Cloud IAM Engineer II

About The Position

Requirements

• 7+ years of hands-on experience in DevOps, SRE, Platform Engineering, or Cloud Network Engineering roles (5+ years considered for candidates with exceptional IAM or automation depth)
• Undergraduate degree or Technical Certificate required; Graduate degree preferred
• Proven experience designing and managing network infrastructure across Azure, GCP, and/or AWS
• Strong Terraform and GitHub Actions background, including multi-environment deployments
• Demonstrated knowledge of cloud IAM models and network security in regulated environments
• Comfortable operating in fast-paced, Agile/Scrum teams under tight delivery timelines
• Strong analytical, problem-solving, and cross-functional communication skills

Responsibilities

• Design, deploy, and manage Azure Entra ID configurations: App Registrations, Service Principals, and Conditional Access policies
• Define and assign RBAC roles across Azure subscriptions and management groups; manage GCP service account and organizational unit lifecycles
• Manage HashiCorp Vault policies, secret rotation, and credential lifecycle
• Implement authentication patterns including OAuth 2.0, OIDC, certificate-based auth, and Workload Identity Federation (GCP WIF / Azure Federated Credentials) to eliminate static credentials
• Design and deploy scalable, highly available network architectures across Azure, GCP, and AWS
• Configure and manage cloud networking components: VPCs, subnets, firewalls, VPNs, load balancers, DNS, Direct Connect, and ExpressRoute
• Implement and maintain multi-cloud and hybrid connectivity solutions between cloud platforms and on-premises data centers
• Monitor and optimize network performance (latency, throughput, reliability); conduct troubleshooting and root-cause analysis
• Apply network security best practices and ensure compliance with TD policies and regulatory standards
• Build and maintain GitHub Actions workflows for self-service provisioning of infrastructure, IAM roles, and secrets using Terraform
• Develop reusable, TD-compliant Terraform modules for GCP, Azure, and on-prem resources (VMs, networks, K8s clusters, Key Vaults, etc.)
• Automate GitHub repository onboarding — identity pool bindings, service account associations, and OIDC pipeline authorization
• Drive certificate-based authentication automation for on-prem VMs accessing Vault and internal services
• Design self-service onboarding workflows for developers across EDP-GT, EDP-XL, and TD Universe environments
• Write Python or PowerShell scripts to reduce operational toil and improve platform reliability
• Process ServiceNow requests for access provisioning with SLA adherence
• Support compliance activities: audit attestations, access reviews, and RFI responses
• Participate in capacity planning and network infrastructure scaling
• Maintain operational documentation, runbooks, and knowledge base articles; contribute to Confluence living strategies
• Partner with security, IAM, and cloud architecture teams to implement compliant patterns for identity, access, and networking
• Work with application teams to translate access and connectivity requirements into implemented solutions
• Identify and execute opportunities to automate manual processes
• Mentor team members and contribute to knowledge sharing across the platform

Benefits

• health and well-being benefits
• savings and retirement programs
• paid time off
• banking benefits and discounts
• career development
• reward and recognition programs