Enterprise Architect - IAM Security Permanent - Up to 110k + strong benefits Location: Hybrid - Cambridge Your new company: A NASDAQ listed semiconductor organisation in the UK is currently looking for an Enterprise Architect focussing on IAM Security to join their ranks. The organisation is very well known in their world and offers strong benefits and hybrid working, as well as shares in the company, split over 4 years. The role responsibilities: You'll play a big role in architecting and designing the organisations' zero trust IAM infrastructure and policies, as well as guiding the strategy behind how they secure their global workforce. You'll work across IT and Security to define, design, and integrate. Some of the main elements of your roles, in the clients' words: Lead the design and implementation of enterprise Zero Trust IAM architecture across AD, Entra ID, SSO, MFA, PAM, and PKI. Create and maintain Zero Trust IAM security roadmaps, patterns, and reference designs. Supporting and partner with IT, GRC, and Engineering teams to ensure compliance and security standard processes. Evaluate and integrate new identity tools, authentication platforms and access capabilities. Drive continuous improvement through risk assessments, threat modelling, and automation. You will need: Whilst the business is looking for the below, a big part of what they're also looking for is the passion and desire to be at the forefront of security. You will want to keep up to date with the latest threats, you will want to find the next tool that can make a difference in an enterprise environment, you will want to push the boundaries and go outside the norm. You will be a part of a forward-thinking team, pushing to be the best around. Strong practical experience in designing and running Identity and Access Management (IAM) solutions within large-scale, complex environments. Deep knowledge of identity protocols (SAML, OAuth2, OIDC, SCIM, LDAP/AD, PKI). Strong zero-trust mindset. Expertise in at least two IAM product areas such as Okta, CyberArk, Ping, or preferably Microsoft Entra ID. Ability to define standards, partner cross-functionally (IT, GRC, Engineering), and drive risk reduction through threat modelling, compliance (NIST, ISO, GDPR), and ongoing optimisation of identity systems. Experience working with cloud identity (Azure, AWS, or GCP). What you'll get in return: This role is available for hybrid working with a typical requirement to work 2 days per week in the Cambridge office. Strong salary with decent benefits. 7% pension - employers contribution PMI and dental Shares option ( 60k+) And more! Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
Jun 13, 2026
Full time
Enterprise Architect - IAM Security Permanent - Up to 110k + strong benefits Location: Hybrid - Cambridge Your new company: A NASDAQ listed semiconductor organisation in the UK is currently looking for an Enterprise Architect focussing on IAM Security to join their ranks. The organisation is very well known in their world and offers strong benefits and hybrid working, as well as shares in the company, split over 4 years. The role responsibilities: You'll play a big role in architecting and designing the organisations' zero trust IAM infrastructure and policies, as well as guiding the strategy behind how they secure their global workforce. You'll work across IT and Security to define, design, and integrate. Some of the main elements of your roles, in the clients' words: Lead the design and implementation of enterprise Zero Trust IAM architecture across AD, Entra ID, SSO, MFA, PAM, and PKI. Create and maintain Zero Trust IAM security roadmaps, patterns, and reference designs. Supporting and partner with IT, GRC, and Engineering teams to ensure compliance and security standard processes. Evaluate and integrate new identity tools, authentication platforms and access capabilities. Drive continuous improvement through risk assessments, threat modelling, and automation. You will need: Whilst the business is looking for the below, a big part of what they're also looking for is the passion and desire to be at the forefront of security. You will want to keep up to date with the latest threats, you will want to find the next tool that can make a difference in an enterprise environment, you will want to push the boundaries and go outside the norm. You will be a part of a forward-thinking team, pushing to be the best around. Strong practical experience in designing and running Identity and Access Management (IAM) solutions within large-scale, complex environments. Deep knowledge of identity protocols (SAML, OAuth2, OIDC, SCIM, LDAP/AD, PKI). Strong zero-trust mindset. Expertise in at least two IAM product areas such as Okta, CyberArk, Ping, or preferably Microsoft Entra ID. Ability to define standards, partner cross-functionally (IT, GRC, Engineering), and drive risk reduction through threat modelling, compliance (NIST, ISO, GDPR), and ongoing optimisation of identity systems. Experience working with cloud identity (Azure, AWS, or GCP). What you'll get in return: This role is available for hybrid working with a typical requirement to work 2 days per week in the Cambridge office. Strong salary with decent benefits. 7% pension - employers contribution PMI and dental Shares option ( 60k+) And more! Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
The Role The Senior Security Engineer is responsible for the day-to-day operation, maintenance, and optimisation of security platforms supporting a financial services client in a regulated environment. This is a hands-on engineering role where you will ensure security tooling is fully operational, integrated, and performing as expected. You will work closely with the 24/7 Security Analyst team, supporting investigations, resolving platform issues, and driving improvements across detection and response capabilities. This role is client-aligned with 3 days onsite in London . Key Responsibilities Maintain and configure security platforms including SIEM, XDR/EDR, vulnerability and cloud security tooling Perform lifecycle activities including patching, upgrades, and configuration changes Ensure security platforms are fully integrated across on-prem and cloud environments Monitor platform health, performance, and availability, resolving issues proactively Support service transitions, upgrades, and controlled change activities Act as escalation point for platform issues raised by the Security Analyst team Provide engineering support during complex incidents and investigations Implement platform-level changes to support incident response and remediation Support detection engineering including rule deployment, tuning, and validation Resolve data quality, alerting, and detection gaps impacting operational effectiveness Support automation and SOAR initiatives (e.g. Sentinel, Logic Apps) Collaborate with SOC providers to maintain SIEM configuration and log ingestion Maintain accurate engineering documentation, runbooks, and platform records Ensure all platforms meet regulatory, audit, and compliance requirements Contribute to governance, reporting, and continuous improvement initiatives Experience & Knowledge Essential: Strong experience in security engineering and platform management Experience supporting SOC tooling and security operations environments Hands-on experience with Microsoft Defender and Microsoft Sentinel Strong understanding of SIEM, XDR, and security platform integrations Experience in hybrid (on-prem and cloud) environments Strong troubleshooting skills across platforms, integrations, and data pipelines Experience with scripting/automation (PowerShell, Python or similar) Strong understanding of networking, cloud, and infrastructure fundamentals Experience in regulated environments (e.g. financial services) Strong documentation and communication skills Desirable: Experience with vulnerability and scanning tools (e.g. Qualys) Familiarity with exposure management and BAS tools (XM Cyber, AttackIQ) Knowledge of DLP, email security, and cloud security platforms Awareness of PAM and data security tools (e.g. CyberArk, Varonis)
Jun 12, 2026
Full time
The Role The Senior Security Engineer is responsible for the day-to-day operation, maintenance, and optimisation of security platforms supporting a financial services client in a regulated environment. This is a hands-on engineering role where you will ensure security tooling is fully operational, integrated, and performing as expected. You will work closely with the 24/7 Security Analyst team, supporting investigations, resolving platform issues, and driving improvements across detection and response capabilities. This role is client-aligned with 3 days onsite in London . Key Responsibilities Maintain and configure security platforms including SIEM, XDR/EDR, vulnerability and cloud security tooling Perform lifecycle activities including patching, upgrades, and configuration changes Ensure security platforms are fully integrated across on-prem and cloud environments Monitor platform health, performance, and availability, resolving issues proactively Support service transitions, upgrades, and controlled change activities Act as escalation point for platform issues raised by the Security Analyst team Provide engineering support during complex incidents and investigations Implement platform-level changes to support incident response and remediation Support detection engineering including rule deployment, tuning, and validation Resolve data quality, alerting, and detection gaps impacting operational effectiveness Support automation and SOAR initiatives (e.g. Sentinel, Logic Apps) Collaborate with SOC providers to maintain SIEM configuration and log ingestion Maintain accurate engineering documentation, runbooks, and platform records Ensure all platforms meet regulatory, audit, and compliance requirements Contribute to governance, reporting, and continuous improvement initiatives Experience & Knowledge Essential: Strong experience in security engineering and platform management Experience supporting SOC tooling and security operations environments Hands-on experience with Microsoft Defender and Microsoft Sentinel Strong understanding of SIEM, XDR, and security platform integrations Experience in hybrid (on-prem and cloud) environments Strong troubleshooting skills across platforms, integrations, and data pipelines Experience with scripting/automation (PowerShell, Python or similar) Strong understanding of networking, cloud, and infrastructure fundamentals Experience in regulated environments (e.g. financial services) Strong documentation and communication skills Desirable: Experience with vulnerability and scanning tools (e.g. Qualys) Familiarity with exposure management and BAS tools (XM Cyber, AttackIQ) Knowledge of DLP, email security, and cloud security platforms Awareness of PAM and data security tools (e.g. CyberArk, Varonis)
The Identity & Platform Engineer is responsible for designing, implementing and operating the core platform services that provide: Kubernetes platform services Sovereign identity management Federation and authentication services Privileged access management Secrets management Customer identity integration Platform security and governance The successful candidate will play a key role in delivering a Zero Trust, sovereign cloud platform built around: FreeIPA, Teleport, authentic, Bitwarden, Kubernetes. Key Responsibilities: Identity & Access Management Engineering: Design, implement and operate the sovereign identity platform supporting workforce, administrative and customer identity domains. Implement and maintain FreeIPA as the authoritative administrative identity platform. Deploy, configure and operate authentik for customer federation, SAML and OIDC integration. Implement and maintain Teleport as the privileged access management platform. Design and maintain RBAC models across Kubernetes, Rafay and supporting platform services. Integrate phishing-resistant MFA technologies including WebAuthn and FIDO2 security keys. Implement identity life cycle management processes including onboarding, access reviews and deprovisioning. Support customer identity federation onboarding and integration activities. Contribute to the ongoing evolution of the platform's Zero Trust architecture Security, Governance & Zero Trust: Implement Zero Trust security controls across platform services. Design and maintain Kubernetes RBAC and tenant isolation controls. Implement privileged access governance using Teleport. Maintain audit logging, compliance evidence collection and security monitoring capabilities. Support security reviews, threat modelling and risk assessments. Implement security hardening standards across Kubernetes, Linux and supporting infrastructure. Participate in security incident response and root cause analysis activities. Maintain compliance with security and governance requirements Secrets & Certificate Management: Operate Bitwarden and Bitwarden Secrets Manager platforms. Manage operational credentials, API keys and automation secrets. Implement secure secret distribution patterns for platform and application workloads. Support certificate life cycle management and PKI integration. Maintain operational processes for break-glass credential governance and recovery. Required Experience & Skills: Hands-on experience operating production Kubernetes environments. Soild Linux systems administration and troubleshooting experience. Knowledge designing and operating Identity and Access Management (IAM) solutions Experience with LDAP, Kerberos, SAML and OpenID Connect (OIDC). Previous experience implementing authentication, federation and RBAC solutions. Skilled in operating infrastructure and platform security services. Experience with Infrastructure as Code and automation tooling. Knowledge implementing monitoring, logging and observability solutions. Soild understanding of Zero Trust security principles. Experience with GitOps practices and cloud-native operational models. Proven incident management and root cause analysis experience. One or more would be an advantage Prior experience with FreeIPA or enterprise directory services. Experience with authentik, Keycloak or similar federation platforms. Knowledge with Teleport, CyberArk or other privileged access management technologies. Experience with Bitwarden, Vault or secrets management platforms. Knowledge operating GPU-enabled Kubernetes environments. Previously supported AI, HPC or large-scale compute platforms. Experience implementing PKI and certificate management solutions. Kubernetes multi-tenancy and platform security experience. Sovereign, regulated or highly secure environments exposure. Familiarity with SOC2, ISO27001, NCSC or equivalent security frameworks. Background in Platform Engineering, DevOps or Site Reliability Engineering
Jun 12, 2026
Contractor
The Identity & Platform Engineer is responsible for designing, implementing and operating the core platform services that provide: Kubernetes platform services Sovereign identity management Federation and authentication services Privileged access management Secrets management Customer identity integration Platform security and governance The successful candidate will play a key role in delivering a Zero Trust, sovereign cloud platform built around: FreeIPA, Teleport, authentic, Bitwarden, Kubernetes. Key Responsibilities: Identity & Access Management Engineering: Design, implement and operate the sovereign identity platform supporting workforce, administrative and customer identity domains. Implement and maintain FreeIPA as the authoritative administrative identity platform. Deploy, configure and operate authentik for customer federation, SAML and OIDC integration. Implement and maintain Teleport as the privileged access management platform. Design and maintain RBAC models across Kubernetes, Rafay and supporting platform services. Integrate phishing-resistant MFA technologies including WebAuthn and FIDO2 security keys. Implement identity life cycle management processes including onboarding, access reviews and deprovisioning. Support customer identity federation onboarding and integration activities. Contribute to the ongoing evolution of the platform's Zero Trust architecture Security, Governance & Zero Trust: Implement Zero Trust security controls across platform services. Design and maintain Kubernetes RBAC and tenant isolation controls. Implement privileged access governance using Teleport. Maintain audit logging, compliance evidence collection and security monitoring capabilities. Support security reviews, threat modelling and risk assessments. Implement security hardening standards across Kubernetes, Linux and supporting infrastructure. Participate in security incident response and root cause analysis activities. Maintain compliance with security and governance requirements Secrets & Certificate Management: Operate Bitwarden and Bitwarden Secrets Manager platforms. Manage operational credentials, API keys and automation secrets. Implement secure secret distribution patterns for platform and application workloads. Support certificate life cycle management and PKI integration. Maintain operational processes for break-glass credential governance and recovery. Required Experience & Skills: Hands-on experience operating production Kubernetes environments. Soild Linux systems administration and troubleshooting experience. Knowledge designing and operating Identity and Access Management (IAM) solutions Experience with LDAP, Kerberos, SAML and OpenID Connect (OIDC). Previous experience implementing authentication, federation and RBAC solutions. Skilled in operating infrastructure and platform security services. Experience with Infrastructure as Code and automation tooling. Knowledge implementing monitoring, logging and observability solutions. Soild understanding of Zero Trust security principles. Experience with GitOps practices and cloud-native operational models. Proven incident management and root cause analysis experience. One or more would be an advantage Prior experience with FreeIPA or enterprise directory services. Experience with authentik, Keycloak or similar federation platforms. Knowledge with Teleport, CyberArk or other privileged access management technologies. Experience with Bitwarden, Vault or secrets management platforms. Knowledge operating GPU-enabled Kubernetes environments. Previously supported AI, HPC or large-scale compute platforms. Experience implementing PKI and certificate management solutions. Kubernetes multi-tenancy and platform security experience. Sovereign, regulated or highly secure environments exposure. Familiarity with SOC2, ISO27001, NCSC or equivalent security frameworks. Background in Platform Engineering, DevOps or Site Reliability Engineering
SailPoint IAM Engineer Position: SailPoint IAM Engineer (Contract) Location: Mainly remote with some travel to a location on the South West Contract Type: Contract Duration: 6-12 Months Clearance: Current SC clearance Overview We are seeking an experienced SailPoint IAM Engineer Contractor to support the design, implementation, and enhancement of enterprise Identity Governance & Administration (IGA) capabilities across complex hybrid environments. The role will focus primarily on SailPoint IdentityIQ (IIQ) and Identity Security Cloud (ISC), delivering identity life cycle management, access governance, application onboarding, and integration capabilities across cloud and on-premise platforms. This is a hands-on technical delivery role suited to candidates with strong implementation and integration experience within large enterprise IAM programmes. Experience with Privileged Access Management (PAM) technologies such as CyberArk is desirable but not essential. Key Responsibilities Design, configure, and support SailPoint IIQ and ISC solutions Implement and enhance Joiner/Mover/Leaver (JML) processes Develop and support provisioning workflows, access requests, and certification campaigns Configure application onboarding and connector integrations Support RBAC and access governance initiatives Integrate SailPoint with enterprise applications, directories, HR systems, and cloud platforms Collaborate with security, infrastructure, and application teams to resolve IAM-related issues Support audit, compliance, and governance requirements Produce technical documentation and implementation artefacts Contribute to ongoing IAM transformation and optimisation initiatives Essential Skills & Experience Strong hands-on experience with SailPoint IdentityIQ (IIQ) and/or Identity Security Cloud (ISC) Proven delivery experience within enterprise IAM/IGA programmes Strong understanding of: o Identity Governance & Administration (IGA) o RBAC o Least Privilege o Segregation of Duties (SoD) o Identity life cycle management Experience configuring: o Access requests o Approval workflows o Certifications/recertifications o Provisioning integrations o Application connectors Experience integrating SailPoint with: o Microsoft Entra ID/Azure AD o LDAP/Active Directory o HR platforms o SaaS and cloud applications Strong Scripting and automation skills: o PowerShell o APIs o Java/BeanShell Experience working in hybrid cloud environments Desirable Skills Experience with CyberArk or other PAM technologies Experience with SailPoint ISC migrations or hybrid IIQ/ISC environments Experience across Azure, AWS, or GCP Understanding of Zero Trust security principles SailPoint certifications Security certifications such as SC-300, CISSP, or CCSP Ideal Candidate Strong communicator with proven stakeholder engagement skills Able to work independently within fast-paced project environments Delivery-focused with strong troubleshooting and integration capabilities Experience working within enterprise-scale or regulated environments preferred
Jun 12, 2026
Contractor
SailPoint IAM Engineer Position: SailPoint IAM Engineer (Contract) Location: Mainly remote with some travel to a location on the South West Contract Type: Contract Duration: 6-12 Months Clearance: Current SC clearance Overview We are seeking an experienced SailPoint IAM Engineer Contractor to support the design, implementation, and enhancement of enterprise Identity Governance & Administration (IGA) capabilities across complex hybrid environments. The role will focus primarily on SailPoint IdentityIQ (IIQ) and Identity Security Cloud (ISC), delivering identity life cycle management, access governance, application onboarding, and integration capabilities across cloud and on-premise platforms. This is a hands-on technical delivery role suited to candidates with strong implementation and integration experience within large enterprise IAM programmes. Experience with Privileged Access Management (PAM) technologies such as CyberArk is desirable but not essential. Key Responsibilities Design, configure, and support SailPoint IIQ and ISC solutions Implement and enhance Joiner/Mover/Leaver (JML) processes Develop and support provisioning workflows, access requests, and certification campaigns Configure application onboarding and connector integrations Support RBAC and access governance initiatives Integrate SailPoint with enterprise applications, directories, HR systems, and cloud platforms Collaborate with security, infrastructure, and application teams to resolve IAM-related issues Support audit, compliance, and governance requirements Produce technical documentation and implementation artefacts Contribute to ongoing IAM transformation and optimisation initiatives Essential Skills & Experience Strong hands-on experience with SailPoint IdentityIQ (IIQ) and/or Identity Security Cloud (ISC) Proven delivery experience within enterprise IAM/IGA programmes Strong understanding of: o Identity Governance & Administration (IGA) o RBAC o Least Privilege o Segregation of Duties (SoD) o Identity life cycle management Experience configuring: o Access requests o Approval workflows o Certifications/recertifications o Provisioning integrations o Application connectors Experience integrating SailPoint with: o Microsoft Entra ID/Azure AD o LDAP/Active Directory o HR platforms o SaaS and cloud applications Strong Scripting and automation skills: o PowerShell o APIs o Java/BeanShell Experience working in hybrid cloud environments Desirable Skills Experience with CyberArk or other PAM technologies Experience with SailPoint ISC migrations or hybrid IIQ/ISC environments Experience across Azure, AWS, or GCP Understanding of Zero Trust security principles SailPoint certifications Security certifications such as SC-300, CISSP, or CCSP Ideal Candidate Strong communicator with proven stakeholder engagement skills Able to work independently within fast-paced project environments Delivery-focused with strong troubleshooting and integration capabilities Experience working within enterprise-scale or regulated environments preferred
SailPoint IAM Engineer - SC Cleared Rate: £550 - £600 a day Location: Mainly remote with some travel to a location on the South West Duration: 6-12 months (Initial) Clearance: Current SC clearance You will join a global IT consultancy, delivering digital transformation to a public sector body. As a SailPoint IAM Engineer Contractor you will support the design, implementation, and enhancement of enterprise Identity Governance & Administration (IGA) capabilities across complex hybrid environments. The role will focus primarily on SailPoint IdentityIQ (IIQ) and Identity Security Cloud (ISC), delivering identity life cycle management, access governance, application onboarding, and integration capabilities across cloud and on-premise platforms. This is a hands-on technical delivery role suited to candidates with strong implementation and integration experience within large enterprise IAM programmes. Experience with Privileged Access Management (PAM) technologies such as CyberArk is desirable but not essential. Key Responsibilities Design, configure, and support SailPoint IIQ and ISC solutions Implement and enhance Joiner/Mover/Leaver (JML) processes Develop and support provisioning workflows, access requests, and certification campaigns Configure application onboarding and connector integrations Support RBAC and access governance initiatives Integrate SailPoint with enterprise applications, directories, HR systems, and cloud platforms Collaborate with security, infrastructure, and application teams to resolve IAM-related issues Support audit, compliance, and governance requirements Produce technical documentation and implementation artefacts Contribute to ongoing IAM transformation and optimisation initiatives Essential Skills & Experience Strong hands-on experience with SailPoint IdentityIQ (IIQ) and/or Identity Security Cloud (ISC) Proven delivery experience within enterprise IAM/IGA programmes Strong understanding of: Identity Governance & Administration (IGA) RBAC Least Privilege Segregation of Duties (SoD) Identity life cycle management Experience configuring: Access requests Approval workflows Certifications/recertifications Provisioning integrations Application connectors Experience integrating SailPoint with: Microsoft Entra ID/Azure AD LDAP/Active Directory HR platforms SaaS and cloud applications Strong Scripting and automation skills: PowerShell APIs Java/BeanShell Experience working in hybrid cloud environments
Jun 11, 2026
Contractor
SailPoint IAM Engineer - SC Cleared Rate: £550 - £600 a day Location: Mainly remote with some travel to a location on the South West Duration: 6-12 months (Initial) Clearance: Current SC clearance You will join a global IT consultancy, delivering digital transformation to a public sector body. As a SailPoint IAM Engineer Contractor you will support the design, implementation, and enhancement of enterprise Identity Governance & Administration (IGA) capabilities across complex hybrid environments. The role will focus primarily on SailPoint IdentityIQ (IIQ) and Identity Security Cloud (ISC), delivering identity life cycle management, access governance, application onboarding, and integration capabilities across cloud and on-premise platforms. This is a hands-on technical delivery role suited to candidates with strong implementation and integration experience within large enterprise IAM programmes. Experience with Privileged Access Management (PAM) technologies such as CyberArk is desirable but not essential. Key Responsibilities Design, configure, and support SailPoint IIQ and ISC solutions Implement and enhance Joiner/Mover/Leaver (JML) processes Develop and support provisioning workflows, access requests, and certification campaigns Configure application onboarding and connector integrations Support RBAC and access governance initiatives Integrate SailPoint with enterprise applications, directories, HR systems, and cloud platforms Collaborate with security, infrastructure, and application teams to resolve IAM-related issues Support audit, compliance, and governance requirements Produce technical documentation and implementation artefacts Contribute to ongoing IAM transformation and optimisation initiatives Essential Skills & Experience Strong hands-on experience with SailPoint IdentityIQ (IIQ) and/or Identity Security Cloud (ISC) Proven delivery experience within enterprise IAM/IGA programmes Strong understanding of: Identity Governance & Administration (IGA) RBAC Least Privilege Segregation of Duties (SoD) Identity life cycle management Experience configuring: Access requests Approval workflows Certifications/recertifications Provisioning integrations Application connectors Experience integrating SailPoint with: Microsoft Entra ID/Azure AD LDAP/Active Directory HR platforms SaaS and cloud applications Strong Scripting and automation skills: PowerShell APIs Java/BeanShell Experience working in hybrid cloud environments
Robert Half Technology are assisting a market leading financial services organisation to recruit a CyberArk SME on a contract basis. Hybrid working - London based (1 day per week onsite). June 2026 start through to the end of 2026. Role The CyberArk SME will plan, test, and implement major CyberArk platform releases and upgrades, including annual version upgrades (e.g. 14.x to 15.x). Plan, test, and implement monthly operating system patching for CyberArk Vault servers in line with internal patching schedules. Test and coordinate monthly patching activities across CyberArk underlying infrastructure with internal infrastructure and patching teams. Deploy CyberArk security patches to remediate critical vulnerabilities identified in CyberArk advisories. Maintain existing CyberArk integrations including SCIM integration with Saviynt and telemetry integration with Power BI. Support and maintain existing deployed CyberArk connectors and collaborate with permanent teams to deliver configuration changes and onboarding activities. Create up to 10 custom CPM and PSM connectors annually to support new platforms and applications. Drive the adoption and embeddedness of CyberArk controls across the organisation. Utilise CyberArk Discovery, PTA, Splunk dashboards, CrowdStrike, Saviynt and other repositories to identify privileged accounts not currently under CyberArk management. Produce monthly metrics and reporting covering privileged account coverage across CMDB assets, Active Directory, and LDAP environments. Drive BAU onboarding activities to close identified gaps across existing platform types. Create detailed technical documentation including HLDs, LLDs, Safe Design documents, Runbooks, Test Plans and BAU handover documentation. Deploy and integrate CyberArk CP/CCP platforms into pre-production and production environments. Install and configure CP agents on PoC and candidate servers. Define and deploy processes for end-to-end SSH key lifecycle management including rotation. Create and manage Safes, Platforms and application authentication configurations within CyberArk. Conduct discovery and assessment activities for application service accounts, SSH keys, certificates, and secrets across production and pre-production environments. Define remediation and treatment plans for secrets management including CP/CCP adoption, PKI, mTLS and SPIFFE approaches. Deliver monitoring, hypercare, prioritisation, and remediation planning activities for secrets onboarding initiatives. Profile The CyberArk SME will have strong experience administering and engineering CyberArk PAM solutions within enterprise-scale environments. Expert-level knowledge of CyberArk components including Vault, CPM, PSM, CP, CCP, PTA and Discovery. Experience planning and delivering CyberArk upgrades, patching, and vulnerability remediation activities. Strong understanding of privileged access management, secrets management, SSH key management, and certificate-based authentication. Experience integrating CyberArk with enterprise tooling including Saviynt, Splunk, CrowdStrike, Power BI, Active Directory and LDAP. Proven experience creating custom CPM and PSM connectors. Strong knowledge of Linux and Windows server administration and infrastructure patching processes. Experience producing technical documentation including HLDs, LLDs, test plans and operational runbooks. Excellent stakeholder engagement and communication skills with the ability to collaborate across technical and business teams. CyberArk Sentry certification or above highly desirable. Company Market leading financial services organisation with offices in London Hybrid working - 1 day per week onsite Salary & Benefits The salary range/rates of pay is dependent upon your experience, qualifications or training. Robert Half Ltd acts as an employment business for temporary positions and an employment agency for permanent positions. Robert Half is committed to diversity, equity and inclusion. Suitable candidates with equivalent qualifications and more or less experience can apply. Rates of pay and salary ranges are dependent upon your experience, qualifications and training. If you wish to apply, please read our Privacy Notice describing how we may process, disclose and store your personal data:
Jun 11, 2026
Contractor
Robert Half Technology are assisting a market leading financial services organisation to recruit a CyberArk SME on a contract basis. Hybrid working - London based (1 day per week onsite). June 2026 start through to the end of 2026. Role The CyberArk SME will plan, test, and implement major CyberArk platform releases and upgrades, including annual version upgrades (e.g. 14.x to 15.x). Plan, test, and implement monthly operating system patching for CyberArk Vault servers in line with internal patching schedules. Test and coordinate monthly patching activities across CyberArk underlying infrastructure with internal infrastructure and patching teams. Deploy CyberArk security patches to remediate critical vulnerabilities identified in CyberArk advisories. Maintain existing CyberArk integrations including SCIM integration with Saviynt and telemetry integration with Power BI. Support and maintain existing deployed CyberArk connectors and collaborate with permanent teams to deliver configuration changes and onboarding activities. Create up to 10 custom CPM and PSM connectors annually to support new platforms and applications. Drive the adoption and embeddedness of CyberArk controls across the organisation. Utilise CyberArk Discovery, PTA, Splunk dashboards, CrowdStrike, Saviynt and other repositories to identify privileged accounts not currently under CyberArk management. Produce monthly metrics and reporting covering privileged account coverage across CMDB assets, Active Directory, and LDAP environments. Drive BAU onboarding activities to close identified gaps across existing platform types. Create detailed technical documentation including HLDs, LLDs, Safe Design documents, Runbooks, Test Plans and BAU handover documentation. Deploy and integrate CyberArk CP/CCP platforms into pre-production and production environments. Install and configure CP agents on PoC and candidate servers. Define and deploy processes for end-to-end SSH key lifecycle management including rotation. Create and manage Safes, Platforms and application authentication configurations within CyberArk. Conduct discovery and assessment activities for application service accounts, SSH keys, certificates, and secrets across production and pre-production environments. Define remediation and treatment plans for secrets management including CP/CCP adoption, PKI, mTLS and SPIFFE approaches. Deliver monitoring, hypercare, prioritisation, and remediation planning activities for secrets onboarding initiatives. Profile The CyberArk SME will have strong experience administering and engineering CyberArk PAM solutions within enterprise-scale environments. Expert-level knowledge of CyberArk components including Vault, CPM, PSM, CP, CCP, PTA and Discovery. Experience planning and delivering CyberArk upgrades, patching, and vulnerability remediation activities. Strong understanding of privileged access management, secrets management, SSH key management, and certificate-based authentication. Experience integrating CyberArk with enterprise tooling including Saviynt, Splunk, CrowdStrike, Power BI, Active Directory and LDAP. Proven experience creating custom CPM and PSM connectors. Strong knowledge of Linux and Windows server administration and infrastructure patching processes. Experience producing technical documentation including HLDs, LLDs, test plans and operational runbooks. Excellent stakeholder engagement and communication skills with the ability to collaborate across technical and business teams. CyberArk Sentry certification or above highly desirable. Company Market leading financial services organisation with offices in London Hybrid working - 1 day per week onsite Salary & Benefits The salary range/rates of pay is dependent upon your experience, qualifications or training. Robert Half Ltd acts as an employment business for temporary positions and an employment agency for permanent positions. Robert Half is committed to diversity, equity and inclusion. Suitable candidates with equivalent qualifications and more or less experience can apply. Rates of pay and salary ranges are dependent upon your experience, qualifications and training. If you wish to apply, please read our Privacy Notice describing how we may process, disclose and store your personal data:
CyberArk Secret Manager Engineer (AAM) (Freelance Contract) - CISO / IDAM Hybrid Europe Hybrid - 8 days per month onsite Offices: Brussels, London, Amsterdam, or Paris Contract Type Freelance / Contract Overview We are supporting a leading global financial market infrastructure organisation within their CISO division , currently undergoing a major Privileged Access Management (PAM) transformation . As part of this initiative, they are deploying CyberArk Secret Manager (Application Access Manager - AAM) across a complex enterprise environment. This is a hands-on, delivery-focused role where you will take ownership of the end-to-end deployment, configuration, and integration of CyberArk Secret Manager components across both on-prem and cloud environments. Key Responsibilities Deploy, configure, and integrate CyberArk Secret Manager (AAM) components: Credential Provider (CP) Central Credential Provider (CCP) Application Service Credential Provider (ASCP) Design and implement solutions for secure management of service and application accounts Integrate CyberArk with applications, middleware, databases, and enterprise systems Configure and manage Safes, platforms, and access control policies Ensure adherence to the principle of least privilege Automate processes using PowerShell, Bash, REST APIs, and Ansible Troubleshoot and resolve complex integration and authentication issues Collaborate with application and infrastructure teams to enable secure-by-design practices Produce technical documentation , including architecture diagrams and runbooks Required Experience Strong hands-on experience with CyberArk Secret Manager / AAM Proven experience implementing: CP, CCP, and ASCP components Solid background in CyberArk PAM administration : Safes, platforms, permissions, onboarding Experience integrating CyberArk with enterprise applications and systems Strong scripting and automation skills ( PowerShell, Bash, REST APIs ) Experience with Ansible automation Good understanding of Windows and Linux environments Solid knowledge of networking and security fundamentals Key Attributes Able to work independently and take ownership of deliverables Strong problem-solving and troubleshooting skills Comfortable working in a fast-paced, project-driven environment Excellent communication and stakeholder engagement skills Why Apply? Work on a large-scale CyberArk Secret Manager deployment Be part of a high-performing CISO / IDAM team Exposure to complex enterprise and financial services environments Flexible hybrid working model across multiple European locations Opportunity to drive automation and modern PAM practices Rates depend on experience and client requirements
Jun 10, 2026
Contractor
CyberArk Secret Manager Engineer (AAM) (Freelance Contract) - CISO / IDAM Hybrid Europe Hybrid - 8 days per month onsite Offices: Brussels, London, Amsterdam, or Paris Contract Type Freelance / Contract Overview We are supporting a leading global financial market infrastructure organisation within their CISO division , currently undergoing a major Privileged Access Management (PAM) transformation . As part of this initiative, they are deploying CyberArk Secret Manager (Application Access Manager - AAM) across a complex enterprise environment. This is a hands-on, delivery-focused role where you will take ownership of the end-to-end deployment, configuration, and integration of CyberArk Secret Manager components across both on-prem and cloud environments. Key Responsibilities Deploy, configure, and integrate CyberArk Secret Manager (AAM) components: Credential Provider (CP) Central Credential Provider (CCP) Application Service Credential Provider (ASCP) Design and implement solutions for secure management of service and application accounts Integrate CyberArk with applications, middleware, databases, and enterprise systems Configure and manage Safes, platforms, and access control policies Ensure adherence to the principle of least privilege Automate processes using PowerShell, Bash, REST APIs, and Ansible Troubleshoot and resolve complex integration and authentication issues Collaborate with application and infrastructure teams to enable secure-by-design practices Produce technical documentation , including architecture diagrams and runbooks Required Experience Strong hands-on experience with CyberArk Secret Manager / AAM Proven experience implementing: CP, CCP, and ASCP components Solid background in CyberArk PAM administration : Safes, platforms, permissions, onboarding Experience integrating CyberArk with enterprise applications and systems Strong scripting and automation skills ( PowerShell, Bash, REST APIs ) Experience with Ansible automation Good understanding of Windows and Linux environments Solid knowledge of networking and security fundamentals Key Attributes Able to work independently and take ownership of deliverables Strong problem-solving and troubleshooting skills Comfortable working in a fast-paced, project-driven environment Excellent communication and stakeholder engagement skills Why Apply? Work on a large-scale CyberArk Secret Manager deployment Be part of a high-performing CISO / IDAM team Exposure to complex enterprise and financial services environments Flexible hybrid working model across multiple European locations Opportunity to drive automation and modern PAM practices Rates depend on experience and client requirements
Location: London (City) - (4 days office/1 remote) Salary: £75,000 - £85,000 + annual discretionary bonus Hours: 11am-7pm (fixed shift) About the firm Our client is a leading global law firm with world-class offices in the heart of the City. The firm has recently moved into a brand-new building offering outstanding facilities, including free breakfast, lunch and dinner, a fully equipped on-site gym, and a modern, collaborative working environment. The opportunity This is a new role within the EMEA Identity & Access Management team, supporting a global user base and working closely with teams in the US and APAC. The position offers a mix of hands-on BAU operations and project delivery focused on improving automation, access controls and privileged account management across the firm's enterprise environment. You'll work alongside experienced IAM engineers to maintain and enhance the firm's Microsoft identity platforms, supporting the joiner-mover-leaver lifecycle and driving continuous improvement in identity security and governance. Key responsibilities Manage and maintain Active Directory, Azure/Entra ID and M365 identity services Support and enhance the firm's PAM platform (Delinea) - experience with CyberArk or BeyondTrust also welcome Administer PIM, Conditional Access and MFA policies across the Entra environment Develop and maintain PowerShell scripts for automation and reporting Collaborate with global IAM and Infrastructure teams on projects and incident resolution Ensure access governance, compliance and audit requirements are met across systems Contribute to roadmap development and platform improvements within the EMEA region What we're looking for Strong hands-on experience with Active Directory and Azure/Entra ID administration Knowledge of PAM solutions such as Delinea, CyberArk or BeyondTrust Good understanding of M365, Intune and identity security principles Confident using PowerShell for automation and troubleshooting Familiarity with PIM, MFA and Conditional Access Experience working in large, global or professional services environments Collaborative mindset and a genuine interest in identity security What's on offer Salary up to £85,000 depending on experience Annual discretionary bonus On-site working (4 days office/1 remote) Free breakfast, lunch and dinner each day Free on-site gym Excellent benefits package Genuine career progression - clear path to Senior Engineer or IAM Architect as the team expands If you're an experienced IAM or Infrastructure Engineer looking to step into a global role with a strong Microsoft and PAM focus, we'd love to hear from you. Please apply with your CV
Oct 08, 2025
Full time
Location: London (City) - (4 days office/1 remote) Salary: £75,000 - £85,000 + annual discretionary bonus Hours: 11am-7pm (fixed shift) About the firm Our client is a leading global law firm with world-class offices in the heart of the City. The firm has recently moved into a brand-new building offering outstanding facilities, including free breakfast, lunch and dinner, a fully equipped on-site gym, and a modern, collaborative working environment. The opportunity This is a new role within the EMEA Identity & Access Management team, supporting a global user base and working closely with teams in the US and APAC. The position offers a mix of hands-on BAU operations and project delivery focused on improving automation, access controls and privileged account management across the firm's enterprise environment. You'll work alongside experienced IAM engineers to maintain and enhance the firm's Microsoft identity platforms, supporting the joiner-mover-leaver lifecycle and driving continuous improvement in identity security and governance. Key responsibilities Manage and maintain Active Directory, Azure/Entra ID and M365 identity services Support and enhance the firm's PAM platform (Delinea) - experience with CyberArk or BeyondTrust also welcome Administer PIM, Conditional Access and MFA policies across the Entra environment Develop and maintain PowerShell scripts for automation and reporting Collaborate with global IAM and Infrastructure teams on projects and incident resolution Ensure access governance, compliance and audit requirements are met across systems Contribute to roadmap development and platform improvements within the EMEA region What we're looking for Strong hands-on experience with Active Directory and Azure/Entra ID administration Knowledge of PAM solutions such as Delinea, CyberArk or BeyondTrust Good understanding of M365, Intune and identity security principles Confident using PowerShell for automation and troubleshooting Familiarity with PIM, MFA and Conditional Access Experience working in large, global or professional services environments Collaborative mindset and a genuine interest in identity security What's on offer Salary up to £85,000 depending on experience Annual discretionary bonus On-site working (4 days office/1 remote) Free breakfast, lunch and dinner each day Free on-site gym Excellent benefits package Genuine career progression - clear path to Senior Engineer or IAM Architect as the team expands If you're an experienced IAM or Infrastructure Engineer looking to step into a global role with a strong Microsoft and PAM focus, we'd love to hear from you. Please apply with your CV
Role Title: PAM Engineer Location: Wokingham (Hybrid) Duration: 4 Months Rate: £505p/d max via Umbrella Clearance: Either hold or be eligible for SC Clearance Key Responsibilities - Design, deploy, and manage PAM solutions (eg, CyberArk, BeyondTrust, Delinea) - Implement least privilege access models and enforce secure credential management - Monitor and audit privileged access activities across systems and applications - Integrate PAM tools with SIEM, IAM, and other security platforms - Develop and maintain policies, procedures, and documentation for PAM operations - Conduct regular access reviews, privilege audits, and risk assessments - Collaborate with IT, DevOps, and Security teams to ensure seamless PAM integration - Provide technical support and troubleshooting for PAM-related issues - Stay current with industry trends, threats, and best practices in access management Required Skills & Qualifications - Experience in PAM engineering or cybersecurity roles - Proficiency with PAM tools such as CyberArk, BeyondTrust, or Delinea - Strong understanding of Active Directory, LDAP, and authentication protocols - Experience with Scripting (PowerShell, Python) for automation and reporting - Familiarity with compliance frameworks (ISO 27001, NIST, GDPR) - Excellent problem-solving, communication, and documentation skills Preferred Qualifications - Relevant certifications (eg, CyberArk Defender, CISSP, CISM) - Experience in cloud environments (AWS, Azure, GCP) and hybrid infrastructures - Knowledge of DevSecOps practices and CI/CD pipeline integration
Oct 07, 2025
Contractor
Role Title: PAM Engineer Location: Wokingham (Hybrid) Duration: 4 Months Rate: £505p/d max via Umbrella Clearance: Either hold or be eligible for SC Clearance Key Responsibilities - Design, deploy, and manage PAM solutions (eg, CyberArk, BeyondTrust, Delinea) - Implement least privilege access models and enforce secure credential management - Monitor and audit privileged access activities across systems and applications - Integrate PAM tools with SIEM, IAM, and other security platforms - Develop and maintain policies, procedures, and documentation for PAM operations - Conduct regular access reviews, privilege audits, and risk assessments - Collaborate with IT, DevOps, and Security teams to ensure seamless PAM integration - Provide technical support and troubleshooting for PAM-related issues - Stay current with industry trends, threats, and best practices in access management Required Skills & Qualifications - Experience in PAM engineering or cybersecurity roles - Proficiency with PAM tools such as CyberArk, BeyondTrust, or Delinea - Strong understanding of Active Directory, LDAP, and authentication protocols - Experience with Scripting (PowerShell, Python) for automation and reporting - Familiarity with compliance frameworks (ISO 27001, NIST, GDPR) - Excellent problem-solving, communication, and documentation skills Preferred Qualifications - Relevant certifications (eg, CyberArk Defender, CISSP, CISM) - Experience in cloud environments (AWS, Azure, GCP) and hybrid infrastructures - Knowledge of DevSecOps practices and CI/CD pipeline integration
CyberArk Secret Manager Engineer | Freelance | London/Paris/Brussels/Hybrid (8 days/month onsite) Duration: 12 months Rate: Flexible Inside of IR35 We're looking for an experienced CyberArk Engineer to join Euroclear's Chief Information Security Office (CISO) within the Identity and Access Management (IDAM) team. This is a fantastic opportunity to play a key role in strengthening Euroclear's Privileged Access Management (PAM) posture by deploying and integrating CyberArk Secret Manager across a complex enterprise environment. You'll lead the end-to-end implementation of CyberArk's Application Access Manager (AAM) capabilities - including Credential Provider (CP) , Central Credential Provider (CCP) , and Application Service Credential Provider (ASCP) . Your focus will be on enabling secure, automated, and compliant management of service and functional accounts across Windows and Linux systems. Key Responsibilities: Deploy, configure, and integrate CyberArk Secret Manager/AAM components (CP, CCP, ASCP). Design credential management solutions for service accounts, ensuring high availability and compliance. Integrate CyberArk with applications, Middleware, and databases for secure credential retrieval and rotation. Automate deployments and configuration using Ansible , PowerShell , Bash , and REST APIs . Manage Safes, platforms, permissions, and onboarding in CyberArk PAM. Produce design documentation, runbooks, and integration guides. Collaborate with application and infrastructure teams to troubleshoot issues and optimise integrations. What We're Looking For: ? Proven hands-on experience with CyberArk Secret Manager/AAM (non-negotiable). ? Strong PAM administration skills - Safes, platforms, permissions. ? Windows & Linux integration experience. ? Automation experience with Ansible , Scripting (PowerShell, Bash), and APIs. ? Independent, proactive, and solutions-oriented mindset. Please do send across to me the most up to date CV to (see below) *Rates depend on experience and client requirements
Oct 06, 2025
Contractor
CyberArk Secret Manager Engineer | Freelance | London/Paris/Brussels/Hybrid (8 days/month onsite) Duration: 12 months Rate: Flexible Inside of IR35 We're looking for an experienced CyberArk Engineer to join Euroclear's Chief Information Security Office (CISO) within the Identity and Access Management (IDAM) team. This is a fantastic opportunity to play a key role in strengthening Euroclear's Privileged Access Management (PAM) posture by deploying and integrating CyberArk Secret Manager across a complex enterprise environment. You'll lead the end-to-end implementation of CyberArk's Application Access Manager (AAM) capabilities - including Credential Provider (CP) , Central Credential Provider (CCP) , and Application Service Credential Provider (ASCP) . Your focus will be on enabling secure, automated, and compliant management of service and functional accounts across Windows and Linux systems. Key Responsibilities: Deploy, configure, and integrate CyberArk Secret Manager/AAM components (CP, CCP, ASCP). Design credential management solutions for service accounts, ensuring high availability and compliance. Integrate CyberArk with applications, Middleware, and databases for secure credential retrieval and rotation. Automate deployments and configuration using Ansible , PowerShell , Bash , and REST APIs . Manage Safes, platforms, permissions, and onboarding in CyberArk PAM. Produce design documentation, runbooks, and integration guides. Collaborate with application and infrastructure teams to troubleshoot issues and optimise integrations. What We're Looking For: ? Proven hands-on experience with CyberArk Secret Manager/AAM (non-negotiable). ? Strong PAM administration skills - Safes, platforms, permissions. ? Windows & Linux integration experience. ? Automation experience with Ansible , Scripting (PowerShell, Bash), and APIs. ? Independent, proactive, and solutions-oriented mindset. Please do send across to me the most up to date CV to (see below) *Rates depend on experience and client requirements
Job Title: Lead Security Solution Architect- PAM Location: Hybrid-London, UK (Days/Week Onsite) Duration: 6months+ 550GBP/Day Inside IR35 Project Overview CLIENT is working on a strategic Identity and Access Management programme and is re-shaping the way Authentication, Federation, Privileged Access Management, Access Governance, Secrets Management and API Security is done across the bank. One of the pillars of that programe is Privileged Access Management (PAM). CLIENT is working on uplifting controls and capabilities in privileged access for the Group and introducing the strategic password vaulting solution that will enable to meet strategic requirements. We are seeking an experienced Lead Security Solution Architect that can complement an existing team of Solution Architects to progress with designs of different components of the PAM solution and other supporting systems it will need to integrate with as part of the end-to-end journey. Security Solution Architects manage end-to-end solution design and are responsible for delivering architecture design documents in line with functional and non-functional business requirements, strategies, principles, standards, and patterns. Alongside the creation of high-level designs, Security Solution Architects will be required to record key decisions, design deviations, and technical risks and issues where appropriate. Security Solution Architects should be comfortable presenting and sharing solutions at design authorities and senior leadership & stakeholders. The Lead Security Solution Architect will provide technical thought leadership and direction to their project team and may represent the project/programme as subject matter expert. This role will require someone experienced in managing a team of on-shore and off-shore resources to deliver High- and Low-level designs to the required quality and standard. Principal Preferred Requirements Cybersecurity Expertise: Significant experience and proven technical depth within one of the following domains of cybersecurity; security operations & incident response, threat & vulnerability management, identity & access management, cryptography, infrastructure, network, application, data, cloud Broad background across information technology with the ability to communicate clearly with non-security technical SMEs at a comfortable level Experience in both operational and transformation cybersecurity roles or a clear working understanding of both perspectives Experience working in large-scale IT transformation programmes Experience working with PAM solutions such as CyberArk, Centrify, Delinea and OneIdentity Preparing end-to-end configuration of the strategic PAM capability - including on-prem deployments as well as Cloud native toolings Assisting in preparation of demonstrable journeys on the configured PAM tooling Platform & Technology: BizzDesign, Archi, or generic UML visualisation experience for high-level designs High proficiency and expertise in Jira for project & tasks management Working proficiency in Confluence for documentation Principal Accountabilities and Responsibilities Architecture & Design: Produce, manage, and update end-to-end solution designs in line with reference architecture & business requirements (including High and Low Level Designs Articulate and publish key design decision records and options to ensure all solutions follow a logical, transparent decision-making process Articulate, publish, and ensure approval of any design deviations resulting in technical debt Ensure any technical risks or issues arising from a solution design are recorded and mitigated. Produces, manages and translates the requirements into the architecture for that solution, ensuring technology and services meet the customer needs and expected business outcomes Ensures the design of the solutions are efficient, timely and cost effective throughout the project life cycle Clear understanding of both the motivations of the business and technical security Promote strong documentation and clerkship Governance: Ensures all high-level designs, architecture patterns, decision records, deviation requests, and technical risks or issue records undergo architectural and project governance processes Ensure all architecture artefacts undergo appropriate peer review prior to design authority presentation Present publications at technical design authorities for input, feedback, and approval Risk and Dependency Management: Effectively manages and escalates both technical and project risks or issues Articulates solutions and remediation steps to technical risks & issues Ability to map design decisions to resultant technical risks & issues to articulate the cause and rationale which leads to any negatively impacting change Leadership & Teamwork Provides technical thought leadership to the Design Team and the Project Ability to manage a project team of technical architects, engineers, and/or analysts Ability to take a deputised role in programme management-related tasks where necessary Qualifications & Certifications: Masters or doctorate degree in cybersecurity, computer science, software engineering, or related field CISSP/CISM certification or other broad cybersecurity industry-recognised certificate SABSA or TOGAF certified preferred Priyanka Sharma Senior Delivery Consultant
Oct 02, 2025
Contractor
Job Title: Lead Security Solution Architect- PAM Location: Hybrid-London, UK (Days/Week Onsite) Duration: 6months+ 550GBP/Day Inside IR35 Project Overview CLIENT is working on a strategic Identity and Access Management programme and is re-shaping the way Authentication, Federation, Privileged Access Management, Access Governance, Secrets Management and API Security is done across the bank. One of the pillars of that programe is Privileged Access Management (PAM). CLIENT is working on uplifting controls and capabilities in privileged access for the Group and introducing the strategic password vaulting solution that will enable to meet strategic requirements. We are seeking an experienced Lead Security Solution Architect that can complement an existing team of Solution Architects to progress with designs of different components of the PAM solution and other supporting systems it will need to integrate with as part of the end-to-end journey. Security Solution Architects manage end-to-end solution design and are responsible for delivering architecture design documents in line with functional and non-functional business requirements, strategies, principles, standards, and patterns. Alongside the creation of high-level designs, Security Solution Architects will be required to record key decisions, design deviations, and technical risks and issues where appropriate. Security Solution Architects should be comfortable presenting and sharing solutions at design authorities and senior leadership & stakeholders. The Lead Security Solution Architect will provide technical thought leadership and direction to their project team and may represent the project/programme as subject matter expert. This role will require someone experienced in managing a team of on-shore and off-shore resources to deliver High- and Low-level designs to the required quality and standard. Principal Preferred Requirements Cybersecurity Expertise: Significant experience and proven technical depth within one of the following domains of cybersecurity; security operations & incident response, threat & vulnerability management, identity & access management, cryptography, infrastructure, network, application, data, cloud Broad background across information technology with the ability to communicate clearly with non-security technical SMEs at a comfortable level Experience in both operational and transformation cybersecurity roles or a clear working understanding of both perspectives Experience working in large-scale IT transformation programmes Experience working with PAM solutions such as CyberArk, Centrify, Delinea and OneIdentity Preparing end-to-end configuration of the strategic PAM capability - including on-prem deployments as well as Cloud native toolings Assisting in preparation of demonstrable journeys on the configured PAM tooling Platform & Technology: BizzDesign, Archi, or generic UML visualisation experience for high-level designs High proficiency and expertise in Jira for project & tasks management Working proficiency in Confluence for documentation Principal Accountabilities and Responsibilities Architecture & Design: Produce, manage, and update end-to-end solution designs in line with reference architecture & business requirements (including High and Low Level Designs Articulate and publish key design decision records and options to ensure all solutions follow a logical, transparent decision-making process Articulate, publish, and ensure approval of any design deviations resulting in technical debt Ensure any technical risks or issues arising from a solution design are recorded and mitigated. Produces, manages and translates the requirements into the architecture for that solution, ensuring technology and services meet the customer needs and expected business outcomes Ensures the design of the solutions are efficient, timely and cost effective throughout the project life cycle Clear understanding of both the motivations of the business and technical security Promote strong documentation and clerkship Governance: Ensures all high-level designs, architecture patterns, decision records, deviation requests, and technical risks or issue records undergo architectural and project governance processes Ensure all architecture artefacts undergo appropriate peer review prior to design authority presentation Present publications at technical design authorities for input, feedback, and approval Risk and Dependency Management: Effectively manages and escalates both technical and project risks or issues Articulates solutions and remediation steps to technical risks & issues Ability to map design decisions to resultant technical risks & issues to articulate the cause and rationale which leads to any negatively impacting change Leadership & Teamwork Provides technical thought leadership to the Design Team and the Project Ability to manage a project team of technical architects, engineers, and/or analysts Ability to take a deputised role in programme management-related tasks where necessary Qualifications & Certifications: Masters or doctorate degree in cybersecurity, computer science, software engineering, or related field CISSP/CISM certification or other broad cybersecurity industry-recognised certificate SABSA or TOGAF certified preferred Priyanka Sharma Senior Delivery Consultant
