IAM & Cloud Security Engineer – Multi-Cloud Migration (AWS → Azure & GCP)

4 views
Skip to first unread message

lalitha

unread,
Oct 30, 2025, 11:47:31 AM10/30/25
to

Title: IAM & Cloud Security Engineer – Multi-Cloud Migration (AWS → Azure & GCP)

Location: Dallas, TX


LOCALS ONLY

PP NUM IS MUST

 

Job Responsibilities

 

Identity and Access Management (IAM) Migration:

·         Lead IAM migration from AWS IAM policies, roles, and groups to Azure Active Directory, Azure RBAC, and GCP IAM roles and bindings.

·         Develop Terraform IaC modules to automate IAM resource creation across Azure and GCP environments.

·         Ensure the least privilege and separation of duties principles are enforced in all IAM configurations.

·         Integrate cloud identity providers (Azure AD, Cloud Identity) with corporate SSO (SAML/OIDC).

·         Establish service identities, workload identities, and managed identities for CI/CD and application workloads.

 

Policy-as-Code (PaC) Governance:

·         Define and implement Policy-as-Code frameworks to enforce cloud governance and compliance baselines in Azure and GCP.

·         Develop and maintain PaC pipelines using Terraform Sentinel, OPA (Open Policy Agent), or Azure Policy.

·         Establish CI/CD pipelines for Policy-as-Code validation, testing, and deployment.

·         Provide guidance and best practices for developing reusable and scalable PaC modules.

·         Implement policy version control, exception management, and automated compliance enforcement.

·         Collaborate with security architects to define policy coverage requirements (IAM, networking, encryption, storage, and tagging).

CI/CD and Automation for Security & IAM:

·         Design and establish CI/CD pipelines for IAM IaC and Policy-as-Code deployments across Azure DevOps, GitHub Actions, and Google Cloud Build.

·         Automate security control deployments using Terraform, including IAM roles, key management, and network policies.

·         Integrate policy compliance checks into the CI/CD flow for both infrastructure and application security pipelines.

·         Build reusable Terraform pipelines to enforce consistent security posture across environments.

·         Establish pipeline security gates (pre-deployment and post-deployment) for IAM and PaC changes.

 

Security Workload Migration (AWS → Azure & GCP):

·         Migrate security workloads such as WAF configurations, key management (KMS), and security analytics from AWS to Azure and GCP.

·         Develop IaC for host infrastructure and application security controls in target clouds.

·         Map AWS security services (IAM, KMS, WAF, GuardDuty) to Azure Security Center, Defender for Cloud, and GCP Security Command Center equivalents.

·         Recreate AWS Config Rules and SCPs as Azure Policies and GCP Organization Policies.

·         Ensure encryption, secrets management, and logging solutions are replicated or enhanced in target platforms.

·         Participate in testing, validation, and audit readiness for migrated security components.

 

Security Monitoring, Compliance & DR Integration:

·         Integrate monitoring and alerting with Azure Monitor, GCP Operations Suite, and SIEM tools.

·         Enable IAM and security event logging via Azure Activity Logs, GCP Audit Logs, and Cloud Logging.

·         Contribute to Disaster Recovery (DR) security alignment—ensuring IAM, policy, and encryption configurations are recoverable and consistent across regions.

·         Maintain auditability and compliance mapping (ISO 27001, NIST, SOC 2)

 

Required Qualifications:

·         5+ years of experience in cloud security engineering or IAM governance roles.

·         AWS IAM, KMS, WAF, Config, and GuardDuty

·         Azure AD, RBAC, Policy, and Defender for Cloud

·         GCP IAM, Cloud KMS, Organization Policies, and SCC

·         Terraform / Terragrunt for IaC and policy automation

·         OPA / Sentinel / Azure Policy for Policy-as-Code

·         CI/CD systems – Azure DevOps, GitHub Actions, or Cloud Build

·         Strong understanding of Zero Trust principles, encryption lifecycle management, and multi-cloud governance.

 

Preferred Skills:

·         Experience with Azure Blueprints, GCP Forseti Config Validator, or OPA Conftest.

·         Familiarity with cross-cloud SSO and federated identity models.

·         Strong scripting background (Python, PowerShell, or Bash).

·         Prior experience migrating workloads from AWS → Azure and AWS → GCP.

 Certifications:

·         Google Professional Cloud Security Engineer

·         Microsoft Certified: Azure Security Engineer Associate

·         AWS Certified Security – Specialty

·         HashiCorp Certified: Terraform Associate

 

Soft Skills:

·         Strategic thinker with a strong analytical and automation mindset.

·         Excellent communication across cloud platforms, DevOps, and compliance teams.

·         Strong documentation discipline and adherence to governance frameworks.

·         Proven leadership in cross-functional cloud security initiatives.

 

Education:

Bachelor’s or Master’s degree in Computer Science, Data Science, Machine Learning, or a related field 

Reply all
Reply to author
Forward
0 new messages