About
12+ months
Location:
Chandler, AZ (Onsite 3 days/week)
Benefits Provided:
Yes, including 15 PTO days/year
***U.S. Citizens and those authorized to work in the U.S. are encouraged to apply. We are unable to sponsor or transfer visas at this time.***
***No Vendors/3rd parties.***
We are seeking a highly skilled and hands-on Senior Cloud Identity DevOps Engineer / Cloud Architect with strong expertise in AWS, Microsoft Azure, Terraform, and Identity & Access Management (IAM). The ideal candidate will be responsible for engineering, automating, deploying, and supporting enterprise-scale cloud identity solutions across AWS and Azure environments.
This role will focus on modernizing decentralized AWS access controls using AWS Identity Center integrated with enterprise identity providers such as PingFederate, while also building scalable Infrastructure-as-Code (IaC) and CI/CD automation for Microsoft Entra ID (Azure AD). The candidate should possess deep expertise in Terraform, DevOps practices, federation technologies (SAML/OIDC), security governance, and cloud identity automation.
Primary Skills:
Cloud Architect
Secondary Skills:
Terraform
Tertiary Skills:
Microsoft Azure
Requirements:
Cloud & Identity Engineering
7+ years of experience in Cloud Development/Engineering delivering enterprise-scale identity and security solutions.
Expertise:
AWS Identity Center (AWS SSO)
AWS IAM
AWS Organizations and multi-account architectures
Microsoft Entra ID (Azure AD)
Responsibilities:
Design, implement, and support enterprise cloud identity and access management solutions across AWS and Azure.
Engineer and automate AWS Identity Center (AWS SSO) implementations including permission sets, account assignments, governance, and access lifecycle management.
Develop and manage AWS IAM roles, policies, trust relationships, MFA enforcement, and least-privilege access models.
Implement identity federation integrations between enterprise IdPs (preferably PingFederate) and AWS using SAML/OIDC and SCIM provisioning.
Build and maintain Infrastructure-as-Code (IaC) automation using Terraform for cloud identity deployments.
Develop reusable Terraform modules, manage remote state, environment segregation, and secure secrets/variable handling.
Automate Microsoft Entra ID (Azure AD) identity services including:
Service Principals (SPNs)
App Registrations
Enterprise Applications
Role assignments
Conditional Access policies
Design and implement secure CI/CD pipelines for identity deployment automation using Jenkins, Horizon, CircleCI, and Bitbucket.
Support application onboarding and federation integrations with Entra ID.
Design secure, scalable, auditable, and compliant identity deployment pipelines.
Collaborate with Security, Cloud Engineering, Audit, Infrastructure, and Operations teams.
Implement monitoring, logging, reporting, and audit evidence generation for cloud identity systems.
Troubleshoot federation, authentication, authorization, and provisioning issues.
Develop automation scripts using PowerShell and/or Python.
Support governance, risk, compliance, and operational support requirements.
Understanding of:
SSO
MFA
SAML
OAuth2/OIDC
Federation technologies
Token flows
Identity governance and access control
Terraform & Infrastructure Automation
Mandatory hands-on experience with Terraform including:
Module development
Remote state management
Multi-environment deployments
Secure variable and secret handling
Infrastructure automation best practices
DevOps & CI/CD
Experience building CI/CD pipelines using:
Jenkins
Horizon
CircleCI
Bitbucket
Experience designing secure and auditable deployment pipelines.
Azure & AWS Identity Automation
Experience automating:
Service Principals
Enterprise Applications
App Registrations
Role assignments
Conditional Access policies
Experience integrating enterprise IdPs with AWS environments.
Strong knowledge of least-privilege security patterns and access governance.
Scripting & APIs
Scripting skills using:
PowerShell
Python
Experience using:
REST APIs
Microsoft Graph API
Soft Skills
Excellent communication and stakeholder management skills.
Ability to explain technical concepts to both technical and non-technical audiences.
Ability to work as a hands-on SME across cross-functional teams.
Desired:
Microsoft Azure Security Engineer Associate (AZ-500) certification.
AWS Certified Security – Specialty certification.
Experience with PingFederate administration and troubleshooting.
Experience integrating ServiceNow or event-to-ticket workflows.
Knowledge of:
PKI infrastructure
Certificates and CA management
Certificate-based authentication
Encryption and key management solutions
26-00511
Languages
- English
Notice for Users
This job comes from a TieTalent partner platform. Click "Apply Now" to submit your application directly on their site.