Cloud Engineer IAM

We are looking for a Cloud Engineer IAM to join our team.

What you'll do:

• Design, implement, and manage Identity and Access Management (IAM) solutions using Microsoft Entra ID (Azure AD) and Amazon AWS.

• Ensure secure integration of IAM services with internal and external applications across multi-cloud environments.

• Develop and maintain PowerShell scripts, Azure Automation workflows, and Microsoft Graph API-based solutions to automate identity lifecycle processes.

• Implement self-service capabilities for user and group management to improve operational efficiency.

• Manage full identity lifecycle processes, including onboarding, role changes, and offboarding, ensuring proper access provisioning and deprovisioning.

• Apply Role-Based Access Control (RBAC), conditional access policies, and least-privilege principles across systems.

• Implement and manage Azure AD Privileged Identity Management (PIM), including just-in-time access, approval workflows, and access reviews.

• Conduct periodic access reviews, audits, and compliance checks to ensure adherence to security policies and standards.

• Provide Level 2 and Level 3 support for IAM-related incidents, including troubleshooting authentication and authorization issues.

• Act as an escalation point for complex identity and access management problems.

• Monitor, analyze, and optimize IAM systems to improve security, efficiency, and performance.

• Collaborate with security, compliance, and infrastructure teams to ensure aligned IAM strategies.

• Manage external collaboration scenarios, including Azure AD B2B access and secure partner integrations.

• Implement federated identity and Single Sign-On (SSO) between Azure AD and AWS environments.

• Develop automation solutions to streamline repetitive operational tasks and improve service delivery.

• Maintain detailed technical documentation, IAM workflows, and operational procedures.

• Provide guidance and training to technical teams and end users on IAM best practices.

What you will need to bring:

• Strong experience in Identity and Access Management using Microsoft Entra ID (Azure AD) and Amazon AWS IAM services.

• Solid experience with PowerShell scripting, Azure Automation, and Microsoft Graph API.

• Strong understanding of RBAC, MFA, conditional access policies and identity governance concepts.

• Hands-on experience with Azure AD Privileged Identity Management (PIM).

• Experience in IAM security best practices, compliance, and audit processes.

• Strong analytical and troubleshooting skills, with the ability to resolve complex IAM issues.

• Experience working in multi-cloud environments (Azure and AWS).

• Strong communication and stakeholder management skills.

• Ability to document processes clearly and provide technical training when needed.

• Strong organizational skills with the ability to manage multiple priorities.

• Full command of English (spoken and written); French is considered an advantage.

• Holds nationality of a NATO member state.

• Holds, or is eligible to obtain, a NATO Secret security clearance (or equivalent national clearance).

• Ability to work remotely within core hours aligned with Brussels time zone.

What can Syone offer:

• Integration in an organization with profound and sustained growth and involvement in pioneering projects with innovative technological solutions;

• Strong IT training plans;

• Professional evolution with intervention in ambitious technological projects, both national and internationally.

By applying, you accept our GDPR policies. Your personal data in your CV and documents will be used solely for processing your application at SYONE. SYONE, S.A. (NIPC 504729624) is the data controller, located at Rua Alfredo da Silva, 8-A, Edifício Stern, Piso 3D, 2610-016 Amadora. We will use your data to tailor your application to relevant vacancies and for potential employment contracts. If selected, your data will be kept during your employment and for at least two years after. If not selected, your data will be kept for two years for future vacancies and then deleted, except for your contact details. You can exercise your rights (access, rectification, erasure, etc.) by emailing data.privacy@syone.com. Your data may be shared with our HR service providers and will be stored securely. You can withdraw your consent at any time. We will not use your data for other purposes without your express consent. For more information, email data.privacy@syone.com.