GCP IAM Architect

About The Position

Requirements

• Extensive hands-on experience with GCP IAM technologies, including Google Cloud Identity, IAM policies, organization policies, Workload Identity Federation, and service account management
• Proven experience configuring and managing PingFederate for enterprise SSO and federated identity integration with Active Directory
• Deep understanding of authentication and authorization protocols: SAML 2.0, OAuth 2.0, OIDC, and JWT
• Strong experience with Google Cloud Directory Sync (GCDS) for AD integration and user provisioning
• Hands-on experience with Hashicorp Vault and GCP Cloud KMS for secrets and key management
• Proficiency with Infrastructure as Code using Terraform for IAM resource provisioning
• Experience with GCP security services: VPC Service Controls, Security Command Center, Policy Intelligence, and Cloud Asset Inventory
• Strong understanding of identity lifecycle management, access governance, and privileged access management concepts

Responsibilities

• Design and implement comprehensive IAM strategies and solutions on GCP, including Google Cloud Identity, IAM roles and policies, organization policies, deny policies, and Workload Identity Federation
• Configure and manage federated identity solutions using PingFederate to enable seamless SSO between on-premises Active Directory and GCP services
• Implement and manage OIDC Federation, SAML-based authentication, and OAuth 2.0 flows for enterprise applications
• Design and deploy role-based access control (RBAC) frameworks, custom IAM roles, and least-privilege access models across GCP organizations and projects
• Configure and manage Google Cloud Directory Sync (GCDS) for automated user and group provisioning from Active Directory to Google Cloud Identity
• Implement service account management strategies, including key rotation, impersonation policies, and workload identity configurations
• Establish and enforce security best practices for IAM, including conditional access policies, context-aware access controls, and security key enforcement
• Design and implement encryption strategies using GCP Cloud KMS and Hashicorp Vault for secrets management
• Implement network security controls including VPC Service Controls, private Google access, and secure connectivity patterns
• Ensure compliance with security frameworks and regulatory requirements through proper IAM configurations and audit logging
• Design, implement, and manage scalable cloud infrastructure solutions on GCP platform aligned with IAM requirements
• Automate IAM provisioning, configuration, and lifecycle management using Infrastructure as Code (IaC) tools such as Terraform
• Collaborate with software engineering teams to integrate IAM requirements into application architectures and CI/CD pipelines
• Develop automated workflows for user onboarding/offboarding, access reviews, and privilege management
• Implement monitoring and alerting for IAM-related events using Cloud Logging, Cloud Monitoring, and Security Command Center
• Conduct regular access reviews, privilege audits, and IAM policy optimizations
• Troubleshoot and resolve complex issues related to authentication, authorization, federation, and access management
• Monitor and optimize cloud infrastructure resources to ensure performance, availability, and cost-efficiency
• Develop and maintain comprehensive documentation for IAM architectures, federation configurations, and operational procedures
• Establish IAM standards, policies, and governance frameworks aligned with organizational security requirements
• Stay current with GCP IAM capabilities, authentication protocols, and industry best practices
• Provide technical leadership and guidance to development and operations teams on IAM best practices

Benefits

• Flexible vacation policy; time is not limited, allocated, or accrued
• 16 paid holidays throughout the year
• Generous parental leave and new parent transition program
• Tuition reimbursement
• Corporate gift matching program