IAM Architect – Contract

Job not on LinkedIn

🔥 14 minutes ago

🔔 Pennsylvania – Remote

🔔 Pennsylvania – Remote

⏳ Contract/Temporary

🟠 Senior

🔴 Lead

🏛️ Architect

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Arctiq

WebsiteLinkedInAll Job Openings

201 - 500 employees

🏢 Enterprise

☁️ SaaS

🔐 Security

Enterprise • SaaS • Security

Arctiq is a company that specializes in providing transformative infrastructure, security, and platform engineering solutions. They focus on enterprise security, modern infrastructure, and platform engineering, helping businesses architect practical and efficient solutions using world-class technologies. Arctiq offers managed security services, cloud security, and modern infrastructure solutions such as wireless networking and hybrid cloud infrastructure. They work with various sectors including healthcare, education, government, and more to enhance connectivity and bolster security using innovative technologies. Their services cover comprehensive infrastructure and security needs, from video surveillance in schools to smart city initiatives and cloud-native solutions for industries like oil & gas.

📋 Description

• Enterprise IAM Architecture & Multi-Cloud Governance • Design and enforce IAM least-privilege models across AWS Organizations, Landing Zones, and Service Control Policies (SCPs) • Lead zero trust initiatives end-to-end: verify-explicitly policies, Just-in-Time (JIT) / Just-Enough-Access (JEA) provisioning, CIEM integration, and identity platform governance. • Define and maintain approved access patterns for services and users, aligned to predefined roles (Reader, Contributor, Administrator) and documented as policy-as-code. • Implement and govern OAuth/OIDC flows, service mesh identity controls, and federated identity across cloud and on-prem environments. • Maintain a comprehensive inventory of all approved AWS and Azure services, cataloging IAM resources and differentiating between control plane (roles, policies) and data plane (user/key/role/policy/group) resources. • Manage credentials for local data plane resources in vaults; ensure resource policies are applied consistently across services. • Utilize Wiz (CSPM) for cloud asset inventory, compliance reporting, evidence collection, and correlation to AWS/Azure/GCP documentation. • Identify and govern external dependencies including secrets, keys, and cross-account policies. • Develop a comprehensive metadata tagging strategy mapped to application service lines (ASL), environments, and repository associations. • Design and build reusable IAM modules for each service access pattern, published to the service registry with consistent enforcement of naming conventions, metadata, and parameters. • Embed IAM guardrails and policy-as-code controls natively into IaC templates (Terraform, CloudFormation) and CI/CD pipelines for secure-by-default provisioning. • Develop methodologies and criteria for pre-approved service registry modules deployable via pipelines vs. those requiring manual review. • Define and enforce controls pertinent to IAM and cloud security standards across all services; implement a shift-left strategy to proactively address IAM cloud operations. • Guide and contribute to secure microservices development in Python and Go on AWS, Azure, and GCP, including async and event-driven architectures. • Establish methods to correlate modules with service resource policies and user roles/policies. • Document IAM configurations for pipelines, repositories, and all cloud services; develop and maintain IAM SDLC documentation. • Develop a comprehensive IAM Cloud program strategy, defining its functions, roadmap, and maturity model.

🎯 Requirements

• 10+ years of experience in IAM, cloud security, or identity engineering roles with demonstrated progression. • Proficiency with CSPM tooling, specifically Wiz, for inventory, reporting, and compliance evidence collection. • Deep expertise in AWS multi-account governance: Organizations, Landing Zones, SCPs, and IAM least-privilege design patterns. • Proven experience leading zero trust initiatives including JIT/JEA provisioning, CIEM platforms, OAuth/OIDC, and service mesh identity. • Hands-on experience with policy-as-code tooling and embedding IAM guardrails into IaC (Terraform / CloudFormation) and CI/CD pipelines. • Experience securing microservices architectures (Python, Go) in async and event-driven environments across AWS, Azure, and GCP. • Strong command of network and data security controls: segmentation, KMS/encryption, cloud-native logging, and detection. • Proficiency in metadata tagging strategies, service access pattern development, and credential vault management. • Strong documentation, process development, and communication skills with the ability to influence cross-functional teams.

🏖️ Benefits

• Equal opportunity employer • Accommodations or adjustments throughout the interview process