SAP Automation Engineer - Identity Access Management team 

Brazil, Pará, Itaituba 

979184119

About the Role

We’re looking for an experiencedto lead the design, implementation, and management of automated identity and access infrastructure across,, and hybrid environments. You’ll work hands-on with,, and, while building scalable, auditable workflows using,, andlike,, and

Key Responsibilities:

• Build and maintain Infrastructure as Code (IaC) for IAM systems using Terraform , Ansible , and CloudFormation .
• Automate IAM lifecycle events (provisioning, deprovisioning, role and group management) across Okta , Active Directory , and LDAP .
• Create and maintain automated workflows using Python , PowerShell , and Bash to support IAM pipelines and cloud-native functions (e.g., AWS Lambda ).
• Manage automated secrets rotation and certificate lifecycle using tools like AWS Secrets Manager , ACM , Vault , or Certbot .
• Integrate with CI/CD pipelines (e.g., GitHub Actions, Jenkins, GitLab) for continuous deployment of IAM and security configurations.
• Orchestrate event-driven automation that reacts to identity lifecycle events and aligns with zero trust and least privilege principles.
• Connect IAM workflows with ticketing systems such as ServiceNow and Jira , enabling self-service and audit logging.
• Collaborate with cross-functional teams to ensure IAM automation aligns with security, compliance, and operational goals

Required Qualifications:

• 3–5+ years of experience in IAM, DevSecOps, or infrastructure automation roles.
• Solid hands-on experience with Okta , Active Directory , and OpenLDAP in cloud or hybrid environments.
• Strong automation experience using Terraform , Ansible , and CloudFormation .
• Proven scripting ability in Python , Bash , and PowerShell (you should be comfortable switching between them as needed).
• Experience with AWS services (IAM, Lambda, Secrets Manager, ACM) and GCP IAM tools.
• Familiarity with CI/CD pipelines and Git-based version control.
• Integration experience with ServiceNow , Jira , or other ITSM platforms.
• Working knowledge of IAM best practices: RBAC, ABAC, SSO, JIT access, and audit controls

Preferred Qualifications:

• Experience automating certificate lifecycle management using tools like Certbot , Venafi , Smallstep , or Vault PKI .
• Familiarity with federated identity protocols (SAML, OIDC), SCIM provisioning , and SSO integrations.
• Knowledge of secrets rotation , zero standing privilege , and identity governance best practices.
• Experience writing modular automation code for reuse across cloud environments or business units.

​

We win with inclusion

Successful candidates might be required to undergo a background verification with an external vendor.