Lead Cloud/AI/IAM Architect & Engineer

Lead Cloud/AI/IAM Architect & Engineer

Job Level: W2T Consultant

Job Location: Remote

Travel Expectations: 0%

Job Classification: Temporary (W2T)

Join Centric Consulting – A Culture You’ll Love

At Centric Consulting, we've cultivated a unique approach to business.  Our business is built on three fundamental principles: Enjoy the people you work with, have fun, and do great work. These principles define our consulting model and have crafted one of the most vibrant cultures in the consulting industry – celebrating individuals, collaboration, and lifelong friendships.  

 The identity cloud engineer is responsible for the design, implementation, and sustainment of identity and access management capabilities across the organization's cloud environments, spanning AWS, Azure, and GCP. This role ensures that cloud native IAM constructs including roles, policies, service accounts, and Federated identity configurations are engineered to enforce least privilege, support zero trust principles, and integrate seamlessly with the enterprise identity stack.

As AI is embedded into the security program, this role will play a critical part in securing AI workloads and machine identities in the cloud, ensuring that non human identities, service principles, and automated pipelines are governed with the same trigger applied to human access.

The Lead Cloud IAM Architect & Engineer is responsible for defining and delivering the enterprise cloud and hybrid IAM architecture across AWS, Azure, and GCP. This role blends hands-on engineering with architecture leadership to build secure, scalable identity services and integrations using Okta, SailPoint, CyberArk, and HashiCorp platforms. The Lead will set technical direction, establish reference architectures and standards, and guide delivery across multiple teams while ensuring solutions are secure-by-design and operationally sustainable. 

In this role, you will: 

• Own the cloud IAM reference architecture across AWS, Azure, and GCP, including identity patterns for workforce, partners, and non-human identities (workloads/services).
• Define and drive adoption of authentication and authorization patterns (SSO, federation, MFA/adaptive access, API access, service-to-service identity) aligned to security standards and business requirements.
• Establish and maintain reusable architecture artifacts: reference architectures, standard integration patterns, design templates, configuration baselines, and guardrails.
• Lead architecture reviews and provide technical governance to ensure consistent implementation across cloud and application teams.

Design, build, and integrate IAM solutions using:

• Okta (SSO, federation, lifecycle integrations, MFA/adaptive policies, app integrations)
• SailPoint (identity governance, provisioning workflows, access reviews/certifications, role and entitlement modeling)
• CyberArk (privileged access management, credential/session controls, privileged workflows)
• HashiCorp (Vault/secrets management, dynamic secrets where applicable, identity-based access to secrets)
• Engineer secure cloud access patterns across AWS/Azure/GCP, including least privilege designs, account/subscription/project onboarding patterns, and role-based access models.
• Build and support modern identity integrations using standards and protocols (SAML, OIDC, OAuth 2.0, SCIM; familiarity with XACML/SPML as applicable).
• Develop automation and repeatability via scripting and/or infrastructure-as-code approaches (e.g., Terraform), improving time-to-deliver and reducing manual effort.
• Translate IAM strategy and security policies into implementable engineering standards (e.g., privileged access requirements, access request flows, secrets handling standards, non-human identity controls).
• Identify and mitigate IAM risks in cloud and hybrid environments (e.g., privileged sprawl, excessive permissions, token/session risks, misconfiguration, secrets leakage).
• Partner with Security, Cloud Platform, and Compliance teams to ensure IAM solutions meet regulatory and audit expectations.
• Own and maintain the IAM technical roadmap across Okta/SailPoint/CyberArk/HashiCorp, including modernization, integrations, technical debt reduction, and platform lifecycle planning for the cloud platform.
• Evaluate new capabilities from cloud providers and IAM vendors; recommend improvements based on emerging threats and business needs.
• Drive operational readiness for new IAM services: monitoring, alerting, runbooks, support transitions, and resilience/failover considerations.
• Serve as a technical escalation point for complex IAM issues and integrations.
• Mentor engineers and influence application and platform teams on secure identity patterns and implementation best practices.
• Communicate architecture decisions and tradeoffs clearly to engineering teams, product owners, and senior stakeholders.
• Interpret business needs and IAM strategy and convert them into secure, scalable architectures and engineering plans.
• Make technical decisions balancing security, usability, delivery speed, operability, and cost.
• Drive alignment across stakeholders and teams through architecture leadership and clear technical direction. 

Who You Are: 

Knowledge, Skills, and Experience Requirements

• Deep experience in enterprise IAM architecture and engineering, including SSO/federation, authentication, authorization, identity lifecycle, and privileged access.
• Strong understanding of IAM protocols and standards: SAML, OpenID Connect, OAuth 2.0, SCIM (plus familiarity with related standards as needed).
• Strong security foundation: least privilege, privileged access controls, secrets management, segmentation, auditing/logging, and identity threat considerations.

Hands-on experience designing IAM models across:

• AWS(IAM roles/policies, cross-account access patterns, identity federation)
• Azure (Entra ID/Azure RBAC patterns, subscription management concepts)
• GCP (IAM roles, service accounts, workload identity concepts)
• Understanding of cloud operating models across IaaS/PaaS/SaaS and how identity patterns differ across them.

Proven implementation experience with:

• Okta for identity provider patterns, app onboarding, MFA/adaptive access, lifecycle integrations
• SailPoint for governance, provisioning, role/entitlement modeling, certifications
• CyberArk for privileged access workflows, vaulting, session controls
• HashiCorp Vault (and related tooling) for secrets lifecycle and secure access patterns
• Strong scripting/automation capability (e.g., PowerShell, Python) and experience with IaC (e.g., Terraform) for scalable delivery.
• Ability to produce high-quality technical documentation: diagrams, designs, standards, and implementation guides.
• Excellent troubleshooting and analytical skills; ability to design for resiliency and failure modes.
• Strong written and verbal communication skills with the ability to influence and lead across teams.
• Comfortable leading technical delivery, mentoring others, and operating with minimal supervision in a complex environment.

Preferred Skills

• Experience with Zero Trust and modern conditional access/adaptive access patterns.
• Experience integrating IAM telemetry into SIEM/SOAR and supporting identity threat detection/response workflows.
• Exposure to API management and service-to-service security patterns (mTLS, JWT validation, OAuth client credential flows).
• Familiarity with AI/ML-driven identity controls and adaptive access tuning. 

Total Rewards:  

We proudly offer competitive compensation, a comprehensive and well-rounded benefits package for full-time employees that have been designed to nourish your well-being, such as health coverage, wellness programs, 401K company match, self-managed PTO, and other unique incentives that celebrate your accomplishments.      

• Remote and Hybrid Work
• Time Off When You Need It
• Benefits That Flex
• Professional Development  

While benefits eligibility may vary for roles that are not full-time, we provide unique opportunities for growth, skill development, and more.  Regardless of your role, you’ll be part of a collaborative environment where every team member contributes to our shared success.  

Discover more about our benefits by exploring additional details here benefits. 

Who We Are: 

Founded in 1999 with a remote workforce, we combine the benefits of experience, flexibility, and cost efficiency to create tailored solutions centered on what’s best for businesses.  Now numbering more than 1,400 employees in the U.S. and India, we’re committed to solving clients’ toughest problems and delivering on our mission of providing unmatched experiences.   

Our purpose at Centric Consulting is to bring unmatched experiences to clients and employees. These aren't just words we use — it's how we became a company and who we are today. Providing an unmatched experience means we approach each other as human beings and lead with empathy and humility. It means we work diligently to ensure we are a place where everyone can create a sense of belonging and feel respected for who they are.  

What Makes Centric a Great Place to Work? 

We know that creating and sustaining an authentically welcoming culture requires that we all play a part in promoting diversity, equity, and inclusion, from our business practice to how we show up for employees and communities. This is how we bring our mission and core values to life, working together to provide the highest quality services to our clients while allowing our employees to reach their full potential.  We are proud to be an equal opportunity employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veterans’ status, or any other characteristic protected by federal, state, or local laws.  

Reasonable accommodations are available for candidates during all aspects of the selection process. Please advise the talent acquisition team if you require accommodations during the application or interview process. 

#LI-Remote