory (AD) and Azure AD environments. As part of the Strategic Security Architecture team, you will focus on the security architecture of hybrid-joined AD environments, multi-tenant Azure AD configurations, and identity governance frameworks. This role is critical to defining and implementing the security strategies that protect our identity infrastructure.
Responsibilities:
- Architect secure Active Directory and Azure AD solutions, focusing on hybrid-joined environments where on-premises Active Directory is integrated with cloud services, ensuring security best practices are adhered to.
- Design and manage a multi-tenant Azure AD architecture, ensuring that identity and access management (IAM) solutions are secure, scalable, and aligned with organizational policies and regulatory compliance requirements.
- Lead the architectural design of identity and access management (IAM) frameworks, focusing on security best practices, including Multi-Factor Authentication (MFA), Single Sign-On (SSO), and conditional access policies.
- Define the security architecture for privileged access management (PAM), incorporating Privileged Identity Management (PIM), Just-in-Time (JIT) access, and other security controls to mitigate risks associated with elevated permissions.
- Collaborate with cross-functional teams (including IT, security operations, and DevOps) to ensure that the AD and Azure AD environments align with the broader security architecture, supporting zero trust, identity governance, and automation goals.
- Develop the strategic roadmap for AD and Azure AD security enhancements, ensuring continuous improvement, scalability, and alignment with evolving cybersecurity threats and organizational growth.
- Guide and advise on the security configuration of Group Policy Objects (GPOs), RBAC, and security groups within both on-premises AD and Azure AD environments, without direct responsibility for day-to-day management.
- Architect and manage hybrid identity environments that combine on-premises AD with Azure AD, ensuring that authentication, authorization, and identity management are securely handled across both platforms.
- Conduct security assessments and threat modeling to identify potential risks within the Active Directory infrastructure and hybrid cloud environments, recommending and driving the implementation of mitigation strategies.
- Provide security architecture oversight during the onboarding of new applications and services that leverage AD and Azure AD for authentication and authorization, ensuring compliance with security standards.
- Advise on the integration and use of security monitoring tools like Microsoft Defender for Identity and Microsoft Sentinel, ensuring AD and Azure AD-related security events are effectively captured and responded to as part of the broader incident response strategy.
- Collaborate on cloud security initiatives, ensuring the secure integration of AD with Azure services and providing guidance on identity governance for multi-tenant Azure AD environments.
- Develop architectural standards and documentation that guide the secure deployment and management of both on-premises and cloud-based identity environments.
- Stay informed on emerging security threats, trends, and regulatory changes affecting Active Directory, Azure AD, and hybrid identity services, advising leadership on strategic responses to these challenges.
Qualifications:
- Extensive experience in Active Directory security architecture, including hybrid identity environments with Azure AD and multi-tenant Azure AD architecture.
- Strong knowledge of authentication protocols (e.g., Kerberos, LDAP, OAuth, OpenID Connect, SAML) and expertise in hybrid Active Directory environments that integrate on-premises AD with cloud-based Azure AD.
- Experience in designing privileged access management (PAM) frameworks and architecting identity governance solutions, including PIM and JIT access.
- Proven ability to develop and document security architecture standards for both AD and Azure AD environments, ensuring consistency and alignment with cybersecurity policies.
- Expertise in security risk assessment, threat modeling, and designing mitigation strategies for hybrid identity and cloud environments.
- Familiarity with security monitoring tools (e.g., Microsoft Defender for Identity, Microsoft Sentinel) and their role in detecting security incidents within AD and Azure AD environments.
- Proficiency in PowerShell scripting is required for automating architectural tasks, creating templates, and supporting automation initiatives.
- Microsoft Certified: Identity and Access Administrator Associate or similar certifications are a plus.
- Strong communication and leadership skills to work with cross-functional teams, stakeholders, and executive leadership, translating complex security architecture concepts into actionable strategies.
- Ability to think strategically and design security architectures that support long-term enterprise goals while addressing immediate cybersecurity challenges.