Identity Security Architect – Kerberos & Authentication Discovery
MUST HAVE VALID ACTIVE SC CLEARANCE
(Hybrid)
£660/day (Inside IR35)
We’re looking for an Identity Security Architect with deep Kerberos and IAM/password lifecycle expertise to lead a focused discovery of our authentication landscape. You’ll assess current-state architecture, uncover risks, and design clear, logical recommendations to strengthen authentication and password management across a complex enterprise.
Key Responsibilities
* Lead a structured discovery of authentication, Kerberos, and password management processes.
* Analyse and document existing Kerberos implementations across AD, Windows, and Linux.
* Map application and service dependencies, highlighting gaps and architectural risks.
* Review password-reset flows, service account behaviour, and identity lifecycle processes.
* Evaluate SPN hygiene, delegation models, ticket lifetimes, encryption types, and trust relationships.
* Produce concise, high-quality architecture documentation and remediation recommendations.
* Work with technical teams to validate findings and support Kerberos integrations.
* Define clear, repeatable processes for authentication and password management.
Essential Skills & Experience
* Deep, hands-on Kerberos expertise (SPNs, delegation, ticketing, trusts).
* Strong background in identity security architecture and authentication design.
* Practical experience with password reset and IAM lifecycle processes.
* Skilled with troubleshooting tools (klist, setspn, Wireshark, event logs).
* Excellent analytical thinking and documentation—able to break down complex systems logically.
* Strong communicator comfortable engaging both technical and non-technical teams.
Desirable
* Experience in government or regulated environments.
* Familiarity with IAM platforms, password management, or privileged access tools.
* Background in authentication risk analysis and remediation planning.