Identity and Access Management Cloud Engineer
Viasat, Inc.
- Location
- Remote (Carlsbad, California · Carlsbad, California)
- Compensation
- $165k - $260k/yr
- Employment
- Full-time
- Level
- Senior Level
About the Role
Viasat is on a mission to deliver connections that change the world. Join their Government team as an IAM Cloud Engineer to design, build, and operate identity capabilities that secure cloud infrastructure and enable scalable access control.
Skills
Benefits
- Medical Insurance
- Financial Benefits
- Stock Incentives
Perks
- Remote OK
Full job details
One team. Global challenges. Infinite opportunities. At Viasat, we’re on a mission to deliver connections with the capacity to change the world. For more than 35 years, Viasat has helped shape how consumers, businesses, governments and militaries around the globe communicate. We’re looking for people who think big, act fearlessly, and create an inclusive environment that drives positive impact to join our team.
What you'll do
We have a great opportunity for an IAM Cloud Engineer to join our Government team! You will design, build, and operate identity capabilities that secure Viasat’s cloud infrastructure, ensuring consistent, scalable access control across AWS, Azure, GCP, and enterprise systems. As an IAM Cloud Engineer, you will play a critical role in aligning identity with cloud architecture, enabling secure access to infrastructure while supporting business and engineering teams.
In this role, you will partner with cloud, security, and platform teams to implement identity controls that protect cloud resources, reduce risk, and enable scalable, automated access! Your work will directly strengthen Viasat’s cloud security posture and ensure identity services operate as reliable infrastructure supporting critical systems.
The day-to-day
- Design and manage cloud identity and access models across AWS, Azure, and/or GCP (roles, policies, RBAC)
Implement and maintain identity controls for cloud infrastructure, including least‑privilege access and role design - Align enterprise IAM (e.g., Entra ID, Okta) with cloud-native identity systems
- Develop and maintain automation for cloud identity lifecycle (e.g., role provisioning, service identities, entitlement management)
- Manage and secure non-human identities, including service accounts, workload identities, and access tokens
- Partner with cloud infrastructure teams to embed identity into platform design and provisioning workflows
- Monitor and solve identity-related issues impacting cloud platforms and infrastructure access
- Contribute to implementation of Zero Trust, conditional access, and identity-based security controls in cloud environments
- Identify and remediate overprivileged access and misconfigurations across cloud environments
- Collaborate with IAM Administrators to transition repeatable tasks into automated, cloud-native workflows
What you'll need
- 4+ years of experience in cloud engineering, or security engineering
- Hands-on experience with cloud IAM (AWS IAM, Azure RBAC, GCP IAM)
- Strong understanding of cloud infrastructure concepts and how identity controls access to resources
- Experience designing and managing roles, policies, and permission models in cloud environments
- Experience with identity federation and authentication protocols (SAML, OAuth, OIDC)
- Experience with scripting or automation (Python, PowerShell, Terraform, or similar)
- Understanding of least privilege, RBAC/ABAC, and identity lifecycle concepts
- Ability to troubleshoot complex access and authentication issues in distributed environments
- US Citizenship required.
Must be able to obtain a United States Secret Clearance
What will help you on the job
- Experience integrating enterprise IAM platforms (Entra ID, Okta) with cloud environments
- Familiarity with Infrastructure as Code (Terraform, CloudFormation, Bicep) and identity-driven provisioning
- Experience managing non-human identities (service accounts, workload identity, secrets management)
- Exposure to cloud security practices (CSPM, CIEM, identity threat detection)
- Experience implementing Zero Trust or conditional access strategies in cloud-first environments
- Familiarity with logging, monitoring, and observability tools for identity activity
- Experience supporting compliance and audit requirements in cloud environments (SOX, SOC2, ISO)
- Strong collaboration skills with cloud engineering, security, and platform teams
#LI-VSAT
Salary range
$165,000.00 - $260,500.00 / annually. For specific work locations within San Jose, the San Francisco Bay area and New York City metropolitan area, the base pay range for this role is $205,000.00- $307,000.00/ annually
At Viasat, we consider many factors when it comes to compensation, including the scope of the position as well as your background and experience. Base pay may vary depending on job-related knowledge, skills, and experience. Additional cash or stock incentives may be provided as part of the compensation package, in addition to a range of medical, financial, and/or other benefits, dependent on the position offered. Learn more about Viasat’s comprehensive benefit offerings that are focused on your holistic health and wellness at https://careers.viasat.com/benefits.
EEO Statement
Viasat is proud to be an equal opportunity employer, seeking to create a welcoming and diverse environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, ancestry, physical or mental disability, medical condition, marital status, genetics, age, or veteran status or any other applicable legally protected status or characteristic. If you would like to request an accommodation on the basis of disability for completing this on-line application, please click here.