Principal IAM Engineer

Need someone who bas been responsible for IAM strategy

Job Responsibilities

Development & Enforcement

* Own and execute the enterprise IAM strategy across the PCW & H100 Google Cloud Platform landing zone and hybrid identity environment

* Lead the design and enforcement of cloud-first Entra ID, with stewardship of on-prem Active Directory, including AD Entra Google Cloud Platform federation

* Own and enforce the IAM tiering model (ADR-016), including group-based access, time-bound PAM entitlements, and elimination of persistent admin bindings

* Provide principal-level ownership of Active Directory security hardening, compliance controls, and forest-level governance

* Own Privileged Access Management (PAM) strategy for all elevated human and service identities

Collaboration & Expertise

* Serve as the enterprise IAM authority and escalation point across Security, Infrastructure, GRC, and Application teams

* Lead cross-organizational governance for identity controls, access approvals, and risk decisions

* Partner with audit, compliance, and legal teams to meet HIPAA and SOX obligations

* Act as a trusted advisor to senior leadership on identity-related risk, architecture, and operational readiness

Analysis & Configuration

* Provide architectural oversight of Active Directory OU design, Group Policy strategy, and permission hierarchies

* Ensure permissions prevent privilege creep and unintended inheritance

* Direct analysis of identity logs for incidents, audits, and compliance reporting

* Own IAM access reviews and remediation of over-privileged and unused identities

* Govern IAM design for VPC Service Controls and emergency access patterns with dual control approval

Operational Support

* Own IAM KPIs, reporting, SOPs, runbooks, training materials, executive dashboards, and audit responses

* Be accountable for IAM service reliability, including on-call availability

* Own Active Directory disaster recovery, forest recovery, and business continuity planning

* Ensure execution of emergency terminations and high-risk access revocations

* Provide principal-level oversight of IAM incident management and SLA performance

Mentorship & Training

* Provide technical mentorship to senior engineers and architects

* Establish IAM standards, reference architectures, and best practices

* Drive adoption of IAM knowledge through documentation and training

* Team Lead of other contingent workers across multiple agencies

Innovation and Research

* Own the identity provisioning service model and lifecycle workflows

* Sponsor IAM automation for provisioning, certification, and compliance reporting

* Evaluate and integrate new IAM, PAM, and access governance technologies

Strategic Planning

* Run IAM as a formal enterprise program with roadmap and maturity targets

* Demonstrate multi-year strategic planning balancing security, usability, and compliance

* Operate autonomously in ambiguous environments, transitioning capabilities to steady-state teams

Qualifications

Basic Qualifications

* 10+ years of IAM experience with principal or executive-level ownership

* Deep hands-on expertise in C

* Experience running IAM as a program with accountability for outcomes

* Experience managing Privileged Access Management at scale

* Strong background in regulated environments including HIPAA and SOX

* Proven autonomy and success building identity platforms from zero

Preferred Qualifications

* Experience with Google Cloud Platform Config Connector (KCC) IAM resources

* Familiarity with Wiz IAM and Security Command Center findings

* Experience with CyberArk, HashiCorp Vault, or similar PAM platforms

* CISSP, CISM, or Google Cloud Platform Security Engineer certification

* Healthcare or highly regulated industry experience

Education

Bachelor s degree in Computer Science, Information Security, Engineering, or equivalent experience. Advanced security or cloud certifications are strongly preferred.