Azure Security Engineer

Position Summary

The AuthZ Architect designs and governs RSM's Authorization (AuthZ) architecture, with a focus on Customer & External Member (CEM) identity scenarios and Gatekeeper policy enforcement frameworks. This role ensures that fine-grained access control policies are consistently applied across APIs, microservices, and portal platforms.

Key Responsibilities

• Design the enterprise Authorization (AuthZ) architecture spanning RSM s Client Entity manager (CEM) identity domains and internal systems.
• Architect and implement policy enforcement points (PEPs) for API gateways, microservices, and portal platforms.
• Define authorization models (RBAC, ABAC, ReBAC) and policy frameworks; translate business access requirements into policy rules.
• Govern integration between the AuthZ layer and identity providers (Azure AD / Entra ID, CIAM platforms) and API management gateways.
• Lead threat-modelling exercises for access control scenarios; identify and remediate authorization vulnerabilities.
• Define standards for externalized authorization; advise on Open Policy Agent (OPA), Gatekeeper, or equivalent policy engines.
• Collaborate with application architects (MyRSM, Assurance, Consulting platforms) to embed authorization patterns into solution designs.
• Produce and maintain AuthZ architecture documentation: policy decision point (PDP) diagrams, ABAC attribute catalogues, and access control matrices.
• Provide guidance on regulatory and compliance requirements (SOC 2, ISO 27001, GDPR) as they relate to access control.
• Evaluate emerging AuthZ standards (Zanzibar, SPICE, Cedar) and advise on adoption roadmaps.

Qualifications & Experience

• 7+ years of identity, access management, or security architecture experience, with at least 3 years focused on authorization solutions.
• Deep expertise in authorization concepts: RBAC, ABAC, ReBAC, and policy-as-code frameworks.
• Hands-on experience with Open Policy Agent (OPA), Gatekeeper, or comparable externalized authorization engines.
• Strong understanding of OAuth 2.0, OpenID Connect, and token-based authorization flows (JWT, SAML).
• Experience with Customer Identity & Access Management (CIAM) platforms (Preferably SailPoint Or Any of the Azure AD B2C, Okta, Auth0).
• Familiarity with API gateway authorization patterns (Azure API Management, Boomi, AWS API Gateway).
• Knowledge of zero-trust architecture principles and their application to authorization design.
• Relevant certifications (CISSP, CCSP, or vendor-specific IAM certifications) are advantageous.
• Experience working in regulated industries or with compliance frameworks (SOC 2, ISO 27001, GDPR) preferred.
• Strong ability to communicate authorization concepts to both security and non-security stakeholders.

Core Skills & Technologies

AuthZ Architecture

OPA / Gatekeeper

RBAC / ABAC / ReBAC

OAuth 2.0

OpenID Connect

SailPoint

Zero Trust

API Security

Policy as Code

Azure AD / Entra ID

SOC 2 / ISO 27001