Cloud Engineer with IAM/Entra

We’re looking for a Cloud Engineer with IAM and Microsoft Entra ID expertise to help automate and scale an AWS platform. The focus of this role is to simplify IAM for internal teams by building secure, compliant, self-service IAM “products” and eliminating manual access processes.

Key responsibilities:

• Maintain and automate Entra ID ↔ AWS Identity Center integration (incl. SCIM/SAML basics, cert/secret renewals, permissions)

• Troubleshoot Entra ID Conditional Access issues affecting AWS access

• Automate AWS account access provisioning at scale using AWS Identity Center permission sets and existing account vending/factory patterns

• Automate Entra ID Entitlement Management (Access Packages/Catalogs) and PIM groups via Microsoft Graph API/SDK

• Build internal self-service IAM solutions (e.g., compliant Entra groups with approvals/access reviews)

• Design and improve AWS IAM roles and policies (least privilege, right-sizing with tools like Access Analyzer)

• Develop and maintain GitHub Actions workflows, IaC (Terraform) and automated tests; support policy-as-code enforcement

• Support incidents and provide guidance to developers and internal users

Requirements:

• Advanced skills in AWS IAM and/or Microsoft Entra ID

• Strong hands-on experience with Terraform and GitHub Actions / CI/CD

• Proficiency in Python, Bash and PowerShell

• Experience working with Microsoft Graph API

• Familiarity with AWS Service Catalog and CloudFormation

• Strong analytical skills and clear communication

Nice to have: SC-300 certification (or similar).