Principal Cloud IAM Engineer
About The Position
Your work days are brighter here. We’re obsessed with making hard work pay off, for our people, our customers, and the world around us. As a Fortune 500 company and a leading AI platform for managing people, money, and agents, we’re shaping the future of work so teams can reach their potential and focus on what matters most. The minute you join, you’ll feel it. Not just in the products we build, but in how we show up for each other. Our culture is rooted in integrity, empathy, and shared enthusiasm. We’re in this together, tackling big challenges with bold ideas and genuine care. We look for curious minds and courageous collaborators who bring sun-drenched optimism and drive. Whether you're building smarter solutions, supporting customers, or creating a space where everyone belongs, you’ll do meaningful work with Workmates who’ve got your back. In return, we’ll give you the trust to take risks, the tools to grow, the skills to develop and the support of a company invested in you for the long haul. So, if you want to inspire a brighter work day for everyone, including yourself, you’ve found a match in Workday, and we hope to be a match for you too. About the Team Workday is expanding into the US Government air-gapped classified cloud environment. We are looking for a cloud engineer who has a focus on managing entitlements and permissions in a cloud services environment (AWS, Azure/EntraID or GCP). You will be one of our IAM engineers working to automate identity administration, authentication and authorization to resources in the air-gapped network. The candidate should understand infrastructure and compliance as code, using CI/CD pipelines. Familiarity with standard federation protocols used in IAM including OAUTH, OIDC, SAML and SCIM is essential. The ideal candidate will work with other teams in cloud engineering and the broader Cybersecurity organization in Workday Government as we work to build our new organization at Workday, focused on the unique requirements of the DoD and Intel agencies of the US Government. This role will support one or more direct or indirect contracts with the U.S. Federal Government which, due to federal government security requirements, mandates that all Workday personnel working on the contracts be United States citizens (naturalized or native). About the Role This role may require a security clearance at the TS/SCI w/CI Poly level. Applicants must have the ability to obtain and maintain a U.S. government issued security clearance. An active TS/SCI w/CI Poly is preferred. About You
Requirements
- 8+ years as a cloud engineer, focused on IAM
- Experience in centralizing authentication/authorization and RBAC/PBAC
- Managing infrastructure as code using tools like Github and Terraform
- Experience developing tools for automation in Python or other programming languages
- Experience integrating cloud platforms with external tools like Okta, EntraID or similar for centralized authentication and SSO
- Experience in utilizing one or more SEIM tools (Splunk or similar) for log aggregation and analysis, threat playbooks and auditing
- Familiarity with NIST 800-53 and DoD/Intel control frameworks
- Bachelor's degree or higher in computer science, cybersecurity, or comparable work/educational experience
- Familiarity with identity governance workflows, user lifecycle management (joiners, movers, leavers)
Nice To Haves
- An active TS/SCI w/CI Poly is preferred.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Principal
