AWS IAM Architect ::: 100% Remote

Senior Cloud / AWS / IAM Architect

100% REMOTE

IAM TOOLS- MUST HAVE EXPERTISE:

• IAM Console/CLI, IAM Policy Simulator, Access Analyzer, CloudTrail,
• AWS Organizations & SCPs, S3/KMS resource policy tools,
• Terraform/CloudFormation for IAM automation,
• and SSO/IdP tools like Okta or Azure AD

Position Overview

The Senior Cloud / AWS / IAM Architect is responsible for designing, governing, and optimizing enterprise‑grade AWS identity and access management frameworks across a multi‑account environment. This role ensures secure, scalable, and least‑privilege access patterns while partnering closely with application, security, and platform engineering teams. The ideal candidate brings deep AWS IAM expertise, strong architectural judgment, and the ability to troubleshoot complex access issues across distributed cloud environments.

Key Responsibilities

• Architect and maintain AWS IAM frameworks, including roles, trust relationships, permission boundaries, and cross‑account access models.
• Design and review cloud architectures with a focus on secure, least‑privilege access and enterprise governance standards.
• Develop and maintain IAM standards, reusable patterns, naming conventions, and operational processes.
• Analyze and troubleshoot IAM‑related access issues using IAM policy evaluation, CloudTrail, Access Analyzer, and resource policy debugging.
• Review and optimize AWS resource policies (S3, KMS, VPC endpoints, Lambda, etc.) to ensure secure and compliant access.
• Evaluate and interpret the impact of Service Control Policies (SCPs) within AWS Organizations.
• Collaborate with application, platform, and security teams to guide secure design decisions and resolve access challenges.
• Provide subject‑matter expertise on IAM best practices, governance, and cloud security posture.

Must‑Have Skills

• Expert‑level AWS IAM knowledge: roles, trust policies, policy conditions, permission boundaries, and cross‑account access.
• Hands‑on experience with AWS resource policies (S3, KMS, VPC endpoint policies, Lambda execution roles).
• Strong understanding of AWS Organizations & SCPs, including how SCPs impact access evaluation.
• Advanced troubleshooting skills for IAM access issues across multi‑account environments.
• Cloud architecture experience with a focus on secure, least‑privilege access design.
• Experience defining IAM standards, patterns, and governance processes for enterprise environments.
• Strong communication and stakeholder‑management skills, with the ability to explain IAM concepts to technical and non‑technical teams.