Responsible for analysis, design and implementation coordination for tool and service designs within the cloud identity domain.
Required skills
· Deep understanding of cloud computing principles, including virtualization, containerization, microservices, and serverless computing; Risk Management, RHCOS security, container security, Kubernetes security, IAM security, network security, auditing, encryption, secrets management and data protection, securing CI/CD
· IAM Policy ‘as code’ ; OPA – Open Policy Agent (Styra Enterprise version of OPA); Cedar – Aws opensource policy agent
· Experience implementing Zero trust architectures
· Excellent problem-solving, analytical, and communication skills.
· Ability to work independently and collaboratively in a fast-paced, agile environment.
· Create Identity & Access as code leveraging tools such as ansible, terraform to provision in cloud
· Analyze environments to identify both technical and operational challenges while making recommendations and developing solutions for improvement
· Lead complex or high severity troubleshooting and incident/problem resolutions with other security or cloud teams
· Maintain knowledge of current developments in identity and cybersecurity, pertaining to threats to IT environments
· Bachelor’s degree in IT, Cybersecurity or related field or equivalent experience
· 5+ years of experience in Information security with 4+ years of experience in Identity and Access Management
· 3+ years of experience of cloud IAM and security experience.
· Strong knowledge of hybrid cloud, AWS, GCP, Azure and EntraID/Azure AD, OpenShift, Openstack Keystone
· Hands on experience with HashiCorp Vault, Cyberark or similar (PAM, secrets, certificate management platform)
· Advances knowledge of Identity Security concepts, least-privilege, separation of duties, and Zero trust design principals
· Experience implementing Kubernetes RBAC access controls
· Understanding of federation technologies (WS-Fed, OAuth, OpenID connect, SAML …) and of encryption technologies (encryption types and protocols/standards)
· RBAC based access for cluster namespaces
· Vulnerability and threat management
· Professional certifications CIMP, CIAM, CISSP
|