Senior IAM Systems Engineer (contract)

We are seeking a Senior IAM Systems Engineer to design, develop, and implement enterprise-grade Authorization services leveraging Axiomatics Dynamic Authorization Suite and Open Policy Agent (OPA). This role requires hands-on expertise in fine-grained, policy-based access control and deep proficiency in ABAC models, scripting, infrastructure automation, and CI/CD practices. You will be responsible for delivering secure and scalable access control systems across applications, APIs, microservices, and databases.

Key Responsibilities

• Design, implement, and maintain dynamic authorization policies using Axiomatics ALFA and OPA Rego languages based on business and compliance requirements.
• Integrate authorization solutions into APIs, applications, microservices, and hybrid (cloud/on-prem) environments to enforce fine-grained access control.
• Automate IAM workflows using scripting (Python, Shell, Java), infrastructure as code (Terraform, Ansible), and CI/CD pipelines (GitHub Actions).
• Troubleshoot complex authorization issues, identifying root causes and implementing effective resolutions.
• Collaborate with IAM architects, engineering teams, and stakeholders to align policy enforcement with enterprise security strategies.
• Develop and maintain clear and auditable documentation for authorization processes, ensuring readiness for security assessments.
• Monitor performance and usage metrics, continuously optimizing the authorization framework for scalability and resilience.
  
  

Technical Profile

• Axiomatics Dynamic Authorization Suite and ALFA/XACML policy language
• Open Policy Agent (OPA) and Rego policy language
• IAM systems integration (cloud-native and on-premises)
• Programming/scripting: Python, Java, Shell
• IaC: Terraform, Ansible
• CI/CD: GitHub Actions, Jenkins, or equivalent
• Cloud Platforms: AWS, Azure, GCP
• RESTful APIs, Microservices architecture
• Monitoring & Logging: Splunk, Datadog, ELK Stack (nice-to-have)
• Containerization & Orchestration: Docker, Kubernetes (nice-to-have)
  
  

Functional Profile

• Strong understanding of Attribute-Based Access Control (ABAC) principles
• Experience in secure system design and enterprise access governance
• Collaboration across architecture, development, and business teams
• Agile/DevOps working style with a focus on automation and scalability
• Awareness of compliance frameworks and security audit procedures
• Effective technical communication and documentation skills
  
  

Skills Summary

Core Expertise:

IAM Engineering, Policy-Based Authorization (ABAC), Access Control Enforcement, Identity Governance

Languages & Frameworks

Python, Java, Shell, ALFA/XACML, Rego

Reactive & Event-Driven Tools

OPA, Axiomatics (Dynamic Authorization Suite)

Cloud & Containerization

AWS, Azure, GCP, Docker, Kubernetes (preferred)

DevOps & CI/CD

Terraform, Ansible, GitHub Actions, Jenkins

Other Tools & Technologies

RESTful APIs, Splunk, Datadog, ELK, F5, SSO systems, SSL, Firewalls

Soft Skills

Analytical problem-solving, Clear documentation, Cross-functional communication, Detail orientation, Strategic thinking, Audit-readiness

The pay range that the employer in good faith reasonably expects to pay for this position is $54.81/hour - $85.64/hour. Our benefits include medical, dental, vision and retirement benefits. Applications will be accepted on an ongoing basis. Tundra Technical Solutions is among North America’s leading providers of Staffing and Consulting Services. Our success and our clients’ success are built on a foundation of service excellence. We are an equal opportunity employer, and we do not discriminate on the basis of race, religion, color, national origin, sex, sexual orientation, age, veteran status, disability, genetic information, or other applicable legally protected characteristic. Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable law, including the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Unincorporated LA County workers: we reasonably believe that criminal history may have a direct, adverse and negative relationship with the following job duties, potentially resulting in the withdrawal of a conditional offer of employment: client provided property, including hardware (both of which may include data) entrusted to you from theft, loss or damage; return all portable client computer hardware in your possession (including the data contained therein) upon completion of the assignment, and; maintain the confidentiality of client proprietary, confidential, or non-public information. In addition, job duties require access to secure and protected client information technology systems and related data security obligations.