Key skills
PythonPowerShellAzureTerraformJenkinsGitHub ActionsVaultIAMAzure DevOpsEntra IDOAuthSAMLIdentity ManagementGitHubGitOpsCI/CDCommunicationCloud SecurityZero Trust
About this role
CBTS is searching for an Azure Cloud IAM Architect/Security Engineer. This position is responsible for leading the design, engineering, automation, and governance of enterprise identity and access management solutions across Azure cloud environments.
Responsibilities:
- Architect, design, and implement enterprise-scale Identity and Access Management (IAM) solutions across Azure cloud environments
- Lead the implementation and governance of Microsoft Entra ID including Azure RBAC / ABAC, Conditional Access, Privileged Identity Management (PIM), Identity Protection, Access Reviews, Entitlement Management and B2B / B2C integrations
- Design and implement Zero Trust security architecture and least-privilege access models and ensure Just-In-Time (JIT) access elevation
- Engineer and manage Privilege as Code (PaC) frameworks for automated privileged access governance and identity lifecycle management
- Develop IAM automation solutions using, PowerShell, Python, Terraform, Bicep, ARM Templates, REST APIs, JSON / YAML
- Automate Privileged role assignments, Just-In-Time (JIT) access, Access provisioning and deprovisioning, Service principal governance, Entitlement reviews and Compliance validation workflows
- Integrate IAM and security controls into DevSecOps and CI/CD pipelines using GitHub Actions, Azure DevOps, Jenkins, GitOps methodologies and GitHub Copilot
- Develop secure APIs, automation services, and orchestration workflows for identity governance and cloud security operations
- Experience with cloud security services like Microsoft Defender for Cloud, Microsoft Sentinel, Defender for Identity, Key Vault for security monitoring and threat detection
- Design and enforce cloud security guardrails, governance standards, and compliance controls
- Implement secure authentication and federation mechanisms using OAuth 2.0, OpenID Connect, SAML and Support enterprise compliance initiatives as required
Requirements:
- 10+ years of hand-on experience in Identity & Access Management (IAM), Cloud Security, Cybersecurity Engineering and designing and securing Microsoft Azure cloud environments
- Bachelor's degree in computer science, Information Technology, or a related field
- Strong expertise in implementing and managing Microsoft Entra ID and Proven experience implementing and managing Privilege as Code (PaC) framework
- Experience integrating IAM and security controls into DevSecOps and CI/CD pipelines
- Strong software development and coding with experience automating privileged access management, identity lifecycle management, entitlement governance, and compliance validation workflows
- Expertise in authentication and federation standards including and Experience implementing and managing Azure cloud security services
- Experience conducting cloud security assessments, IAM governance reviews, and remediation activities
- Strong analytical, troubleshooting, and problem-solving capabilities with excellent verbal and written communication skills with ability to collaborate across architecture, engineering, security, and compliance teams
- Ability to lead technical initiatives, mentor teams, and drive enterprise IAM modernization programs
- Microsoft Certified: Azure Security Engineer Associate
- Microsoft Certified: Identity and Access Administrator Associate
- Microsoft Certified: Azure Solutions Architect Expert
- Certified Information Systems Security Professional (CISSP)
- Certified Cloud Security Professional