Amazon's Whole Foods Market Identity and Access Management team is looking for an experienced Senior IAM Engineer to join our growing team. You'll be working on innovative projects to design, deploy, manage and improve identity infrastructure, tools and operational processes. You'll have a holistic view of the technology landscape across Whole Foods and play a crucial role in supporting digital transformation by leveraging cutting-edge technologies and best practices in identity and access management.

Key job responsibilities
Senior IAM Engineer works on IAM projects to design, deploy, manage and improve identity infrastructure, tools and operational processes. They proactively identify and resolve difficult problems with the IAM systems and continuously improve operational processes.

Responsibilities:

- Design, implement and support identity solutions to address ambiguous problems involving identity management, access controls, authentication/authorization and enable business processes
- Identify and resolve architectural deficiencies in IAM systems to improve system resiliency
- Perform risk/vulnerability assessment and remediation for IAM infrastructure to improve security posture. Collaborate with security teams to improve the risk/vulnerability identification, remediation and reporting.
- Identify and implement operational process improvements which improve IAM team’s efficacy and agility.
- Identify opportunities and implement automation for operational tasks to improve performance and reduce operator errors utilizing AWS tools, Powershell scripting etc.
- Participate in strategic planning and decision-making with customers, partner teams, architects and peers.
- Understand all aspects of dependencies for business processes on IAM systems, resolve root cause of difficult performance, reliability, or availability issues and deliver innovative solutions.
- Design, build and deploy systems utilizing AWS tools to support IAM technologies by identifying appropriate technical path. Establish continuous monitoring and alerting for all critical processes.
- Provide on call support for issues and escalations related to identity infrastructure
- Mentor and develop junior and new IAM engineers on the team.

- 1+ years of designing or architecting (design patterns, reliability and scaling) of new and existing systems experience
- 7+ years of administrative experience in networking, storage systems, operating systems and hands-on systems engineering experience
- Knowledge of systems engineering fundamentals (networking, storage, operating systems)
- Experience programming with at least one modern language such as C++, C#, Java, Python, Golang, PowerShell, Ruby
- Experience administering Active Directory and Azure AD environments including user/computer administration, authentication services, group policies, federation, and synchronization between on-prem and cloud directories.
- Experience supporting enterprise authentication and authorization, protocols like RADIUS, OAuth/OIDC, SAML, as well as MFA and SSO solutions.
- Experience managing Public Key Infrastructure including certificate authorities, digital certificates, and their lifecycles.
- Experience in managing the identity lifecycle including onboarding/offboarding of users, groups, accounts, and their access rights.
- Experience in administering privileged access and secrets management tools to secure and control access to sensitive administrative accounts and passwords.

- Experience with PowerShell (preferred), Python, Ruby, or Java
- Experience working in an Agile environment using the Scrum methodology
- Experience with CI/CD pipelines build processes
- Experience building services using AWS products
- Experience in automating, deploying, and supporting large-scale infrastructure

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit