Hi,

Hope you are doing well.

Please find the below JD.

Title: Identity & Access Management (IAM) Engineer

Location: Chandler, AZ (3 days onsite)

Type of Hire: Full Time

Required Qualifications

• 7+ years of experience in cloud development and engineering, delivering enterprise-scale identity and security solutions
• Strong hands-on experience with AWS identity services, including:
• AWS Identity Centre (SSO), permission sets, account assignments, and governance
• AWS IAM roles, policies, trust relationships, least privilege access, and MFA
• AWS multi-account environments and AWS Organizations
• Experience integrating enterprise Identity Providers (IdPs) with AWS, such as PingFederate (preferred), including:
• SAML, OAuth2/OIDC federation
• SCIM provisioning
• Strong experience with Microsoft Entra ID (Azure AD), including:
• Identity automation and application onboarding
• Service Principals (SPNs), App Registrations, and Enterprise Applications
• Role assignment automation and least privilege access models
• Conditional Access policies with controlled rollout strategies
• Hands-on experience with Terraform, including:
• Module development
• Remote state management
• Environment separation
• Secure variable handling
• Experience in DevOps and CI/CD pipeline engineering using tools such as Jenkins, CircleCI, Bitbucket, or similar platforms
• Strong scripting skills in PowerShell and/or Python
• Solid understanding of identity security best practices, including:
• Threat mitigation
• Access governance
• Authentication and authorization standards (SSO, MFA, SAML, OAuth2, OIDC)
• Experience with monitoring, logging, and compliance reporting for identity systems
• Experience working with REST APIs, Microsoft Graph API, and CI/CD best practices
• Ability to design secure, scalable, and auditable identity solutions and deployment pipelines
• Proven ability to collaborate across cross-functional teams, including Security, Cloud, Audit, and Operations
• Strong communication skills with the ability to convey technical concepts to both technical and non-technical stakeholders

Preferred Qualifications

• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent practical experience
• Relevant certifications such as:
• Microsoft Azure Security Engineer (AZ-500)
• AWS Certified Security – Specialty
• Experience with PingFederate administration and federation troubleshooting
• Experience building event-to-ticket workflows (e.g., ServiceNow or similar tools)
• Knowledge of certificate management (CA/PKI) and certificate-based authentication
• Experience with encryption and key management tools and processes