Role Overview
L2 Engineer responsible for supporting IAM operations, cloud key management, secrets, and security automation across multi-cloud environments (Azure/AWS/GCP). Additionally accountable for cloud security controls, network security operations, and firewall administration across Fortigate platforms. The role ensures secure identity governance, controlled access, network segmentation, and policy-driven guardrails aligned to enterprise security standards.
Key Responsibilities
Identity & Access Management (IAM)
- Execute IAM operations: provisioning, access troubleshooting, RBAC/ABAC configurations, access recertifications.
- Manage and implement AWS Service Control Policies (SCPs) for governance and guardrails.
- Build and manage Azure Policies (definitions, initiatives, assignments) aligned with compliance rules.
- Support IAM architecture across Azure AD/Entra ID, AWS IAM, GCP IAM, and enterprise Identity Center.
- Support IAM incident response and L2 escalations.
Key Management & Secrets/Vault Operations
- Operate cloud KMS platforms: Azure Key Vault, AWS KMS key rotation, key policies, certificates/PKI operations.
- Enforce crypto standards (RSA, AES, ECC), TLS cert lifecycle, and secure key access patterns.
Cloud Security (Azure / AWS / GCP)
- Implement cloud security baselines, guardrails, and compliance controls (CIS, NIST, ISO27001).
- Support network and security posture configuration using, Wiz, and Prisma,
- Configure and troubleshoot cloud-native firewalls, NSGs, routing, and segmentation.
Network Security (Fortigate)
- Manage, monitor, and troubleshoot Fortigate including:
- Security policies, NAT, VPN (IPsec/SSL), routing
- IPS/IDS, threat profiles
- High availability (Active/Passive) operations
- Support network segmentation, micro-segmentation, and Zero Trust enforcement.
- Participate in firewall rule reviews, change management, and impact assessments.
- Analyze traffic flows, logs, and events using FortiAnalyzer tools.
Automation & Infrastructure as Code
- Develop Terraform modules for IAM, KMS, vault, firewall policies, and cloud security controls.
- Create Ansible playbooks for automation of secret rollout, cert deployments, firewall configurations, and configuration baselines.
- Support Kubernetes environments secret management, RBAC, service accounts, workload identity, and Vault injector integration.
Documentation & Governance
- Maintain SOPs, runbooks, architecture diagrams, and compliance evidence.
- Support internal audits, security reviews, and posture reporting.
Required Skills
- Hands-on experience with Terraform & Ansible.
- Strong understanding of identity protocols: SAML, OAuth2, OIDC, LDAP, Kerberos.
- Experience with Azure AD/Entra ID, AWS IAM, GCP IAM.
- Expertise in HashiCorp Vault, Azure Key Vault, AWS KMS.
- Kubernetes RBAC, secrets, and workload identity management.
- Good understanding of PKI, TLS certs, cryptographic primitives.
- Strong Linux administration (RHEL/CentOS/Rocky Linux).
