Key skills
PythonPowerShellAzureTerraformJenkinsGitHub ActionsVaultIAMAzure DevOpsEntra IDOAuthSAMLIdentity ManagementGitHubGitOpsCI/CDCommunicationCloud SecurityZero Trust
About this role
CBTS is seeking a highly technical Azure Cloud IAM Architect & Security Engineer to lead the design, engineering, automation, and governance of enterprise identity and access management solutions across Azure cloud environments. The role requires deep expertise in Microsoft Azure security and Identity Governance, with responsibilities including architecting IAM solutions and implementing security frameworks.
Responsibilities:
- Architect, design, and implement enterprise-scale Identity and Access Management (IAM) solutions across Azure cloud environments
- Lead the implementation and governance of Microsoft Entra ID including Azure RBAC / ABAC, Conditional Access, Privileged Identity Management (PIM), Identity Protection, Access Reviews, Entitlement Management and B2B / B2C integrations
- Design and implement Zero Trust security architecture and least-privilege access models and ensure Just-In-Time (JIT) access elevation
- Engineer and manage Privilege as Code (PaC) frameworks for automated privileged access governance and identity lifecycle management
- Develop IAM automation solutions using, PowerShell, Python, Terraform, Bicep, ARM Templates, REST APIs, JSON / YAML
- Automate Privileged role assignments, Just-In-Time (JIT) access, Access provisioning and deprovisioning, Service principal governance, Entitlement reviews and Compliance validation workflows
- Integrate IAM and security controls into DevSecOps and CI/CD pipelines using GitHub Actions, Azure DevOps, Jenkins, GitOps methodologies and GitHub Copilot
- Develop secure APIs, automation services, and orchestration workflows for identity governance and cloud security operations
- Experience with cloud security services like Microsoft Defender for Cloud, Microsoft Sentinel, Defender for Identity, Key Vault for security monitoring and threat detection
- Design and enforce cloud security guardrails, governance standards, and compliance controls
- Implement secure authentication and federation mechanisms using OAuth 2.0, OpenID Connect, SAML and Support enterprise compliance initiatives as required
Requirements:
- 10+ years of hand-on experience in Identity & Access Management (IAM), Cloud Security, Cybersecurity Engineering and designing and securing Microsoft Azure cloud environments
- Bachelor's degree in computer science, Information Technology, or a related field
- Strong expertise in implementing and managing Microsoft Entra ID and Proven experience implementing and managing Privilege as Code (PaC) framework
- Experience integrating IAM and security controls into DevSecOps and CI/CD pipelines
- Strong software development and coding with experience automating privileged access management, identity lifecycle management, entitlement governance, and compliance validation workflows
- Expertise in authentication and federation standards including and Experience implementing and managing Azure cloud security services
- Experience conducting cloud security assessments, IAM governance reviews, and remediation activities
- Strong analytical, troubleshooting, and problem-solving capabilities with excellent verbal and written communication skills with ability to collaborate across architecture, engineering, security, and compliance teams
- Ability to lead technical initiatives, mentor teams, and drive enterprise IAM modernization programs
- Microsoft Certified: Azure Security Engineer Associate
- Microsoft Certified: Identity and Access Administrator Associate
- Microsoft Certified: Azure Solutions Architect Expert
- Certified Information Systems Security Professional (CISSP)
- Certified Cloud Security Professional