Senior Cloud Identity & DevOps Engineer

Duration: 12+ monthsLocation: Chandler, AZ (Onsite 3 days/week)Benefits Provided: Yes, including 15 PTO days/year***U.S. Citizens and those authorized to work in the U.S. are encouraged to apply. We are unable to sponsor or transfer visas at this time.******No Vendors/3rd parties.***We are seeking a highly skilled and hands-on Senior Cloud Identity DevOps Engineer / Cloud Architect with strong expertise in AWS, Microsoft Azure, Terraform, and Identity & Access Management (IAM). The ideal candidate will be responsible for engineering, automating, deploying, and supporting enterprise-scale cloud identity solutions across AWS and Azure environments.This role will focus on modernizing decentralized AWS access controls using AWS Identity Center integrated with enterprise identity providers such as PingFederate, while also building scalable Infrastructure-as-Code (IaC) and CI/CD automation for Microsoft Entra ID (Azure AD). The candidate should possess deep expertise in Terraform, DevOps practices, federation technologies (SAML/OIDC), security governance, and cloud identity automation. Primary Skills:Cloud ArchitectSecondary Skills:TerraformTertiary Skills:Microsoft Azure Requirements:Cloud & Identity Engineering7+ years of experience in Cloud Development/Engineering delivering enterprise-scale identity and security solutions.Expertise:AWS Identity Center (AWS SSO)AWS IAMAWS Organizations and multi-account architecturesMicrosoft Entra ID (Azure AD)Responsibilities:Design, implement, and support enterprise cloud identity and access management solutions across AWS and Azure.Engineer and automate AWS Identity Center (AWS SSO) implementations including permission sets, account assignments, governance, and access lifecycle management.Develop and manage AWS IAM roles, policies, trust relationships, MFA enforcement, and least-privilege access models.Implement identity federation integrations between enterprise IdPs (preferably PingFederate) and AWS using SAML/OIDC and SCIM provisioning.Build and maintain Infrastructure-as-Code (IaC) automation using Terraform for cloud identity deployments.Develop reusable Terraform modules, manage remote state, environment segregation, and secure secrets/variable handling.Automate Microsoft Entra ID (Azure AD) identity services including:Service Principals (SPNs)App RegistrationsEnterprise ApplicationsRole assignmentsConditional Access policiesDesign and implement secure CI/CD pipelines for identity deployment automation using Jenkins, Horizon, CircleCI, and Bitbucket.Support application onboarding and federation integrations with Entra ID.Design secure, scalable, auditable, and compliant identity deployment pipelines.Collaborate with Security, Cloud Engineering, Audit, Infrastructure, and Operations teams.Implement monitoring, logging, reporting, and audit evidence generation for cloud identity systems.Troubleshoot federation, authentication, authorization, and provisioning issues.Develop automation scripts using PowerShell and/or Python.Support governance, risk, compliance, and operational support requirements.Understanding of:SSOMFASAMLOAuth2/OIDCFederation technologiesToken flowsIdentity governance and access controlTerraform & Infrastructure AutomationMandatory hands-on experience with Terraform including:Module developmentRemote state managementMulti-environment deploymentsSecure variable and secret handlingInfrastructure automation best practicesDevOps & CI/CDExperience building CI/CD pipelines using:JenkinsHorizonCircleCIBitbucketExperience designing secure and auditable deployment pipelines.Azure & AWS Identity AutomationExperience automating:Service PrincipalsEnterprise ApplicationsApp RegistrationsRole assignmentsConditional Access policiesExperience integrating enterprise IdPs with AWS environments.Strong knowledge of least-privilege security patterns and access governance.Scripting & APIsScripting skills using:PowerShellPythonExperience using:REST APIsMicrosoft Graph APISoft SkillsExcellent communication and stakeholder management skills.Ability to explain technical concepts to both technical and non-technical audiences.Ability to work as a hands-on SME across cross-functional teams.Desired:Microsoft Azure Security Engineer Associate (AZ-500) certification.AWS Certified Security - Specialty certification.Experience with PingFederate administration and troubleshooting.Experience integrating ServiceNow or event-to-ticket workflows.Knowledge of:PKI infrastructureCertificates and CA managementCertificate-based authenticationEncryption and key management solutions26-00511