Join Nortal, a global technology consulting company driving digital transformation in governments, healthcare, and enterprises, impacting over half a billion lives worldwide.
We are a global technology consulting company with more than 2,700 employees, delivering transformative digital solutions for leading companies and governments. With over 25 years of experience, we are a trusted digital transformation partner in the public sector, healthcare, and enterprise domains, combining global expertise with local insights to deliver value at scale and speed.
We are seeking a hands-on Cloud Architect with strong Identity and Access Management expertise to design and guide IAM modernization across AWS, Azure, and GCP. You will work directly with clients, shape IAM strategy, validate technical solutions through PoCs and pilots, and support engineering teams as they implement your designs.
This role blends architecture, hands-on validation, and client-facing communication. You will translate complex identity challenges into practical solutions and ensure consistent, secure IAM patterns across a multi-cloud environment.
Identity Assessment and Analysis
Assess IAM environments across AWS IAM, Azure Entra ID, and GCP IAM by reviewing roles, permissions, service accounts, access patterns, and cloud audit logs such as CloudTrail, CloudWatch, Azure Monitor, and GCP Logging.
Identify gaps, risks, overly permissive access, and opportunities to modernize identity structures.
IAM Architecture and Future-State Design
Develop clear IAM architectures defining IAM Identity Center, SSO alignment, RBAC and ABAC models, PIM and JIT workflows, Conditional Access, SCP governance, and identity lifecycle improvements.
Translate complex identity findings into practical designs that engineering teams can adopt.
Access Modernization and Validation
Lead PoCs and pilot environments for modern VM access using AWS SSM Session Manager, Azure Bastion with Just In Time access, and GCP OS Login.
Stay actively involved in validation and guide engineering teams as access models are implemented.
Help teams transition away from legacy SSH and RDP workflows to more secure and auditable methods.
Logging Architecture and Visibility
Strengthen multi-cloud logging visibility by helping shape ingestion approaches using Vector, Splunk HEC, OpenSearch, VPC Flow Logs, database logs, and cloud-native logging across AWS, Azure, and GCP.
Ensure IAM, access activity, and audit trails are captured consistently during pilots and modernization.
Implementation Support and Troubleshooting
Partner with engineering teams during early rollout phases to verify design intent and assist in resolving issues surfaced during PoCs, pilots, and migrations.
Provide technical guidance to ensure IAM, access, and logging workflows operate as expected.
Documentation and Knowledge Transfer
Produce high-quality documentation such as architecture diagrams, runbooks, migration plans, deployment guidance, troubleshooting notes, and logging schema references.
Ensure operational and engineering teams have clear, complete, actionable materials.
Consulting
Serve as a trusted advisor by explaining trade-offs, guiding IAM decisions, and aligning technical and business teams.
Communicate solutions in a clear, approachable way for both technical and non-technical audiences.
Bachelor’s degree in Computer Science, Information Systems, Engineering, or a related technical field.
8 to 12 of experience in cloud security, IAM, or cloud engineering, with at least 3 to 5 specifically in cloud IAM architecture.
Experience with at least two major clouds from AWS, Azure, and GCP, with hands-on work in IAM services, identity workflows, and access models for those environments.
Hands-on experience with tools such as AWS IAM and IAM Identity Center, Azure Entra ID, PIM, Conditional Access, or GCP IAM and OS Login.
Experience using at least one logging or ingestion technology such as Vector, Splunk HEC, or OpenSearch to support audit trails, access visibility, or multi-cloud logging validation.
Strong familiarity with at least one cloud-native logging service such as CloudTrail, CloudWatch, Azure Monitor, or GCP Logging.
Experience running PoCs and pilots for IAM or access solutions, guiding engineering teams, and supporting troubleshooting during design validation.
Ability to create clear diagrams, documentation, and stakeholder-friendly explanations of IAM architecture.
Consulting or client-facing experience with the ability to articulate trade-offs and provide guidance to both technical and non-technical teams.
Nice to Have
Experience with Terraform or Terraform Enterprise.
Exposure to CIEM, IGA, or CNAPP tools such as Wiz.
Familiarity with Zero Trust frameworks.
Background with SSO federation, SCIM, or identity brokering.
Awareness of DevOps or GitOps practices related to IAM.
Why Nortal?
We hire people not only for their skills but also for cultural add. We live by our values: commit to delivering value and results, take ownership, empower yourself and others, and own your future and growth. Besides our professionalism, we like to spice things up with good humor.
We care about your growth & development. In Nortal we support constant improvement and knowledge sharing via Learning Hives, external and internal training, dedicated time for self-learning, a mentorship program, and strong 1:1 culture.
We prioritize your health & well-being by providing a flexible package for health insurance and sports initiatives.
We support your work-life balance and provide flexible working hours.
It's your choice whether you want to work from the office or remotely. With our Work From Anywhere program, you have the freedom to work where you work best. We have also launched the Nortal Nomad program for people wanting to move short-term to some other country.
Curious? Let's talk!
Physical Requirements:
Prolonged periods sitting or standing at a desk and working on a computer.
Nortal - Americas Is An Equal Opportunity Employer And All Qualified Applicants Will Receive Consideration For Employment Without Regard To Race, Color, Religion, Sex, National Origin, Disability Status, Protected Veteran Status, Or Any Other Characteristic Protected By Law.
The base salary range for this role is between 160k and 190k USD. Actual compensation for all roles will be based upon geographic location, work experience, education, licensure requirements and/or skill level and will be finalized at the time of offer.