Principal Identity Engineer - Cloud IAM / CIAM (Remote)

About The Position

Requirements

• Deep hands-on experience designing and operating identity platforms at scale in complex environments.
• Advanced expertise across Microsoft Entra ID, AWS IAM, and Google Cloud IAM, with OCI experience a plus.
• Proven ability to design cloud-agnostic IAM models and implement them consistently across platforms.
• Strong background in IAM security architecture, governance, and risk-based access controls.
• Hands-on experience with least privilege design, JIT access, Zero Trust identity, and RBAC/ABAC models.
• Expert knowledge of OAuth 2.0, OpenID Connect, and SAML.
• Proven experience delivering enterprise-scale SSO and MFA solutions.
• Demonstrated experience establishing IAM-as-Code using Terraform with GitHub-based change control.
• Strong scripting and automation skills in Python, Bash, and JSON, including CI/CD and guardrail design.
• Experience architecting and operating customer identity platforms for portals, mobile apps, and APIs.
• Ability to communicate complex identity concepts to both technical and non-technical audiences.
• Strong influence, documentation, and execution skills at the principal or senior architect level.
• Relevant security or identity certifications such as CISSP or identity-focused credentials.
• Bachelor’s degree or equivalent experience, with extensive background in enterprise security engineering.

Nice To Haves

• OCI experience a plus
• OCI experience a plus

Responsibilities

• Own the enterprise IAM strategy and target-state architecture across Microsoft Entra, AWS, and Google Cloud (OCI a plus).
• Define secure, scalable identity patterns for workforce, partner, and customer access that align with security, risk, and compliance requirements.
• Design and operationalize a Zero Trust identity model with continuous verification, risk-based access, and adaptive authentication.
• Reduce standing privilege through least privilege design, just-in-time (JIT) access, and standardized entitlement models.
• Hands-on design and delivery of IAM capabilities including SSO, MFA, identity lifecycle, federation, and privileged access across cloud and hybrid environments.
• Lead modernization efforts, including migration from hybrid Active Directory to Entra ID–based authentication.
• Design and evolve customer identity (CIAM) solutions supporting web, mobile, and API platforms.
• Balance security, privacy, performance, and customer experience while enabling scalable enterprise integrations.
• Establish IAM governance frameworks covering access lifecycle, RBAC/ABAC models, access reviews, and audit evidence.
• Define measurable controls, documentation standards, and recurring review processes to ensure audit readiness.
• Define and lead an enterprise IAM-as-Code program using Terraform and GitHub.
• Build reusable, versioned modules and establish PR-based workflows with auditability, approvals, and security guardrails.
• Engineer secure CI/CD pipelines for IAM deployments, including validation, testing, approvals, drift detection, and rollback strategies.
• Ensure reliable, auditable identity changes with operational monitoring and clear runbooks.
• Develop automation in Python, Bash, and JSON to scale identity operations and reduce manual risk.
• Support policy management, bulk changes, integrations, and identity-related incident response and diagnostics.

Benefits

• medical
• dental
• vision
• 401k
• PTO/paid sick leave
• employee stock purchase plan