Engineer - Access & Identity Management, Associate

About this role

Access and Identity Management team sits in the Global Information Security group whose mission is to evaluate, establish, maintain information security controls that protect the company’s information and computer systems.

The Cloud Identity & Access Management (IAM) Cloud Associate role is a technical position which will support IAM functions in Microsoft Azure and AWS environment(s). This includes creating and granting access to new users, non-human accounts while crafting and maintaining roles permissions and entitlements for various businesses/departments in BlackRock. In addition to performing user access management activities this role also requires proactive governance of all cloud environment(s) that includes reviewing stale access, handling secret rotations, reducing over-privileged access etc.

Primary Duties & Responsibilities:

• Drive continuous improvement within the Cloud IAM security architecture by introducing and implementing emerging security technologies and best practices.
• Collaborate effectively with business and IT teams to analyze and define IAM requirements.
• Liaise with Information Security, Engineering, and business functions to deliver the target technology environment.
• Create and enhance automation scripts and CI/CD pipelines to implement IAM roles, SPNs, and other IaC configurations in Azure, AWS, and GCP public cloud environments.
• Use automation tools such as CI/CD pipelines, Azure DevOps, Terraform, and Python scripts for IAM infrastructure setup and capability deployment.
• Identify gaps and recommend solutions to enhance operational efficiencies across IAM processes.
• Manage user and non-human access through Azure RBAC role assignments via Privileged Identity Management (PIM).
• Ensure a comprehensive understanding of onboarding enterprise applications.
• Handle IAM users, policies, and roles in AWS.

Required Qualifications:

• Bachelor's degree in Cyber Security, Computer Science, Information systems or equivalent work experience in the IT field, with at least a portion of that time in Security related position
• Minimum of 5+ years of proven experience in Access and Identity Management.
• 2-4 years of extensive experience working with IAM within Microsoft Azure and Amazon Web Services (AWS) environments.
• Hands-on experience with creating, modifying, and maintaining user access via Privileged Identity Management (PIM) in Microsoft Azure.
• Proficient in assigning entitlements to roles and groups using Role-Based Access Control (RBAC).
• Experience with application registrations and granting required permissions to non-human accounts in the cloud.
• Skilled in maintaining access to management groups, subscriptions, resources, and enterprise applications.
• Strong understanding of using AWS CLI, IAM users, policies, roles, terraform to deploy resources, and permission boundaries to address complex access requests within AWS.
• Demonstrated knowledge of role-based access provisioning, establishing team-based roles, and assigning entitlements.
• Proficiency in PowerShell and Python scripting for task automation and efficiency.
• Solid grasp of cloud security governance practices and IAM policy/document preparation.
• Experience working in a highly regulated and audited Information Security environment.
• Knowledge of IAM activities in Google Cloud Platform (GCP) is a plus.

Personal Attributes:

• Ability to train other team members on Cloud IAM topics.
• Excellent customer service and communication (oral/written) skills with technical and non-technical audiences.
• Strong critical thinking and analytical skills with the ability to think “out of the box.”
• Good teammate and consensus-forming individual.
• Integrity and the highest ethical standards.
• Self-starter with a personal aim to achieve superior performance.
• Natural curiosity and a desire to always learn.

Our benefits
To help you stay energized, engaged and inspired, we offer a wide range of benefits including a strong retirement plan, tuition reimbursement, comprehensive healthcare, support for working parents and Flexible Time Off (FTO) so you can relax, recharge and be there for the people you care about.

Our hybrid work model

BlackRock’s hybrid work model is designed to enable a culture of collaboration and apprenticeship that enriches the experience of our employees, while supporting flexibility for all. Employees are currently required to work at least 4 days in the office per week, with the flexibility to work from home 1 day a week. Some business groups may require more time in the office due to their roles and responsibilities. We remain focused on increasing the impactful moments that arise when we work together in person – aligned with our commitment to performance and innovation. As a new joiner, you can count on this hybrid model to accelerate your learning and onboarding experience here at BlackRock.

About BlackRock

At BlackRock, we are all connected by one mission: to help more and more people experience financial well-being. Our clients, and the people they serve, are saving for retirement, paying for their children’s educations, buying homes and starting businesses. Their investments also help to strengthen the global economy: support businesses small and large; finance infrastructure projects that connect and power cities; and facilitate innovations that drive progress.

This mission would not be possible without our smartest investment – the one we make in our employees. It’s why we’re dedicated to creating an environment where our colleagues feel welcomed, valued and supported with networks, benefits and development opportunities to help them thrive.

For additional information on BlackRock, please visit @blackrock | Twitter: @blackrock | LinkedIn: www.linkedin.com/company/blackrock

BlackRock is proud to be an Equal Opportunity and Affirmative Action Employer. We evaluate qualified applicants without regard to race, color, national origin, religion, sex, sexual orientation, gender identity, disability, protected veteran status, and other statuses protected by law.

BlackRock will consider for employment qualified applicants with arrest or conviction records in a manner consistent with the requirements of the law, including any applicable fair chance law.