DevSecOps Engineer - Identity and Access Management

DevSecOps Engineer – Identity & Access Management

The DevSecOps Engineer will play a pivotal role in integrating robust security practices throughout the DevOps lifecycle, with a primary emphasis on identity and access management (IAM) using Microsoft Entra ID (formerly Azure AD). This role is responsible for designing and implementing secure automation pipelines, enforcing least‑privilege and Zero Trust access controls, and managing enterprise identity governance to meet both organizational and regulatory compliance requirements.

In addition to strong Entra ID expertise, the ideal candidate will bring hands‑on experience with GCP pipeline deployment, infrastructure-as-code (IaC), and custom agent development to enhance cloud security observability, policy enforcement, and workload protection across cloud environments.

• Leverage emerging Entra technologies such as Entra Agent ID, Entra Workload ID, Identity Governance lifecycle workflows, and Zero-Trust deployments—to strengthen identity protection, automate governance, and modernize access strategies.
• Automate identity and security configuration using scripting and IaC tools such as Terraform, Ansible and ARM templates, with multi-cloud pipeline support for Azure and GCP.
• Develop secure, automated pipelines on the GCP platform, enabling continuous compliance validation, vulnerability scanning, and policy-as-code deployment for cloud workloads and containerized environments.
• Design and integrate security tooling into CI/CD pipelines using GCP Cloud Build and GitHub Actionsto ensure automated code scanning, dependency security, secrets scanning, and policy enforcement.
• Develop secure, automated pipelines on the GCP platform, enabling continuous compliance validation, vulnerability scanning, and policy-as-code deployment for cloud workloads and containerized environments.

• Implement and manage emerging Microsoft Entra ID security controls, also including Conditional Access, Identity Protection, Privileged Identity Management (PIM), Identity Governance, and adaptive MFA policies across enterprise workloads.

   

• Continuously evaluate new features in Microsoft Entra ID and GCP IAM, providing architectural recommendations and integrating relevant capabilities into enterprise DevSecOps workflows.

   

• Automate identity and security configuration using scripting and IaC tools such as Terraform, Ansible and ARM templates, with multi-cloud pipeline support for Azure and GCP.
• Build and maintain custom security agents and automation workflows to enhance identity telemetry, enforce real-time access policies, and standardize cloud security controls across environments.
• Conduct regular reviews of roles, permissions, service principals, workload identities, and application registration security, ensuring least-privilege access and Zero Trust alignment.
• Collaborate with engineering teams to perform secure code reviews, threat modeling, vulnerability assessments, and provide remediation guidance during development and deployment cycles.
• Develop dashboards, reports, and automation for identity compliance, audit readiness, and IAM security posture using tools like Azure Monitor, GCP Looker, Sentinel, and BigQuery.

• Strong technical, troubleshooting, and strategical skills to build emerging technology solutions at scale.
• 3–6+ years of experience in DevOps, SecOps, or Cloud Security Engineering roles.
• Strong hands-on experience with Microsoft Entra ID (MS Graph REST API, Agent Development, AuthN Protocols, Conditional Access, and Automation).
• Lead GCP cloud deployments and build scalable, secure automation pipelines, leveraging Cloud Build, Cloud Deploy, Artifact Registry, and GCP-native IaC to support continuous delivery, compliance automation, and multi-cloud DevSecOps workflows.
• Experience with IaC: Terraform, Bicep, or ARM templates.
• Knowledge of container security, Kubernetes, and cloud-native security patterns.
• Solid understanding of Zero Trust principles, IAM, and identity lifecycle management.
• Familiarity with vulnerability management tools and SAST/DAST integrations (42Crunch, CheckmarX and FOSSA)
• Microsoft Azure certifications (e.g., AZ-500, SC-300, AZ-104, AZ-305) are a strong plus.