Overview:
8
• 8-12 years of experience in cloud security, IAM, or infrastructure security engineering, preferably within BFSI or regulated enterprises.
• Strong hands-on expertise in AWS security services, including:
• AWS IAM (roles, policies, permission boundaries, SCPs)
• AWS Organizations & multi-account governance
• AWS Identity Center (SSO)
• AWS KMS, Secrets Manager
• AWS CloudTrail, Config, GuardDuty, Security Hub
• Deep understanding of IAM design and governance, including:
• Role-based and attribute-based access control (RBAC/ABAC)
• Least privilege model implementation
• Identity lifecycle management (joiner/mover/leaver)
• Experience integrating AWS IAM with enterprise identity providers such as:
• Azure AD / Entra ID
• Okta or similar IdP platforms
• Key Responsibilities
• AWS IAM & Identity Security Leadership
• Own the design and implementation of enterprise-wide AWS IAM strategy across multi-account environments.
• Define and enforce least-privilege access models, including role-based and attribute-based controls.
• Lead integration of AWS IAM with enterprise identity providers (Azure AD/Okta), ensuring secure SSO and federation.
• Establish and maintain IAM governance processes, including access reviews, certification, and audit readiness.
• Cloud Security Operations
• Monitor and respond to security alerts across AWS using tools such as GuardDuty, Security Hub, and CloudWatch.
• Investigate and remediate IAM-related security risks, misconfigurations, and access issues.
• Oversee logging and monitoring strategy using CloudTrail, Config, and centralized SIEM integrations.
• Collaborate with SecOps teams to ensure timely incident response and root cause analysis.
• Access Management & Compliance
• Manage user access lifecycle (provisioning, deprovisioning, entitlement reviews) across AWS environments.
• Ensure compliance with regulatory and enterprise security standards (NIST, CIS benchmarks, etc.).
• Conduct periodi c access audits and enforce remediation of policy violations.
• Support internal and external audits by providing IAM evidence and controls documentation.
• Security Architecture & Governance
• Define and implement security guardrails using AWS Organizations, SCPs, and automation frameworks.
• Partner with platform and application teams to embed security-by-design principles.
• Drive adoption of policy-as-code and automated compliance checks in CI/CD pipelines.
• Provide architectural guidance for secure onboarding of new workloads and services on AWS.
