IAM Architect – Contract

This is a fully remote position, open to applicants in Pennsylvania.

📋 Description

• Architect and govern Enterprise Identity and Access Management (IAM) across multi-cloud environments.

• Design and implement least-privilege IAM models throughout AWS Organizations, Landing Zones, and Service Control Policies (SCPs).

• Spearhead comprehensive zero trust initiatives, including verify-explicitly policies, Just-in-Time (JIT) / Just-Enough-Access (JEA) provisioning, CIEM integration, and governance of identity platforms.

• Establish and oversee approved access patterns for services and users, adhering to predefined roles (Reader, Contributor, Administrator) and documenting them as policy-as-code.

• Execute and manage OAuth/OIDC flows, service mesh identity controls, and federated identity across both cloud and on-premises environments.

• Maintain a thorough inventory of all sanctioned AWS and Azure services, cataloging IAM resources while distinguishing between control plane (roles, policies) and data plane (user/key/role/policy/group) resources.

• Oversee credentials for local data plane resources within vaults; ensure that resource policies are uniformly applied across services.

• Leverage Wiz (CSPM) for cloud asset inventory management, compliance reporting, evidence collection, and correlation with AWS/Azure/GCP documentation.

• Identify and manage external dependencies such as secrets, keys, and cross-account policies.

• Formulate a comprehensive metadata tagging strategy aligned with application service lines (ASL), environments, and repository associations.

• Design and develop reusable IAM modules for each service access pattern, published to the service registry with consistent adherence to naming conventions, metadata, and parameters.

• Integrate IAM guardrails and policy-as-code controls directly into Infrastructure as Code (IaC) templates (Terraform, CloudFormation) and CI/CD pipelines to ensure secure-by-default provisioning.

• Create methodologies and criteria for deployable service registry modules via pipelines versus those necessitating manual review.

• Define and enforce IAM and cloud security standards across all services; implement a shift-left strategy to proactively manage IAM cloud operations.

• Provide guidance and contribute to secure microservices development using Python and Go on AWS, Azure, and GCP, including asynchronous and event-driven architectures.

• Establish methods to link modules with service resource policies and user roles/policies.

• Document IAM configurations for pipelines, repositories, and all cloud services; develop and sustain IAM SDLC documentation.

• Create a comprehensive IAM Cloud program strategy that outlines its functions, roadmap, and maturity model.

⛳️ Requirements

• Over 10 years of experience in IAM, cloud security, or identity engineering roles with a proven track record of progression.

• Expertise in CSPM tools, particularly Wiz, for inventory management, reporting, and compliance evidence collection.

• Extensive knowledge of AWS multi-account governance including Organizations, Landing Zones, SCPs, and IAM least-privilege design patterns.

• Demonstrated experience in leading zero trust initiatives such as JIT/JEA provisioning, CIEM platforms, OAuth/OIDC, and service mesh identity.

• Practical experience with policy-as-code tools and integrating IAM guardrails into IaC (Terraform / CloudFormation) and CI/CD pipelines.

• Experience in securing microservices architectures (Python, Go) in asynchronous and event-driven environments across AWS, Azure, and GCP.

• Strong understanding of network and data security controls, including segmentation, KMS/encryption, cloud-native logging, and detection.

• Proficient in developing metadata tagging strategies, service access patterns, and managing credential vaults.

• Excellent documentation, process development, and communication skills, with the ability to influence cross-functional teams.

🏝️ Benefits

• Equal opportunity employer

• Accommodations or adjustments throughout the interview process