Lead Cloud/AI/IAM Architect & Engineer
Centric Consulting · St Louis, MO · 2 wk ago
RemoteRemoteEngineeringFull-time
About the role
The Identity Cloud Engineer and Lead Cloud IAM Architect & Engineer at Centric Consulting are responsible for designing, implementing, and sustaining identity and access management capabilities across various cloud environments. This includes AWS, Azure, and GCP, ensuring that cloud-native IAM constructs are engineered to enforce least privilege, support zero trust principles, and integrate seamlessly with the enterprise identity stack.
Responsibilities
- Own the cloud IAM reference architecture across AWS, Azure, and GCP, including identity patterns for workforce, partners, and non-human identities (workloads/services).
- Define and drive adoption of authentication and authorization patterns (SSO, federation, MFA/adaptive access, API access, service-to-service identity) aligned to security standards and business requirements.
- Establish and maintain reusable architecture artifacts: reference architectures, standard integration patterns, design templates, configuration baselines, and guardrails.
- Lead architecture reviews and provide technical governance to ensure consistent implementation across cloud and application teams.
- Design, build, and integrate IAM solutions using: Okta (SSO, federation, lifecycle integrations, MFA/adaptive policies, app integrations); SailPoint (identity governance, provisioning workflows, access reviews/certifications, role and entitlement modeling); CyberArk (privileged access management, credential/session controls, privileged workflows); HashiCorp (Vault/secrets management, dynamic secrets where applicable, identity-based access to secrets).
- Engineer secure cloud access patterns across AWS/Azure/GCP, including least privilege designs, account/subscription/project onboarding patterns, and role-based access models.
- Build and support modern identity integrations using standards and protocols (SAML, OIDC, OAuth 2.0, SCIM; familiarity with XACML/SPML as applicable).
- Develop automation and repeatability via scripting and/or infrastructure-as-code approaches (e.g., Terraform), improving time-to-deliver and reducing manual effort.
- Translate IAM strategy and security policies into implementable engineering standards (e.g., privileged access requirements, access request flows, secrets handling standards, non-human identity controls).
- Identify and mitigate IAM risks in cloud and hybrid environments (e.g., privileged sprawl, excessive permissions, token/session risks, misconfiguration, secrets leakage).
- Partner with Security, Cloud Platform, and Compliance teams to ensure IAM solutions meet regulatory and audit expectations.
- Own and maintain the IAM technical roadmap across Okta/SailPoint/CyberArk/HashiCorp, including modernization, integrations, technical debt reduction, and platform lifecycle planning for the cloud platform.
- Evaluate new capabilities from cloud providers and IAM vendors; recommend improvements based on emerging threats and business needs.
- Drive operational readiness for new IAM services: monitoring, alerting, runbooks, support transitions, and resilience/failover considerations.
- Serve as a technical escalation point for complex IAM issues and integrations.
- Mentor engineers and influence application and platform teams on secure identity patterns and implementation best practices.
- Communicate architecture decisions and tradeoffs clearly to engineering teams, product owners, and senior stakeholders.
- Interpret business needs and IAM strategy and convert them into secure, scalable architectures and engineering plans.
- Make technical decisions balancing security, usability, delivery speed, operability, and cost.
- Drive alignment across stakeholders and teams through architecture leadership and clear technical direction.
Qualifications
- Deep experience in enterprise IAM architecture and engineering, including SSO/federation, authentication, authorization, identity lifecycle, and privileged access.
- Strong understanding of IAM protocols and standards: SAML, OpenID Connect, OAuth 2.0, SCIM (plus familiarity with related standards as needed).
- Strong security foundation: least privilege, privileged access controls, secrets management, segmentation, auditing/logging, and identity threat considerations.
- Hands-on experience designing IAM models across: AWS(IAM roles/policies, cross-account access patterns, identity federation); Azure (Entra ID/Azure RBAC patterns, subscription management concepts); GCP (IAM roles, service accounts, workload identity concepts).
- Understanding of cloud operating models across IaaS/PaaS/SaaS and how identity patterns differ across them.
- Proven implementation experience with: Okta for identity provider patterns, app onboarding, MFA/adaptive access, lifecycle integrations; SailPoint for governance, provisioning, role/entitlement modeling, certifications; CyberArk for privileged access workflows, vaulting, session controls; HashiCorp Vault (and related tooling) for secrets lifecycle and secure access patterns.
- Strong scripting/automation capability (e.g., PowerShell, Python) and experience with IaC (e.g., Terraform) for scalable delivery.
- Excellent troubleshooting and analytical skills; ability to design for resiliency and failure modes.
- Strong written and verbal communication skills with the ability to influence and lead across teams.
- Comfortable leading technical delivery, mentoring others, and operating with minimal supervision in a complex environment.