Google Cloud IAM DevOps Engineer

Capgemini•Atlanta, GA

7h•Hybrid

About The Position

We are seeking a Google Cloud IAM DevOps Engineer with strong expertise in Identity and Access Management automation on Google Cloud Platform GCP This role focuses on building secure and scalable IAM architectures automating identity lifecycle management and implementing certificate based authentication using X509 certificates The ideal candidate will have experience building IAM automation using Terraform GitHub Actions Python and Shell scripting while implementing enterprise grade identity federation and certificate management solutions We are looking for an experienced Google Cloud IAM DevOps Engineer with deep expertise in Identity and Access Management (IAM) automation on Google Cloud Platform (GCP). This role focuses on designing and implementing secure, scalable IAM architectures, automating identity lifecycle management, and enabling X.509 certificate–based authentication for workloads and external integrations. The ideal candidate will bring hands-on experience with Terraform, GitHub Actions, Python, and Shell scripting, along with a strong understanding of enterprise-grade identity federation and certificate management solutions.

Nice To Haves

Experience integrating with enterprise identity providers such as Okta, Azure AD, Ping Identity, or similar
Strong understanding of PKI infrastructure and certificate authorities
Proven experience building IAM automation platforms at enterprise scale
Hands-on experience implementing certificate-based workload authentication

Responsibilities

Google Cloud IAM Engineering Design, implement, and maintain secure IAM architectures on Google Cloud
Manage IAM roles, policies, and permissions using least-privilege principles
Create and govern Service Accounts and service account key policies
Implement Workload Identity Pools and Providers for secure access by external workloads
Enable Workforce Identity Federation to support enterprise workforce authentication without service account keys
X.509 Certificate Identity Management Design and manage certificate-based authentication using X.509 certificates
Implement certificate lifecycle management, including issuance, rotation, and revocation
Automate certificate provisioning and renewal processes
Integrate certificate-based authentication with identity federation and secure workload access
Infrastructure as Code & DevOps Develop scalable, reusable Terraform modules for IAM and identity federation
Build and maintain GitHub Actions pipelines to deploy and manage IAM configurations
Ensure automated, auditable pipelines for IAM resource provisioning and governance
Automation & Scripting Develop automation solutions using: Python, Shell scripting
Automate: IAM role and permission audits Service account lifecycle management Certificate provisioning, rotation, and revocation

Benefits

Paid time off based on employee grade (A-F), defined by policy: Vacation: 12-25 days, depending on grade, Company paid holidays, Personal Days, Sick Leave
Medical, dental, and vision coverage (or provincial healthcare coordination in Canada)
Retirement savings plans (e.g., 401(k) in the U.S., RRSP in Canada)
Life and disability insurance
Employee assistance programs
Other benefits as provided by local policy and eligibility

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume