Key skills
AWS IAMIAM rolesIAM policiesPermission boundariesTrust relationshipsRBACABACIAM persona designInfrastructure as CodeCloudFormationTerraformTerraform modulesIdentity Directory integrationIdentity GovernanceIdentity provisioningIdentity deprovisioningAccess reviewsFederationAudit readinessCompliance reportingComplianceAWSIAM
About this role
Capgemini is a global business and technology transformation partner, and they are seeking an experienced AWS IAM Engineer to implement, manage, and scale enterprise Identity and Access Management solutions across AWS environments. The role focuses on engineering, automation, and standardization of IAM workloads, with an emphasis on IAM persona buildout and integration with Identity Governance platforms.
Responsibilities:
- Engineer and maintain AWS IAM workloads across multi-account environments
- Build, configure, and manage IAM roles, policies, permission boundaries, and trust relationships for human and service identities
- Implement least-privilege access models using RBAC and ABAC principles
- Troubleshoot and resolve IAM-related access and permission issues
- Design and implement IAM personas for services, applications, and platform workloads
- Support enterprise-scale rollout of standardized IAM personas across development, staging, and production environments
- Ensure IAM persona consistency, reusability, and compliance across teams and accounts
- Partner with security, platform, and application teams to onboard services to approved IAM models
- Convert and modernize CloudFormation-based IAM roles and policies to Terraform
- Engineer Terraform modules for reusable IAM components (roles, policies, instance profiles, service roles)
- Maintain and enhance Terraform pipelines for IAM deployments
- Support migration activities from legacy IAM implementations (e.g., CNF or bespoke frameworks) to Terraform
- Integrate AWS IAM with IDC solutions for identity lifecycle management
- Engineer IAM workflows supporting identity provisioning, deprovisioning, and access reviews
- Support federation and identity synchronization between AWS and IDC platforms
- Assist with audit readiness, compliance reporting, and governance controls
Requirements:
- Experience in implementing, managing, and scaling enterprise Identity and Access Management (IAM) solutions across AWS environments
- Hands-on engineering, automation, and standardization of IAM workloads
- IAM persona buildout for services
- Infrastructure-as-code modernization
- Integration with Identity Directory / Identity Governance (IDC) platforms
- Engineering and maintaining AWS IAM workloads across multi-account environments
- Building, configuring, and managing IAM roles, policies, permission boundaries, and trust relationships for human and service identities
- Implementing least-privilege access models using RBAC and ABAC principles
- Troubleshooting and resolving IAM-related access and permission issues
- Designing and implementing IAM personas for services, applications, and platform workloads
- Supporting enterprise-scale rollout of standardized IAM personas across development, staging, and production environments
- Ensuring IAM persona consistency, reusability, and compliance across teams and accounts
- Partnering with security, platform, and application teams to onboard services to approved IAM models
- Converting and modernizing CloudFormation-based IAM roles and policies to Terraform
- Engineering Terraform modules for reusable IAM components (roles, policies, instance profiles, service roles)
- Maintaining and enhancing Terraform pipelines for IAM deployments
- Supporting migration activities from legacy IAM implementations (e.g., CNF or bespoke frameworks) to Terraform
- Integrating AWS IAM with IDC solutions for identity lifecycle management
- Engineering IAM workflows supporting identity provisioning, deprovisioning, and access reviews
- Supporting federation and identity synchronization between AWS and IDC platforms
- Assisting with audit readiness, compliance reporting, and governance controls