Okta IAM Engineer

The Cloud Security Architect will lead the design and implementation of secure, scalable, and compliant cloud architectures across cloud-native, microservices, and AI-driven platforms. This role is critical in enabling digital transformation, modernization, and Zero Trust adoption while ensuring compliance with state and federal security frameworks. Technical Stack & Core Responsibilities

Cloud Platforms & Architecture AWS (Primary): EC2, S3, VPC, IAM, Lambda, API Gateway, CloudTrail, CloudWatch Azure (Nice to Have): Azure AD, Defender for Cloud, Key Vault Cloud-native architecture, multi-cloud/hybrid cloud environments Infrastructure as Code (IaC): Terraform, AWS CloudFormation

Security Frameworks & Compliance Texas Cybersecurity Framework (TCF) NIST 800-53, NIST CSF FedRAMP, HIPAA, IRS Publication 1075 Risk Management Framework (RMF)

Identity & Access Management (IAM) AWS IAM, Azure AD, RBAC, ABAC Zero Trust Architecture (ZTA) Multi-Factor Authentication (MFA), SSO (SAML, OAuth2, OIDC) Privileged Access Management (PAM)

Threat Modeling & Security Design STRIDE, DREAD methodologies Secure SDLC (SSDLC) Architecture Risk Analysis Security Design Reviews & Secure-by-Design principles

DevSecOps & Automation CI/CD Tools: Jenkins, GitHub Actions, Azure DevOps Security Integration: SAST, DAST, SCA tools (SonarQube, Checkmarx, Veracode, Snyk)

Container Security Docker, Kubernetes (EKS/AKS), OpenShift Secrets Management: HashiCorp Vault, AWS Secrets Manager

Application & API Security API Gateway Security, OAuth2, JWT Web Application Firewall (WAF), API Security Testing Microservices Security Architecture OWASP Top 10 Mitigation

Cloud Security Posture & Monitoring CSPM Tools: Prisma Cloud, Wiz, AWS Security Hub SIEM Tools: Splunk, ELK Stack, IBM QRadar Logging & Monitoring: CloudWatch, Azure Monitor Incident Response & Threat Detection

Encryption: AES-256, TLS 1.2+ Data Classification & Governance PII / PHI Data Protection Data Loss Prevention (DLP)

AI / ML Security (Preferred) Securing LLM-based systems AI data pipelines & model security Prompt injection & model risk mitigation

Minimum Qualifications Years Requirement Details 8+ Required Information Security Architecture & Cloud Security (AWS preferred) 8+ Required Cloud-native architecture & distributed systems security 8+ Required TCF, NIST 800-53 compliance implementation 8+ Required IAM, Zero Trust Architecture 8+ Required Threat Modeling & Risk Assessment 8+ Required Microservices, API, and Container Security 8+ Required CSPM tools & Cloud Security Monitoring 8+ Required DevSecOps integration & secure CI/CD pipelines 4+ Preferred AI/ML & LLM Security 4+ Preferred Data Protection (PII/PHI) 4+ Preferred Executive-level Risk Presentation 4+ Preferred Security Policies & Architecture Standards 2+ Preferred Certifications: CISSP, CISM, AWS Security Specialty Key Skills (ATS Keywords):

Cloud Security, AWS Security, Zero Trust, IAM, DevSecOps, Kubernetes Security, API Security, NIST 800-53, TCF, Terraform, SIEM, CSPM, Threat Modeling, Data Protection, AI Security, Microservices Security