Cloud IAM Engineer II

About The Position

Requirements

• 5+ years of experience in DevOps, SRE, or Platform Engineering roles
• Undergraduate degree or Technical Certificate
• Experienced with Terraform (including module design, state management, and CI integration)
• Proficiency with GitHub Actions for CI/CD pipelines and automation workflows
• Deep knowledge of cloud IAM models (especially GCP Workload Identity Federation and Azure Entra ID)
• Understanding of cert-based authentication, secure software supply chain, and compliance automation
• Familiarity with Kubernetes, container-based deployments, and cloud-native network/security controls
• Comfortable working in multi-cloud environments (Azure, GCP) and hybrid setups (VMC2, on-prem)
• Strong scripting skills (e.g., Bash, Python, or Go)

Nice To Haves

• Graduate degree

Responsibilities

• Design, deploy, and manage Azure Entra ID configurations including App Registrations, Service Principals, and Conditional Access policies
• Process and execute RBAC role definitions and assignments across Azure subscriptions and management groups
• Support GCP Workspace administration including user provisioning, organizational unit management, and service account lifecycle
• Manage HashiCorp Vault policies, secret rotation, and credential lifecycle management
• Implement authentication patterns using OAuth 2.0, OIDC, certificate-based auth, and modern identity protocols
• Develop and maintain Terraform modules for IAM resource provisioning
• Build GitHub Actions workflows for self-service access automation
• Create and maintain IAM control frameworks and validation mechanisms
• Implement OIDC Workload Identity Federation to eliminate static credentials
• Contribute to Azure Landing Zone IAM baseline architectures
• Write Python or PowerShell scripts for operational efficiency
• Process ServiceNow requests for access provisioning with SLA adherence
• Deploy Azure resources including App Services, SQL, Key Vaults with appropriate IAM configurations
• Support compliance activities including audit attestations, access reviews, and RFI responses
• Maintain operational documentation, runbooks, and knowledge base articles
• Provide technical support and troubleshooting for IAM-related issues
• Partner with security teams to ensure compliance with TD policies and regulatory requirements
• Work with application teams to understand access requirements and implement appropriate solutions
• Identify opportunities to automate manual processes and reduce operational toil
• Document patterns, best practices, and lessons learned
• Mentor team members and contribute to knowledge sharing
• Build and maintain GitHub Actions workflows for self-service provisioning of infrastructure, secrets, and IAM roles using Terraform
• Develop reusable Terraform modules that encapsulate TD compliant patterns for deploying GCP, Azure, and on-prem infrastructure (VMs, networks, K8s clusters, etc.)
• Support the GitHub repository onboarding process by automating bindings between repositories, identity pools, and service accounts
• Enable secure OIDC-based pipeline authorization (e.g., GCP Workload Identity Federation, Azure Federated Credentials)
• Drive automation for certificate-based authentication for on-prem VMs accessing Vault and other internal services
• Collaborate with platform, IAM, and security teams to implement compliant patterns for secrets, identity, and access governance
• Design self-service onboarding workflows for developers and application teams across environments (EDP-GT, EDP-XL, TD Universe)
• Contribute to internal documentation and Confluence living strategies to ensure transparency and onboarding clarity

Benefits

• base salary
• variable compensation
• health and well-being benefits
• savings and retirement programs
• paid time off
• banking benefits and discounts
• career development
• reward and recognition programs
• regular development conversations
• training programs
• competitive benefits plan
• access to an online learning platform
• variety of mentoring programs