Identity Security Architect
Position Overview:
Southern Company, a major U.S. energy firm, is seeking an experienced Identity Security Architect to design creative identity solutions and reduce risk. This is a primarily on-site role with 4 days per week in-office presence expected.
This role will have responsibility for setting the strategic direction for identity security specifically across our various cloud tenants and in support of the company’s desire for agentic transformation. It will directly support the company’s efforts to mitigate real and potential cyber threats to the company’s facilities, personnel, technology, operations, and brand – including critical electric and gas utility infrastructure and its privately owned telecommunications network.
Although the position is cloud centric there is expected to be heavy involvement with the design and security of agents and agentic use cases. There is likely future engagement with on-prem applications as well, as legacy datastores are set for modernization and ingestion into large language models. Applicants should be well rounded in their understanding of different security disciplines such as networking, endpoint, data, cloud, application security, monitoring and, of course, identity. They should be able to align execution with an overall strategy to increase identity maturity, anticipate future requirements for complex hybrid and multi-cloud environments, and drive identity initiatives via influence and relationships.
Southern Company is headquartered in Atlanta, and we bring energy to homes and businesses across the country. We’ve made our name as a leading producer of clean, safe, reliable and affordable energy, and we approach each day as a vital step in building the future of energy. We’re always looking ahead, and our innovations in the industry – from new nuclear to deployment of electric transportation and renewables – to help brighten the lives and businesses of millions of customers nationwide. Our team is critical to building the future of energy with secure, resilient, and sustainable cyber solutions.
Job Responsibilities:
- Set strategic direction for agentic, AI, and workload identity security across the organization and advise leadership on emerging identity risks and opportunities.
- Define and evolve Southern Company’s agentic identity architecture, including non‑human identities (AI agents, service principals, workloads, automation, MCP servers).
- Collaborate with engineering and security teams to integrate SPIFFE/SPIRE-based identity mechanisms, ensuring scalable, robust, and policy-driven workload authentication and authorization.
- Serve as a trusted advisor by designing secure, scalable identity and authorization patterns that enable AI‑driven business capabilities.
- Align forward‑looking identity strategy with business goals across multi‑cloud, SaaS, and AI platforms.
- Establish identity guardrails for autonomous agents, including least privilege, intent‑bounded access, and lifecycle governance.
- Engage third‑party experts for architecture reviews, AI risk assessments, and emerging best practices.
- Influence adoption through a product‑ and enablement‑oriented approach to identity services, patterns, and platforms.
- Monitor and prepare for regulatory, ethical, and security impacts of AI‑driven and autonomous systems.
- Contribute to standards, policies, and reference architectures for human, non‑human, and agentic identity.
- Improve processes supporting automation, ephemeral access, workload trust, and identity observability.
- Lead cross‑functional initiatives involving security, AI, cloud, and engineering teams.
- Mentor and educate teams on modern identity, zero trust, and agent safety principles.
Qualifications:
Required
- 3+ years designing or operating cloud identity architectures across multiple providers (Azure/Entra, AWS IAM, GCP IAM, SaaS).
- Experience building or contributing to an identity security program, including governance and standards.
- Strong understanding of non-human identities: service accounts, workloads, APIs, automation, and AI agents.
- Hands on experience with OAuth 2.0, OIDC, token lifecycles, certificates, and trust boundaries.
- Understanding of authorization models beyond RBAC (claims based, policy based, attribute based).
- Familiarity with AI / agent execution models, delegated authority, and identity risks introduced by autonomy.
- Ability to translate security requirements into developer friendly architectures and patterns.
- Strong communication skills to position identity as a business and platform enabler.
- Ability to lead initiatives from concept through delivery with minimal oversight.
- Must pass Insider Threat Program background checks.
Desired
- Experience securing AI platforms, LLM integrations, or agent frameworks.
- Familiarity with Model Context Protocol (MCP), agent to tool authentication, or workload mediation patterns.
- Experience with API security, token introspection, and fine-grained authorization.
- Programming or scripting proficiency (Python, JavaScript, REST/Graph APIs, JSON).
- Knowledge of Zero Trust Architecture, NIST, OWASP, and cloud security frameworks.
- Security certifications (CISSP, CCSP, CISA, GIAC, CRISC, etc.).
- Awareness of nation state, supply chain, and AI enabled threat models.
- Interest in applying agentic and AI security concepts to critical infrastructure and energy systems.
This position falls under the company’s Insider Threat Program and will have access to, and control over sensitive data, systems or assets. Enhanced personnel screening, which includes a background review, drug screen and psychological assessment, will be required if you are selected for this position
About Southern Company
Southern Company (NYSE: SO ) is a leading energy provider serving 9 million customers across the Southeast and beyond through its family of companies. Providing clean, safe, reliable and affordable energy with excellent service is our mission. The company has electric operating companies in three states, natural gas distribution companies in four states, a competitive generation company, a leading distributed energy solutions provider with national capabilities, a fiber optics network and telecommunications services. Through an industry-leading commitment to innovation, resilience and sustainability, we are taking action to meet customers' and communities' needs while advancing our goal of net-zero greenhouse gas emissions by 2050. Our uncompromising values ensure we put the needs of those we serve at the center of everything we do and are the key to our sustained success. We are transforming energy into economic, environmental and social progress for tomorrow. Our corporate culture has been recognized by a variety of organizations, earning the company awards and recognitions that reflect Our Values and dedication to service. To learn more, visit www.southerncompany.com .
Southern Company invests in the well-being of its employees and their families through a comprehensive total rewards strategy that includes competitive base salary, annual incentive awards for eligible employees and health, welfare and retirement benefits designed to support physical, financial, and emotional/social well-being. This position may also be eligible for additional compensation, such as an incentive program, with the amount of any bonus/awards subject to the terms and conditions of the applicable incentive plan(s). A summary of the benefits offered for this position can be found here https://seo.nlx.org/southernco/pdf/SOCO-Benefits.pdf . Additional and specific details about total compensation and benefits will also be provided during the hiring process.
Southern Company is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law.
Job Identification: 19126
Job Category: Cybersecurity
Job Schedule: Full time
Company: Southern Company Services
