Principal Identity Architect

As a Principal Identity Architect, you will establish SIE’s identity management strategy and evolve its capabilities. This role involves architecting, deploying, and managing secure, scalable identity services across hybrid environments, focusing on authentication and authorization. You will collaborate with cross-functional teams to create robust identity solutions, ensuring seamless user experiences and alignment with business objectives.

Must Have

• Expert-level Active Directory (AD) and Microsoft Entra (Azure AD) knowledge.
• Deep experience managing Azure AD environments and hybrid identity.
• Strong expertise in authentication protocols (OAuth, OIDC, SAML, Kerberos, NTLM), PKI, MFA.
• Hands-on experience with PAM, Identity Governance, RBAC, user lifecycle automation.
• Deep expertise in IGA platforms (SailPoint, Saviynt, Azure AD Identity Governance).
• Proven ability to design and deliver large-scale IGA programs.
• Knowledge of Zero Trust principles, Conditional Access, identity protection.
• Proficiency in Azure architecture and PowerShell scripting.
• Experience integrating on-prem AD with cloud services (Azure AD Connect, ADFS).
• Proficiency with AD/Azure AD monitoring and troubleshooting tools.
• Strong understanding of cloud computing, microservices, distributed systems.
• Mastery of agile, code reviews, testing, CI/CD, and DevOps practices.
• Bachelor’s or Master’s degree in Computer Science or related.
• 15+ years in IT infrastructure, focusing on identity and access management.
• 10+ years hands-on with Active Directory and Azure AD in enterprise.

Good to Have

• Professional certifications like Microsoft Certified: Identity and Access Administrator Associate, Azure Solutions Architect Expert, or similar.
• Familiarity with security frameworks like NIST, ISO 27001, or CIS benchmarks.

Perks & Benefits

• Top-tier benefits package (medical, dental, vision, matching 401(k)).
• Paid time off.
• Wellness program.
• Coveted employee discounts for Sony products.
• Eligible for a bonus package.

Role overview:

We are searching for a highly-skilled and self-motivated Principal Identity Architect to join our global team. As a key member of the PlayStation Identity team, you will play a critical role in establishing SIE’s strategy for identity management as well as evolving the organization’s identity management capabilities. This position will require you to architect, deploy, and manage identity services across hybrid environments, ensuring that our authentication and authorization systems are secure, scalable, and aligned with business objectives. You will work closely with cross-functional teams, including IT security, cloud architects, network teams, and application development, to create robust identity solutions that enable seamless user experiences.

What you’ll be doing:

• Lead the strategy, design and implementation of enterprise-wide identity and access management (IAM) solutions, with a strong focus on Active Directory and Microsoft Entra (Azure AD).
• Architect and design hybrid identity solutions across on-premises and cloud platforms, including multi-forest AD environments and Azure AD integration.
• Lead the design of enterprise role models (RBAC/ABAC), separation of duties (SoD), and least-privilege access frameworks.
• Define policies, workflows, and controls for access request, approval, and certification processes.
• Lead troubleshooting and root-cause analysis for complex identity issues across the enterprise.
• Provide subject matter expertise in the deployment and management of Active Directory, including replication, Group Policy, DNS, trusts, Kerberos and secure AD hardening practices.
• Drive the adoption of modern authentication protocols such as OAuth, OIDC, SAML, and Kerberos.
• Modernize access solutions with Zero Trust Authentication architectures.
• Lead initiatives to improve identity security posture through privileged access management (PAM), least-privilege models, and conditional access policies in Azure AD.
• Architect and implement Microsoft Entra ID Governance and Conditional Access policies to ensure compliance with regulatory requirements (e.g., SOX, GDPR).
• Design and implement Single Sign-On (SSO) solutions and multi-factor authentication (MFA) strategies across enterprise and cloud applications.
• Collaborate with security teams to integrate identity solutions with SIEM and security monitoring platforms for advanced threat detection and incident response.
• Serve as a key advisor for mergers, acquisitions, and cloud migrations, ensuring seamless integration of identity and access management systems.

What we’re looking for:

• Expert-level knowledge of Active Directory (AD): Extensive experience with AD forest/domain design, GPO management, AD replication, trusts, DNS, and AD hardening best practices.
• Microsoft Entra (Azure AD): Deep experience in managing Azure AD environments, hybrid identity management (Azure AD Connect), Conditional Access, Identity Governance, and application management.
• Authentication Protocols: Strong expertise in authentication protocols (OAuth 2.0, OIDC, SAML, Kerberos, NTLM), PKI, and MFA solutions.
• IAM Solutions: Hands-on experience with Privileged Access Management (PAM), Identity Governance, Role-Based Access Control (RBAC), and managing user lifecycle automation.
• Deep expertise in IGA platforms (SailPoint, Saviynt, Azure AD Identity Governance, or comparable).
• Proven ability to design and deliver large-scale IGA programs supporting complex global organizations.
• Security: Knowledge of Zero Trust principles, Conditional Access policies, identity protection tools, and integration with security systems (SIEM, SOAR).
• Azure Infrastructure: Proficiency in Azure architecture, including virtual networks, virtual machines, Azure AD, Azure Identity Protection, and Azure Key Vault.
• PowerShell & Automation: Advanced skills in PowerShell scripting for automation of identity-related tasks and configuration.
• Hybrid Identity: Experience integrating on-prem AD with cloud services using technologies like Azure AD Connect, ADFS, and third-party federation services.
• Monitoring & Troubleshooting: Proficiency with monitoring tools like Azure Monitor, Log Analytics, and troubleshooting tools for AD and Azure AD.
• Understanding of and exceptional skills in several of the following areas: cloud computing, microservices, distributed systems, data structure, operating system internals, storage systems, embedded system, and databases Mastery of agile methodologies, code reviews, testing frameworks, CI/CD tools and DevOps practices.

Soft Skills

• Leadership: Proven ability to Lead some of the most complex and demanding programs, Demonstrates the ability to lead technical teams, provide mentorship, and inspire innovation within cross-functional teams.
• Communication: Excellent verbal and written communication skills with the ability to translate complex technical concepts into business terms for stakeholders.
• Problem-solving: Strong analytical and troubleshooting skills, with a focus on root cause analysis and resolution of identity-related issues.
• Collaboration: Ability to work across diverse teams including IT security, infrastructure, application developers, and external vendors.
• Strategic Thinking: Visionary mindset with the ability to think strategically about identity architecture and align it with future business goals.
• Project Management: Experience in leading complex identity management projects from concept to completion, ensuring timelines, budgets, and stakeholder satisfaction.
• Adaptability: Ability to manage ambiguity and adjust to changing priorities, technologies, and business requirements.
• Customer Focus: Strong focus on user experience and stakeholder satisfaction, balancing security and ease of use in identity solutions.
• Innovation: Continuous learning mindset and the ability to adopt new technologies and processes that drive efficiency and security.

Qualifications

• Bachelor’s or Master’s degree in Computer Science, Information Technology, or a related experience.
• 15+ years of experience in IT infrastructure with a focus on identity and access management.
• 10+ years of hands-on experience with Active Directory and Azure AD in an enterprise setting.
• Professional certifications like Microsoft Certified: Identity and Access Administrator Associate, Azure Solutions Architect Expert, or similar are highly desirable.
• Familiarity with security frameworks like NIST, ISO 27001, or CIS benchmarks is a plus.

#LI-KS1

Please refer to our Candidate Privacy Notice for more information about how we process your personal information, and your data protection rights._

At SIE, we consider several factors when setting each role’s base pay range, including the competitive benchmarking data for the market and geographic location. Please note that the base pay range may vary in line with our hybrid working policy and individual base pay will be determined based on job-related factors which may include knowledge, skills, experience, and location. In addition, this role is eligible for SIE’s top-tier benefits package that includes medical, dental, vision, matching 401(k), paid time off, wellness program and coveted employee discounts for Sony products. This role also may be eligible for a bonus package. Click here to learn more.

The estimated base pay range for this role is listed below.

$219,600 - $329,400 USD

Equal Opportunity Statement:

Sony is an Equal Opportunity Employer. All persons will receive consideration for employment without regard to gender (including gender identity, gender expression and gender reassignment), race (including colour, nationality, ethnic or national origin), religion or belief, marital or civil partnership status, disability, age, sexual orientation, pregnancy, maternity or parental status, trade union membership or membership in any other legally protected category.

We strive to create an inclusive environment, empower employees and embrace diversity. We encourage everyone to respond.

PlayStation is a Fair Chance employer and qualified applicants with arrest and conviction records will be considered for employment.

Apply for this job

• indicates a required field

First Name*

Last Name*

Email*

Phone

Country*

Phone*

Resume/CV*

AttachAttach

Dropbox

Google Drive

Enter manuallyEnter manually

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

AttachAttach

Dropbox

Google Drive

Enter manuallyEnter manually

Accepted file types: pdf, doc, docx, txt, rtf

• * *

LinkedIn Profile

Website

LinkedIn Profile

Website

Have you ever worked for a Sony company previously?*

Select...

Are you authorized to work in the United States?*

Select...

Will you now, or in the future, require sponsorship to work in the United States?*

Select...

Will you need relocation assistance to work at this role's specified location?*

Select...

Are you related to, or in a close personal relationship with, anyone who currently works for SIE or any SIE-affiliated studios? (This includes spouses, domestic partners, and significant others.)*

Select...

If yes, please state their name, the department or studio they work for, and their job title (if you know it).

By selecting "Yes", I am certifying that, to the best of my knowledge, the information I have provided in this employment application is true and correct.*

Select...

• * *

US Voluntary Demographic Question

Voluntary Self-Identification

Our vision at PlayStation is to bring out the best in our global team members by creating a sense of belonging, being a place where they can grow, and ensuring everyone feels valued, heard, and supported so we can push the boundaries of play. That vision begins our candidates, and we are working to better understand the diversity of our candidate population.

This data will also be aggregated and sent to the government for reporting purposes. Please know that the completion of this form is entirely voluntary. Your personally identifiable information (name, address, etc) will not be considered in the hiring process or thereafter. Any information that you choose to provide will be recorded and maintained in a confidential file for XX time.

Protected Veteran

You are a “protected veteran” under United States law if any of the following apply to you:

• Disabled Veteran: a veteran of the U.S. military who is entitled to compensation (or who would be entitled to compensation if not for the receipt of military retired pay) under the administration of the Secretary of Veterans Affairs and/or a person who was discharged or released from active duty because of a service-connected disability.
• Recently Separated Veteran: a veteran who has discharged or released from active duty in the U.S. military within the last three years.
• Armed Forces Service Medal Veteran: a veteran who, while serving on active duty in the U.S. military, participated in a U.S. military operation for which an Armed Forces Service Medal was awarded pursuant to Executive Order 12985.

Disability

Under U.S. law, you are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and will not be seen by selecting officials or anyone else involved in making personnel decisions, nor will it be shared with our accommodations team . Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past.

Gender*

Select...

Gender Identity*

Select...

What are your personal pronouns? *

Select...

Sexual Orientation*

Select...

Are you Hispanic/Latinx?*

Select...

Please identify your race/ethnicity*

Select...

Are you a protected veteran? *

Select...

Do you have a disability? *

Select...

• * *

By checking this box, I agree to allow PlayStation Global to retain my data for future opportunities for employment for up to 730 days after the conclusion of consideration of my current application for employment.

By checking this box, I consent to PlayStation Global collecting, storing, and processing my responses to the demographic data surveys above.*

Submit application