JOB DESCRIPTION:

The Cloud Engineer – Identity is a senior-level role responsible for designing, implementing, and managing cloud identity and access management (IAM) solutions that protect Toyota’s cloud environments. You will play a key role in strengthening identity governance, enforcing least-privilege access, and building automation that drives compliance and security across AWS and other platforms.
This position is based in Plano, TX and requires 3 days onsite per week (moving to 4 days onsite in the future).

REQUIRED QUALIFICATIONS:

· 7–10 years total experience with 3–5 years focused in cloud engineering, DevOps, or IAM roles.
· Strong expertise in AWS Identity Center, IAM, Organizations, and Single Sign-On (SSO).
· Hands-on experience with Infrastructure as Code (Terraform, AWS CDK); Harness experience is a strong plus.
· Python programming expertise, particularly in building automation and Lambda-based event-driven solutions.
· Solid understanding of identity governance, access control models (RBAC/ABAC), and least privilege enforcement.
· Familiarity with AWS security and auditing tools (CloudTrail, Config, Security Hub).
· Experience with CI/CD pipelines, Git, and deployment automation.
· Knowledge of cloud security best practices, including encryption, key management, and compliance frameworks.
· Comfortable working in multi-account AWS environments and managing cross-account access.
· Bachelor’s degree in Computer Science, Engineering, or related field.

PREFERRED QUALIFICATIONS:

· Prior leadership experience (mentoring or leading a small team).
· AWS Certification (Associate/Professional level).
· Strong background in enterprise API or middleware security platforms.

KEY RESPONSIBILITIES:

· IAM Implementation: Configure and manage IAM roles, policies, permission boundaries, and AWS Identity Center across multiple AWS accounts.
· Access Controls: Support enforcement of least-privilege access and RBAC/ABAC models for scalable security.
· Automation & IaC: Build reusable IAM modules using Terraform (and Harness in the future) or AWS CDK to standardize deployments.
· Python & Lambda: Develop automation and event-driven solutions using Python and AWS Lambda to enhance IAM operations.
· CI/CD Integration: Incorporate identity validation into pipelines (Terraform/Harness) to ensure secure deployments.
· Security & Compliance: Partner with security teams to align IAM practices with audit, governance, and compliance standards.
· Monitoring & Troubleshooting: Use CloudTrail, Config, and Security Hub to monitor identity-related activity and resolve issues.
· Cross-Team Collaboration: Work closely with engineering, security, and compliance teams to improve IAM processes and ensure consistency across environments.