Senior Cloud Security & IAM Engineer

IAM Engineer - Linthicum, MD About us Creative Information Technology Inc (CITI) is an esteemed IT enterprise renowned for its exceptional customer service and innovation. We serve both government and commercial sectors, offering a range of solutions such as Healthcare IT, Human Services, Identity Credentialing, Cloud Computing, and Big Data Analytics. With clients in the US and abroad, we hold key contract vehicles including GSA IT Schedule 70, NIH CIO-SP3, GSA Alliant, and DHS-Eagle II. Join us in driving growth and seizing new business opportunities. Role and Responsibilities Design, implement, and maintain secure cloud solutions across AWS and Azure environments. Conduct cloud security assessments, configuration reviews, and risk analyses for hybrid and multi-cloud systems. Implement and manage IAM, IGA, and PAM solutions using SailPoint, Saviynt, Okta, and CyberArk, ensuring strong access governance and compliance. Integrate DevSecOps security tools into CI / CD pipelines using GitHub Actions, Jenkins, and Terraform, enhancing automation and security posture. Perform third-party and vendor security assessments, evaluating controls and compliance with security frameworks. Deploy and manage CNAPP and CSPM tools such as Wiz, Prisma Cloud, Ermetic, and CrowdStrike for continuous security posture monitoring. Implement RBAC, MFA, and Zero Trust principles to strengthen identity and access control mechanisms. Conduct vulnerability assessments and remediation using tools like Nessus, Tenable, Qualys, and Trivy. Ensure compliance with industry frameworks and regulations (ISO 27001, NIST 800-53, PCI DSS, HIPAA, FedRAMP, CJIS). Collaborate with application and infrastructure teams to embed security best practices throughout the software development lifecycle. Configure network segmentation, security groups, and endpoint protection to safeguard workloads and data. Integrate monitoring and alerting tools such as AWS WAF, GuardDuty, Security Hub, CloudTrail, and New Relic for threat detection and incident response. Participate in security incident management, conducting investigations, root cause analysis, and remediation. Stay current with emerging threats, technologies, and security trends to proactively strengthen the organization’s cloud defense posture. Minimum Qualification Bachelor’s or master’s degree in computer science, Information Technology, or a related field. Strong hands-on expertise with AWS security services – IAM, GuardDuty, Security Hub, Inspector, KMS, WAF, CloudTrail, Cognito. Working knowledge of Azure Security Center, Microsoft Defender, and Entra ID (Azure AD). Experience with SailPoint IIQ, Saviynt, Okta, and CyberArk for identity lifecycle management and governance. Familiarity with Zero Trust architecture, least privilege access, and access certification models. Proficiency with DevSecOps and automation tools : Terraform, Ansible, Docker, Kubernetes, Jenkins, GitHub Actions. Experience implementing and managing CSPM and CWPP solutions (Wiz, Prisma Cloud, Ermetic, CrowdStrike). Solid understanding of compliance standards (ISO 27001, NIST, PCI DSS, HIPAA, FedRAMP). Strong analytical, troubleshooting, and collaboration skills, with the ability to manage security across complex enterprise environments. Preferred Qualification Proven expertise in multi-cloud security architecture (AWS & Azure) with hands-on experience implementing Zero Trust, IAM / PAM / IGA, and DevSecOps automation using Terraform and CI / CD pipelines. Strong proficiency with cloud security tools such as Wiz, Prisma Cloud, CrowdStrike, and CyberArk, integrating them for continuous posture management, threat detection, and compliance. Deep understanding of security frameworks and compliance standards (ISO 27001, NIST, PCI DSS, FedRAMP) with the ability to align enterprise cloud environments to governance best practices.