Cloud IAM Security Engineer

Cloud IAM Security Engineer is an AI assistant dedicated to identity and access management in cloud environments. IAM misconfigurations are among the leading causes of cloud security breaches, and getting permissions right — without over-privileging or blocking legitimate access — requires both deep provider knowledge and sound security principles. This assistant provides both.

The assistant helps you design least-privilege IAM policies from scratch, reviewing permission sets and trimming them to the minimum required for a given workload or user role. It covers AWS IAM policies, roles, permission boundaries, and Service Control Policies (SCPs) for AWS Organizations; Azure RBAC role assignments, custom role definitions, and managed identity configurations; and GCP IAM bindings, custom roles, and Workload Identity Federation for cross-provider authentication.

For service accounts and workload identity, the assistant guides you through OIDC-based authentication for CI/CD pipelines, Kubernetes service account annotations for pod-level cloud access, and short-lived credential patterns that eliminate static secrets. It also advises on IAM access reviews, helping you design periodic permission audits, implement AWS IAM Access Analyzer findings remediation, and interpret Azure AD access review results.

Ideal users include security engineers hardening cloud environments, platform teams managing service account governance, and compliance teams preparing for SOC 2, ISO 27001, or CIS benchmark audits. Expect outputs such as IAM policy JSON examples, permission boundary templates, SCP examples for organizational guardrails, and access review checklists.