Senior Cloud IAM Engineer (US Federal)
Role details
Job location
Tech stack
Job description
security requirements, all Workday personnel working on these contracts must be U.S. citizens (naturalized or native).Employees may be required to work on site at client locations in the DC, MD, and VA (DMV) area.We are looking for a cloud engineer who focuses on managing entitlements and permissions in a cloud services environment (AWS, Azure/EntraID, or GCP). You will be one of our IAM engineers working to automate identity administration, authentication, and authorization to resources in the air-gapped network. The ideal candidate will understand infrastructure and compliance as code, use CI/CD pipelines, and be familiar with standard federation protocols (OAuth, OIDC, SAML, SCIM). You will collaborate with other teams in cloud engineering and the broader Cybersecurity organization as we build a new organization at Workday for the unique requirements of the DoD and Intel agencies of the U.S. Government.QualificationsBasic Qualifications:This role may require a, will consider for employment qualified applicants with arrest and conviction records. Workday is an Equal Opportunity Employer including individuals with disabilities and protected veterans.#J-18808-Ljbffr, U.S. Federal Government. Due to federal security requirements, all Workday personnel working on these contracts must be U.S. citizens (naturalized or native).Employees may be required to work on site at client locations in the DC, MD, and VA (DMV) area.We are looking for a cloud engineer who focuses on managing entitlements and permissions in a cloud services environment (AWS, Azure/EntraID, or GCP). You will be one of our IAM engineers working to automate identity administration, authentication, and authorization to resources in the air-gapped network. The ideal candidate will understand infrastructure and compliance as code, use CI/CD pipelines, and be familiar with standard federation protocols (OAuth, OIDC, SAML, SCIM). You will collaborate with other teams in cloud engineering and the broader Cybersecurity organization as we build a new organization at Workday for the unique requirements of the DoD and Intel agencies of the U.S., OpportunityPursuant to applicable Fair Chance law, Workday will consider for employment qualified applicants with arrest and conviction records. Workday is an Equal Opportunity Employer including individuals with disabilities and protected veterans.#J-18808-Ljbffr
Requirements
TS/SCI w/CI Poly level security clearance. Applicants must have the ability to obtain and maintain a U.S. government-issued security clearance. An active TS/SCI w/CI Poly is preferred.5+ years as a cloud engineer, focused on IAM.Experience in centralizing authentication/authorization and RBAC/PBAC.Managing infrastructure as code using tools like GitHub and Terraform.Experience developing tools for automation in Python or other programming languages.Experience integrating cloud platforms with external tools like Okta, EntraID or similar for centralized authentication and SSO.Experience utilizing one or more SIEM tools (Splunk or similar) for log aggregation and analysis, threat playbooks, and auditing.Preferred DoD 8570/8140 compliant with at least IAT Level II certification, including a current Computing Environment (CE) credential and one approved specialty certification (e.g., CompTIA CySA+, GICSP, CASP+).Familiarity with NIST 800-53 and DoD/Intel control frameworks.Bachelor's degree or higher in computer science, cybersecurity, or comparable work/educational experience.Familiarity with identity governance workflows, user lifecycle management (joiners, movers, leavers).CompensationPrimary Location: USA.VA.RestonPrimary Location Base Pay Range: $163,800 USD - $245,800 USDAdditional US Location(s) Base Pay Range: $148,200 USD - $264,000 USDFlexible WorkWith Flex Work, we combine the best of both worlds: in-person time and remote. Our approach enables teams to deepen connections, maintain a strong community, and do their best work. We don't set a required number of office days each week; instead, we spend at least 50% of our time each quarter in the office or in the field with customers, prospects, and partners (depending on role). Those in remote "home office" roles also have the opportunity to join in our offices for important moments that matter.Equal OpportunityPursuant to applicable Fair Chance law, Workday, Government.QualificationsBasic Qualifications:This role may require a TS/SCI w/CI Poly level security clearance. Applicants must have the ability to obtain and maintain a U.S. government-issued security clearance. An active TS/SCI w/CI Poly is preferred.5+ years as a cloud engineer, focused on IAM.Experience in centralizing authentication/authorization and RBAC/PBAC.Managing infrastructure as code using tools like GitHub and Terraform.Experience developing tools for automation in Python or other programming languages.Experience integrating cloud platforms with external tools like Okta, EntraID or similar for centralized authentication and SSO.Experience utilizing one or more SIEM tools (Splunk or similar) for log aggregation and analysis, threat playbooks, and auditing.Preferred DoD 8570/8140 compliant with at least IAT Level II certification, including a current Computing Environment (CE) credential and one approved specialty certification (e.g., CompTIA CySA+, GICSP, CASP+).Familiarity with NIST 800-53 and DoD/Intel control frameworks.Bachelor's degree or higher in computer science, cybersecurity, or comparable work/educational experience.Familiarity with identity governance workflows, user lifecycle management (joiners, movers, leavers).CompensationPrimary Location: USA.VA.RestonPrimary Location Base Pay Range: $163,800 USD - $245,800 USDAdditional US Location(s) Base Pay Range: $148,200 USD - $264,000 USDFlexible WorkWith Flex Work, we combine the best of both worlds: in-person time and remote. Our approach enables teams to deepen connections, maintain a strong community, and do their best work. We don't set a required number of office days each week; instead, we spend at least 50% of our time each quarter in the office or in the field with customers, prospects, and partners (depending on role). Those in remote "home office" roles also have the opportunity to join in our offices for important moments that matter.Equal
Benefits & conditions
skills to develop and the support of a company invested in you for the long haul.About the TeamAt Workday Government, we focus on outcomes that serve a larger mission. Our work supports U.S. federal agencies as they modernize and transform the full employee lifecycle experience and finance operations so they can operate with greater clarity, accountability, and trust. It's operational, high-impact, and demands rigor, integrity, and long-term thinking. From day one, you'll be part of a team that values collaboration, follow-through, and doing the right thing - especially when the stakes are high. The culture is grounded in integrity, respect, and shared responsibility. Here, curiosity is matched with accountability and ambition with trust, giving you space to do your best work and backing from a company committed to long-term investment in both its people and the federal mission.About the RoleThis role will support one or more direct or indirect contracts with the