IT Security Department employs various teams of IT specialists (IAM, Cyberdefense, GRC) who, among other things, optimize and maintain al business processes and systems used (both self-written and purchased applications) so that its clients and customers are optimally serviced. The Identity and Access Management Team is looking for a Cloud Security Engineer specialized in IAM to support its various internal clients - the health insurance funds – with the management & handling of information risks.

Primary Tasks and responsibilities
• Design and implement scalable IAM architectures across cloud multi-tenants environments (Azure, AWS).
• Develop and enforce policies for identity lifecycle management, authentication, and authorization.
• Build automated workflows for user provisioning, role assignment, and access recertification.
• Implement Zero Trust principles, including least privilege access and conditional access controls.
• Configure and manage identity security technologies such as: Azure AD / Entra ID, SSO, MFA, Conditional Access, Privileged Access Management (PAM)
• Improve IAM monitoring, alerting, and auditing using SIEM/SOAR tools.
• Ensure IAM solutions align with regulatory frameworks (ISO 27001, SOC2, GDPR, NIST).
• Maintain documentation for IAM policies, procedures, and standards.
• Conduct periodic access reviews and ensure adherence to separation‑of‑duties principles.
• Develop automation for IAM controls using IaC tools (Terraform, CloudFormation, Bicep).
• Integrate IAM practices into CI/CD pipelines to secure cloud workloads.
• Create scripts and tools (Python, PowerShell) for improving identity workflows.

Secondary tasks and responsibilities
• you share and exchange experience and expertise cloud engineering, security, and application teams to integrate secure identity solutions.
• you advise teams on best practices related to authentication, authorization, and secure cloud access
• you keep your knowledge up-to-date by closely following the trends and innovations in the ICT market

Technical profile requirements
• Minimum 5 years of relevant work experience in IT security in hybrid, multi-cloud and multi-tenants environments (cloud, network, application, website security)
• Strong hands-on experience with cloud IAM systems (Azure AD/Entra, AWS IAM, GCP IAM).
• Deep understanding of: OAuth2.0, OIDC, SAML, JWT, RBAC, ABAC, PBAC models, Privileged Identity Management (PIM/PAM)
• Experience with identity governance tools (SailPoint, Saviynt, CyberArk, BeyondTrust).
• Solid scripting and automation skills (PowerShell, Python).
• Familiar with Zero Trust Architecture and cloud security best practices.
• Familiar with risk analysis and risk evaluation (impact/likelihood analysis) • Knowledge of market standard governance frameworks (ISO 2700x)

Non-Technical profile requirements
• Strong analytical and problem-solving skills
• Focus on delivering, able to work on multiple tasks with limited supervision
• Excellent customer service, interpersonal, communication and team collaboration skills
• Able to follow change management procedures and internal guidelines

Methodology/Certification requirements
• Master’s Degree in Mathematics, Engineering, Computer Science OR equivalent through experience. Advanced course work in technical & security systems plus continued education in technical & security disciplines is preferred
• Additional IT Security certification(s) is a plus

Language proficiencies
• French and/or Dutch
• English