E2S Architect

At Capgemini Engineering, the world leader in engineering services, we bring together a global team of engineers, scientists, and architects to help the world’s most innovative companies unleash their potential. From autonomous cars to life-saving robots, our digital and software technology experts think outside the box as they provide unique R&D and engineering services across all industries. Join us for a career full of opportunities. Where you can make a difference. Where no two days are the same.

Your Role 

IAM & Security Architecture

• Design identity and access architectures based on modern standards (OIDC, OAuth2 + Token Exchange, SAML).
• Architect and operate IAM systems across multi cloud and hybrid environments.
• Implement cloud native workload identity mechanisms (AWS IRSA, Azure Workload Identity, GKE Workload Identity).
• Design and deploy ReBAC (Relationship Based Access Control) using OpenFGA, Authzed, or Zanzibar inspired models.
• Define security controls and compliance measures aligned with SecNumCloud, NIS2, GDPR, and Zero Trust frameworks.

Cloud Architecture

• Design secure by design cloud architectures across at least two hyperscalers (AWS, Azure, GCP).
• Develop cloud standards (landing zones, network patterns, IAM guardrails) for critical workloads.
• Support engineering teams in implementing native cloud identity and security features.

Infrastructure as Code (IaC)

• Develop and maintain Terraform and/or Crossplane modules to automate IAM and security policies.
• Integrate IaC pipelines with policy-as-code controls (OPA, Conftest, Rego).

Enterprise Architecture & Integration

• Produce end to end blueprints for authentication and authorization flows across internal and external systems.
• Define integration patterns leveraging API Gateways and federated identity standards.
• Ensure architectural alignment with enterprise principles, integration standards, and security controls.

Governance & Adoption

• Lead architectural reviews, ensuring compliance with security and cloud governance standards.
• Promote IAM and Zero Trust best practices across the organization.
• Act as a strategic advisor to engineering, cybersecurity, and product teams.

Your Profile

• 8+ years of experience in IAM and/or cybersecurity.
• Deep understanding of: OIDC, OAuth2 + Token Exchange, SAML.
• Strong proficiency with Keycloak and/or Ory.
• Hands on experience with at least two hyperscalers (AWS, Azure, GCP).
• Experience with cloud native workload identity: AWS IRSA, Azure Workload Identity, GKE Workload Identity.
• Proven experience implementing ReBAC: OpenFGA, Authzed, or Zanzibar style approaches.
• Solid understanding of compliance and regulatory frameworks: SecNumCloud, NIS2, GDPR, Zero Trust.
• Ability to write IaC for IAM using Terraform and/or Crossplane.
• Experience with integration architecture involving API Gateways + IAM.

Nice‑to‑Have Skills

• Cloud certifications (AWS, Azure, or GCP).
• Security certifications (CISSP, CCSP, Security+).

What You’ll Love About Working Here

• Join a multicultural and inclusive team environment.
• Enjoy a supportive atmosphere promoting work-life balance.
• Hybrid work.
• Your career growth is central to our mission. Our array of career growth programs and diverse professionals are crafted to support you in exploring a world of opportunities.
• Access valuable training and certifications in cutting-edge technologies.
• Engage in exciting national and international projects.
• Health and life insurance.
• Referral program with bonuses for talent recommendations.
• Great office locations.

About Capgemini

Capgemini is an AI-powered global business and technology transformation partner, delivering tangible business value. We imagine the future of organizations and make it real with AI, technology, and people. With our strong heritage of nearly 60 years, we are a responsible and diverse group of 420,000 team members in more than 50 countries. We deliver end-to-end services and solutions with our deep industry expertise and strong partner ecosystem, leveraging our capabilities across strategy, technology, design, engineering and business operations.