IAM Cloud Security Engineer

$84,600 - $193,000/Yr

Booz Allen Hamilton - Hanscom Air Force Base, MA

posted 22 days ago

Part-time,Full-time - Mid Level
Hanscom Air Force Base, MA
Professional, Scientific, and Technical Services

About the position

As an IAM Cloud Security Engineer at Booz Allen, you will play a critical role in enhancing identity and access management within cloud environments, focusing on zero trust principles. Your expertise will help secure user identities and manage access to sensitive data, ensuring compliance with DoD requirements. You will design and implement enterprise-wide IAM solutions, interface with stakeholders, and develop automated processes to manage user privileges effectively.

Responsibilities

  • Design and implement enterprise-wide identity and access management solutions across multi-domain cloud environments.
  • Lead the development of identity-centric security architectures and implement fine-grained access controls.
  • Establish automated identity lifecycle management processes across AWS environments while maintaining DoD compliance requirements.
  • Architect and implement comprehensive IAM solutions integrating AWS IAM, Azure AD, and on-premises identity providers.
  • Design role-based access control (RBAC) and attribute-based access control (ABAC) frameworks.
  • Develop automated user provisioning and de-provisioning workflows using AWS Organizations and Control Tower.
  • Implement privileged access management (PAM) solutions and just-in-time access mechanisms.
  • Create and maintain IAM policies using infrastructure as code, including AWS CDK and Terraform.
  • Design federated authentication patterns and SSO implementations.
  • Implement automated access reviews and certification processes.

Requirements

  • 5+ years of experience with AWS IAM, Organizations, and Control Tower
  • Experience with implementing RBAC and ABAC frameworks in cloud environments
  • Experience with programming in Python and Node.js with focus on IAM automation
  • Experience with identity federation protocols, including SAML, OIDC, or OAuth
  • Experience with privileged access management (PAM) implementation and workflows
  • Experience with AWS Organizations and multi-account access patterns and IaC tools, including AWS CDK and Terraform for IAM management
  • Knowledge of PKI infrastructure and certificate management
  • Secret clearance
  • Bachelor's degree

Nice-to-haves

  • Experience with cross-account access patterns and permission boundary frameworks
  • Experience with identity governance and administration (IGA) solutions and AWS IAM Access Analyzer
  • Experience with integrating enterprise identity providers, including Okta, Ping, or Azure AD
  • Experience with session policy implementation and management
  • Experience with developing custom IAM policy generators and validators
  • Experience with privileged session monitoring and recording systems
  • Knowledge of service control policies (SCPs) and permission guardrails
  • Knowledge of automated access review and certification processes
  • AWS Security Specialty, AWS Certified Solutions Architect Professional, ISC2 CISSP, or CertNexus Identity and Access Management Specialist Certification
  • Ability to obtain a DoD 8570 IAT Level II Compliance Certification within 90 days of hire

Benefits

  • Health insurance
  • Life insurance
  • Disability insurance
  • Financial benefits
  • Retirement benefits
  • Paid leave
  • Professional development
  • Tuition assistance
  • Work-life programs
  • Dependent care
  • Recognition awards program

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service