IAM Cloud Security Engineer

The Opportunity:

You know that the user is the last frontier for cybersecurity. It’s where the perimeter is drawn, and securing identities is pivotal in the fight against cybercriminals. As an Identity and Access Management (IAM) Specialist, you have the skills and experience to keep hackers from taking data and breaking processes. We’re looking for someone like you to help our clients meet their missions without disruption.

As a Cloud Security Engineer with an IAM focus at Booz Allen, you’ll play a critical role in the world of IAM and zero trust. You’ll interface with stakeholders and engineering teams to delve into the details and dependencies of critical processes and users’ roles within them.

You’ll analyze the identity lifecycle, articulating access requirements and defining enterprise identity records. You’ll use your experience in IAM to design, deploy, and support systems that verify appropriate user privileges and manage credentials for accessing our clients’ most valuable assets. From single sign-on to privileged access systems, you’ll have the chance to implement enterprise-class solutions and stop adversaries in their tracks.

What You’ll Work On:

• Design and implement enterprise-wide IAM solutions across multi-domain cloud environments, focusing on zero-trust principles, privileged access management, and automated access governance.
• Lead the development of identity-centric security architectures, implementing fine-grained access controls, and establishing automated identity lifecycle management processes across AWS environments while maintaining DoD compliance requirements.
• Architect and implement comprehensive IAM solutions integrating AWS IAM, Azure AD, and on-premises identity providers.
• Design role-based access control (RBAC) and attribute-based access control (ABAC) frameworks.
• Develop automated user provisioning and de-provisioning workflows using AWS Organizations and Control Tower.
• Implement privileged access management (PAM) solutions and just-in-time access mechanisms.
• Assist with creating and maintaining IAM policies using infrastructure as code, including AWS CDK and Terraform.
• Design federated authentication patterns and SSO implementations.
• Implement automated access reviews and certification processes.
• Develop custom IAM policy automation tools and governance frameworks.

Apply today to help us as we keep the warfighter safe.

Join us. The world can’t wait.

You Have:

• 5+ years of experience with general Cloud security
• 2+ years of experience with AWS IAM, Organizations, and Control Tower
• Experience implementing RBAC and ABAC frameworks in cloud environments
• Experience with infrastructure code programming in Python and Node.js
• Experience with identity federation protocols, including SAML, OIDC, or OAuth, and PAM implementation and workflows
• Experience with AWS organizations and multi-account access patterns and IaC tools, including AWS CDK and Terraform for IAM management
• Knowledge of PKI infrastructure and certificate management
• Secret clearance
• HS diploma or GED
• Ability to obtain a DoD 8570 IAT Level II Compliance Certification within 30 days of start date

Nice If You Have:

• Experience with cross-account access patterns and permission boundary frameworks
• Experience with identity governance and administration (IGA) solutions and AWS IAM Access Analyzer
• Experience integrating enterprise identity providers, including Okta, Ping, or Azure AD
• Experience with session policy implementation and management
• Experience developing custom IAM policy generators and validators
• Experience with privileged session monitoring and recording systems
• Knowledge of service control policies (SCPs) and permission guardrails
• Knowledge of automated access review and certification processes
• Bachelor’s degree
• AWS Security Specialty, AWS Certified Solutions Architect Professional, ISC2 CISSP, or CertNexus Identity and Access Management Specialist Certification

Clearance:  
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.

Compensation

At Booz Allen, we celebrate your contributions, provide you with opportunities and choices, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work-life programs, and dependent care. Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values. Full-time and part-time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen’s benefit programs. Individuals that do not meet the threshold are only eligible for select offerings, not inclusive of health benefits. We encourage you to learn more about our total benefits by visiting the Resource page on our Careers site and reviewing Our Employee Benefits page.

Salary at Booz Allen is determined by various factors, including but not limited to location, the individual’s particular combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability and organizational requirements. The projected compensation range for this position is $84,600.00 to $193,000.00 (annualized USD). The estimate displayed represents the typical salary range for this position and is just one component of Booz Allen’s total compensation package for employees. This posting will close within 90 days from the Posting Date.

Identity Statement

As part of the application process, you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.

Work Model
Our people-first culture prioritizes the benefits of flexibility and collaboration, whether that happens in person or remotely.

• If this position is listed as remote or hybrid, you’ll periodically work from a Booz Allen or client site facility.
• If this position is listed as onsite, you’ll work with colleagues and clients in person, as needed for the specific role.

EEO Commitment

We’re an equal employment opportunity/affirmative action employer that empowers our people to fearlessly drive change – no matter their race, color, ethnicity, religion, sex (including pregnancy, childbirth, lactation, or related medical conditions), national origin, ancestry, age, marital status, sexual orientation, gender identity and expression, disability, veteran status, military or uniformed service member status, genetic information, or any other status protected by applicable federal, state, local, or international law.