Role Description The identity cloud engineer is responsible for the design, implementation, and sustainment of identity and access management capabilities across the organization's cloud environments, spanning AWS, Azure, and GCP. This role ensures that cloud native IAM constructs including roles, policies, service accounts, and Federated identity configurations are engineered to enforce least privilege, support zero trust principles, and integrate seamlessly with the enterprise identity stack. As AI is embedded into the security program, this role will play a critical part in securing AI workloads and machine identities in the cloud, ensuring that non-human identities, service principles, and automated pipelines are governed with the same trigger applied to human access. The Lead Cloud IAM Architect & Engineer is responsible for defining and delivering the enterprise cloud and hybrid IAM architecture across AWS, Azure, and GCP. This role blends hands-on engineering with architecture leadership to build secure, scalable identity services and integrations using Okta, SailPoint, CyberArk, and HashiCorp platforms. The Lead will set technical direction, establish reference architectures and standards, and guide delivery across multiple teams while ensuring solutions are secure-by-design and operationally sustainable. In this role, you will: - Own the cloud IAM reference architecture across AWS, Azure, and GCP, including identity patterns for workforce, partners, and non-human identities (workloads/services). - Define and drive adoption of authentication and authorization patterns (SSO, federation, MFA/adaptive access, API access, service-to-service identity) aligned to security standards and business requirements. - Establish and maintain reusable architecture artifacts: reference architectures, standard integration patterns, design templates, configuration baselines, and guardrails. - Lead architecture reviews and provide technical governance to ensure consistent implementation across cloud and application teams. - Design, build, and integrate IAM solutions using: - Okta (SSO, federation, lifecycle integrations, MFA/adaptive policies, app integrations) - SailPoint (identity governance, provisioning workflows, access reviews/certifications, role and entitlement modeling) - CyberArk (privileged access management, credential/session controls, privileged workflows) - HashiCorp (Vault/secrets management, dynamic secrets where applicable, identity-based access to secrets) - Engineer secure cloud access patterns across AWS/Azure/GCP, including least privilege designs, account/subscription/project onboarding patterns, and role-based access models. - Build and support modern identity integrations using standards and protocols (SAML, OIDC, OAuth 2.0, SCIM; familiarity with XACML/SPML as applicable). - Develop automation and repeatability via scripting and/or infrastructure-as-code approaches (e.g., Terraform), improving time-to-deliver and reducing manual effort. - Translate IAM strategy and security policies into implementable engineering standards (e.g., privileged access requirements, access request flows, secrets handling standards, non-human identity controls). - Identify and mitigate IAM risks in cloud and hybrid environments (e.g., privileged sprawl, excessive permissions, token/session risks, misconfiguration, secrets leakage). - Partner with Security, Cloud Platform, and Compliance teams to ensure IAM solutions meet regulatory and audit expectations. - Own and maintain the IAM technical roadmap across Okta/SailPoint/CyberArk/HashiCorp, including modernization, integrations, technical debt reduction, and platform lifecycle planning for the cloud platform. - Evaluate new capabilities from cloud providers and IAM vendors; recommend improvements based on emerging threats and business needs. - Drive operational readiness for new IAM services: monitoring, alerting, runbooks, support transitions, and resilience/failover considerations. - Serve as a technical escalation point for complex IAM issues and integrations. - Mentor engineers and influence application and platform teams on secure identity patterns and implementation best practices. - Communicate architecture decisions and tradeoffs clearly to engineering teams, product owners, and senior stakeholders. - Interpret business needs and IAM strategy and convert them into secure, scalable architectures and engineering plans. - Make technical decisions balancing security, usability, delivery speed, operability, and cost. - Drive alignment across stakeholders and teams through architecture leadership and clear technical direction. Qualifications - Deep experience in enterprise IAM architecture and engineering, including SSO/federation, authentication, authorization, identity lifecycle, and privileged access. - Strong understanding of IAM protocols and standards: SAML, OpenID Connect, OAuth 2.0, SCIM (plus familiarity with related standards as needed). - Strong security foundation: least privilege, privileged access controls, secrets management, segmentation, auditing/logging, and identity threat considerations. - Hands-on experience designing IAM models across: - AWS (IAM roles/policies, cross-account access patterns, identity federation) - Azure (Entra ID/Azure RBAC patterns, subscription management concepts) - GCP (IAM roles, service accounts, workload identity concepts) - Understanding of cloud operating models across IaaS/PaaS/SaaS and how identity patterns differ across them. - Proven implementation experience with: - Okta for identity provider patterns, app onboarding, MFA/adaptive access, lifecycle integrations - SailPoint for governance, provisioning, role/entitlement modeling, certifications - CyberArk for privileged access workflows, vaulting, session controls - HashiCorp Vault (and related tooling) for secrets lifecycle and secure access patterns - Strong scripting/automation capability (e.g., PowerShell, Python) and experience with IaC (e.g., Terraform) for scalable delivery. - Ability to produce high-quality technical documentation: diagrams, designs, standards, and implementation guides. - Excellent troubleshooting and analytical skills; ability to design for resiliency and failure modes. - Strong written and verbal communication skills with the ability to influence and lead across teams. - Comfortable leading technical delivery, mentoring others, and operating with minimal supervision in a complex environment. Preferred Skills - Experience with Zero Trust and modern conditional access/adaptive access patterns. - Experience integrating IAM telemetry into SIEM/SOAR and supporting identity threat detection/response workflows. - Exposure to API management and service-to-service security patterns (mTLS, JWT validation, OAuth client credential flows). - Familiarity with AI/ML-driven identity controls and adaptive access tuning. Benefits - Competitive compensation - Comprehensive and well-rounded benefits package for full-time employees - Health coverage - Wellness programs - 401K company match - Self-managed PTO - Unique incentives that celebrate your accomplishments - Remote and Hybrid Work - Time Off When You Need It - Benefits That Flex - Professional Development

• Design deploy maintain optimize and automate scalable secure and resilient cloud infrastructure and solutions across Azure GCP and AWS • Manage backup and disaster recovery strategies across cloud platforms • Implement and maintain robust cloud security controls aligned with industry standards CIS NIST and ISO 27001 • Implement and maintain Infrastructure as Code cloud automation and CI CD driven deployments • Support cloud automation initiatives including infrastructure automation integrations operational workflows and platform stability improvements • Enable AI and intelligent automation use cases in alignment with established governance and security standards • Troubleshoot cloud platform issues support incident resolution and maintain technical documentation and runbooks • Help define and enforce cloud governance standards including management groups subscriptions Azure Policy RBAC naming conventions tagging and cost controls • Implement automation in ServiceDesk identity and other enterprise platforms to drive consistent efficient and rapid experiences • Engage with IT and functional stakeholders to define business processes align them to appropriate technology solutions and represent Definium technology interests on initiatives with significant technology impact • Translate functional and technical requirements into solution architecture and provide build and deployment guidance to software developers • Design scalable supportable systems by selecting technology stacks that can be supported by a broad ecosystem of providers and technically skilled Definium staff • Identify and evaluate technology partners and maintain relationships with strategic vendors to stay informed of evolving capabilities and risks • Stay current on leading and emerging technologies and evaluate fit against financial security and operational requirements • Cross train and mentor junior engineers

Role Description Serve as a cloud architecture leader, providing guidance and mentorship to team members, while supporting a DoD mission program. Design and deliver secure, compliant workloads within a platform-managed hub-and-spoke environment across AWS GovCloud and Azure Government. - Architect and deliver secure, scalable AWS‑centric solutions (with multi‑cloud fluency across Azure Government/GCP) as a spoke workload team operating inside a platform‑managed hub‑and‑spoke environment. - Be well‑versed in platform management constructs (network hub, identity, operations, DevOps, shared services) to facilitate design discussions and articulate workload requirements to platform owners/providers. - Operate as a liaison between mission teams, leadership, and platform providers, ensuring workload strategies align with programmatic, operational, and compliance goals. - Translate DoD operational constraints (Cloud Computing SRG impact levels, RMF/ATO, DISA STIGs) into practical workload architectures and deployment patterns that inherit and align with platform guardrails. Qualifications - Experience in cloud architecture and deployment. - Strong understanding of DoD compliance and security engineering. - Proficiency in AWS and Azure platforms. - Ability to mentor and manage technical teams. - Experience with IaC tools like Terraform, CloudFormation, Bicep, or CDK. Requirements - Define and communicate workload requirements for routing, firewall/inspection, DNS, identity trust, logging/telemetry, secrets, and egress. - Manage cross-functional teams and discussions, ensuring alignment between workload needs and platform provisioning. - Drive the creation of workload reference architectures and IaC templates ensuring alignment with platform guardrails and program security policies. - Lead the team in implementing secure network zoning and service exposure. - Design CI/CD pipelines with security/compliance gates. - Map workload data and mission needs to SRG IL2–IL6 and engineer control implementations. - Provide team guidance on applying Zero Trust principles. - Lead collaboration efforts with external vendors and industry solution providers. - Define and manage workload resilience strategies. - Guide team members in implementing and monitoring FinOps practices for ongoing cost control. Benefits - Remote work with limited travel. - Opportunities for professional development and mentorship. - Competitive salary and benefits package.

• Manage and maintain Azure Cloud operations, ensuring high availability and reliability. • Develop, maintain, and optimize Terraform code for infrastructure provisioning. • Design, implement, and monitor GitLab CI/CD pipelines for deploying Terraform code to Azure. • Collaborate with cross-functional teams to ensure seamless integration and automation of cloud infrastructure. • Continuously improve system performance and scalability through automation and process optimization. • Troubleshoot and resolve infrastructure and deployment-related issues effectively. • Stay updated with industry best practices and emerging technologies in DevOps and Cloud Engineering.