Thermo Fisher Scientific

Work Schedule

Standard Office Hours (40/wk)

Environmental Conditions

Office

Job Description

We are seeking a seasoned IAM Architect with deep expertise in on-premises Windows Active Directory and enterprise authentication systems. This role will drive the design, integration, and strategic direction of Directory Services and IAM solutions across the organization, ensuring secure and resilient access to critical systems.

The ideal candidate has hands-on experience architecting and managing Windows-based identity platforms, along with a good grasp of security principles, authentication protocols, and identity governance. This position plays a key role in shaping our hybrid IAM landscape while modernizing legacy infrastructure.

Key Responsibilities

• Lead the architecture and roadmap for Active Directory, directory services, and enterprise authentication platforms.
• Design and guide the implementation of secure LDAP, SSO, and federation across internal and external systems.
• Drive adoption of multi-factor authentication (MFA) and password-less authentication strategies across enterprise environments.
• Ensure IAM solutions align with enterprise security policies, regulatory standards, and architectural governance.
• Collaborate closely with teams in cybersecurity, infrastructure, and application development to embed IAM controls and capabilities.
• Evaluate tools and vendors for directory services, identity provisioning, and access management.
• Define technical standards, patterns, and operational procedures for IAM services.
• Partner with customers across the business to communicate IAM strategy and promote identity maturity.

Qualifications

• Bachelor’s or Master’s degree in Computer Science, Information Systems, or a related field.
• 10+ years of IT experience, including 5+ years of hands-on experience with on-premises Active Directory design, management, and security.
• Expert knowledge of Group Policy, Kerberos, NTLM, DFS, Sites and Services, domain trusts, and AD replication.
• Deep understanding of LDAP, secure LDAP (LDAPS), SAML, Kerberos, and SSO integrations.
• Experience working in hybrid identity environments (on-prem AD + Azure AD / ADFS integration).
• Solid understanding of IAM architecture, authentication flows, and enterprise identity lifecycle management.
• Excellent troubleshooting, documentation, and customer communication skills.
• Preferred certifications:
  • Microsoft Certified: Identity and Access Administrator Associate (SC-300)
  • Microsoft Certified: Windows Server Hybrid Administrator Associate
  • Microsoft Certified Solutions Expert (MCSE): Core Infrastructure (legacy but valuable)

What We Offer

• A chance to define and lead the core identity infrastructure of a global enterprise.
• Work on challenging problems in enterprise AD, authentication, and access governance.
• Competitive compensation, flexible work options, and professional development support.

Thermo Fisher Scientific is an EEO/Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status.