Identity and Access Management (IAM) Cloud Engineer
Regions Financial Corporation, Charlotte, NC, United States
Job Description:
At Regions, the Identity and Access Management (IAM) Engineer is responsible for working cross‑functionally across the organization with business and IT partners, as well as external service partners to deliver the Identity Governance and Administration (IGA) capabilities across Regions. This role includes role‑based access controls (RBAC), attribute‑based access controls (ABAC), access review/certification, automated provisioning and de‑provisioning, and access requests.
Primary Responsibilities
Designs, develops, tests, implements, and integrates Identity and Access Management (IAM) systems and solutions
Ensures that solutions protect information resources against unauthorized use, inappropriate degrees of access, disclosure, damage and/or loss
Analyzes and maintains data to ensure projects deliver on time
Ensures the maintenance, patching, operating, and monitoring of IAM systems
Supports and resolves system incidents, problems and changes
Designs and implements reusable strategies, decisions, service components, libraries and frameworks to support enterprise-level IAM services
Onboards new applications and creates custom workflows, rules, and reports based on business requirements
Creates and analyzes documentation of process, guidelines, standards, technical specifications, as well as drawing network & system architecture diagrams
Leverages bash scripting to maintain the night processing script
Meets and encourages project teams to communicate project status, development issues/roadblocks, and requirements feasibility
This position is exempt from timekeeping requirements under the Fair Labor Standards Act and is not eligible for overtime pay.
Requirements
Bachelor's degree and six (6) years of experience in a related field
Preferences
Advanced understanding of UNIX security, as it relates to user access and provisioning
Experience with Agile methodology and SDLC concepts/tools (Git, Atlassian stack)
Experience with Linux/Unix, Windows, scripting (with programming languages such as Bash, PowerShell, or Perl), SQL, LDAP, and web services
Experience with one or more programming languages such as Java, C#, C/C++, Python, or JavaScript
Experience with role‑based access controls and configuring automated provisioning and deprovisioning
Experience with SailPoint (version 7.0 or later) or another IGA/IAM platform
Recognized security industry certifications (CISSP, CIAM, etc.)
Technical experience in systems integration or software engineering of identity and access management (IAM) solutions (such as BeyondTrust, CyberArk, AWS, Duo, OIM, Ping Identity, RadiantLogic, SailPoint, Okta, Active Directory, RACF)
Skills and Competencies
Demonstrated ability to multi‑task, to be self‑initiated, and work independently
Excellent customer service and interpersonal skills
Excellent time management skills
Excellent organizational, research, analytical and/or problem‑solving skills to evaluate situations, make recommendations, and take effective action
Knowledge and skill in technical problem resolution
Strong attention to detail and outstanding analytical skills
Strong written and verbal communication skills
Preferred Qualifications
Knowledge of AWS, Azure, and Vault identities and authentication methods including identity management, federation, credential handling, roles and policies
Technologies: AWS Identity Center, IAM Users, Service Control Policies, STS, OIDC; Azure EntraID, Application Registrations, Hierarchical IAM RBAC, Managed Identities, Graph, Policies
Knowledge of vault solutions and technologies, including security and operational best practices and appropriate use cases
HashiCorp Vault, AWS Secrets Manager, Azure Key Vault
Experience with DevSecOps technologies including GitHub, Terraform, Harness and managing AWS, Azure, and managing COTS software in that environment
General experience and knowledge of cloud and IAM security best practices
Experience running workloads in AWS and Azure and familiarity deploying and using load balancing, virtual machines, secrets vaults, log analytics, and storage services
Scripting experience in Python or PowerShell for both automation, reporting, and assurance of IAM configurations in AWS, Azure, and Vault
HashiCorp Vault experience managing deployment, authentication, policies, and secrets engines as well as integration of Vault into a CI/CD pipeline
Experience with Kubernetes in a cloud environment
Work Arrangement and Location
This position is intended to be onsite, now or in the near future. Associates will have regular work hours, including full days in the office three or more days a week. The manager will set the work schedule for this position, including in‑office expectations. Regions will not provide relocation assistance for this position, and relocation would be at your expense. The locations available for this role are Birmingham, AL; Atlanta, GA; Nashville, TN; or Charlotte, NC.
Work Visa Policy
Regions will not sponsor applicants for work visas for this position at this time. Applicants for this position must currently be authorized to work in the United States on a full‑time basis.
Full time
Compensation Details
Pay ranges are job specific and are provided as a point‑of‑market reference for compensation decisions. Other factors which directly impact pay for individual associates include experience, skills, knowledge, contribution, job location and, most importantly, performance in the job role. As these factors vary by individuals, pay will also vary among individual associates within the same job.
Job Range Target:
Minimum: $134,275.35 USD
Median: $176,000.00 USD
Incentive Pay Plans
Opportunity to participate in the Long Term Incentive Plan.
Benefits Information
Regions offers a benefits package that is flexible, comprehensive and recognizes that "one size does not fit all" for benefits‑eligible associates. Listed below is a synopsis of the benefits offered by Regions for informational purposes, which is not intended to be a complete summary of plan terms and conditions.
Paid Vacation/Sick Time
401K with Company Match
Medical, Dental and Vision Benefits
Disability Benefits
Health Savings Account
Flexible Spending Account
Life Insurance
Parental Leave
Employee Assistance Program
Associate Volunteer Program
Benefits and plans may be changed, amended, or terminated with respect to all or any class of associate at any time. To learn more about Regions’ benefits, visit https://www.regions.com/about-regions/welcome-portal/benefits
Location Details
Riverchase Operations Center
Hoover, Alabama
Equal Opportunity Employer / including Disabled / Veterans
#J-18808-Ljbffr
At Regions, the Identity and Access Management (IAM) Engineer is responsible for working cross‑functionally across the organization with business and IT partners, as well as external service partners to deliver the Identity Governance and Administration (IGA) capabilities across Regions. This role includes role‑based access controls (RBAC), attribute‑based access controls (ABAC), access review/certification, automated provisioning and de‑provisioning, and access requests.
Primary Responsibilities
Designs, develops, tests, implements, and integrates Identity and Access Management (IAM) systems and solutions
Ensures that solutions protect information resources against unauthorized use, inappropriate degrees of access, disclosure, damage and/or loss
Analyzes and maintains data to ensure projects deliver on time
Ensures the maintenance, patching, operating, and monitoring of IAM systems
Supports and resolves system incidents, problems and changes
Designs and implements reusable strategies, decisions, service components, libraries and frameworks to support enterprise-level IAM services
Onboards new applications and creates custom workflows, rules, and reports based on business requirements
Creates and analyzes documentation of process, guidelines, standards, technical specifications, as well as drawing network & system architecture diagrams
Leverages bash scripting to maintain the night processing script
Meets and encourages project teams to communicate project status, development issues/roadblocks, and requirements feasibility
This position is exempt from timekeeping requirements under the Fair Labor Standards Act and is not eligible for overtime pay.
Requirements
Bachelor's degree and six (6) years of experience in a related field
Preferences
Advanced understanding of UNIX security, as it relates to user access and provisioning
Experience with Agile methodology and SDLC concepts/tools (Git, Atlassian stack)
Experience with Linux/Unix, Windows, scripting (with programming languages such as Bash, PowerShell, or Perl), SQL, LDAP, and web services
Experience with one or more programming languages such as Java, C#, C/C++, Python, or JavaScript
Experience with role‑based access controls and configuring automated provisioning and deprovisioning
Experience with SailPoint (version 7.0 or later) or another IGA/IAM platform
Recognized security industry certifications (CISSP, CIAM, etc.)
Technical experience in systems integration or software engineering of identity and access management (IAM) solutions (such as BeyondTrust, CyberArk, AWS, Duo, OIM, Ping Identity, RadiantLogic, SailPoint, Okta, Active Directory, RACF)
Skills and Competencies
Demonstrated ability to multi‑task, to be self‑initiated, and work independently
Excellent customer service and interpersonal skills
Excellent time management skills
Excellent organizational, research, analytical and/or problem‑solving skills to evaluate situations, make recommendations, and take effective action
Knowledge and skill in technical problem resolution
Strong attention to detail and outstanding analytical skills
Strong written and verbal communication skills
Preferred Qualifications
Knowledge of AWS, Azure, and Vault identities and authentication methods including identity management, federation, credential handling, roles and policies
Technologies: AWS Identity Center, IAM Users, Service Control Policies, STS, OIDC; Azure EntraID, Application Registrations, Hierarchical IAM RBAC, Managed Identities, Graph, Policies
Knowledge of vault solutions and technologies, including security and operational best practices and appropriate use cases
HashiCorp Vault, AWS Secrets Manager, Azure Key Vault
Experience with DevSecOps technologies including GitHub, Terraform, Harness and managing AWS, Azure, and managing COTS software in that environment
General experience and knowledge of cloud and IAM security best practices
Experience running workloads in AWS and Azure and familiarity deploying and using load balancing, virtual machines, secrets vaults, log analytics, and storage services
Scripting experience in Python or PowerShell for both automation, reporting, and assurance of IAM configurations in AWS, Azure, and Vault
HashiCorp Vault experience managing deployment, authentication, policies, and secrets engines as well as integration of Vault into a CI/CD pipeline
Experience with Kubernetes in a cloud environment
Work Arrangement and Location
This position is intended to be onsite, now or in the near future. Associates will have regular work hours, including full days in the office three or more days a week. The manager will set the work schedule for this position, including in‑office expectations. Regions will not provide relocation assistance for this position, and relocation would be at your expense. The locations available for this role are Birmingham, AL; Atlanta, GA; Nashville, TN; or Charlotte, NC.
Work Visa Policy
Regions will not sponsor applicants for work visas for this position at this time. Applicants for this position must currently be authorized to work in the United States on a full‑time basis.
Full time
Compensation Details
Pay ranges are job specific and are provided as a point‑of‑market reference for compensation decisions. Other factors which directly impact pay for individual associates include experience, skills, knowledge, contribution, job location and, most importantly, performance in the job role. As these factors vary by individuals, pay will also vary among individual associates within the same job.
Job Range Target:
Minimum: $134,275.35 USD
Median: $176,000.00 USD
Incentive Pay Plans
Opportunity to participate in the Long Term Incentive Plan.
Benefits Information
Regions offers a benefits package that is flexible, comprehensive and recognizes that "one size does not fit all" for benefits‑eligible associates. Listed below is a synopsis of the benefits offered by Regions for informational purposes, which is not intended to be a complete summary of plan terms and conditions.
Paid Vacation/Sick Time
401K with Company Match
Medical, Dental and Vision Benefits
Disability Benefits
Health Savings Account
Flexible Spending Account
Life Insurance
Parental Leave
Employee Assistance Program
Associate Volunteer Program
Benefits and plans may be changed, amended, or terminated with respect to all or any class of associate at any time. To learn more about Regions’ benefits, visit https://www.regions.com/about-regions/welcome-portal/benefits
Location Details
Riverchase Operations Center
Hoover, Alabama
Equal Opportunity Employer / including Disabled / Veterans
#J-18808-Ljbffr