Identity Management Consultant

Next Era is looking for resource in experienced Identity & Access Management (IAM) Lead/Architect with deep expertise in Oracle Cloud Infrastructure (OCI) to design, implement, and govern cloud identity solutions. The ideal candidate will be responsible for OCI IAM strategy
, Zero Trust access
, privileged access controls
, federation/SSO
, RBAC/ABAC
, IAM automation
, and compliance across enterprise cloud workloads.

• Own and drive the OCI IAM architecture
  , including tenancy design, compartments, groups, dynamic groups, policies, tag-based governance
  , and guardrails.
• Define and implement least privilege access models using OCI policies and strong governance mechanisms.
• Establish IAM standards
  , reusable patterns, and design blueprints for OCI cloud adoption.

• Implement Joiner-Mover-Leaver (JML) lifecycle processes integrating enterprise directories (e.g., AD/Azure AD/LDAP) with OCI.
• Design Role-Based Access Control (RBAC) and, where needed,
  Attribute-Based Access Control (ABAC) models.
• Enforce MFA
  , conditional access patterns, secure session policies, and modern authentication approaches.

• Enable SSO and federation using SAML 2.0 / OAuth2 / OIDC
  , integrating with enterprise IdPs (e.g., Azure AD, Okta, Ping).
• Configure and support identity provider integrations for OCI Console, APIs, and enterprise applications.

• Design and enforce privileged access controls; integrate with PAM tools (e.g., Cyber Ark, Beyond Trust, Delinea) where applicable.
• Implement secure secrets and credential handling (OCI Vault / HSM where applicable), rotation strategies, and auditability.

• Automate provisioning and policy deployments using Terraform
  , CI/CD pipelines, and scripting (Python/Power Shell/Bash).
• Build IAM automation for access requests, approvals, recertifications, and reporting.

• Enable logging/monitoring for identity activities, including audit events and access analytics; integrate with SIEM tools (e.g., Splunk, Sentinel, QRadar).
• Support security/compliance frameworks such as ISO 27001, SOC2, PCI-DSS, SOX, HIPAA (as relevant).
• Conduct periodic access reviews, entitlement recertifications, and control validations.

• Act as a trusted IAM advisor to platform teams, application owners, compliance, and security leadership.
• Lead technical reviews, mentor team members, and drive incident response for identity-related security events.
• Produce high-quality documentation: HLD/LLD, SOPs, runbooks, and operational playbooks.

• 10+ years of overall experience in IAM / Security Engineering / Identity Architecture
  .
• Strong hands-on experience with OCI IAM
  , including:
• Groups/dynamic groups
• Policies & least privilege modeling
• Federation/SSO setup and troubleshooting
• Solid understanding of authentication/authorization protocols
  : SAML 2.0, OAuth2, OIDC, LDAP, Kerberos
  .
• Experience designing RBAC/ABAC models and implementing governance at enterprise scale.
• Experience with Terraform and automation (CI/CD) for IAM controls.
• Working knowledge of Cloud Security concepts:
  Zero Trust, segmentation, audit logging, encryption, key management, secure access patterns.
• Strong troubleshooting skills across identity flows (tokens, assertions, certificates, federation metadata, clock skew, etc.).

• Experience with OCI Vault
  , KMS/HSM concepts, and secrets rotation.
• Experience integrating OCI with Azure AD/Okta/Ping and IAM governance tools (e.g., SailPoint, Saviynt).
• Experience with PAM tooling and privileged workflows.
• Exposure to multi-cloud IAM patterns (AWS/Azure/GCP).
• Knowledge of Dev Sec Ops and security controls in CI/CD pipelines.

• Oracle Cloud Infrastructure (OCI) Security certification(s) (preferred)