IAM & Cloud Security Engineer Multi-Cloud Migration (AWS Azure & Google Cloud Platform)

Title: IAM & Cloud Security Engineer Multi-Cloud Migration (AWS Azure & Google Cloud Platform)

Location: Dallas, TX

Job Responsibilities

Identity and Access Management (IAM) Migration:

• Lead IAM migration from AWS IAM policies, roles, and groups to Azure Active Directory, Azure RBAC, and Google Cloud Platform IAM roles and bindings.
• Develop Terraform IaC modules to automate IAM resource creation across Azure and Google Cloud Platform environments.
• Ensure the least privilege and separation of duties principles are enforced in all IAM configurations.
• Integrate cloud identity providers (Azure AD, Cloud Identity) with corporate SSO (SAML/OIDC).
• Establish service identities, workload identities, and managed identities for CI/CD and application workloads.

Policy-as-Code (PaC) Governance:

• Define and implement Policy-as-Code frameworks to enforce cloud governance and compliance baselines in Azure and Google Cloud Platform.
• Develop and maintain PaC pipelines using Terraform Sentinel, OPA (Open Policy Agent), or Azure Policy.
• Establish CI/CD pipelines for Policy-as-Code validation, testing, and deployment.
• Provide guidance and best practices for developing reusable and scalable PaC modules.
• Implement policy version control, exception management, and automated compliance enforcement.
• Collaborate with security architects to define policy coverage requirements (IAM, networking, encryption, storage, and tagging).

CI/CD and Automation for Security & IAM:

• Design and establish CI/CD pipelines for IAM IaC and Policy-as-Code deployments across Azure DevOps, GitHub Actions, and Google Cloud Build.
• Automate security control deployments using Terraform, including IAM roles, key management, and network policies.
• Integrate policy compliance checks into the CI/CD flow for both infrastructure and application security pipelines.
• Build reusable Terraform pipelines to enforce consistent security posture across environments.
• Establish pipeline security gates (pre-deployment and post-deployment) for IAM and PaC changes.

Security Workload Migration (AWS Azure & Google Cloud Platform):

• Migrate security workloads such as WAF configurations, key management (KMS), and security analytics from AWS to Azure and Google Cloud Platform.
• Develop IaC for host infrastructure and application security controls in target clouds.
• Map AWS security services (IAM, KMS, WAF, GuardDuty) to Azure Security Center, Defender for Cloud, and Google Cloud Platform Security Command Center equivalents.
• Recreate AWS Config Rules and SCPs as Azure Policies and Google Cloud Platform Organization Policies.
• Ensure encryption, secrets management, and logging solutions are replicated or enhanced in target platforms.
• Participate in testing, validation, and audit readiness for migrated security components.

Security Monitoring, Compliance & DR Integration:

• Integrate monitoring and alerting with Azure Monitor, Google Cloud Platform Operations Suite, and SIEM tools.
• Enable IAM and security event logging via Azure Activity Logs, Google Cloud Platform Audit Logs, and Cloud Logging.
• Contribute to Disaster Recovery (DR) security alignment ensuring IAM, policy, and encryption configurations are recoverable and consistent across regions.
• Maintain auditability and compliance mapping (ISO 27001, NIST, SOC 2)

Required Qualifications:

• 5+ years of experience in cloud security engineering or IAM governance roles.
• AWS IAM, KMS, WAF, Config, and GuardDuty
• Azure AD, RBAC, Policy, and Defender for Cloud
• Google Cloud Platform IAM, Cloud KMS, Organization Policies, and SCC
• Terraform / Terragrunt for IaC and policy automation
• OPA / Sentinel / Azure Policy for Policy-as-Code
• CI/CD systems Azure DevOps, GitHub Actions, or Cloud Build
• Strong understanding of Zero Trust principles, encryption lifecycle management, and multi-cloud governance.

Preferred Skills:

• Experience with Azure Blueprints, Google Cloud Platform Forseti Config Validator, or OPA Conftest.
• Familiarity with cross-cloud SSO and federated identity models.
• Strong scripting background (Python, PowerShell, or Bash).
• Prior experience migrating workloads from AWS Azure and AWS Google Cloud Platform.

Certifications:

• Google Professional Cloud Security Engineer
• Microsoft Certified: Azure Security Engineer Associate
• AWS Certified Security Specialty
• HashiCorp Certified: Terraform Associate

Soft Skills:

• Strategic thinker with a strong analytical and automation mindset.
• Excellent communication across cloud platforms, DevOps, and compliance teams.
• Strong documentation discipline and adherence to governance frameworks.
• Proven leadership in cross-functional cloud security initiatives.

Education:

• Bachelor s or Master s degree in Computer Science, Data Science, Machine Learning, or a related field.