Lead IAM Engineer

Title: Lead IAM Engineer
Location: Des Moines IA

Job Summary:

Lead the design, implementation, and management of IAM and Role-Based Access Control (RBAC) across a suite of applications hosted on AWS, with centralized authentication via Azure AD / Entra ID. This role is critical in ensuring secure, scalable, and compliant access to cloud-based resources and enterprise applications.

Responsibilities

Architect and implement IAM solutions for AWS-hosted applications using Azure AD / Entra ID as the identity provider.

Design and enforce RBAC models across cloud and on-prem environments.

Integrate SSO using protocols like SAML, OAuth2.0, and OpenID Connect.

Configure AWS IAM roles, policies, and trust relationships.

Set up federated identity access between AWS and Azure AD / Entra ID.

Implement SCIM-based provisioning and de-provisioning workflows.

Enforce least privilege access and Zero Trust principles.

Monitor access logs, audit trails, and respond to IAM-related incidents.

Ensure compliance with internal and external security standards (e.g., ISO 27001, SOC 2).

Work closely with application owners, DevOps, and InfoSec teams.

Report to Cloud Operations head and contribute to IAM roadmap planning.

Document IAM architecture, policies, and procedures.

Required Skills & Qualifications

5+ years in IAM engineering, especially in cloud environments

Deep understanding of IAM roles, policies, STS, and service integrations

Experience with enterprise SSO, conditional access, and MFA

Familiarity in SAML, and with Okta, or similar IAM platforms

Knowledge of identity governance and regulatory frameworks

Preferred Skills

PowerShell, Python, or Bash for automation

Experience with hybrid identity environments (on-prem + cloud)

Familiarity with AWS Organizations and Control Tower

Exposure to IAM orchestration tools (e.g., Access360)

Understanding of PKI, certificates, and encryption standards