What are the responsibilities and job description for the Senior Cloud Identity & DevOps Engineer position at The Brixton Group?
Duration: 12 months
Location: Chandler, AZ (Onsite 3 days/week)
Benefits Provided: Yes, including 15 PTO days/year
***U.S. Citizens and those authorized to work in the U.S. are encouraged to apply. We are unable to sponsor or transfer visas at this time.***
***No Vendors/3rd parties.***
We are seeking a highly skilled and hands-on Senior Cloud Identity DevOps Engineer / Cloud Architect with strong expertise in AWS, Microsoft Azure, Terraform, and Identity & Access Management (IAM). The ideal candidate will be responsible for engineering, automating, deploying, and supporting enterprise-scale cloud identity solutions across AWS and Azure environments.
This role will focus on modernizing decentralized AWS access controls using AWS Identity Center integrated with enterprise identity providers such as PingFederate, while also building scalable Infrastructure-as-Code (IaC) and CI/CD automation for Microsoft Entra ID (Azure AD). The candidate should possess deep expertise in Terraform, DevOps practices, federation technologies (SAML/OIDC), security governance, and cloud identity automation.
Primary Skills:
- Cloud Architect
- Terraform
- Microsoft Azure
- Cloud & Identity Engineering
- 7 years of experience in Cloud Development/Engineering delivering enterprise-scale identity and security solutions.
- AWS Identity Center (AWS SSO)
- AWS IAM
- AWS Organizations and multi-account architectures
- Microsoft Entra ID (Azure AD)
- Design, implement, and support enterprise cloud identity and access management solutions across AWS and Azure.
- Engineer and automate AWS Identity Center (AWS SSO) implementations including permission sets, account assignments, governance, and access lifecycle management.
- Develop and manage AWS IAM roles, policies, trust relationships, MFA enforcement, and least-privilege access models.
- Implement identity federation integrations between enterprise IdPs (preferably PingFederate) and AWS using SAML/OIDC and SCIM provisioning.
- Build and maintain Infrastructure-as-Code (IaC) automation using Terraform for cloud identity deployments.
- Develop reusable Terraform modules, manage remote state, environment segregation, and secure secrets/variable handling.
- Service Principals (SPNs)
- App Registrations
- Enterprise Applications
- Role assignments
- Conditional Access policies
- Design and implement secure CI/CD pipelines for identity deployment automation using Jenkins, Horizon, CircleCI, and Bitbucket.
- Support application onboarding and federation integrations with Entra ID.
- Design secure, scalable, auditable, and compliant identity deployment pipelines.
- Collaborate with Security, Cloud Engineering, Audit, Infrastructure, and Operations teams.
- Implement monitoring, logging, reporting, and audit evidence generation for cloud identity systems.
- Troubleshoot federation, authentication, authorization, and provisioning issues.
- Develop automation scripts using PowerShell and/or Python.
- Support governance, risk, compliance, and operational support requirements.
- SSO
- MFA
- SAML
- OAuth2/OIDC
- Federation technologies
- Token flows
- Identity governance and access control
- Terraform & Infrastructure Automation
- Mandatory hands-on experience with Terraform including:
- Module development
- Remote state management
- Multi-environment deployments
- Secure variable and secret handling
- Infrastructure automation best practices
- DevOps & CI/CD
- Jenkins
- Horizon
- CircleCI
- Bitbucket
- Experience designing secure and auditable deployment pipelines.
- Azure & AWS Identity Automation
- Service Principals
- Enterprise Applications
- App Registrations
- Role assignments
- Conditional Access policies
- Experience integrating enterprise IdPs with AWS environments.
- Strong knowledge of least-privilege security patterns and access governance.
- Scripting & APIs
- PowerShell
- Python
- Experience using:
- REST APIs
- Microsoft Graph API
- Soft Skills
- Excellent communication and stakeholder management skills.
- Ability to explain technical concepts to both technical and non-technical audiences.
- Ability to work as a hands-on SME across cross-functional teams.
- Microsoft Azure Security Engineer Associate (AZ-500) certification.
- AWS Certified Security - Specialty certification.
- Experience with PingFederate administration and troubleshooting.
- Experience integrating ServiceNow or event-to-ticket workflows.
- PKI infrastructure
- Certificates and CA management
- Certificate-based authentication
- Encryption and key management solutions