Lead IAM Specialist – Remote Contract

Job Description

Company: Arctiq

Location: Erie, US

Arctiq is a global, intelligence-driven technology services company delivering professional and managed services across Hybrid Cloud Infrastructure, Networking & Connected Experiences, Cybersecurity, Data & AI, Autonomous Operations & Intelligence, and Enterprise Service Management. We help organizations operate, secure, and modernize complex environments by unifying infrastructure, networking, data, security, automation, and observability under a single, integrated operating model. Our work focuses on helping customers reduce operational friction, improve resilience, and make better, faster decisions as their environments evolve.

Arctiq builds on decades of industry expertise and a customer-centric ethos to deliver exceptional value to clients across diverse industries.

We are seeking a highly experienced Lead IAM Specialist to architect, lead, and operationalize our client’s enterprise identity and access management program across a multi-cloud environment (AWS, Azure, and GCP). This senior role combines deep technical expertise in cloud-native IAM, zero trust security architecture, and policy-as-code with the strategic leadership needed to define team structure, drive secure-by-default platform engineering, and embed identity governance into every layer of our cloud operations and CI/CD pipelines.

The ideal candidate brings hands-on mastery of AWS multi-account governance, zero trust frameworks, CIEM, secure microservices development, and CSPM tooling (Wiz), and has a proven track record of leading large-scale IAM cloud programs from strategy through execution.

This is a remote, contract opportunity for one of Arctiq’s clients.

Key Responsibilities

Enterprise IAM Architecture & Multi-Cloud Governance

• Design and enforce IAM least-privilege models across AWS Organizations, Landing Zones, and Service Control Policies (SCPs), with parity controls extended to Azure and GCP.
• Lead zero trust initiatives end-to-end: verify-explicitly policies, Just-in-Time (JIT) / Just-Enough-Access (JEA) provisioning, CIEM integration, and identity platform governance.
• Define and maintain approved access patterns for services and users, aligned to predefined roles (Reader, Contributor, Administrator) and documented as policy-as-code.
• Implement and govern OAuth/OIDC flows, service mesh identity controls, and federated identity across cloud and on-prem environments.

Inventory & Cloud Security Posture Management

• Maintain a comprehensive inventory of all approved AWS and Azure services, cataloging IAM resources and differentiating between control plane (roles, policies) and data plane (user/key/role/policy/group) resources.
• Manage credentials for local data plane resources in vaults; ensure resource policies are applied consistently across services.
• Utilize Wiz (CSPM) for cloud asset inventory, compliance reporting, evidence collection, and correlation to AWS/Azure/GCP documentation.
• Identify and govern external dependencies including secrets, keys, and cross-account policies.

Metadata Strategy & Module Development

• Develop a comprehensive metadata tagging strategy mapped to application service lines (ASL), environments, and repository associations.
• Design and build reusable IAM modules for each service access pattern, published to the service registry with consistent enforcement of naming conventions, metadata, and parameters.
• Customize module policies to accommodate unique use cases while maintaining governance guardrails.
• Establish methods to correlate modules with service resource policies and user roles/policies.

Policy-as-Code & Secure IaC/CI-CD Integration

• Embed IAM guardrails and policy-as-code controls natively into IaC templates (Terraform, CloudFormation) and CI/CD pipelines for secure-by-default provisioning.
• Develop methodologies and criteria for pre-approved service registry modules deployable via pipelines vs. those requiring manual review.
• Define and enforce controls pertinent to IAM and cloud security standards across all services; implement a shift-left strategy to proactively address IAM cloud operations.

Secure Microservices & Application Security

• Guide and contribute to secure microservices development in Python and Go on AWS, Azure, and GCP, including async and event-driven architectures.
• Establish secure coding standards and review processes for service identity, inter-service authentication, and least-privilege service accounts.
• Oversee network and data security controls: segmentation, KMS/encryption strategies, and cloud-native logging and detection pipelines.

Documentation, Procedures & SDLC</

Source: BeBee