Identity Management Contractor (Google Cloud Platform IAM)

• Terraform
• IAM

Role summary:

Implement and operate Google Cloud Platform identity and access controls to onboard applications securely and repeatably in a regulated environment.

Key responsibilities:

• Provision and manage IAM (roles, bindings, service accounts) across projects using Terraform and Git-based workflows.
• Implement least-privilege patterns for application onboarding (runtime identity, human access, break-glass).
• Support identity integrations and group/role mappings as defined by enterprise standards.
• Produce onboarding evidence (access approvals, deployment records, audit log pointers) and maintain documentation/runbooks.
• Troubleshoot access issues and partner with platform/network/security teams to resolve blockers.

Required qualifications:

• Hands-on Google Cloud Platform IAM experience (roles, service accounts, policy inheritance concepts).
• Terraform fundamentals (modules, state basics) and Git/PR workflow discipline.
• Scripting ability (Python) for automation/validation tasks.
• Familiarity with change/release processes and working in controlled environments.

Role summary:

Seeking an experienced IAM (Identity and Access Management) Specialist/Engineer to support the implementation of Google Cloud Platform Atlas 2.0 Control Plane and Vertex AI enablement for a large-scale financial services client. This role will be critical in establishing secure, governed access to Google Gemini AI model endpoints while maintaining strict compliance with enterprise security standards.

Key responsibilities:

• Provision and manage IAM (roles, bindings, service accounts) across projects using Terraform and Git-based workflows.
• Implement least-privilege patterns for application onboarding (runtime identity, human access, break-glass).
• Support identity integrations and group/role mappings as defined by enterprise standards.
• Produce onboarding evidence (access approvals, deployment records, audit log pointers) and maintain documentation/runbooks.
• Troubleshoot access issues and partner with platform/network/security teams to resolve blockers.

Required qualifications

• Hands-on Google Cloud Platform IAM experience (roles, service accounts, policy inheritance concepts).
• Terraform fundamentals (modules, state basics) and Git/PR workflow discipline.
• Scripting ability (Python) for automation/validation tasks.
• Familiarity with change/release processes and working in controlled environments.

Technical Skills Needed:

Google Cloud Platform IAM Expertise

• Deep experience with Google Cloud IAM
• Google Cloud Platform Vertex AI IAM
• Resource hierarchy

Infrastructure as Code

• Terraform - Advanced proficiency:
• Google Cloud Platform provider expertise (google, google-beta)
• IAM module development
• State management and remote backends
• Workspace and environment management
• Python - Strong scripting skills for automation:
• Google Cloud Client Libraries
• IAM policy manipulation and validation
• API integration and orchestration

Security & Compliance

• Strong understanding of zero-trust architecture principles
• Experience with data classification and sensitivity-based access controls
• Knowledge of financial services compliance requirements (ideally experience with JPMC or similar enterprises)
• Familiarity with SOC 2, ISO 27001, PCI-DSS or similar frameworks
• Understanding of encryption, key management (Cloud KMS), and secrets management (Secret Manager)

Networking & Security Controls

• Understanding of VPC networking and its intersection with IAM (private Google access, shared VPC)
• Experience with VPC Service Controls and security perimeters
• Knowledge of firewall rules, Cloud Armor, and Cloud Load Balancing as they relate to access control
• Familiarity with PrivateLink/Private Service Connect patterns

Supporting Technical Skills

• Git/version control - experience with GitLab, GitHub, or Bitbucket
• CI/CD pipelines - Jenkins, GitLab CI, Cloud Build, or similar
• API security - OAuth 2.0, OIDC, API keys, and token management
• Logging and monitoring - Cloud Logging, Cloud Monitoring, integration with SIEM tools
• Container security - GKE workload identity, service mesh authentication (Istio/Anthos Service Mesh)

Success measures:

• Onboarded apps meet access-control standards with minimal rework; IAM incidents reduced; evidence is audit-ready