AWS Security Architect

AWS Security Architect (IAM-focused) Your new company
Join a forward-thinking, large-scale digital platform operating at a national scale, delivering mission-critical services within a complex multi-tenant AWS environment. The organisation is investing heavily in cloud-native security architecture, with a strong emphasis on identity-centric security, Zero Trust principles, and fine-grained policy-based access control.You'll be part of a highly skilled engineering and security function that values precision, innovation, and secure-by-design practices, working on systems where identity, access, and governance are critical to platform integrity.
Your new role
As an AWS Security Architect - IAM & Authorisation, you will serve as the SME for identity and access management across AWS, leading the design and implementation of scalable, secure, and policy-driven access control systems.This role combines hands-on engineering with architectural leadership, focused on building a centralised IAM and authorisation capability leveraging services such as AWS IAM, AWS Organisations, IAM Identity Centre (SSO), and Amazon Verified Permissions (AVP).You will work cross-functionally with security, platform, and application teams to design and enforce consistent identity and access patterns, translating complex business requirements into robust IAM strategies, policies, and controls.
Key responsibilities include:

• Architecting and covering enterprise-scale IAM frameworks across multi-account AWS environments.
• Designing and implementing fine-grained authorisation models using AVP, Cedar, and IAM policy constructs
• Leading identity-centric Zero Trust architecture initiatives
• Establishing secure access patterns across users, services, and applications
• Driving adoption of policy-as-code and least privilege principles
• Designing and managing identity federation (OIDC/OAuth2, SAME) and secure token-based access models
• Defining guardrails using AWS Organisations, SCPs, and permission boundaries
• Building shared authorization platforms, SDKs, and integration patterns for engineering teams
• Ensuring auditability, compliance, and observability of access controls across the environment

What You'll Need to Succeed

• Proven experience designing and operating AWS IAM architectures at scale
• Strong hands-on experience with Amazon Verified Permissions (AVP) and Cedar policy language
• Deep understanding of authorization models (RBAC, ABAC, ReBAC) and real-world implementation
• Experience implementing Zero Trust and identity-first security models

AWS & Identity Technical Capability• Strong expertise across:
- AWS IAM (roles, policies, permission boundaries)
- AWS Organizations & Service Control Policies (SCPs)
- IAM Identity Center (SSO)

• Experience with multi-account AWS environments and landing zone architectures
• Strong knowledge of authentication & federation protocols:
- OAuth2 / OIDC
- SAML
- JWT tokens and claims-based access control

•Experience integrating identity providers such as Auth0, Cognito, Okta, or Azure AD
Hands-on experience with core AWS services:
- Lambda
- API Gateway
- DynamoDB
- Event-driven architectures

What you'll get in return

• Opportunity to work on cutting-edge authorization architecture at national scale
• A highly specialised role with strong influence over security and platform design
• Collaboration with senior engineers, architects, and security leaders
• Exposure to modern policy-based access control systems (AVP & Cedar)
• Competitive salary and benefits package
• Flexible working arrangements and a supportive engineering culture
• Ongoing learning and development, including staying at the forefront of emerging authorization technologies

What you need to do now

If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.
If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion on your career.
#3001484