Cloud Security Engineer – Identity & Access Management, Vault, Cloud & Kubernetes
Loc : Frisco, TX / Bothell, WA
Deep understand and experience implementing Microsoft EntraID/Azure AD integrated with Kubernetes for Access, authorization and application registration and control
IAM Policy ‘as code’
OPA – Open Policy Agent (Styra Enterprise version of OPA)
Cedar – AWS opensource policy agent
Strong knowledge of hybrid cloud, AWS, GCP, Azure and EntraID/Azure AD, OpenShift, Openstack Keystone
Hands on experience with HashiCorp Vault, Cyberark or similar (PAM, secrets, certificate management platform)
Responsible for analysis, design and implementation coordination for tool and service designs within the cloud identity domain.
Required skills
- Deep understanding of cloud computing principles, including virtualization, containerization, microservices, and serverless computing; Risk Management, RHCOS security, container security, Kubernetes security, IAM security, network security, auditing, encryption, secrets management and data protection, securing CI/CD
- IAM Policy ‘as code’ ; OPA – Open Policy Agent (Styra Enterprise version of OPA); Cedar – Aws opensource policy agent
- Experience implementing Zero trust architectures
- Excellent problem-solving, analytical, and communication skills.
- Ability to work independently and collaboratively in a fast-paced, agile environment.
- Create Identity & Access as code leveraging tools such as ansible, terraform to provision in cloud
- Analyze environments to identify both technical and operational challenges while making recommendations and developing solutions for improvement
- Lead complex or high severity troubleshooting and incident/problem resolutions with other security or cloud teams
- Maintain knowledge of current developments in identity and cybersecurity, pertaining to threats to IT environments
- Bachelor’s degree in IT, Cybersecurity or related field or equivalent experience
- 5+ years of experience in Information security with 4+ years of experience in Identity and Access Management
- 3+ years of experience of cloud IAM and security experience.
- Strong knowledge of hybrid cloud, AWS, GCP, Azure and EntraID/Azure AD, OpenShift, Openstack Keystone
- Hands on experience with HashiCorp Vault, Cyberark or similar (PAM, secrets, certificate management platform)
- Advances knowledge of Identity Security concepts, least-privilege, separation of duties, and Zero trust design principals
- Experience implementing Kubernetes RBAC access controls
- Understanding of federation technologies (WS-Fed, OAuth, OpenID connect, SAML …) and of encryption technologies (encryption types and protocols/standards)
- RBAC based access for cluster namespaces
- Vulnerability and threat management
Professional certifications CIMP, CIAM, CISSP
