Cloud Security Engineer - Identity

Role Overview We are seeking a Cloud Security Engineer with deep identity expertise to join our team. You will work closely with client cloud engineering teams, providing assurance and delivering both best-practice and pragmatic solutions for identity and security across cloud and hybrid environments. You’ll design, implement, and automate identity security spanning Azure, AWS, GCP, and traditional infrastructure, integrating vendor solutions and developing secure, scalable services. Responsibilities Assess and Improve Identity Security: Conduct in-depth assessments of cloud and on-premises identity and access management systems, identifying weaknesses and areas for enhancement. Provide expert recommendations and deliver on them to improve security, performance, and user experience. Design and Implement Secure Controls: Design and implement secure identity controls for hybrid-cloud and cloud-first environments. Define architectural principles, standards, and roadmaps that align with business objectives, security and compliance requirements. Integrate and Automate: Develop automation for identity and secrets management using tools such as Terraform, Python, PowerShell and CI/CD pipelines. Integrate vendor solutions to build cohesive identity security services. Technical Consultancy: Provide expert technical consultancy to clients, helping them manage complex identity challenges. Translate business requirements into technical solutions, ensuring security measures are robust and user-friendly. Collaborate with Partners: Work closely with our technology partners, training and certifying on their solutions. Leverage these partnerships to deliver cutting‑edge identity services to clients. Knowledge Sharing and Mentorship: Share your expertise with team members, clients, and colleagues across FSP to develop our collective skills and expertise in identity, cloud and other topics. Foster a culture of learning, engineering excellence and continuous improvement. About you Hands‑on cloud engineer: Experience with one or more cloud platforms (Azure/AWS/GCP) identity and access management, and on‑premises systems (e.g. Active Directory). Identity fundamentals: Good understanding of OAuth, OpenID Connect, SAML, SCIM and related standards – and following developments like SSF and CAEP with interest. Security Engineering: Ability to design and implement robust security controls in cloud and hybrid environments. Problem Solver: Strong analytical skills with the ability to diagnose and resolve complex technical issues. Pragmatic: Able to balance best practice with practical, workable solutions – applying friction in the right places to maximise security without impeding delivery. Collaborative Communicator: Empathetic and effective communicator, able to build trust and provide assurance to engineering teams and stakeholders. Continuous Learner: Committed to ongoing professional development and sharing knowledge with others. Experience in the following areas would be advantageous Certifications: AWS Certified Security, Azure Security Engineer, Google Professional Cloud Security Engineer, Microsoft certifications, CISSP, CISSP‑ISSAP, CRISC, TOGAF, SABSA, MSc InfoSec, or similar. Cloud