Choosing Capgemini means choosing a company where you will be empowered to shape your career in the way you’d like, where you’ll be supported and inspired by a collaborative community of colleagues around the world, and where you’ll be able to reimagine what’s possible. Join us and help the world’s leading organizations unlock the value of technology and build a more sustainable, more inclusive world.

Job Description

Google Cloud IAM (Terraform / GitHub Actions / Python / X.509)

We are seeking a Google Cloud IAM DevOps Engineer with strong expertise in Identity and Access Management automation on Google Cloud Platform GCP. This role focuses on building secure and scalable IAM architectures automating identity lifecycle management and implementing certificate-based authentication using X509 certificates.

The ideal candidate will have experience building IAM automation using Terraform GitHub Actions Python and Shell scripting while implementing enterprise grade identity federation and certificate management solutions.

Key Responsibilities:

• Google Cloud IAM Engineering
• Design and implement secure IAM architectures on Google Cloud
• Manage IAM roles policies and permissions using least privilege principles
• Create and maintain Service Accounts and Service Account key policies
• Implement Workload Identity Pools and Providers for external workloads accessing GCP securely
• Implement Workforce Identity Federation to allow enterprise workforce authentication without service account keys.

X509 Certificate Identity Management:

• Design and manage X509 certificate-based authentication systems for workloads and external integrations
• Implement certificate lifecycle management including issuance rotation and revocation
• Automate certificate provisioning and renewal processes
• Integrate certificate authentication with identity federation and secure workload authentication

Infrastructure as Code DevOps:

• Develop reusable Terraform modules to automate IAM and identity federation infrastructure
• Implement GitHub Actions pipelines to deploy and manage IAM configurations
• Maintain automated pipelines for IAM resource provisioning

Automation Scripting:

• Develop automation tools using
• Python
• Shell scripting
• Use scripting to automate
• IAM role audits
• Service account lifecycle management
• Certificate provisioning and rotation

Required Skills

• Google Cloud
• Google Cloud IAM
• Service Accounts
• Workload Identity Pools
• Workload Identity Federation
• Workforce Identity Federation
• DevOps Infrastructure as Code
• Terraform
• Module development
• IAM resource automation
• Infrastructure lifecycle management
• GitHub Actions
• CICD pipeline creation
• Infrastructure deployment automation
• Programming Automation
• Python
• Shell scripting Bash
• Security Identity
• Identity federation OIDC SAML
• X509 certificate management
• Certificate lifecycle management
• Secure authentication architectures
• Least privilege access models

Preferred Qualifications

• Experience integrating with enterprise identity providers Okta Azure AD Ping etc.
• Familiarity with PKI infrastructure and certificate authorities
• Experience building IAM automation platforms at enterprise scale
• Experience implementing certificate-based workload authentication
• Enterprise scale Google Cloud IAM automation
• Identity federation platforms
• X509 certificate-based authentication solutions
• Secure CICD pipelines for cloud identity provisioning
• Infrastructure as Code driven IAM governance