Cloud Engineer with IAM/Entra
We’re looking for a Cloud Engineer with IAM and Microsoft Entra ID expertise to help automate and scale an AWS platform. The focus of this role is to simplify IAM for internal teams by building secure, compliant, self-service IAM “products” and eliminating manual access processes.
Key responsibilities:
Maintain and automate Entra ID ↔ AWS Identity Center integration (incl. SCIM/SAML basics, cert/secret renewals, permissions)
Troubleshoot Entra ID Conditional Access issues affecting AWS access
Automate AWS account access provisioning at scale using AWS Identity Center permission sets and existing account vending/factory patterns
Automate Entra ID Entitlement Management (Access Packages/Catalogs) and PIM groups via Microsoft Graph API/SDK
Build internal self-service IAM solutions (e.g., compliant Entra groups with approvals/access reviews)
Design and improve AWS IAM roles and policies (least privilege, right-sizing with tools like Access Analyzer)
Develop and maintain GitHub Actions workflows, IaC (Terraform) and automated tests; support policy-as-code enforcement
Support incidents and provide guidance to developers and internal users
Requirements:
Advanced skills in AWS IAM and/or Microsoft Entra ID
Strong hands-on experience with Terraform and GitHub Actions / CI/CD
Proficiency in Python, Bash and PowerShell
Experience working with Microsoft Graph API
Familiarity with AWS Service Catalog and CloudFormation
Strong analytical skills and clear communication
Nice to have: SC-300 certification (or similar).
Cloud Engineer with IAM/Entra
Cloud Engineer with IAM/Entra