Principal Identity Engineer – Cloud IAM, CIAM

This is a fully remote position, open to applicants in California.

📋 Description

• Lead the enterprise IAM strategy and target-state architecture across Microsoft Entra, AWS, and Google Cloud (OCI experience is a plus).

• Establish secure, scalable identity frameworks for workforce, partner, and customer access that meet security, risk, and compliance standards.

• Create and implement a Zero Trust identity model featuring continuous verification, risk-based access, and adaptive authentication.

• Minimize standing privileges by applying least privilege design, just-in-time (JIT) access, and standardized entitlement models.

• Directly design and deliver IAM solutions, including SSO, MFA, identity lifecycle management, federation, and privileged access across cloud and hybrid settings.

• Spearhead modernization initiatives, including transitioning from hybrid Active Directory to Entra ID-based authentication.

• Design and enhance customer identity (CIAM) solutions for web, mobile, and API platforms.

• Balance security, privacy, performance, and customer experience while facilitating scalable enterprise integrations.

• Develop IAM governance frameworks that encompass access lifecycle, RBAC/ABAC models, access reviews, and audit evidence.

• Establish measurable controls, documentation standards, and ongoing review processes to maintain audit readiness.

• Define and manage an enterprise IAM-as-Code initiative utilizing Terraform and GitHub.

• Create reusable, versioned modules and implement PR-based workflows featuring auditability, approvals, and security guardrails.

• Engineer secure CI/CD pipelines for IAM deployments, incorporating validation, testing, approvals, drift detection, and rollback strategies.

• Guarantee reliable, auditable identity changes with operational monitoring and detailed runbooks.

• Develop automation tools in Python, Bash, and JSON to enhance identity operations and minimize manual risks.

• Assist with policy management, bulk changes, integrations, and identity-related incident response and diagnostics.

⛳️ Requirements

• Extensive hands-on experience in designing and managing identity platforms at scale within complex environments.

• Advanced proficiency in Microsoft Entra ID, AWS IAM, and Google Cloud IAM, with OCI experience being advantageous.

• Demonstrated capability to design cloud-agnostic IAM models and implement them uniformly across various platforms.

• Strong background in IAM security architecture, governance, and risk-based access controls.

• Practical experience with least privilege design, JIT access, Zero Trust identity, and RBAC/ABAC models.

• Expert understanding of OAuth 2.0, OpenID Connect, and SAML.

• Proven history of delivering enterprise-scale SSO and MFA solutions.

• Demonstrated experience in establishing IAM-as-Code using Terraform with GitHub-based change management.

• Strong skills in scripting and automation using Python, Bash, and JSON, including CI/CD and guardrail design.

• Experience in architecting and operating customer identity platforms for portals, mobile applications, and APIs (preferred).

• Ability to convey complex identity concepts to both technical and non-technical stakeholders.

• Strong influence, documentation, and execution skills at the principal or senior architect level.

• Relevant security or identity certifications such as CISSP or identity-specific credentials.

• Bachelor’s degree or equivalent experience, with a substantial background in enterprise security engineering.

🏝️ Benefits

• Medical

• Dental

• Vision

• 401k

• PTO/paid sick leave

• Employee stock purchase plan