[Remote] GCP IAM Architect

Note: The job is a remote job and is open to candidates in USA. Publicis Sapient is a digital transformation partner helping established organizations get to their future, digitally-enabled state. They are seeking a GCP IAM Architect to design and implement IAM strategies and solutions on GCP, ensuring security and compliance while managing cloud infrastructure and automation processes.

Responsibilities

• Design and implement comprehensive IAM strategies and solutions on GCP, including Google Cloud Identity, IAM roles and policies, organization policies, deny policies, and Workload Identity Federation
• Configure and manage federated identity solutions using PingFederate to enable seamless SSO between on-premises Active Directory and GCP services
• Implement and manage OIDC Federation, SAML-based authentication, and OAuth 2.0 flows for enterprise applications
• Design and deploy role-based access control (RBAC) frameworks, custom IAM roles, and least-privilege access models across GCP organizations and projects
• Configure and manage Google Cloud Directory Sync (GCDS) for automated user and group provisioning from Active Directory to Google Cloud Identity
• Implement service account management strategies, including key rotation, impersonation policies, and workload identity configurations
• Establish and enforce security best practices for IAM, including conditional access policies, context-aware access controls, and security key enforcement
• Design and implement encryption strategies using GCP Cloud KMS and Hashicorp Vault for secrets management
• Implement network security controls including VPC Service Controls, private Google access, and secure connectivity patterns
• Ensure compliance with security frameworks and regulatory requirements through proper IAM configurations and audit logging
• Design, implement, and manage scalable cloud infrastructure solutions on GCP platform aligned with IAM requirements
• Automate IAM provisioning, configuration, and lifecycle management using Infrastructure as Code (IaC) tools such as Terraform
• Collaborate with software engineering teams to integrate IAM requirements into application architectures and CI/CD pipelines
• Develop automated workflows for user onboarding/offboarding, access reviews, and privilege management
• Implement monitoring and alerting for IAM-related events using Cloud Logging, Cloud Monitoring, and Security Command Center
• Conduct regular access reviews, privilege audits, and IAM policy optimizations
• Troubleshoot and resolve complex issues related to authentication, authorization, federation, and access management
• Monitor and optimize cloud infrastructure resources to ensure performance, availability, and cost-efficiency
• Develop and maintain comprehensive documentation for IAM architectures, federation configurations, and operational procedures
• Establish IAM standards, policies, and governance frameworks aligned with organizational security requirements
• Stay current with GCP IAM capabilities, authentication protocols, and industry best practices
• Provide technical leadership and guidance to development and operations teams on IAM best practices

Skills

• Extensive hands-on experience with GCP IAM technologies, including Google Cloud Identity, IAM policies, organization policies, Workload Identity Federation, and service account management
• Proven experience configuring and managing PingFederate for enterprise SSO and federated identity integration with Active Directory
• Deep understanding of authentication and authorization protocols: SAML 2.0, OAuth 2.0, OIDC, and JWT
• Strong experience with Google Cloud Directory Sync (GCDS) for AD integration and user provisioning
• Hands-on experience with Hashicorp Vault and GCP Cloud KMS for secrets and key management
• Proficiency with Infrastructure as Code using Terraform for IAM resource provisioning
• Experience with GCP security services: VPC Service Controls, Security Command Center, Policy Intelligence, and Cloud Asset Inventory
• Strong understanding of identity lifecycle management, access governance, and privileged access management concepts

Benefits

• Flexible vacation policy; time is not limited, allocated, or accrued
• 16 paid holidays throughout the year
• Generous parental leave and new parent transition program
• Tuition reimbursement
• Corporate gift matching program

Company Overview

• Publicis sapient is a digital consulting firm that offers consulting, technology, and product management services. It is a sub-organization of Publicis Sapient. It was founded in 1990, and is headquartered in Boston, Massachusetts, USA, with a workforce of 10001+ employees. Its website is https://www.publicissapient.com.

Company H1B Sponsorship

• Publicis Sapient has a track record of offering H1B sponsorships, with 90 in 2025, 90 in 2024, 85 in 2023, 153 in 2022, 235 in 2021, 231 in 2020. Please note that this does not guarantee sponsorship for this specific role.

Apply tot his job Apply To this Job