Identity Security Engineer

Reporting to the Senior Manager of Cyber Engineering & Architecture the Identity Security Engineer will be a core member of the engineering team responsible for the governance and continuous improvement of the Aer Lingus identity security posture (which includes privileged access). This handson role supports delivery of identity security standards securebydesign architectures identity lifecycle management access controls and processes.

The role will work closely with cross-functional teams in Cyber technology and applications to implement identity controls and process governance automation for identity lifecycle processes management and oversight of our identity security posture and the health of underlying identity platforms. Responsibilities to include:

• Support ownership of identity & privileged security policies standards and architecture patterns across AD Entra and IGA services.
• Implement and maintain identity lifecycle workflows and governance processes (joiners/movers/leavers access requests access reviews) leveraging SailPoint.
• Support implementation of a privileged access platform and the development of privileged access controls as part of identity services including governance and lifecycle processes.
• Engineer continuous improvements of identity security controls PAM and IAM lifecycle processes enabling self-service and scalable services through automation
• Deliver identity posture monitoring and ongoing improvements of identity security controls.
• Provide SME support for identity-related security incidents and investigations contributing to containment and remediation activities.
• Support the building of identity metrics and dashboards for centralised oversight of identity security controls coverage effectiveness and risks.
• Collaborate with application and platform teams to embed secure-by-design identity patterns (authentication authorisation RBAC least privilege).
• Maintain documentation and blueprints for identity security standards and processes including configuration management of the identity security platforms.
• Contribute to crossdomain security architecture reviews.
• Partner with Cyber Defence ensuring appropriate identity telemetry is being monitored.
• Support cyber alignment with compliance requirements & regulations.
• Provide direction and oversight to third party providers that are supporting and operating identity services and platforms.

• Minimum of 10 years industry experience with at least 5 years in identity management or identity security engineering roles.
• Handson experience with Active Directory and/or Entra in an enterprise environment.
• Handson experience designing implementing and governing identity lifecycle and access lifecycle processes using an IGA platform
• Experience designing & implementing privileged access management controls and processes
• Experience working with stakeholders to implement access governance and least privilege controls.
• Relevant certifications e.g. Microsoft identity/security CISSP/CISM/CIAM/CRISC
• Strong understanding of IAM principles including zero trust least privilege RBAC access reviews/certifications segregation of duties concepts and lifecycle governance.
• Ability to define secure identity architecture patterns and translate them into practical standards and blueprints.
• Ability to implement identity standards and controls consistently and document outcomes.
• Strong analytical and troubleshooting skills for identity and access issues.
• Good communication and collaboration skills across technology cyber and business teams.
• Engineering experience with Identity Protection IAM and governance e.g. SailPoint CyberArk BeyondTrust MS Defender for Identity Crowdstrike Identity SilverFort
• Scripting/automation exposure (e.g. PowerShell) to improve identity governance processes.
• Experience with identity threat detection concepts and integration with SOC monitoring.
• Experience with nonhuman identity governance patterns and modern authentication protocols.