Principal Identity Engineer/Architect (AD-Entra-Okta Migration)

---

Requisition ID: 1162

Company Overview

Lalaith Astor Technical Consulting House (LATCH) provides technical consulting services to the US Federal Government. We provide dependable high-quality solutions as well as innovative architecture, engineering, and functional designs. Our core values enable us to bring unique viewpoints as we approach our work such as understanding and adopting the client’s mission; delivering technical solutions that are aligned to client goals, objectives, and budgets; empowering clients through systems engineering and technical assistance (SETA) services; and producing high quality, value-driven work products.

At LATCH, you’ll work with clients and a leadership team that empowers our people to think audaciously, welcomes differences, and encourages pride in our work while exposing and solving emerging challenges to meet impactful commitments.

Engage with LATCH on LinkedIn.

Job Summary

The Principal Identity Engineer/Architect for the Active Directory – Entra ID – Okta Migration will serve as the technical lead and architect for a major enterprise identity modernization effort, responsible for designing, planning, and executing the migration of on-premises Active Directory services to Entra ID and integrating the identity ecosystem with Okta. This is a senior, mission-critical role requiring an experienced engineer who is equally comfortable defining modernization strategy, making architectural decisions, conducting technical deep dives, and performing the hands-on engineering work required for a successful migration.

The engineer/architect will lead the identity migration roadmap, design core directory modernization patterns, manage coexistence and synchronization models, evaluate risks, implement secure authentication patterns, and ensure successful identity cutover across applications, users, systems, and hybrid environments. This role requires exceptional technical depth, strong leadership capability, mature judgment, and the ability to guide the work of others in a complex, multi-team environment.

Responsibilities and Duties

Job responsibilities and duties will include, but are not limited to, the following:

• Identity Architecture & Migration Strategy
  • Lead the architecture and design of the enterprise Active Directory to Okta and Entra ID migration strategy, including governance, synchronization, coexistence, and long-term identity modernization patterns.
  • Develop the migration roadmap, technical design documentation, data models, attribute strategies, and phased implementation plan.
• Hands-On Engineering & Implementation
  • Perform hands-on engineering tasks including directory synchronization configuration (Entra Connect / Cloud Sync), domain consolidation, forest remediation, schema extension validation, conditional access design, and authentication flow design.
  • Engineer and implement secure identity federation, SSO, and application migration to Entra ID and Okta.
  • Execute directory clean-up, identity rationalization, and environment normalization as part of modernization efforts.
• Risk Management, Testing & Validation
  • Identify migration risks, service dependencies, integration challenges, legacy system constraints, and remediation strategies.
  • Develop and execute detailed test plans, pilot programs, coexistence validation, rollback plans, and production cutover procedures.
  • Conduct performance, reliability, and security validation for all directory and identity workloads being migrated.
• Leadership & Collaboration
  • Provide technical leadership to engineers, analysts, and cross-functional teams involved in the migration.
  • Serve as a senior advisor to program leadership, communicating architectural decisions, constraints, risks, and tradeoffs with clarity.
  • Coordinate with security, networking, application owners, and enterprise architecture teams to ensure alignment and interoperability.
• Documentation & Governance
  • Produce high-quality engineering documentation, architecture diagrams, standards, migration runbooks, and operational SOPs.

Required Qualifications and Skills

The selected candidate must have the following qualifications and skills:

• Core Identity & Directory Expertise
  • Extensive hands-on experience designing and migrating Active Directory environments, including multi-domain/forest consolidation, remediation, and modernization.
  • Proven experience planning and executing large-scale migrations to Entra ID (Azure AD), including Cloud Sync, Entra Connect, attribute flows, UPN/identity normalization, and hybrid identity patterns.
  • Strong expertise integrating Okta with Active Directory and Entra ID for authentication, provisioning, federation, and lifecycle management.
• Engineering & Architectural Skills
  • Demonstrated ability to define identity architecture, evaluate tradeoffs, and make high-stakes technical decisions.
  • Strong hands-on engineering skills with PowerShell, directory utilities, synchronization tools, replication troubleshooting, and identity analytics.
  • Experience designing Conditional Access, MFA, secure authentication flows, segmentation, and Zero Trust identity patterns.
• Professional Skills
  • Ability to lead technical efforts, guide engineers, and manage deliverables in a complex, multi-team environment.
  • Strong communication skills with an ability to translate complex identity architecture into clear guidance for technical and non-technical stakeholders.

Desired Qualifications and Skills

It is desirable that the candidate has the following qualifications and skills:

• Experience with large-scale identity modernization efforts within federal agencies or regulated industries.
• Experience modernizing legacy authentication or IAM platforms during AD/Entra migrations.
• Familiarity with identity governance, privileged access management, or Zero Trust policy enforcement.
• Experience with Infrastructure as Code (Terraform, Bicep) for Entra ID and identity configuration deployment.
• Experience integrating identity systems with cloud workloads, Kubernetes, API gateways, and enterprise SaaS platforms.
• Certification(s) such as:
  • Microsoft Identity and Access Administrator (SC-300)
  • Microsoft Azure Solutions Architect (AZ-305)
  • Okta Certified Professional or Okta Certified Consultant

Bonus Points For

• Experience leading a full enterprise AD → Entra ID migration at scale (25,000+ users/devices).
• Deep expertise in hybrid identity coexistence challenges, including replication, directory health, domain remediation, or schema conflicts.
• Experience implementing Zero Trust identity patterns, passwordless authentication, WebAuthn/FIDO2, or certificate-based authentication with Entra ID/Okta.
• Hands-on experience with identity lifecycle automation, SCIM-based provisioning, or complex attribute transformation rules.
• Experience integrating Entra ID and Okta into multi-cloud environments (Azure, AWS, GCP) with secure workload identity patterns.

Required Experience

• 15+ years of Systems Engineering experience.
• 10+ years of experience supporting enterprise identity and directory services.
• 5+ years hands-on experience designing and executing Active Directory modernization and migration efforts.
• 5+ years of experience supporting or integrating with Entra ID (Azure AD).
• Proven track record delivering large-scale identity transformations in complex enterprise environments.

Education

Bachelor’s Degree preferred.

Salary Range

$172,000 – $182,000

Benefits

• 401(k)
• 401(k) Matching
• Dental Insurance
• Health Insurance
• Paid Time Off
• Parental Leave
• Professional Development Assistance
• Referral Program
• Vision Insurance

EEO Statement

LATCH is an Equal Opportunity Employer. Employment opportunities at LATCH are based on qualifications and capabilities to perform the essential functions of a particular job. All employment opportunities are provided without regard to veteran status, uniformed servicemember status, race, color, religion, sex, sexual orientation, gender identity, age (40 and over), pregnancy (including childbirth, lactation and related medical conditions), national origin or ancestry, citizenship status, physical or mental disability, or genetic information (including testing and characteristics); or any other category protected by federal, state, or local laws.