×
Register Here to Apply for Jobs or Post Jobs. X

Principal IAM Cloud System Engineer, Technology & Digital

Job in Miami, Miami-Dade County, Florida, 33134, USA
Listing for: Baptist Health
Full Time position
Listed on 2026-07-18
Job specializations:
  • IT/Tech
    Cybersecurity, Cloud Computing: Infrastructure & Operations
Salary/Wage Range or Industry Benchmark: 122475 - 159217 USD Yearly USD 122475.00 159217.00 YEAR
Job Description & How to Apply Below
Position: Principal IAM Cloud System Engineer, Technology & Digital, FT, 8:30A - 5P

Principal IAM Cloud System Engineer

We are seeking a Principal Cloud IAM Engineer to design, implement, and govern our multi-cloud identity and access management (IAM) ecosystem. In this role, you will be the primary architect of our cloud security boundaries, ensuring that our workforce and automated systems have precise, least-privilege access across our cloud environments and productivity suites. The ideal candidate has deep hands-on expertise in federated identity systems, multi-directory synchronization, and the design of highly scalable IAM delegation models that empower engineering teams while maintaining strict security guardrails.

1. Multi-Cloud IAM Architecture & Administration

  • AWS IAM Identity Center:
    Architect and manage centralized single sign-on (SSO), permission sets, and multi-account access strategies across AWS Organizations.
  • Azure Entra  and maintain Enterprise Applications, App Registrations, conditional access policies, and group management.
  • Google Workspace:
    Govern administrative controls, organizational units (OUs), third-party app permissions, and API scopes.

2. IAM Delegation Model & Policy Design

  • Delegation Design:
    Define and roll out an enterprise-wide IAM delegation model, establishing clear boundaries between central security teams, platform engineering, and product development squads.
  • Access Control Patterns:
    Implement Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) using resource tags, AWS Session Tags, or Azure directory attributes.
  • Guardrails at Scale:
    Design and enforce Service Control Policies (SCPs) in AWS, Management Group policies in Azure, and Organization Policies in GCP to limit the blast radius of delegated privileges.

3. Federation, Provisioning & Automation

  • SSO & Federation:
    Implement and troubleshoot SAML 2.0, OpenID Connect (OIDC), and OAuth 2.0 integrations between identity providers (IdPs) and cloud services.
  • Automated Provisioning (SCIM):
    Configure SCIM-based user provisioning pipelines to automate user lifecycle management (joiners, movers, leavers) from Google Workspace or Entra  cloud environments.
  • Infrastructure as Code (IaC):
    Treat IAM as code. Author, test, and deploy IAM roles, policies, and directory group mappings using tools like Terraform or Open Tofu.
  • Automation Scripting:
    Write utility scripts (Python, Go, or Bash) to automate access audits, discover unused credentials, and clean up over-privileged roles.

4. Governance, Compliance & Auditing

  • Access Reviews:
    Establish continuous monitoring and automated periodic access reviews (Attestation) to satisfy industry compliance frameworks (e.g., SOC 2, HIPAA, ISO 27001).
  • Audit Trail Analysis:
    Monitor and analyze identity activity logs (AWS Cloud Trail, Azure Activity Logs, Google Workspace Audit logs) to detect potential credential abuse, privilege escalations, or policy violations.

Estimated salary range for this position is $122475.25 - $159217.83 / year depending on experience.

Qualifications

  • Master's degree in computer science or related fields
  • Experience:

    10+ years of dedicated experience in cloud engineering, with at least 5 years focused heavily on Cloud IAM.
  • Identity Platform Expertise:
    Proven, hands-on administration experience with:
    • AWS IAM Identity Center (SSO configuration, Permission Sets, AWS Organizations integrations).
    • Azure Entra  (Conditional Access, Directory Roles, Enterprise Apps).
    • Google Workspace (Directory Management, SSO integration, SAML/OIDC setup).
  • Architectural

    Experience:

    Experience designing and documenting an IAM delegation model for mid-to-large-size engineering organizations.
  • Federation Standards:
    Deep understanding of identity federation protocols: SAML 2.0, OAuth 2.0, and OIDC.

Preferred & Expanded Qualifications

  • IaC

    Skills:

    Strong experience managing IAM configurations using Terraform or an equivalent infrastructure-as-code tool.
  • Programming/Scripting:
    Proficiency in Python or Go for building custom IAM governance tools and integrations.
  • Compliance Knowledge:
    Experience implementing least-privilege frameworks in highly regulated environments (e.g., Healthcare/HIPAA, Finance/SOC
    2).
  • Security

    Certifications:

    Certified Information Systems Security Professional (CISSP), AWS Certified Security - Specialty, or Microsoft Certified:
    Identity and Access Administrator Associate.

Minimum

Required Experience:

10 Years

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary