BA IAM at Test Yantra, Sheffield, £Contract Rate

Cloud-Specific IAM Knowledge (Required)

1. AWS IAM

• In-depth understanding of IAM users/groups/roles/policies, permission boundaries, service-linked roles, and AWS Organizations (SCPs).
• Hands-on experience reviewing existing IAM policies (JSON), detecting overly broad permissions (e.g., “*” or wildcard actions), and recommending fine-grained least-privilege models.

1. Azure Active Directory & Azure RBAC

• Knowledge of Azure AD concepts: users, groups, applications/service principals, managed identities, Conditional Access policies.
• Familiarity with Azure RBAC roles (built-in and custom) and PIM (Privileged Identity Management) best practices for just-in-time elevation.

1. GCP IAM

• Understanding of GCP IAM constructs: Principals (Users, Service Accounts, Groups), Roles (primitive, predefined, custom), Service Account Keys, and Organization-level policies.
• Experience reviewing IAM policy bindings (via GCP IAM or Terraform state) and recommending Organization/Folder/Project-level least-privilege structures.

1. Kubernetes RBAC & Cloud-Native Identities

• Solid grasp of Kubernetes RBAC entities—Role, Cluster Role, Role Binding, ClusterRoleBinding—and how they map to Kubernetes API groups.
• Awareness of how cloud-provider-managed Kubernetes (EKS, AKS, GKE) integrates with cloud IAM (for example, IAM Authenticator in EKS, GKE Workload Identity, Azure AD/Entra integration).

1. SaaS Application Identity Management

• Familiarity with Single Sign-On (SSO) protocols (SAML, OAuth 2.0/OIDC) and identity providers (Azure AD, GCDS, AWS IAM).
• Understanding of SCIM provisioning, user lifecycle workflows (onboarding/offboarding), and entitlement catalogue management for major SaaS (e.g., Office 365).

Required Skills & Experience:

• 5+ years as a Business Analyst (or similar) focused on IT security, governance, and IAM.
• Hands-on experience mapping and documenting IAM processes in AWS, Azure, and GCP.
• Practical knowledge of AWS IAM (users/roles/policies), Azure AD & RBAC, and GCP IAM (roles/bindings).
• Familiarity with Kubernetes RBAC (Role Bindings, ClusterRoleBindings) and how those ties into cloud IAM (EKS, AKS, GKE).
• Proven track record analysing SaaS-based identity integrations (e.g., SAML SSO, SCIM provisioning).
• Strong gap-analysis skills, able to pinpoint missing or weak access controls.
• Comfortable using cloud consoles, CLIs (AWS, Azure, GCP and Ali) and reviewing IaC (Terraform/CloudFormation) for IAM-related misconfigurations.
• Excellent stakeholder management; able to facilitate cross-functional workshops and drive consensus.