IAM Cloud Security Engineer R1012516

Industry Group: Comm Media & Technology.

Job Title : IAM Cloud Security Engineer - R1012516

Location : Dallas TX (must be local to Dallas - onsite 5 days a week)
Duration : 12 Months Contract (Potential for extension)

Pay Rate : $55

Custom Skill Requirements:

1. IAM & Cloud Security Engineer.
2. 5 years of experience in cloud security engineering or IAM governance roles.
3. AWS IAM KMS WAF Config and GuardDuty.
4. Azure AD RBAC Policy and Defender for Cloud.
5. GCP IAM Cloud KMS Organization Policies and SCC.
6. Terraform/Terragrunt for IaC and policy automation.
7. OPA/Sentinel/Azure Policy for Policy-as-Code.
8. CI/CD systems Azure DevOps GitHub Actions or Cloud Build.
9. Strong understanding of Zero Trust principles encryption lifecycle management and multi-cloud governance.
10. Bachelors degree in Computer Science Information Security or related field.

Job Description:

We are seeking a seasoned IAM & Cloud Security Engineer to drive the secure migration of identity access and security workloads from AWS to Azure and GCP while establishing Policy-as-Code (PaC) and IAM Infrastructure-as-Code (IaC) automation frameworks.

This role combines deep technical expertise in cloud IAM policy governance CI/CD automation and infrastructure security. You will define implement and operationalize a unified security automation pipeline across Azure and GCP environments for Smart TV and Mobile Cloud infrastructure workloads.

You will collaborate closely with DevOps Cloud Platform and Security Architecture teams to ensure secure-by-design implementations and compliance alignment across all environments.

Key Responsibilities:

Identity and Access Management (IAM) Migration

• Lead IAM migration from AWS IAM policies roles and groups to Azure Active Directory Azure RBAC and GCP IAM roles and bindings.
• Develop Terraform IaC modules to automate IAM resource creation across Azure and GCP environments.
• Ensure the least privilege and separation of duties principles are enforced in all IAM configurations.
• Integrate cloud identity providers (Azure AD Cloud Identity) with corporate SSO (SAML/OIDC).
• Establish service identities workload identities and managed identities for CI/CD and application workloads.

Policy-as-Code (PaC) Governance

• Define and implement Policy-as-Code frameworks to enforce cloud governance and compliance baselines in Azure and GCP.
• Develop and maintain PaC pipelines using Terraform Sentinel OPA (Open Policy Agent) or Azure Policy.
• Establish CI/CD pipelines for Policy-as-Code validation testing and deployment.
• Provide guidance and best practices for developing reusable and scalable PaC modules.
• Implement policy version control exception management and automated compliance enforcement.
• Collaborate with security architects to define policy coverage requirements (IAM networking encryption storage and tagging).

CI/CD and Automation for Security & IAM

• Design and establish CI/CD pipelines for IAM IaC and Policy-as-Code deployments across Azure DevOps GitHub Actions and Google Cloud Build.
• Automate security control deployments using Terraform including IAM roles key management and network policies.
• Integrate policy compliance checks into the CI/CD flow for both infrastructure and application security pipelines.
• Build reusable Terraform pipelines to enforce consistent security posture across environments.
• Establish pipeline security gates (pre-deployment and post-deployment) for IAM and PaC changes.

Security Workload Migration (AWS/Azure & GCP)

• Migrate security workloads such as WAF configurations key management (KMS) and security analytics from AWS to Azure and GCP.
• Develop IaC for host infrastructure and application security controls in target clouds.
• Map AWS security services (IAM KMS WAF GuardDuty) to Azure Security Center Defender for Cloud and GCP Security Command Center equivalents.
• Recreate AWS Config Rules and SCPs as Azure Policies and GCP Organization Policies.
• Ensure encryption secrets management and logging solutions are replicated or enhanced in target platforms.
• Participate in testing validation and audit readiness for migrated security components.

Security Monitoring Compliance & DR Integration

• Integrate monitoring and alerting with Azure Monitor GCP Operations Suite and SIEM tools.
• Enable IAM and security event logging via Azure Activity Logs GCP Audit Logs and Cloud Logging.
• Contribute to Disaster Recovery (DR) security alignment-ensuring IAM policy and encryption configurations are recoverable and consistent across regions.
• Maintain auditability and compliance mapping (ISO 27001 NIST SOC 2)

Preferred Skills:

• Experience with Azure Blueprints GCP Forseti Config Validator or OPA Conftest.
• Familiarity with cross-cloud SSO and federated identity models.
• Strong scripting background (Python PowerShell or Bash).
• Prior experience migrating workloads from AWS/Azure and AWS/GCP.

Certifications:

• Google Professional Cloud Security Engineer.
• Microsoft Certified: Azure Security Engineer Associate.
• AWS Certified Security Specialty.
• HashiCorp Certified: Terraform Associate.