IAM Architect & Engineer

Centric Consulting•St. Louis, MO

8d•Remote

About The Position

The identity cloud engineer is responsible for the design, implementation, and sustainment of identity and access management capabilities across the organization's cloud environments, spanning AWS, Azure, and GCP. This role ensures that cloud native IAM constructs including roles, policies, service accounts, and Federated identity configurations are engineered to enforce least privilege, support zero trust principles, and integrate seamlessly with the enterprise identity stack. As AI is embedded into the security program, this role will play a critical part in securing AI workloads and machine identities in the cloud, ensuring that non human identities, service principles, and automated pipelines are governed with the same trigger applied to human access. The Lead Cloud IAM Architect & Engineer is responsible for defining and delivering the enterprise cloud and hybrid IAM architecture across AWS, Azure, and GCP. This role blends hands-on engineering with architecture leadership to build secure, scalable identity services and integrations using Okta, SailPoint, CyberArk, and HashiCorp platforms. The Lead will set technical direction, establish reference architectures and standards, and guide delivery across multiple teams while ensuring solutions are secure-by-design and operationally sustainable.

Requirements

Deep experience in enterprise IAM architecture and engineering, including SSO/federation, authentication, authorization, identity lifecycle, and privileged access.
Strong understanding of IAM protocols and standards: SAML, OpenID Connect, OAuth 2.0, SCIM (plus familiarity with related standards as needed).
Strong security foundation: least privilege, privileged access controls, secrets management, segmentation, auditing/logging, and identity threat considerations.
Hands-on experience designing IAM models across: AWS(IAM roles/policies, cross-account access patterns, identity federation), Azure (Entra ID/Azure RBAC patterns, subscription management concepts), GCP (IAM roles, service accounts, workload identity concepts).
Understanding of cloud operating models across IaaS/PaaS/SaaS and how identity patterns differ across them.
Proven implementation experience with: Okta for identity provider patterns, app onboarding, MFA/adaptive access, lifecycle integrations; SailPoint for governance, provisioning, role/entitlement modeling, certifications; CyberArk for privileged access workflows, vaulting, session controls; HashiCorp Vault (and related tooling) for secrets lifecycle and secure access patterns.
Strong scripting/automation capability (e.g., PowerShell, Python) and experience with IaC (e.g., Terraform) for scalable delivery.
Ability to produce high-quality technical documentation: diagrams, designs, standards, and implementation guides.
Excellent troubleshooting and analytical skills; ability to design for resiliency and failure modes.
Strong written and verbal communication skills with the ability to influence and lead across teams.
Comfortable leading technical delivery, mentoring others, and operating with minimal supervision in a complex environment.

Nice To Haves

Experience with Zero Trust and modern conditional access/adaptive access patterns.
Experience integrating IAM telemetry into SIEM/SOAR and supporting identity threat detection/response workflows.
Exposure to API management and service-to-service security patterns (mTLS, JWT validation, OAuth client credential flows).
Familiarity with AI/ML-driven identity controls and adaptive access tuning.

Responsibilities

Own the cloud IAM reference architecture across AWS, Azure, and GCP, including identity patterns for workforce, partners, and non-human identities (workloads/services).
Define and drive adoption of authentication and authorization patterns (SSO, federation, MFA/adaptive access, API access, service-to-service identity) aligned to security standards and business requirements.
Establish and maintain reusable architecture artifacts: reference architectures, standard integration patterns, design templates, configuration baselines, and guardrails.
Lead architecture reviews and provide technical governance to ensure consistent implementation across cloud and application teams.
Design, build, and integrate IAM solutions using: Okta (SSO, federation, lifecycle integrations, MFA/adaptive policies, app integrations), SailPoint (identity governance, provisioning workflows, access reviews/certifications, role and entitlement modeling), CyberArk (privileged access management, credential/session controls, privileged workflows), HashiCorp (Vault/secrets management, dynamic secrets where applicable, identity-based access to secrets).
Engineer secure cloud access patterns across AWS/Azure/GCP, including least privilege designs, account/subscription/project onboarding patterns, and role-based access models.
Build and support modern identity integrations using standards and protocols (SAML, OIDC, OAuth 2.0, SCIM; familiarity with XACML/SPML as applicable).
Develop automation and repeatability via scripting and/or infrastructure-as-code approaches (e.g., Terraform), improving time-to-deliver and reducing manual effort.
Translate IAM strategy and security policies into implementable engineering standards (e.g., privileged access requirements, access request flows, secrets handling standards, non-human identity controls).
Identify and mitigate IAM risks in cloud and hybrid environments (e.g., privileged sprawl, excessive permissions, token/session risks, misconfiguration, secrets leakage).
Partner with Security, Cloud Platform, and Compliance teams to ensure IAM solutions meet regulatory and audit expectations.
Own and maintain the IAM technical roadmap across Okta/SailPoint/CyberArk/HashiCorp, including modernization, integrations, technical debt reduction, and platform lifecycle planning for the cloud platform.
Evaluate new capabilities from cloud providers and IAM vendors; recommend improvements based on emerging threats and business needs.
Drive operational readiness for new IAM services: monitoring, alerting, runbooks, support transitions, and resilience/failover considerations.
Serve as a technical escalation point for complex IAM issues and integrations.
Mentor engineers and influence application and platform teams on secure identity patterns and implementation best practices.
Communicate architecture decisions and tradeoffs clearly to engineering teams, product owners, and senior stakeholders.
Interpret business needs and IAM strategy and convert them into secure, scalable architectures and engineering plans.
Make technical decisions balancing security, usability, delivery speed, operability, and cost.
Drive alignment across stakeholders and teams through architecture leadership and clear technical direction.