Jobs · Art & Creative

IAM Architect - Remote Contract

Arctiq · Philadelphia, PA · 2 wk ago
Art & CreativeContract

Responsibilities

  • Design and enforce IAM least-privilege models across AWS Organizations, Landing Zones, and Service Control Policies (SCPs), with parity controls extended to Azure and GCP.
  • Lead zero trust initiatives end-to-end: verify-explicitly policies, Just-in-Time (JIT) / Just-Enough-Access (JEA) provisioning, CIEM integration, and identity platform governance.
  • Define and maintain approved access patterns for services and users, aligned to predefined roles (Reader, Contributor, Administrator) and documented as policy-as-code.
  • Implement and govern OAuth/OIDC flows, service mesh identity controls, and federated identity across cloud and on-prem environments.
  • Maintain a comprehensive inventory of all approved AWS and Azure services, cataloging IAM resources and differentiating between control plane (roles, policies) and data plane (user/key/role/policy/group) resources.
  • Manage credentials for local data plane resources in vaults; ensure resource policies are applied consistently across services.
  • Utilize Wiz (CSPM) for cloud asset inventory, compliance reporting, evidence collection, and correlation to AWS/Azure/GCP documentation.
  • Identify and govern external dependencies including secrets, keys, and cross-account policies.
  • Develop a comprehensive metadata tagging strategy mapped to application service lines (ASL), environments, and repository associations.
  • Design and build reusable IAM modules for each service access pattern, published to the service registry with consistent enforcement of naming conventions, metadata, and parameters.
  • Customize module policies to accommodate unique use cases while maintaining governance guardrails.
  • Establish methods to correlate modules with service resource policies and user roles/policies.
  • Embed IAM guardrails and policy-as-code controls natively into IaC templates (Terraform, CloudFormation) and CI/CD pipelines for secure-by-default provisioning.
  • Develop methodologies and criteria for pre-approved service registry modules deployable via pipelines vs. those requiring manual review.
  • Define and enforce controls pertinent to IAM and cloud security standards across all services; implement a shift-left strategy to proactively address IAM cloud operations.
  • Guide and contribute to secure microservices development in Python and Go on AWS, Azure, and GCP, including async and event-driven architectures.
  • Establish secure coding standards and review processes for service identity, inter-service authentication, and least-privilege service accounts.
  • Oversee network and data security controls: segmentation, KMS/encryption strategies, and cloud-native logging and detection pipelines.
  • Document IAM configurations for pipelines, repositories, and all cloud services; develop and maintain IAM SDLC documentation.
  • Formulate request and approval processes for new IAM modules, including pre-approval pipeline design and approval authority definition.
  • Document manual review procedures and escalation paths for non-standard access patterns.
  • Develop a comprehensive IAM Cloud program strategy, defining its functions, roadmap, and maturity model.
  • Provide recommendations on team structure, roles, skillsets, and resourcing needs across Service Desk, Global Command Center, Cloud Operations, and Cloud Engineering.
  • Mentor and guide junior IAM engineers; act as the subject matter expert and escalation point for complex identity and access challenges.

Qualifications

  • 10+ years of experience in IAM, cloud security, or identity engineering roles with demonstrated progression.
  • Proficiency with CSPM tooling, specifically Wiz, for inventory, reporting, and compliance evidence collection.
  • Deep expertise in AWS multi-account governance: Organizations, Landing Zones, SCPs, and IAM least-privilege design patterns.
  • Proven experience leading zero trust initiatives including JIT/JEA provisioning, CIEM platforms, OAuth/OIDC, and service mesh identity.
  • Hands-on experience with policy-as-code tooling and embedding IAM guardrails into IaC (Terraform / CloudFormation) and CI/CD pipelines.
  • Experience securing microservices architectures (Python, Go) in async and event-driven environments across AWS, Azure, and GCP.
  • Strong command of network and data security controls: segmentation, KMS/encryption, cloud-native logging, and detection.
  • Strong documentation, process development, and communication skills with the ability to influence cross-functional teams.
  • Relevant cloud security certifications: AWS Security Specialty, CCSP, CISSP, or equivalent Azure/GCP security certifications.
  • Experience implementing and managing enterprise-scale cloud infrastructure security programs.
  • Familiarity with identity governance and administration (IGA) platforms and PAM solutions.
  • Experience with service mesh technologies (Istio, Envoy) for service-to-service authentication.
  • Strong project management skills with experience leading cross-functional security initiatives.

Similar jobs

IAM Architect / Remote

Apetan Consulting LLCJersey City, NJ· 6 days ago
Art & Creativeapply on candidateportal.ceipal.com

Architect - Remote

OptumBasking Ridge, NJ· 3 wk ago
Art & Creative$113k–$193k/yrapply on careers.unitedhealthgroup.com

IAM Architect

Tata Consultancy ServicesAlpharetta, GA· 3 wk ago
Art & Creativeapply on ibegin.tcsapps.com

IAM Architect

The Voleon GroupBerkeley, CA· 1 wk ago
Art & Creativeapply on voleon.com

IAM Architect

The Voleon GroupNew York, NY· 1 wk ago
Art & Creativeapply on voleon.com