CloudOps Engineer – AWS IAM & Security
We are looking for a skilled CloudOps Engineer to strengthen the security foundation of our AWS environments. Your primary focus will be on identity governance, access controls, and policy enforcement across a distributed cloud infrastructure. You will ensure that access is granted securely, reviewed regularly, and aligned with operational needs.
Key Responsibilities
- Develop, validate, and implement granular JSON-based IAM policies, including identity-based policies, resource policies, and permission boundaries.
- Conduct routine access reviews to detect and remove stale or unauthorized permissions, reducing the risk of shadow access.
- Manage and secure multi-account AWS environments using AWS Organizations and enforce guardrails through Service Control Policies (SCPs).
- Diagnose and resolve complex 'Access Denied' errors across core AWS services such as S3, EC2, and Lambda.
- Administer single sign-on solutions using AWS IAM Identity Center, SSO, OIDC, and SAML integrations for seamless developer access.
- Oversee the lifecycle of credentials and secrets using AWS Secrets Manager and maintain encryption standards via KMS key policies.
- Automate security tasks and resource provisioning using AWS CLI, Terraform, or CloudFormation templates.
- Use scripting in Python or Bash to interact with AWS APIs and streamline operational workflows.
- Handle the majority of tasks through Jira ticketing, while contributing to internal team initiatives in the same technical domain.
- Collaborate with cross-functional teams where access and identity systems intersect with broader infrastructure workflows.
Required Qualifications
- 1.5 to 3 years of direct experience working within the AWS ecosystem, with a focus on IAM and security services.
- Strong grasp of IAM evaluation logic, including how SCPs, permission boundaries, and policies interact to allow or deny access.
- Experience using AWS CloudTrail and CloudWatch for monitoring, auditing, and forensic investigations.
- Proficiency in writing scripts (Python or Bash) to automate interactions with AWS services.
- Familiarity with S3 security configurations, including bucket policies, ACLs, and public access settings.
- Working knowledge of AWS IAM Identity Center and console access management.
- Basic understanding of Terraform syntax and infrastructure-as-code principles.
- Knowledge of YAML and JSON for policy and template definition.
- Experience with AWS CloudFormation, particularly for defining IAM policies.
- Familiarity with Jira and Confluence for task and documentation management.
- Basic GitHub skills, including branch management, pull requests, and collaboration workflows.
Technology Environment
Our stack centers on AWS services with a strong emphasis on identity and access management. Key technologies include IAM, AWS Organizations, SCPs, IAM Identity Center, SSO, OIDC, SAML, KMS, Secrets Manager, S3, EC2, Lambda, CloudTrail, CloudWatch, Terraform, CloudFormation, AWS CLI, Python, Bash, JSON, YAML, Jira, Confluence, and GitHub.
Benefits & Compensation
Enjoy attractive compensation, performance bonuses, and financial aids. We support professional growth through access to training and certification programs. Team events and social activities foster connection and collaboration. Our work environment values authenticity, inclusion, and diverse perspectives.
Work Environment
This is a locally based role, requiring presence within the country. The position operates in a collaborative technical setting with structured workflows and cross-team engagement.
Our Culture
We are committed to building a workplace rooted in inclusion, diversity, and authenticity. Our approach to employment equity ensures all individuals have the opportunity to contribute and grow, regardless of background. We believe diverse experiences strengthen our solutions and our teams.
