Identity & Access Management (IAM) Architect

Overview

We are looking for an experienced and hands-on Identity & Access Management (IAM) Architect to join our cloud security team. This role is focused on architecting and implementing secure, scalable IAM solutions across multi-cloud environments. The ideal candidate will have strong practical knowledge of IAM tools, cloud identity integrations, and API security. You will be expected to bring deep technical expertise and hands-on experience with security frameworks, authentication protocols, and IAM systems

Responsibilities

Responsibilities

• Design, implement, and manage IAM solutions across AWS, GCP, and Microsoft Entra environments.
• Integrate IAM controls with applications, APIs, and cloud services to support secure access and authentication.
• Implement and manage advanced IAM capabilities including identity federation, SSO, adaptive access, and conditional access policies.
• Ensure secure integration with internal and third-party platforms using standards such as OAuth 2.0, OIDC, SAML, SCIM, and LDAP.
• Design and maintain cloud ingress security mechanisms, including firewall rules, mTLS, and private access endpoints.
• Configure identity-aware proxy (IAP) services and secure APIs with authentication and authorization layers.
• Lead IAM architecture design reviews, security assessments, and technical integrations.
• Develop and enforce policies for role-based access control (RBAC), attribute-based access control (ABAC), and just-in-time (JIT) access.
• Support certificate management, including issuing and rotating certificates using internal PKI and external certificate authorities.
• Collaborate with security, DevOps, and platform teams to ensure IAM practices align with enterprise security architecture.
• Automate IAM-related processes and controls through scripting and Infrastructure-as-Code (IaC) practices.
• Maintain documentation, architectural diagrams, and technical artifacts related to IAM and access control solutions.
• Support audit, compliance, and governance initiatives, ensuring adherence to standards such as ISO 27001, NIST, CIS, and SOC 2.

Requirements

Requirements

• Good hands-on experience with IAM tools such as Entra ID (Azure AD), Okta, AWS IAM, GCP IAM, CyberArk, and SailPoint.
• In-depth understanding of identity and access management concepts, including authentication, authorization, provisioning, de-provisioning, and lifecycle management.
• Strong expertise with authentication protocols and frameworks: OAuth 2.0, OIDC, SAML, Kerberos, LDAP, and MFA.
• Experience securing APIs using OAuth 2.0, API gateways, and token-based access strategies.
• Familiarity with modern identity frameworks including Zero Trust, Identity as the Perimeter, and Identity Federation.
• Experience implementing IAM controls for hybrid and multi-cloud environments, containerized workloads, and serverless applications.
• Knowledge of mTLS, certificate pinning, and mutual authentication for secure service-to-service communication.
• Comfortable writing automation scripts (e.g., Python, PowerShell, Bash) and using tools like Terraform for IAM policy management.
• Strong problem-solving, architectural design, and documentation skills.
• Excellent communication and collaboration skills, able to work effectively with technical and non-technical stakeholders.
• Self-motivated and capable of leading IAM design and security integration initiatives in dynamic environments.