LATCH LLC

Compensation

Full Description

Company Profile Lalaith Astor Technical Consulting House (LATCH) provides technical consulting services to the US Federal Government. We provide dependable high-quality solutions as well as innovative architecture, engineering, and functional designs. Our core values enable us to bring unique viewpoints as we approach our work such as understanding and adopting the client’s mission; delivering technical solutions that are aligned to client goals, objectives, and budgets; empowering clients through systems engineering and technical assistance (SETA) services; and producing high quality, value-driven work products. At LATCH, you’ll work with clients and a leadership team that empowers our people to think audaciously, welcomes differences, and encourages pride in our work while exposing and solving emerging challenges to meet impactful commitments. Job Summary The Principal Identity Engineer/Architect for the Active Directory - Entra ID - Okta Migration will serve as the technical lead and architect for a major enterprise identity modernization effort, responsible for designing, planning, and executing the migration of on-premises Active Directory services to Entra ID and integrating the identity ecosystem with Okta. This is a senior, mission-critical role requiring an experienced engineer who is equally comfortable defining modernization strategy, making architectural decisions, conducting technical deep dives, and performing the hands-on engineering work required for a successful migration. The engineer/architect will lead the identity migration roadmap, design core directory modernization patterns, manage coexistence and synchronization models, evaluate risks, implement secure authentication patterns, and ensure successful identity cutover across applications, users, systems, and hybrid environments. This role requires exceptional technical depth, strong leadership capability, mature judgment, and the ability to guide the work of others in a complex, multi-team environment. Responsibilities and Duties Job responsibilities and duties will include, but are not limited to, the following: Identity Architecture & Migration Strategy • Lead the architecture and design of the enterprise Active Directory to Okta and Entra ID migration strategy, including governance, synchronization, coexistence, and long-term identity modernization patterns. • Develop the migration roadmap, technical design documentation, data models, attribute strategies, and phased implementation plan. • Evaluate and define authentication and authorization patterns using Entra ID, Okta, and hybrid identity services. Hands-On Engineering & Implementation • Perform hands-on engineering tasks including directory synchronization configuration (Entra Connect / Cloud Sync), domain consolidation, forest remediation, schema extension validation, conditional access design, and authentication flow design. • Engineer and implement secure identity federation, SSO, and application migration to Entra ID and Okta. • Execute directory clean-up, identity rationalization, and environment normalization as part of modernization efforts. Risk Management, Testing & Validation • Identify migration risks, service dependencies, integration challenges, legacy system constraints, and remediation strategies. • Develop and execute detailed test plans, pilot programs, coexistence validation, rollback plans, and production cutover procedures. • Conduct performance, reliability, and security validation for all directory and identity workloads being migrated. Leadership & Collaboration • Provide technical leadership to engineers, analysts, and cross-functional teams involved in the migration. • Serve as a senior advisor to program leadership, communicating architectural decisions, constraints, risks, and tradeoffs with clarity. • Coordinate with security, networking, application owners, and enterprise architecture teams to ensure alignment and interoperability. Documentation & Governance • Produce high-quality engineering documentation, architecture diagrams, standards, migration runbooks, and operational SOPs. • Establish and enforce directory and identity governance best practices aligned to Zero Trust and federal security requirements. Required Qualifications and Skills The selected candidate must have the following qualifications and skills: Core Identity & Directory Expertise • Extensive hands-on experience designing and migrating Active Directory environments, including multi-domain/forest consolidation, remediation, and modernization. • Proven experience planning and executing large-scale migrations to Entra ID (Azure AD), including Cloud Sync, Entra Connect, attribute flows, UPN/identity normalization, and hybrid identity patterns. • Strong expertise integrating Okta with Active Directory and Entra ID for authentication, provisioning, federation, and lifecycle management. • Deep understanding of identity protocols and technologies including OIDC, OAuth 2.0, SAML, Kerberos, NTLM, LDAP, LDAPS, and certificate-based authentication. Engineering & Architectural Skills • Demonstrated ability to define identity architecture, evaluate tradeoffs, and make high-stakes technical decisions. • Strong hands-on engineering skills with PowerShell, directory utilities, synchronization tools, replication troubleshooting, and identity analytics. • Experience designing Conditional Access, MFA, secure authentication flows, segmentation, and Zero Trust identity patterns. Professional Skills • Ability to lead technical efforts, guide engineers, and manage deliverables in a complex, multi-team environment. • Strong communication skills with an ability to translate complex identity architecture into clear guidance for technical and non-technical stakeholders. • Strong analytical and troubleshooting skills with an obsessive attention to detail and accuracy. Desired Qualifications and Skills Experience with large-scale identity modernization efforts within federal agencies or regulated industries. Experience modernizing legacy authentication or IAM platforms during AD/Entra migrations. Familiarity with identity governance, privileged access management, or Zero Trust policy enforcement. Experience with Infrastructure as Code (Terraform, Bicep) for Entra ID and identity configuration deployment. Experience integrating identity systems with cloud workloads, Kubernetes, API gateways, and enterprise SaaS platforms. Certification(s) such as: • Microsoft Identity and Access Administrator (SC-300) • Microsoft Azure Solutions Architect (AZ-305) • Okta Certified Professional or Okta Certified Consultant • CISSP or equivalent Bonus Points For • Experience leading a full enterprise AD → Entra ID migration at scale (25,000+ users/devices). • Deep expertise in hybrid identity coexistence challenges, including replication, directory health, domain remediation, or schema conflicts. • Experience implementing Zero Trust identity patterns, passwordless authentication, WebAuthn/FIDO2, or certificate-based authentication with Entra ID/Okta. • Hands-on experience with identity lifecycle automation, SCIM-based provisioning, or complex attribute transformation rules. • Experience integrating Entra ID and Okta into multi-cloud environments (Azure, AWS, GCP) with secure workload identity patterns. Required Experience • 15+ years of Systems Engineering experience. • 10+ years of experience supporting enterprise identity and directory services. • 5+ years hands-on experience designing and executing Active Directory modernization and migration efforts. • 5+ years of experience supporting or integrating with Entra ID (Azure AD). • Proven track record delivering large-scale identity transformations in complex enterprise environments. Job Type: Full-time Pay: $172,000.00 - $182,000.00 per year Benefits: • 401(k) • 401(k) matching • Dental insurance • Health insurance • Paid time off • Parental leave • Professional development assistance • Referral program • Vision insurance Work Location: Remote