What are the responsibilities and job description for the AWS Cloud Security / IAM Lead position at Stanley David and Associates?
Job Title :: AWS Cloud Security / IAM Lead
Location :: Minneapolis, MN
Type ::Fulltime role
Key Responsibilities
- AWS IAM & Identity Security Leadership
- Own the design and implementation of enterprise-wide AWS IAM strategy across multi-account environments.
- Define and enforce least-privilege access models, including role-based and attribute-based controls.
- Lead integration of AWS IAM with enterprise identity providers (Azure AD/Okta), ensuring secure SSO and federation.
- Establish and maintain IAM governance processes, including access reviews, certification, and audit readiness.
- ________________________________________
- Cloud Security Operations
- Monitor and respond to security alerts across AWS using tools such as GuardDuty, Security Hub, and CloudWatch.
- Investigate and remediate IAM-related security risks, misconfigurations, and access issues.
- Oversee logging and monitoring strategy using CloudTrail, Config, and centralized SIEM integrations.
- Collaborate with SecOps teams to ensure timely incident response and root cause analysis.
- ________________________________________
- Access Management & Compliance
- Manage user access lifecycle (provisioning, deprovisioning, entitlement reviews) across AWS environments.
- Ensure compliance with regulatory and enterprise security standards (NIST, CIS benchmarks, etc.).
- Conduct periodi c access audits and enforce remediation of policy violations.
- Support internal and external audits by providing IAM evidence and controls documentation.
- ________________________________________
- Security Architecture & Governance
- Define and implement security guardrails using AWS Organizations, SCPs, and automation frameworks.
- Partner with platform and application teams to embed security-by-design principles.
- Drive adoption of policy-as-code and automated compliance checks in CI/CD pipelines.
- Provide architectural guidance for secure onboarding of new workloads and services on AWS.
Requirments:
- 8–12 years of experience in cloud security, IAM, or infrastructure security engineering, preferably within BFSI or regulated enterprises.
- Strong hands-on expertise in AWS security services, including:
- AWS IAM (roles, policies, permission boundaries, SCPs)
- AWS Organizations & multi-account governance
- AWS Identity Center (SSO)
- AWS KMS, Secrets Manager
- AWS CloudTrail, Config, GuardDuty, Security Hub
- Deep understanding of IAM design and governance, including:
- Role-based and attribute-based access control (RBAC/ABAC)
- Least privilege model implementation
- Identity lifecycle management (joiner/mover/leaver)
- Experience integrating AWS IAM with enterprise identity providers such as:
- Azure AD / Entra ID
- Okta or similar IdP platforms
Salary : $100,000 - $110,000