Job Description
- Design, deploy, and manage secure and scalable cloud environments (AWS, Azure, or GCP).
- Develop, implement, and maintain Identity and Access Management (IAM) strategies and solutions across cloud and hybrid environments.
- Define, review, and enforce IAM policies, roles,permissions, and multi-factor authentication (MFA) configurations to ensure principle of least privilege (PoLP).
- Implement and manage federated identity solutions (e.g., SAML, OIDC, SCIM) for single sign-on (SSO), role-based access control (RBAC), and attribute-based access control (ABAC).
- Support identity lifecycle management, including user provisioning, de-provisioning, entitlement reviews, and access recertification processes.
- Collaborate with internal and external stakeholders to assess identity security requirements, gaps, and compliance needs.
- Conduct access reviews and audits, and respond to IAM-related findings from security assessments or compliance requirements.
- Evaluate and integrate cloud-native IAM services (e.g., AWS IAM, Azure Entra ID, GCP IAM) and 3rd-party IAM platforms (e.g., Okta, Ping, SailPoint, CyberArk).
- Monitor IAM system performance, logs, and events to detect anomalies and potential abuse.
- Assist in cloud migration projects with a focus on secure access control transition between cloud providers or from on-prem environments.
- Configure and manage monitoring and SIEM tools to include IAM event logging (e.g., login failures, permission escalations).
- Lead or participate in IAM-related incident investigations, conducting root cause analysis and supporting recovery and forensics.
- Provide expert guidance and training to DevOps, application, and IT teams on secure IAM practices.
- Develop and maintain documentation, IAM governance frameworks, and reference architectures for compliance and operational consistency.
Job Requirements
- Degree in Cloud Architecture, Cybersecurity, or a related discipline IAM-specific certifications are a strong plus.
- Minimum 2 years of hands-on experience managing cloud environments with significant involvement in IAM design and administration.
- Proficient in:
- IAM platforms and protocols (e.g., SAML, OIDC, SCIM, OAuth2)
- Cloud-native IAM services (AWS IAM, Azure Entra ID, GCP IAM)
- Access control models (RBAC, ABAC, Zero Trust)
- Directory services and identity providers (e.g., Active Directory, Azure AD, Okta, Ping Identity)
- Experience implementing identity federation, SSO, and just-in-time (JIT) provisioning.
- Working knowledge of DevOps and infrastructure-as-code tools (e.g., Terraform, CloudFormation) for managing IAM configurations.
- Experience with cloud security posture management (CSPM) and access governance.
- Familiarity with compliance standards (e.g., ISO 27001, SOC2, NIST, CIS Benchmarks) related to IAM.
Interested candidates, please click APPLY to begin your job search journey and submit your CV directly through the official PERSOLKELLY job application platform -
We regret to inform you that only shortlisted candidates will be notified.
Siow Ee Sheng | REG No : R23118145
PERSOLKELLY SINGAPORE PTE LTD | EA License No : 01C4394
This is in partnership with Employment and Employability Institute Pte Ltd (e2i). e2i is the empowering network for workers and employers seeking employment and employability solutions. e2i serves as a bridge between workers and employers, connecting with workers to offer job security through job-matching, career guidance and skills upgrading services, and partnering employers to address their manpower needs through recruitment, training and job redesign solutions. e2i is a tripartite initiative of the National Trades Union Congress set up to support nation-wide manpower and skills upgrading initiatives. By applying for this role, you consent to e2i's PDPA.
By sending us your personal data and curriculum vitae (CV), you are deemed to consent to PERSOLKELLY Singapore Pte Ltd and its affiliates to collect, use and disclose your personal data for the purposes set out in the Privacy Policy available at You acknowledge that you have read, understood, and agree with the Privacy Policy.
