Cloud IAM Engineer

Cloud IAM Engineer

Overview


We are seeking a Cloud IAM Engineer to help build, automate, and govern identity and access management capabilities across enterprise cloud platforms and hybrid infrastructure environments. This role is responsible for designing secure authentication and authorization frameworks, implementing modern workload identity solutions, and enabling scalable access controls that support both developer productivity and regulatory compliance.


The ideal candidate combines hands-on expertise in cloud identity services, infrastructure automation, and security engineering with a strong understanding of enterprise governance requirements. This position will partner closely with cloud engineering, cybersecurity, platform operations, and application teams to deliver secure, auditable, and automated access solutions across Azure, Google Cloud, and on-premises platforms.


Key Responsibilities

Cloud Identity Engineering

• Design and maintain enterprise identity solutions leveraging Microsoft Entra ID and Google Cloud IAM services.
• Configure and support application identities, managed identities, service principals, and federated authentication models.
• Develop and implement access governance frameworks aligned with least-privilege and zero-trust security principles.
• Establish standardized onboarding and lifecycle processes for cloud identities and privileged accounts.
• Support enterprise authentication services including OAuth 2.0, OpenID Connect (OIDC), SAML, and certificate-based authentication.

Access Governance & Authorization

• Design, implement, and manage role-based access control (RBAC) and attribute-based access control (ABAC) strategies across cloud environments.
• Review and optimize access models to ensure compliance with internal security standards and regulatory requirements.
• Automate entitlement provisioning, role assignments, and access reviews.
• Partner with security and audit teams to support governance, risk, and compliance initiatives.

Secrets & Credential Management

• Engineer secure secrets management solutions utilizing HashiCorp Vault and cloud-native secret management services.
• Implement automated credential rotation and lifecycle management processes.
• Develop patterns that reduce dependency on long-lived credentials and improve overall security posture.
• Support certificate issuance, renewal, and management workflows across enterprise platforms.

Workload Identity & Federation

• Implement workload identity solutions that enable secure service-to-service authentication without embedded secrets.
• Design federated trust relationships between cloud providers, CI/CD platforms, and enterprise identity providers.
• Enable modern authentication patterns for cloud-native applications, containers, and automation platforms.
• Drive adoption of identity federation capabilities to improve operational efficiency and reduce credential risk.

Infrastructure Automation & Platform Enablement

• Develop Infrastructure-as-Code solutions using Terraform and related automation frameworks.
• Build reusable identity and access management modules that accelerate cloud adoption and standardization.
• Automate IAM provisioning and policy management through CI/CD pipelines and GitHub Actions.
• Create self-service capabilities that allow application teams to request and manage access through approved workflows.

Security & Compliance

• Monitor and assess IAM configurations for compliance with enterprise security policies.
• Support security assessments, audits, and remediation activities related to cloud identity and access controls.
• Implement logging, monitoring, and reporting capabilities that provide visibility into access activity and privileged operations.
• Contribute to the development of enterprise standards, guardrails, and security baselines for cloud platforms.

Required Qualifications

• 5+ years of experience in Identity & Access Management, Cloud Security, or Platform Engineering roles.
• Strong experience with Microsoft Entra ID (Azure AD), Azure RBAC, and cloud identity services.
• Experience administering Google Cloud IAM, service accounts, and organizational policies.
• Hands-on expertise with HashiCorp Vault or comparable secrets management platforms.
• Deep understanding of authentication and authorization protocols including OAuth 2.0, OIDC, SAML, and PKI.
• Experience implementing Workload Identity Federation and modern machine identity solutions.
• Proficiency with Terraform and Infrastructure-as-Code practices.
• Experience building automation using GitHub Actions, Azure DevOps, or similar CI/CD platforms.
• Knowledge of enterprise security controls, governance frameworks, and regulatory compliance requirements.
• Strong troubleshooting, communication, and stakeholder management skills.

Preferred Qualifications

• Experience working within highly regulated financial services or banking environments.
• Knowledge of Zero Trust architecture principles.
• Experience supporting hybrid cloud and on-premises identity integrations.
• Familiarity with Kubernetes workload identities and container security practices.
• Industry certifications such as Azure Security Engineer, Google Professional Cloud Security Engineer, CISSP, or HashiCorp Vault certifications.
• Experience designing enterprise-scale IAM operating models and access governance processes.