This position is a temporary assignment. As a contractor, you’ll be employed by Magnit, not The Cigna Group or any subsidiaries of The Cigna Group.

 

Senior Advisor Security Architect — Identity Focused 

Role Summary 

The Security Architect collaborates extensively with architecture, development, product, and additional teams across the organization to embed security considerations throughout the solution lifecycle, from initial design to final deployment. In this capacity, this role maintains close partnerships with Customer IAM, Workforce IAM, and application teams to design secure IAM workflows and enhance API authorization, among other responsibilities. The Security Architect is accountable for defining security requirements, conducting comprehensive security design assessments, and offering remediation and mitigation guidance—particularly with respect to workforce and customer identity and access. 

Responsibilities 

• Lead design reviews for platform, application, and cloud solutions; identify risks and recommend mitigations aligned to security best practices and internal security requirements. 
• Maintain and expand the security architecture documentation library, ensuring consistency across requirements documents, frameworks components and design artifacts. 
• Partner with IAM/CCOE to mature MFA and risk-based access patterns and document them in requirement, design patterns and other documents as required. 
• Work directly with program and project teams to ensure that relevant security risks are identified, evaluated, and appropriate security solutions are implemented to manage risks to the enterprise.  
• Responsible for the identification of architectural gaps and inefficiencies in new and existing solutions; support remediation and mitigation efforts through appropriate planning and roadmap development. 
• Strong work ethic and sense of urgency 
• Ability to influence technical discussions and decisions. 
• Mentor others in security best practices and architectural approaches 

Required Qualifications 

• Experience with OAuth 2.0, OIDC, SAML, and federation patterns; ability to translate business requirements into secure, scalable identity designs. 
• Solid grasp of provisioning and attribute flows (e.g., SCIM) and how they intersect with authorization policy. 
• Working knowledge of token design (scopes/claims), mTLS/JWT validation patterns, token exchange, and session/security handling across SPs/IdPs. 
• Demonstrated depth in IAM security and 1 other security domains such as:  API security, data security, network security, etc. 
• 5+ years’ experience in information technology experience 
• 1+ years’ experience in an information security architectural role or equivalent engineering experience; strong writing and communication skills expected. 
• BA/BS degree in MIS/Computer Science or related degree required. 
• Professional Certification such as:  
• SANS GIAC Certification(s) 
• Certified Information Systems Security Professional (CISSP) 

Preferred Qualifications 

• Familiarity with legacy federation stacks (e.g., ISAM) and migration to modern patterns is a plus. 
• Familiarity with Security life cycle, design review across concept, development through deployment 
• Experience with threat models (all 7 layers), security analysis 
• GIAC GDSA, SABSA or equivalent; IAM and/or AI related certs a plus. 
• Cloud security certs (AWS/Azure/OCI/ CCSP) helpful 
•  

Core Competencies 

• Communicate clearly in writing and verbally; influence cross-functional teams and executives; execute autonomously and manage time effectively. 
• Produce consumable technical docs (security requirement documents, security design patterns, reference architectures) and present recommendations to diverse audiences. 
• Problem solving and influencing skills and ability to drive architecture into product groups and suppliers 

Hourly Pay Rate Range (dependent on location, experience, expectation) 

The pay range that Magnit reasonably expects to pay for this position is: $70.00/hour-$80.00/hour 

Benefits: Medical, Dental, Vision, 401K (provided minimum eligibility hours are met)

Tundra Technical Solutions (the operator of this Talent Community) is a global leader of contingent talent services. Our success and our clients’ success are built on a foundation of service excellence. We are an equal opportunity employer, and we do not discriminate on the basis of race, religion, color, national origin, sex, sexual orientation, age, veteran status, disability, genetic information, or other applicable legally protected characteristic. Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable law, including the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Unincorporated LA County workers: we reasonably believe that criminal history may have a direct, adverse and negative relationship with the following job duties, potentially resulting in the withdrawal of a conditional offer of employment: client provided property, including hardware (both of which may include data) entrusted to you from theft, loss or damage; return all portable client computer hardware in your possession (including the data contained therein) upon completion of the assignment, and; maintain the confidentiality of client proprietary, confidential, or non-public information. In addition, job duties require access to secure and protected client information technology systems and related data security obligations. 

Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws.