Identity Management Consultant

Dear All,

NextEra is looking for resource in experienced Identity & Access Management (IAM) Lead/Architect with deep expertise in Oracle Cloud Infrastructure (OCI) to design, implement, and govern cloud identity solutions. The ideal candidate will be responsible for OCI IAM strategy , Zero Trust access , privileged access controls , federation/SSO , RBAC/ABAC , IAM automation , and compliance across enterprise cloud workloads.

Key Responsibilities

OCI IAM Architecture & Governance

• Own and drive the OCI IAM architecture , including tenancy design, compartments, groups, dynamic groups, policies, tag-based governance , and guardrails.
• Define and implement least privilege access models using OCI policies and strong governance mechanisms.
• Establish IAM standards , reusable patterns, and design blueprints for OCI cloud adoption.

Identity Lifecycle & Access Controls

• Implement Joiner-Mover-Leaver (JML) lifecycle processes integrating enterprise directories (e.g., AD/Azure AD/LDAP) with OCI.
• Design Role-Based Access Control (RBAC) and, where needed, Attribute-Based Access Control (ABAC) models.
• Enforce MFA , conditional access patterns, secure session policies, and modern authentication approaches.

Federation, SSO & Directory Integration

• Enable SSO and federation using SAML 2.0 / OAuth2 / OIDC , integrating with enterprise IdPs (e.g., Azure AD, Okta, Ping).
• Configure and support identity provider integrations for OCI Console, APIs, and enterprise applications.

Privileged Access Management (PAM) & Secrets

• Design and enforce privileged access controls; integrate with PAM tools (e.g., CyberArk, BeyondTrust, Delinea) where applicable.
• Implement secure secrets and credential handling (OCI Vault / HSM where applicable), rotation strategies, and auditability.

Automation & Infrastructure as Code (IaC)

• Automate provisioning and policy deployments using Terraform , CI/CD pipelines, and scripting (Python/PowerShell/Bash).
• Build IAM automation for access requests, approvals, recertifications, and reporting.

Monitoring, Audit, and Compliance

• Enable logging/monitoring for identity activities, including audit events and access analytics; integrate with SIEM tools (e.g., Splunk, Sentinel, QRadar).
• Support security/compliance frameworks such as ISO 27001, SOC2, PCI-DSS, SOX, HIPAA (as relevant).
• Conduct periodic access reviews, entitlement recertifications, and control validations.

Stakeholder & Delivery Leadership

• Act as a trusted IAM advisor to platform teams, application owners, compliance, and security leadership.
• Lead technical reviews, mentor team members, and drive incident response for identity-related security events.
• Produce high-quality documentation: HLD/LLD, SOPs, runbooks, and operational playbooks.

Required Skills & Qualifications

• 10+ years of overall experience in IAM / Security Engineering / Identity Architecture .
• Strong hands-on experience with OCI IAM , including:
• Tenancy & compartment strategy
• Groups/dynamic groups
• Policies & least privilege modeling
• Federation/SSO setup and troubleshooting
• Solid understanding of authentication/authorization protocols : SAML 2.0, OAuth2, OIDC, LDAP, Kerberos .
• Experience designing RBAC/ABAC models and implementing governance at enterprise scale.
• Experience with Terraform and automation (CI/CD) for IAM controls.
• Working knowledge of Cloud Security concepts: Zero Trust, segmentation, audit logging, encryption, key management, secure access patterns.
• Strong troubleshooting skills across identity flows (tokens, assertions, certificates, federation metadata, clock skew, etc.).

Good-to-Have (Preferred)

• Experience with OCI Vault , KMS/HSM concepts, and secrets rotation.
• Experience integrating OCI with Azure AD/Okta/Ping and IAM governance tools (e.g., SailPoint, Saviynt).
• Experience with PAM tooling and privileged workflows.
• Exposure to multi-cloud IAM patterns (AWS/Azure/GCP).
• Knowledge of DevSecOps and security controls in CI/CD pipelines.

Certifications (Preferred)

• Oracle Cloud Infrastructure (OCI) Security certification(s) (preferred)
• CISSP / CISM / CCSP (good to have)
• Terraform Associate (good to have)