Cloud Engineer Lead – Identity

Overview

Who we are

Who we are

Collaborative. Respectful. A place to dream and do. These are just a few words that describe what life is like at Toyota. As one of the world’s most admired brands, Toyota is growing and leading the future of mobility through innovative, high-quality solutions designed to enhance lives and delight those we serve. We’re looking for diverse, talented team members who want to Dream. Do. Grow. with us.

To save time applying, Toyota does not offer sponsorship of job applicants for employment-based visas or any other work authorization for this position at this time.

Who We’re Looking For

The Cloud Engineering team is seeking a highly skilled Cloud Engineer Lead – Identity. This senior-level role is responsible for designing and managing cloud identity and access management (IAM) solutions that ensure secure, scalable, and compliant access across Toyota’s cloud environments.

You will lead initiatives that strengthen our identity governance, enforce least-privilege access, and support automation and compliance across AWS and other platforms. This role requires deep technical expertise in IAM, strong collaboration skills, and a passion for secure cloud architecture.

What You’ll Be Doing

• Identity Architecture & Strategy: Design and evolve Toyota’s cloud identity frameworks, including IAM roles, policies, permission boundaries, and federation models.

• Access Governance: Implement and enforce RBAC/ABAC models, least-privilege access, and automated access reviews across multi-account AWS environments.

• Infrastructure as Code (IaC): Build reusable identity modules using Terraform to standardize and automate IAM provisioning.

• CI/CD Integration: Embed identity validation and guardrails into CI/CD pipelines (Github, Harness) to prevent misconfigurations and privilege escalations.

• Security & Compliance: Align identity controls with compliance frameworks and support audit readiness.

• Monitoring & Reporting: Develop monitoring and alerting for identity-related anomalies using tools like AWS CloudTrail, Config, and GuardDuty, Quick Suite.

• Collaboration & Mentorship: Partner with engineering, security, and compliance teams to align identity strategy with business needs and mentor junior engineers.

• Implement and maintain identity federation using SAML, OIDC, and other standards.

• Utilize AWS Access Analyzer to identify and implement permission boundaries, ensuring least-privilege access across AWS resources.

What You Bring

• 7+ years in cloud engineering, security, or IAM-focused roles.

• Deep hands-on experience with AWS Identity Center, IAM, Organizations, Lambda, AWS Config, CloudTrail, CloudWatch, EventBridge, SNS, AWS Security Hub and GuardDuty

• Strong proficiency in Terraform, AWS CDK, Harness and similar IaC tools.

• Experience with AWS Access Analyzer and implementing permission boundaries.

• Experience with scripting and automation (Python, PowerShell).

• Team leader or supervisor.

Added bonus if you have

• Background in identity governance frameworks and compliance standards (e.g., NIST, ISO 27001).

• Experience with multi-account AWS environments and AWS Organizations management.

• AWS certifications (e.g., Security Specialty, Solutions Architect) are a plus.

What we’ll bring

During your interview process, our team can fill you in on all the details of our industry-leading benefits and career development opportunities. A few highlights include:

• A work environment built on teamwork, flexibility, and respect

• Professional growth and development programs to help advance your career, as well as tuition reimbursement

• Team Member Vehicle Purchase Discount

• Toyota Team Member Lease Vehicle Program (if applicable)

• Comprehensive health care and wellness plans for your entire family

• Toyota 401(k) Savings Plan featuring a company match, as well as an annual retirement contribution from Toyota regardless of whether you contribute

• Paid holidays and paid time off

• Referral services related to prenatal services, adoption, childcare, schools, and more

• Tax Advantaged Accounts (Health Savings Account, Health Care FSA, Dependent Care FSA)

Belonging at Toyota

Our success begins and ends with our people. We embrace all perspectives and value unique human experiences. Respect for all is our North Star. Toyota is proud to have 10+ different Business Partnering Groups across 100 different North American chapter locations that support team members’ efforts to dream, do and grow without questioning that they belong.

Applicants for our positions are considered without regard to race, ethnicity, national origin, sex, sexual orientation, gender identity or expression, age, disability, religion, military or veteran status, or any other characteristics protected by law.

Have a question, need assistance with your application or do you require any special accommodations? Please send an email to talent.acquisition@toyota.com.