IAM Cloud Engineer | Hybrid Toronto, CA

Get AI-powered advice on this job and more exclusive features.

About This Role:

We are seeking an experienced IAM Engineer to design, implement, and manage identity and access management (IAM) solutions across Azure. This role requires deep expertise in cloud identity, workload identity federation, privileged access management (PAM), and secrets management, with a focus on integrating IAM security controls into AI/ML workloads. You will play a key role in modernizing IAM frameworks, enforcing governance policies, and enhancing DevSecOps security automation in multi-cloud environments.

Responsibilities:

• Design and implement IAM frameworks for Azure Entra ID and Google Identity, ensuring robust access controls for cloud and hybrid workloads.
• Develop Workload Identity Federation (WIF) models to securely integrate AI/ML pipelines with cloud IAM policies.
• Harden privileged access models (e.g., Azure PIM, CyberArk) to enforce Just-in-Time (JIT) access across cloud environments.
• Implement multi-cloud IAM governance strategies to align identity policies between Azure and GCP.
• Enhance OAuth 2.0, mTLS, and JWT-based authentication for securing API access and service mesh integrations.
• Implement IAM-based secrets injection into AI/ML pipelines for Azure Machine Learning and Vertex AI workloads.
• Secure LLM (Large Language Model) deployments by enforcing access controls on AI/ML datasets and inference endpoints.
• Ensure IAM security for MLOps workflows, securing AI models, training data, and API keys.
• Support SIEM integration for identity-related event monitoring and Dyantrace.
• Implement role-based access control (RBAC) and attribute-based access control (ABAC) policies for cloud workloads.
• Enforce IAM policies for AI/ML workloads, ensuring compliance with SOC 2, NIST, and ISO 27001 standards.
• Collaborate with domain architects and LOB stakeholders to streamline IAM onboarding for developers and data scientists.

• Strong expertise in Azure Entra ID (formerly Azure AD) & Google Identity.
• Experience implementing Workload Identity Federation (WIF) in Azure Managed Identities.
• Hands-on experience with OAuth 2.0, mTLS, JWT, and API gateway IAM policies (Apigee, Azure API Management).
• Strong understanding of privileged access security (PAM), JIT access, and admin role governance.
• Experience with HashiCorp Vault for managing cloud secrets and workload identity.
• Knowledge of IAM security best practices for securing Azure ML, Vertex AI, and AI/ML model access.
• Ability to design secure secrets retrieval models for CI/CD pipelines, Ansible playbooks, and VMs.
• Proficiency in Terraform, Ansible, and GitHub Actions for IAM policy automation.
• Strong knowledge of CI/CD security for IAM, including GitHub OIDC and workload identity enforcement.
• Familiarity with GCP IAM policy bindings, Terraform IAM modules, and Azure RBAC automation.
• Hands-on experience integrating IAM logs with SIEM solutions (Splunk, Sentinel, Dyantrace) for real-time monitoring.
• Experienced with IAM threat modeling, anomaly detection, and access risk mitigation strategies.

• 5+ years of experience in information technology with 3+ years of hands-on experience as an individual engineering contributor in Cloud projects.
• Ability to participate in fast-paced DevOps Engineering teams within Scrum agile processes.
• Strong academic background (e.g., computer science, engineering).
• Strong preference for Certified Professionals with relevant Cloud Certifications.
• Engineering or systems management experience with Active Directory, ActiveRoles Server, and any federation service is beneficial.

• Mid-Senior level

• Full-time

• Other

• IT Services and IT Consulting