Senior Architect - IAM Platform

Job Description

Introduction

Core42 is an Abu Dhabi-based artificial intelligence and cloud computing company, uniquely positioned in the national ecosystem to develop and deploy holistic and scalable AI solutions to a wide range of clients. The Group's business operations span numerous industry verticals, including healthcare, smart city, energy, finance, infrastructure, and data analytics.

Core42 has an active and extensive partnership network, connecting leading international organizations that complement our ecosystem and support our vision. Our partnerships range from strategic collaborations and joint ventures to direct investments by Core42.

We are seeking a Senior Architect – IAM Platforms to lead the design, evolution, and governance of Core42's enterprise Identity and Access Management (IAM) ecosystem. This role will serve as the technical authority for identity architecture across the organization, ensuring secure, scalable, and resilient authentication, authorization, federation, directory services, and Public Key Infrastructure (PKI) capabilities.

Responsibilities

• Design, implement, and govern enterprise IAM platforms, including authentication, authorization, federation, Single Sign-On (SSO), and adaptive authentication services.
• Architect and operate identity provider solutions such as Keycloak or equivalent OIDC/SAML platforms.
• Define and maintain authorization models, including RBAC, ABAC, and ReBAC frameworks.
• Develop secure token strategies, session management controls, and identity lifecycle processes.
• Lead identity integrations across workforce, customer, partner, machine, and workload identities.

• Design, implement, and manage enterprise Public Key Infrastructure (PKI) services.
• Oversee certificate lifecycle management, certificate authorities, revocation processes, and key management practices.
• Integrate and manage Hardware Security Modules (HSMs) and PKCS#11-based solutions.
• Establish cryptographic standards and support future-proof security architectures, including post-quantum cryptography readiness.

• Establish security baselines for identity services, including MFA, passwordless authentication, passkeys, secrets management, mTLS, and Zero Trust principles.
• Develop threat models and security controls to mitigate identity-related risks.
• Govern architecture decisions to ensure solutions meet security, scalability, and operational standards.
• Ensure identity services align with organizational security and compliance requirements.

• Lead integration of IAM services using standards such as OAuth 2.0/2.1, OpenID Connect, SAML 2.0, SCIM, FIDO2/WebAuthn, and JWT.
• Design and support workload identity frameworks and machine-to-machine authentication solutions.
• Provide technical leadership for identity-related incidents, root cause investigations, and post-incident remediation.
• Collaborate with platform engineering teams to improve service reliability, scalability, and operational excellence.

• Evaluate and recommend IAM technologies, platforms, and vendor solutions.
• Lead build-versus-buy assessments and present technical, operational, and commercial trade-offs to leadership.
• Define architectural roadmaps and standards for identity services across the organization.
• Produce clear technical documentation and architectural decision records to support long-term platform evolution.

Qualifications & Experience

• Bachelor's degree in Computer Science, Information Security, Engineering, or a related technical discipline.
• Minimum 8 years of experience in security engineering, infrastructure engineering, platform engineering, or related fields.
• At least 4 years of hands-on experience designing and operating IAM platforms within large-scale enterprise or cloud environments.
• Strong expertise in OAuth 2.0/2.1, OpenID Connect, SAML 2.0, SCIM, FIDO2/WebAuthn, JWT/JWS/JWE, and mTLS.
• Experience operating enterprise Identity Providers such as Keycloak, Ory, Authentik, Okta, or equivalent solutions.
• Deep understanding of IAM concepts including authentication, authorization, federation, SSO, identity lifecycle management, and privileged access management.
• Strong experience designing and operating PKI environments, including X.509 certificates, certificate authorities, HSMs, certificate lifecycle management, OCSP, CRLs, and ACME.
• Experience implementing and governing RBAC, ABAC, and modern authorization frameworks.
• Strong understanding of Linux systems, networking, TLS, and identity-related troubleshooting.
• Hands-on development or automation experience using Java, Go, Python, or similar programming languages.
• Strong written and verbal communication skills with the ability to present architectural decisions to technical and non-technical stakeholders.

• Experience with FreeIPA, Red Hat Identity Management, Microsoft Active Directory Domain Services (ADDS), LDAP, and Kerberos.
• Experience implementing policy-as-code solutions such as OPA/Rego.
• Knowledge of S3-compatible IAM frameworks and technologies such as Scality or MinIO.
• Experience with AWS IAM, including cross-account access models, identity federation, Service Control Policies (SCPs), and STS.
• Experience supporting compliance frameworks such as SOC 2, ISO 27001, PCI DSS, or FedRAMP.
• Relevant certifications in Identity & Access Management, Cloud Security, Cyber Security, or Enterprise Architecture.

What Working at Core42 Offers

Our team members thrive in an environment where each person's contributions propel us forward, and together, we commit to achieving extraordinary results.

• Competitive Salary: We offer an attractive salary package based on your skills and experience.
• Yearly Bonus: In recognition of your contributions, you will receive a performance-based annual bonus.
• Exclusive Discount Cards: Access special benefits with Esaad and Fazaa cards, offering discounts across a wide range of services.
• Premium Family Insurance: We provide comprehensive health coverage, including dental, vision, and life insurance, ensuring the well-being of you and your family.
• Learning & Development: We offer access to top-tier learning platforms to help you grow in your career. Learn at your own pace with unlimited access to premium courses.