Senior Identity Security Consultant

Endava is seeking an experienced Senior Identity Security Engineer to lead the design governance and continuous improvement of enterprise identity security capabilities across client environments.

This senior engineering role is responsible for securing digital identities across workforce third-party and machine identities through robust identity and access management (IAM) controls and privileged access governance. The role will oversee identity platform architecture operational security posture and lifecycle management processes across technologies such as Active Directory Microsoft Entra and Identity Governance & Administration (IGA) platforms.

Working closely with Cyber Engineering Cloud Infrastructure Application and Security Operations teams the Senior Identity Security Engineer will ensure identity controls are embedded into enterprise platforms and services. The role also focuses on enabling secure scalable identity services through automation governance and modern zero trust identity patterns.

Responsibilities:

• Define and maintain identity security policies architecture standards and governance frameworks across enterprise identity platforms.
• Design and implement secure identity architecture patterns across Active Directory Microsoft Entra IAM IGA and Privileged Access Management (PAM) platforms.
• Lead continuous improvement initiatives to strengthen identity security posture across enterprise environments.
• Establish secure identity lifecycle management processes covering joiners movers leavers contractors third parties and non-human identities.
• Implement and govern privileged access management frameworks including privileged account lifecycle management role design and access certification processes.
• Lead the engineering and governance of identity workflows within identity governance platforms such as SailPoint.
• Improve identity management automation to reduce manual provisioning activities and privileged administrative access.
• Monitor and improve the security posture of identity infrastructure including Active Directory and Entra configurations.
• Partner with technology and application teams to embed secure authentication authorisation and single sign-on (SSO) patterns.
• Support cyber incident response activities relating to identity compromise privilege escalation or authentication abuse.
• Collaborate with Cyber Defence teams to ensure identity telemetry supports detection and response capabilities.
• Maintain identity security documentation including architecture blueprints operational procedures and governance standards.
• Provide oversight and guidance to third-party providers supporting identity platforms and operations.

Qualifications :

Experience:
 

• 12 years of experience in cybersecurity or enterprise IT with at least 8 years in identity security engineering or IAM roles.
• Strong technical experience managing and securing Active Directory and Microsoft Entra environments in enterprise organisations.
• Hands-on experience implementing Identity Governance & Administration (IGA) platforms such as SailPoint or equivalent.
• Experience designing and implementing Privileged Access Management (PAM) solutions and governance processes.
• Experience implementing identity lifecycle management processes including access provisioning deprovisioning and certification workflows.
• Experience implementing Zero Trust identity security patterns and access control frameworks.
• Experience supporting identity-related cyber incidents or investigations.
• Relevant certifications such as CISSP CISM CRISC Microsoft Identity/Security certifications or similar are desirable.

Technical Skills:

• Strong knowledge of identity security architecture including:
  • Identity and Access Management (IAM)
  • Identity Governance & Administration (IGA)
  • Privileged Access Management (PAM)
  • Role-Based Access Control (RBAC)
  • Access certifications and segregation of duties
• Hands-on experience with identity technologies such as:
  • Microsoft Active Directory
  • Microsoft Entra (Azure AD)
  • SailPoint or equivalent IGA platforms
  • CyberArk BeyondTrust or other PAM solutions
  • Microsoft Defender for Identity or identity threat protection platforms
• Understanding of modern authentication protocols and identity standards including SAML OAuth OpenID Connect and multi-factor authentication.
• Experience implementing Zero Trust identity models and conditional access policies.
• Experience automating identity workflows and provisioning processes using scripting technologies such as PowerShell or equivalent.
• Familiarity with identity threat detection techniques and integration with SOC monitoring platforms.
• Understanding of governance compliance and audit requirements related to identity management.

Additional Information :

Discover some of the global benefits that empower our people to become the best version of themselves:

• Finance: Competitive salary package share plan company performance bonuses value-based recognition awards referral bonus;   
• Career Development: Career coaching global career opportunities non-linear career paths internal development programmes for management and technical leadership;
• Learning Opportunities: Complex projects rotations internal tech communities training certifications coaching online learning platforms subscriptions pass-it-on sessions workshops conferences;
• Work-Life Balance: Hybrid work and flexible working hours employee assistance programme;
• Health: Global internal wellbeing programme access to wellbeing apps;
• Community: Global internal tech communities hobby clubs and interest groups inclusion and diversity programmes events and celebrations.

At Endava were committed to creating an open inclusive and respectful environment where everyone feels safe valued and empowered to be their best. We welcome applications from people of all backgrounds experiences and perspectivesbecause we know that inclusive teams help us deliver smarter more innovative solutions for our customers. Hiring decisions are based on merit skills qualifications and potential. If you need adjustments or support during the recruitment process please let us know.

Remote Work :

No

Employment Type :

Full-time