Details about the job offer
Architecte IAM / IGA / PAM Cloud
| N ° of the post |
2026/R056/P001 |
| Domain | Computers, Media and Telecommunications |
| Recruitment sector | Private |
| Diploma | National Basic Bachelor’s Degree National Applied Degree National Engineering Diploma Mastery National Professional Master’s Diploma Research Master’s Degree |
| Country of assignment | Canada |
| Duration of contract | 2 Year |
| Civil status | Single, Married |
| Specialties | Software and programming |
| Languages | English French |
| Age limit | 50 |
| Expected date of recruitment | 06.05.2026 |
| Deadline for submission of application | 10.06.2026 |
| Number of years of experience | 5 |
| Kind | Homme, Femme |
| Job Description | Job Description We are seeking a Senior Cloud Identity Security Architect with advanced expertise in IAM/PAM architecture, Kubernetes security, machine-to-machine identity, and cloud-native access governance. The ideal candidate will combine: Enterprise IAM architecture Advanced PAM Kubernetes security Workload/service account identity Secure IaC automation Cloud-native identity federation Distributed Zero Trust DevSecOps security engineering This role involves designing complex identity security architectures in multi-cloud environments using Kubernetes, Terraform, secure CI/CD, and advanced secrets management. Technical Responsibilities Design a high-availability, cloud-native IAM/PAM architecture Architect SailPoint IdentityIQ/IdentityNow integrations with real-time provisioning via SCIM/API Develop RBAC/ABAC models for multi-cluster Kubernetes Design workload identity federation authentication mechanisms Integrate CyberArk with Kubernetes secrets injection and automated rotation Secure machine-to-machine (M2M) access (identity security) Design SPIFFE/SPIRE architectures for workload identities Implement JIT/JEA/JPA (Just-In-Time/Just-Enough-Access) strategies Design risk-based Zero Trust conditional access policies Secure GitOps and CI/CD pipelines with OIDC federation Develop distributed secrets management models via Vault/CyberArk Conjur Design cloud-native PAM architectures Without static credentials Implement session isolation and privileged session recording mechanisms Architecture Kubernetes admission control and policy enforcement strategies Define security controls related to Kubernetes service accounts Design automated cloud credential rotation mechanisms Secure Terraform Enterprise access and IaC pipelines Design multi-cloud temporary access delegation models Participate in compliance audits related to cloud privileged identities Required technical expertise Identity Governance & Administration (IGA) SailPoint IdentityIQ SailPoint IdentityNow SCIM provisioning Lifecycle management Access certification Identity orchestration Privileged Access Management (PAM) CyberArk PAS CyberArk Conjur Dynamic secrets Privileged session isolation Privileged Threat Analytics JIT privileged elevation Kubernetes & Cloud Identity Security Kubernetes RBAC internals ServiceAccount token projection Workload Identity Federation SPIFFE / SPIRE OPA Gatekeeper Kyverno Istio security mTLS architecture Cloud & Infrastructure Security Azure Enterprise Workload ID AWS IAM Identity Center IRSA (IAM Roles for Service Accounts) Azure Managed Identities Terraform Enterprise security Vault Enterprise Identity Federation & Authentication OAuth2 OpenID Connect SAML 2.0 FIDO2 WebAuthn Conditional Access Policies Risk-based authentication DevSecOps & Automation GitHub Actions OIDC federation GitOps security Secure CI/CD architecture Terraform Sentinel Policies Infrastructure-as-Code security Secretless authentication Desired Profile More than 10 years of experience in advanced security or IAM architecture Experience in large-scale production Kubernetes environments Mastery of modern Zero Trust architectures Experience with workload identity and machine identity security Expertise Cloud-native PAM integration Ability to architect environments without static credentials Experience in API-driven identity orchestration Strong hands-on technical skills |