Logo
Booz Allen Hamilton

IAM Cloud Security Engineer

Booz Allen Hamilton, Hampton, Virginia, United States, 23661


Job Number: R0208845

The Opportunity:You know that the user is the last frontier for cyber security. It's where the perimeter is drawn, and securing identities is pivotal in the fight against cybercriminals. As an IAM specialist, you have the skills and experience to keep hackers from taking data and breaking processes. We're looking for someone like you to help our clients meet their missions without disruption.As a Cloud Security Engineer with an Identity and Access Management (IAM) focus at Booz Allen, you'll play a critical role in the world of identity and access management and zero trust. You'll interface with stakeholders and engineering teams to delve into the details and dependencies of critical processes and users' roles within them.You'll analyze the identity lifecycle, articulating access requirements and defining enterprise identity records. You'll use your experience in IAM to design, deploy, and support systems that verify appropriate user privileges and manage credentials for accessing our clients' most valuable assets. From single sign-on to privileged access systems, you'll have the chance to implement enterprise-class solutions and stop adversaries in their tracks.In this role, you will:Design and implement enterprise-wide identity and access management solutions across multi-domain cloud environments, focusing on zero-trust principles, privileged access management, and automated access governance.Lead the development of identity-centric security architectures, implementing fine-grained access controls, and establishing automated identity lifecycle management processes across AWS environments while maintaining DoD compliance requirements.Architect and implement comprehensive IAM solutions integrating AWS IAM, Azure AD, and on-premises identity providers.Design role-based access control (RBAC) and attribute-based access control (ABAC) frameworks.Develop automated user provisioning and de-provisioning workflows using AWS Organizations and Control Tower.Implement privileged access management (PAM) solutions and just-in-time access mechanisms.Create and maintain IAM policies using infrastructure as code, including AWS CDK and Terraform.Design federated authentication patterns and SSO implementations.Implement automated access reviews and certification processes.Develop custom IAM policy automation tools and governance frameworks.Apply today to help us as we keep the warfighter safe.Join us. The world can't wait.You Have:5+ years of experience with AWS IAM, Organizations, and Control TowerExperience with implementing RBAC and ABAC frameworks in cloud environmentsExperience with programming in Python and Node.js with focus on IAM automationExperience with identity federation protocols, including SAML, OIDC, or OAuthExperience with privileged access management (PAM) implementation and workflowsExperience with AWS Organizations and multi-account access patterns and IaC tools, including AWS CDK and Terraform for IAM managementKnowledge of PKI infrastructure and certificate managementSecret clearanceBachelor's degreeNice If You Have:Experience with cross-account access patterns and permission boundary frameworksExperience with identity governance and administration (IGA) solutions and AWS IAM Access AnalyzerExperience with integrating enterprise identity providers, including Okta, Ping, or Azure ADExperience with session policy implementation and managementExperience with developing custom IAM policy generators and validatorsExperience with privileged session monitoring and recording systemsKnowledge of service control policies (SCPs) and permission guardrailsKnowledge of automated access review and certification processesAWS Security Specialty, AWS Certified Solutions Architect Professional, ISC2 CISSP, or CertNexus Identity and Access Management Specialist CertificationAbility to obtain a DoD 8570 IAT Level II Compliance Certification within 90 days of hireClearance:Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.CompensationAt Booz Allen, we celebrate your contributions, provide you with opportunities and choices, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work-life programs, and dependent care. Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values. Full-time and part-time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen's benefit programs.Salary at Booz Allen is determined by various factors, including but not limited to location, the individual's particular combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability and organizational requirements. The projected compensation range for this position is $84,600.00 to $193,000.00 (annualized USD). The estimate displayed represents the typical salary range for this position and is just one component of Booz Allen's total compensation package for employees. This posting will close within 90 days from the Posting Date.Identity StatementAs part of the application process, you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.Work ModelOur people-first culture prioritizes the benefits of flexibility and collaboration, whether that happens in person or remotely.If this position is listed as remote or hybrid, you'll periodically work from a Booz Allen or client site facility.If this position is listed as onsite, you'll work with colleagues and clients in person, as needed for the specific role.EEO CommitmentWe're an equal employment opportunity/affirmative action employer that empowers our people to fearlessly drive change - no matter their race, color, ethnicity, religion, sex (including pregnancy, childbirth, lactation, or related medical conditions), national origin, ancestry, age, marital status, sexual orientation, gender identity and expression, disability, veteran status, military or uniformed service member status, genetic information, or any other status protected by applicable federal, state, local, or international law.

#J-18808-Ljbffr