Outside IR35 Pay 475 a day 3 month rolling contract ECS Resource Group are currently working in partnership with a global managed service provider, assisting them with the search for a CyberArk Engineer on a contract basis. The successful candidate will be working with a Telecoms end client across various projects. Key Responsibilities Design, implement, and support enterprise CyberArk Privileged Access Management (PAM) solutions, including Vault, CPM, PSM and optional PTA components Onboard and manage privileged accounts across Windows, Linux, Unix, databases, network devices and cloud platforms (Azure, AWS, GCP) Integrate CyberArk with enterprise identity and infrastructure systems including Active Directory, Azure AD / Entra ID, LDAP and ServiceNow Develop automation scripts (PowerShell, Python, Bash) for onboarding, password rotation, health checks, and API-based integrations Provide operational support including troubleshooting PAM issues, managing upgrades/patching, incident resolution and supporting audits and compliance requirements Key Skills Strong hands-on experience with CyberArk Privileged Access Manager in enterprise environments Deep understanding of Privileged Access Management (PAM), least privilege principles, MFA and secure credential lifecycle management Experience integrating CyberArk with enterprise systems such as Active Directory, cloud platforms and database technologies Strong scripting and automation skills using PowerShell, Python and/or Bash Proven ability to troubleshoot complex infrastructure and security issues (PSM, CPM, Vault, authentication, SSL, LDAP, etc.) Further job details available upon application. ECS Recruitment Group Ltd is acting as an Employment Business in relation to this vacancy.
Jul 10, 2026
Contractor
Outside IR35 Pay 475 a day 3 month rolling contract ECS Resource Group are currently working in partnership with a global managed service provider, assisting them with the search for a CyberArk Engineer on a contract basis. The successful candidate will be working with a Telecoms end client across various projects. Key Responsibilities Design, implement, and support enterprise CyberArk Privileged Access Management (PAM) solutions, including Vault, CPM, PSM and optional PTA components Onboard and manage privileged accounts across Windows, Linux, Unix, databases, network devices and cloud platforms (Azure, AWS, GCP) Integrate CyberArk with enterprise identity and infrastructure systems including Active Directory, Azure AD / Entra ID, LDAP and ServiceNow Develop automation scripts (PowerShell, Python, Bash) for onboarding, password rotation, health checks, and API-based integrations Provide operational support including troubleshooting PAM issues, managing upgrades/patching, incident resolution and supporting audits and compliance requirements Key Skills Strong hands-on experience with CyberArk Privileged Access Manager in enterprise environments Deep understanding of Privileged Access Management (PAM), least privilege principles, MFA and secure credential lifecycle management Experience integrating CyberArk with enterprise systems such as Active Directory, cloud platforms and database technologies Strong scripting and automation skills using PowerShell, Python and/or Bash Proven ability to troubleshoot complex infrastructure and security issues (PSM, CPM, Vault, authentication, SSL, LDAP, etc.) Further job details available upon application. ECS Recruitment Group Ltd is acting as an Employment Business in relation to this vacancy.
PAM Technical Specialist - Outside IR35 - Hybrid - Security Cleared Our client is urgently looking for an experienced PAM Technical Specialist to join their team on a contract basis, initially for 6 months with a view to extend. Please note, the role is OUTSIDE IR35. This is a hybrid role, with 2-3 days per week on-site near Oxford. You will need to be either SC Cleared or BPSS, moving to SC Cleared. PAM Technical Specialist - Key Skills: Demonstrable experience in greenfield IAM/PAM implementations, preferably using Entra ID, CyberArk, BeyondTrust, or similar platforms. Proven ability to lead technical delivery while mentoring junior engineers or analysts. Experience providing technical oversight for MSPs or third-party security service providers. Demonstrable hands-on experience with Microsoft Entra ID (Azure AD), Conditional Access, and Identity Protection. Understanding of modern authentication protocols (OAuth2.0, SAML, OpenID Connect). Familiarity with SaaS security, user lifecycle management, and enterprise access models. Working knowledge of security and compliance frameworks such as CAF, ISO 27001, NIST CSF, and GDPR. Analytical and investigative skills with the ability to identify risk patterns and remediation actions. Knowledge of Privileged Identity Management (PIM), Just-In-Time (JIT) access, or PAM solutions. Strong documentation and communication skills to support audits and security reviews. Ability to obtain SC-level national security clearance PAM Technical Specialist - Outside IR35 - Hybrid - Security Cleared Due to the volume of applications received for positions, it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted. Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation We take our obligations to protect your personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website
Jul 09, 2026
Contractor
PAM Technical Specialist - Outside IR35 - Hybrid - Security Cleared Our client is urgently looking for an experienced PAM Technical Specialist to join their team on a contract basis, initially for 6 months with a view to extend. Please note, the role is OUTSIDE IR35. This is a hybrid role, with 2-3 days per week on-site near Oxford. You will need to be either SC Cleared or BPSS, moving to SC Cleared. PAM Technical Specialist - Key Skills: Demonstrable experience in greenfield IAM/PAM implementations, preferably using Entra ID, CyberArk, BeyondTrust, or similar platforms. Proven ability to lead technical delivery while mentoring junior engineers or analysts. Experience providing technical oversight for MSPs or third-party security service providers. Demonstrable hands-on experience with Microsoft Entra ID (Azure AD), Conditional Access, and Identity Protection. Understanding of modern authentication protocols (OAuth2.0, SAML, OpenID Connect). Familiarity with SaaS security, user lifecycle management, and enterprise access models. Working knowledge of security and compliance frameworks such as CAF, ISO 27001, NIST CSF, and GDPR. Analytical and investigative skills with the ability to identify risk patterns and remediation actions. Knowledge of Privileged Identity Management (PIM), Just-In-Time (JIT) access, or PAM solutions. Strong documentation and communication skills to support audits and security reviews. Ability to obtain SC-level national security clearance PAM Technical Specialist - Outside IR35 - Hybrid - Security Cleared Due to the volume of applications received for positions, it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted. Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation We take our obligations to protect your personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website
The role requires someone who can set direction with senior stakeholders, provide clear design authority, and work closely with engineering, data and service teams on detailed technical issues. This includes identity schemas, attributes, data flows, APIs, microservices, integration patterns, workflow behaviour, platform configuration and live-service supportability. The successful candidate will help ensure the platform remains stable, supportable and capable of evolving over time, while reducing avoidable complexity across processes, integrations and technical components. Key Responsibilities Architecture Leadership Own the end-to-end architecture across development, data and service support workstreams. Provide technical direction across identity workflows, life cycle processes, integrations, data flows, platform behaviour and operational supportability. Act as the senior architecture point of contact for delivery teams, service teams, suppliers and customer stakeholders. Maintain architectural coherence across live-service change, backlog delivery, technical debt reduction and roadmap activity. Ensure design decisions are pragmatic, supportable and aligned to business value. Identity Platform Architecture Lead architecture across enterprise identity and access management capabilities. Provide oversight of identity life cycle processes including onboarding, profile changes, role and access changes, recertification, leaver handling, audit and reporting. Understand complex identity integrations across directories, authoritative sources, workflow systems, cloud-hosted services and downstream platforms. Support simplification of identity journeys, data feeds, interfaces and platform components. Identify opportunities to reduce avoidable customisation and use existing platform capability where appropriate. Technical Depth and Design Ownership Understand and challenge detailed identity designs, including schemas, attributes, data models, workflow rules, provisioning logic and integration behaviour. Review APIs, data feeds, directory integrations, microservices, ETL/transformation logic and platform configuration. Work with developers, data specialists, DevOps engineers and service teams to diagnose complex issues and make practical design decisions. Provide architecture support during defect analysis, root-cause investigation, service support and backlog refinement. Move comfortably between architecture diagrams, backlog items, logs, schemas, interface specifications and implementation detail. Identify where existing components should be retained, simplified, consolidated, retired or replaced with simpler patterns. Ensure architectural decisions are technically sound, supportable in live service, and understood by the teams who need to build and run them. Platform Improvement and Roadmap Review existing platform complexity, including interfaces, microservices, custom components and integration patterns. Shape practical options for reducing complexity and improving supportability. Support API-based integration patterns where they reduce complexity and improve resilience. Work with cloud/platform specialists to identify monitoring, resilience, containerisation and operational improvement opportunities. Provide architectural input into future identity patterns, including Microsoft Entra-aligned options where appropriate. Reduce complexity without driving unnecessary re-engineering or business disruption. Service Supportability Work closely with Service Operations, L2/L3 support, Data, Dev and DevOps teams to improve ownership and reduce dependency on specialist intervention. Support the development of runbooks, operational models, support routes and knowledge-transfer material. Ensure the architecture is supportable by BAU, not just deliverable by project teams. Help distinguish between application, data, infrastructure, supplier and service-operation ownership. Support incident and problem analysis where architectural input is required. Essential Experience Strong enterprise identity and access management experience. Proven experience as a lead or senior architect on complex live platforms. Experience working in secure government, public sector or similarly regulated environments. Strong understanding of identity life cycle, access management, workflow, audit, governance and integration patterns. Demonstrable ability to work at detailed technical level across identity schemas, data flows, APIs, microservices, platform configuration and live-service support issues. Experience working across application development, data, infrastructure, service operations and supplier teams. Ability to simplify complex technical landscapes and make pragmatic architecture decisions. Strong stakeholder management and communication skills. Active SC clearance. Desirable Experience Experience with enterprise IAM platforms such as OpenText/NetIQ, SailPoint, Microsoft Entra, ForgeRock, CyberArk, Okta or similar. Microsoft Entra/Azure AD/M365 identity integration experience. AWS-hosted application or platform experience. API gateway, LDAP, directory services, data feeds and enterprise integration experience. Experience with microservices, ETL patterns, workflow engines or complex integration platforms. Experience of service transition, BAU readiness and operational handover. Experience modernising or simplifying Legacy-to-cloud services. Familiarity with secure-by-design principles, auditability and regulated-service operation. This is the most important role. Immediate start We need an established senior architect who can take ownership of architecture across the Identity service. This must be someone with real technical leadership, not a slideware/governance-only architect. They need to guide the team, take accountability and get into the detail when required. Strong enterprise IAM experience is essential. Exposure to SailPoint, Okta, NetIQ/OpenText, Microsoft Entra or similar IAM platforms would be relevant. NetIQ is useful but not a deal-breaker. The candidate must be credible with engineers, architects, data specialists, Service Operations and senior stakeholders. They should be comfortable across schemas, data flows, APIs, microservices, identity life cycle, integrations, platform configuration and live-service supportability. Look for Established senior/lead architect profile Strong enterprise IAM experience Secure government/public sector/regulated experience Technical depth across identity platforms, integrations, schemas and APIs Ability to simplify complex platforms and make pragmatic decisions Credibility with engineers and senior stakeholders
Jul 09, 2026
Full time
The role requires someone who can set direction with senior stakeholders, provide clear design authority, and work closely with engineering, data and service teams on detailed technical issues. This includes identity schemas, attributes, data flows, APIs, microservices, integration patterns, workflow behaviour, platform configuration and live-service supportability. The successful candidate will help ensure the platform remains stable, supportable and capable of evolving over time, while reducing avoidable complexity across processes, integrations and technical components. Key Responsibilities Architecture Leadership Own the end-to-end architecture across development, data and service support workstreams. Provide technical direction across identity workflows, life cycle processes, integrations, data flows, platform behaviour and operational supportability. Act as the senior architecture point of contact for delivery teams, service teams, suppliers and customer stakeholders. Maintain architectural coherence across live-service change, backlog delivery, technical debt reduction and roadmap activity. Ensure design decisions are pragmatic, supportable and aligned to business value. Identity Platform Architecture Lead architecture across enterprise identity and access management capabilities. Provide oversight of identity life cycle processes including onboarding, profile changes, role and access changes, recertification, leaver handling, audit and reporting. Understand complex identity integrations across directories, authoritative sources, workflow systems, cloud-hosted services and downstream platforms. Support simplification of identity journeys, data feeds, interfaces and platform components. Identify opportunities to reduce avoidable customisation and use existing platform capability where appropriate. Technical Depth and Design Ownership Understand and challenge detailed identity designs, including schemas, attributes, data models, workflow rules, provisioning logic and integration behaviour. Review APIs, data feeds, directory integrations, microservices, ETL/transformation logic and platform configuration. Work with developers, data specialists, DevOps engineers and service teams to diagnose complex issues and make practical design decisions. Provide architecture support during defect analysis, root-cause investigation, service support and backlog refinement. Move comfortably between architecture diagrams, backlog items, logs, schemas, interface specifications and implementation detail. Identify where existing components should be retained, simplified, consolidated, retired or replaced with simpler patterns. Ensure architectural decisions are technically sound, supportable in live service, and understood by the teams who need to build and run them. Platform Improvement and Roadmap Review existing platform complexity, including interfaces, microservices, custom components and integration patterns. Shape practical options for reducing complexity and improving supportability. Support API-based integration patterns where they reduce complexity and improve resilience. Work with cloud/platform specialists to identify monitoring, resilience, containerisation and operational improvement opportunities. Provide architectural input into future identity patterns, including Microsoft Entra-aligned options where appropriate. Reduce complexity without driving unnecessary re-engineering or business disruption. Service Supportability Work closely with Service Operations, L2/L3 support, Data, Dev and DevOps teams to improve ownership and reduce dependency on specialist intervention. Support the development of runbooks, operational models, support routes and knowledge-transfer material. Ensure the architecture is supportable by BAU, not just deliverable by project teams. Help distinguish between application, data, infrastructure, supplier and service-operation ownership. Support incident and problem analysis where architectural input is required. Essential Experience Strong enterprise identity and access management experience. Proven experience as a lead or senior architect on complex live platforms. Experience working in secure government, public sector or similarly regulated environments. Strong understanding of identity life cycle, access management, workflow, audit, governance and integration patterns. Demonstrable ability to work at detailed technical level across identity schemas, data flows, APIs, microservices, platform configuration and live-service support issues. Experience working across application development, data, infrastructure, service operations and supplier teams. Ability to simplify complex technical landscapes and make pragmatic architecture decisions. Strong stakeholder management and communication skills. Active SC clearance. Desirable Experience Experience with enterprise IAM platforms such as OpenText/NetIQ, SailPoint, Microsoft Entra, ForgeRock, CyberArk, Okta or similar. Microsoft Entra/Azure AD/M365 identity integration experience. AWS-hosted application or platform experience. API gateway, LDAP, directory services, data feeds and enterprise integration experience. Experience with microservices, ETL patterns, workflow engines or complex integration platforms. Experience of service transition, BAU readiness and operational handover. Experience modernising or simplifying Legacy-to-cloud services. Familiarity with secure-by-design principles, auditability and regulated-service operation. This is the most important role. Immediate start We need an established senior architect who can take ownership of architecture across the Identity service. This must be someone with real technical leadership, not a slideware/governance-only architect. They need to guide the team, take accountability and get into the detail when required. Strong enterprise IAM experience is essential. Exposure to SailPoint, Okta, NetIQ/OpenText, Microsoft Entra or similar IAM platforms would be relevant. NetIQ is useful but not a deal-breaker. The candidate must be credible with engineers, architects, data specialists, Service Operations and senior stakeholders. They should be comfortable across schemas, data flows, APIs, microservices, identity life cycle, integrations, platform configuration and live-service supportability. Look for Established senior/lead architect profile Strong enterprise IAM experience Secure government/public sector/regulated experience Technical depth across identity platforms, integrations, schemas and APIs Ability to simplify complex platforms and make pragmatic decisions Credibility with engineers and senior stakeholders
About the Role We are looking for an experienced Lead Identity & IAM Architect to take ownership of the architecture across a large-scale Enterprise Identity Service supporting a secure UK Government programme. This is a hands-on technical architecture role , not a governance or documentation-focused position. You'll work closely with engineering, data, DevOps, service operations and senior stakeholders to shape the future of a complex enterprise identity platform while ensuring stability, supportability and long-term scalability. The successful candidate will provide technical leadership across identity life cycle processes, integrations, APIs, microservices, data flows, platform configuration and live service support. Key Responsibilities Architecture Leadership Own end-to-end solution architecture across development, data and service support workstreams. Provide technical direction across identity life cycle, workflows, integrations and operational support. Act as the technical design authority for engineering teams and stakeholders. Drive architectural consistency across live-service enhancements, backlog delivery and technical debt reduction. Ensure architecture aligns with business objectives while remaining scalable and supportable. Identity & Access Management Lead architecture for enterprise Identity & Access Management (IAM) platforms. Design and optimise identity life cycle processes including: Joiners, Movers & Leavers Role & Access Management Provisioning Access Reviews & Recertification Audit & Compliance Simplify identity workflows, integrations and platform components while reducing unnecessary customisation. Technical Design Leadership Review and challenge technical designs covering: Identity schemas Attributes Data models Workflow rules Provisioning logic APIs Microservices ETL & Data Transformation Platform configuration Work closely with Developers, DevOps Engineers, Data Specialists and Service Operations to resolve complex technical issues. Support architecture during defect analysis, root cause investigations and production support. Platform Modernisation Review existing integrations, interfaces, microservices and custom components. Recommend pragmatic improvements that reduce complexity while improving resilience and supportability. Support API-first integration patterns and cloud-native architecture. Contribute to future identity strategy including Microsoft Entra aligned solutions. Service Supportability Work with L2/L3 Support, DevOps and Operations teams to improve live service ownership. Support operational readiness, knowledge transfer and runbook creation. Ensure solutions remain maintainable beyond project delivery. Provide architectural guidance during Incident and Problem Management activities. Essential Skills & Experience Extensive Enterprise Identity & Access Management (IAM) experience Proven experience as a Lead/Senior Architect on complex enterprise platforms Strong experience within UK Government, Public Sector or other highly regulated environments Deep understanding of: Identity Lifecycle Management Access Governance Identity Workflows Identity Schemas Data Flows APIs Microservices Platform Configuration Integration Patterns Audit & Compliance Experience working across: Development Teams DevOps Infrastructure Data Engineering Service Operations Suppliers & Delivery Partners Strong stakeholder engagement with both technical and executive audiences Active SC Clearance (Mandatory) Desirable Skills Experience with one or more of the following: SailPoint Microsoft Entra ID/Azure AD OpenText/NetIQ Okta ForgeRock CyberArk Experience with: AWS-hosted platforms LDAP & Directory Services API Gateways ETL & Data Integration Workflow Engines Legacy-to-Cloud Modernisation Service Transition & BAU Readiness Secure-by-Design Architecture
Jul 09, 2026
Full time
About the Role We are looking for an experienced Lead Identity & IAM Architect to take ownership of the architecture across a large-scale Enterprise Identity Service supporting a secure UK Government programme. This is a hands-on technical architecture role , not a governance or documentation-focused position. You'll work closely with engineering, data, DevOps, service operations and senior stakeholders to shape the future of a complex enterprise identity platform while ensuring stability, supportability and long-term scalability. The successful candidate will provide technical leadership across identity life cycle processes, integrations, APIs, microservices, data flows, platform configuration and live service support. Key Responsibilities Architecture Leadership Own end-to-end solution architecture across development, data and service support workstreams. Provide technical direction across identity life cycle, workflows, integrations and operational support. Act as the technical design authority for engineering teams and stakeholders. Drive architectural consistency across live-service enhancements, backlog delivery and technical debt reduction. Ensure architecture aligns with business objectives while remaining scalable and supportable. Identity & Access Management Lead architecture for enterprise Identity & Access Management (IAM) platforms. Design and optimise identity life cycle processes including: Joiners, Movers & Leavers Role & Access Management Provisioning Access Reviews & Recertification Audit & Compliance Simplify identity workflows, integrations and platform components while reducing unnecessary customisation. Technical Design Leadership Review and challenge technical designs covering: Identity schemas Attributes Data models Workflow rules Provisioning logic APIs Microservices ETL & Data Transformation Platform configuration Work closely with Developers, DevOps Engineers, Data Specialists and Service Operations to resolve complex technical issues. Support architecture during defect analysis, root cause investigations and production support. Platform Modernisation Review existing integrations, interfaces, microservices and custom components. Recommend pragmatic improvements that reduce complexity while improving resilience and supportability. Support API-first integration patterns and cloud-native architecture. Contribute to future identity strategy including Microsoft Entra aligned solutions. Service Supportability Work with L2/L3 Support, DevOps and Operations teams to improve live service ownership. Support operational readiness, knowledge transfer and runbook creation. Ensure solutions remain maintainable beyond project delivery. Provide architectural guidance during Incident and Problem Management activities. Essential Skills & Experience Extensive Enterprise Identity & Access Management (IAM) experience Proven experience as a Lead/Senior Architect on complex enterprise platforms Strong experience within UK Government, Public Sector or other highly regulated environments Deep understanding of: Identity Lifecycle Management Access Governance Identity Workflows Identity Schemas Data Flows APIs Microservices Platform Configuration Integration Patterns Audit & Compliance Experience working across: Development Teams DevOps Infrastructure Data Engineering Service Operations Suppliers & Delivery Partners Strong stakeholder engagement with both technical and executive audiences Active SC Clearance (Mandatory) Desirable Skills Experience with one or more of the following: SailPoint Microsoft Entra ID/Azure AD OpenText/NetIQ Okta ForgeRock CyberArk Experience with: AWS-hosted platforms LDAP & Directory Services API Gateways ETL & Data Integration Workflow Engines Legacy-to-Cloud Modernisation Service Transition & BAU Readiness Secure-by-Design Architecture
Qualient Technology Solutions UK Limited
Corsham, Wiltshire
The role requires someone who can set direction with senior stakeholders, provide clear design authority, and work closely with engineering, data and service teams on detailed technical issues. This includes identity schemas, attributes, data flows, APIs, microservices, integration patterns, workflow behaviour, platform configuration and live-service supportability. The successful candidate will help ensure the platform remains stable, supportable and capable of evolving over time, while reducing avoidable complexity across processes, integrations and technical components. Key Responsibilities Architecture Leadership Own the end-to-end architecture across development, data and service support workstreams. Provide technical direction across identity workflows, life cycle processes, integrations, data flows, platform behaviour and operational supportability. Act as the senior architecture point of contact for delivery teams, service teams, suppliers and customer stakeholders. Maintain architectural coherence across live-service change, backlog delivery, technical debt reduction and roadmap activity. Ensure design decisions are pragmatic, supportable and aligned to business value. Identity Platform Architecture Lead architecture across enterprise identity and access management capabilities. Provide oversight of identity life cycle processes including onboarding, profile changes, role and access changes, recertification, leaver handling, audit and reporting. Understand complex identity integrations across directories, authoritative sources, workflow systems, cloud-hosted services and downstream platforms. Support simplification of identity journeys, data feeds, interfaces and platform components. Identify opportunities to reduce avoidable customisation and use existing platform capability where appropriate. Technical Depth and Design Ownership Understand and challenge detailed identity designs, including schemas, attributes, data models, workflow rules, provisioning logic and integration behaviour. Review APIs, data feeds, directory integrations, microservices, ETL/transformation logic and platform configuration. Work with developers, data specialists, DevOps engineers and service teams to diagnose complex issues and make practical design decisions. Provide architecture support during defect analysis, root-cause investigation, service support and backlog refinement. Move comfortably between architecture diagrams, backlog items, logs, schemas, interface specifications and implementation detail. Identify where existing components should be retained, simplified, consolidated, retired or replaced with simpler patterns. Ensure architectural decisions are technically sound, supportable in live service, and understood by the teams who need to build and run them. Platform Improvement and Roadmap Review existing platform complexity, including interfaces, microservices, custom components and integration patterns. Shape practical options for reducing complexity and improving supportability. Support API-based integration patterns where they reduce complexity and improve resilience. Work with cloud/platform specialists to identify monitoring, resilience, containerisation and operational improvement opportunities. Provide architectural input into future identity patterns, including Microsoft Entra-aligned options where appropriate. Reduce complexity without driving unnecessary re-engineering or business disruption. Service Supportability Work closely with Service Operations, L2/L3 support, Data, Dev and DevOps teams to improve ownership and reduce dependency on specialist intervention. Support the development of runbooks, operational models, support routes and knowledge-transfer material. Ensure the architecture is supportable by BAU, not just deliverable by project teams. Help distinguish between application, data, infrastructure, supplier and service-operation ownership. Support incident and problem analysis where architectural input is required. Essential Experience Strong enterprise identity and access management experience. Proven experience as a lead or senior architect on complex live platforms. Experience working in secure government, public sector or similarly regulated environments. Strong understanding of identity life cycle, access management, workflow, audit, governance and integration patterns. Demonstrable ability to work at detailed technical level across identity schemas, data flows, APIs, microservices, platform configuration and live-service support issues. Experience working across application development, data, infrastructure, service operations and supplier teams. Ability to simplify complex technical landscapes and make pragmatic architecture decisions. Strong stakeholder management and communication skills. Active SC clearance. Desirable Experience Experience with enterprise IAM platforms such as OpenText/NetIQ, SailPoint, Microsoft Entra, ForgeRock, CyberArk, Okta or similar. Microsoft Entra/Azure AD/M365 identity integration experience. AWS-hosted application or platform experience. API gateway, LDAP, directory services, data feeds and enterprise integration experience. Experience with microservices, ETL patterns, workflow engines or complex integration platforms. Experience of service transition, BAU readiness and operational handover. Experience modernising or simplifying Legacy-to-cloud services. Familiarity with secure-by-design principles, auditability and regulated-service operation.
Jul 09, 2026
Full time
The role requires someone who can set direction with senior stakeholders, provide clear design authority, and work closely with engineering, data and service teams on detailed technical issues. This includes identity schemas, attributes, data flows, APIs, microservices, integration patterns, workflow behaviour, platform configuration and live-service supportability. The successful candidate will help ensure the platform remains stable, supportable and capable of evolving over time, while reducing avoidable complexity across processes, integrations and technical components. Key Responsibilities Architecture Leadership Own the end-to-end architecture across development, data and service support workstreams. Provide technical direction across identity workflows, life cycle processes, integrations, data flows, platform behaviour and operational supportability. Act as the senior architecture point of contact for delivery teams, service teams, suppliers and customer stakeholders. Maintain architectural coherence across live-service change, backlog delivery, technical debt reduction and roadmap activity. Ensure design decisions are pragmatic, supportable and aligned to business value. Identity Platform Architecture Lead architecture across enterprise identity and access management capabilities. Provide oversight of identity life cycle processes including onboarding, profile changes, role and access changes, recertification, leaver handling, audit and reporting. Understand complex identity integrations across directories, authoritative sources, workflow systems, cloud-hosted services and downstream platforms. Support simplification of identity journeys, data feeds, interfaces and platform components. Identify opportunities to reduce avoidable customisation and use existing platform capability where appropriate. Technical Depth and Design Ownership Understand and challenge detailed identity designs, including schemas, attributes, data models, workflow rules, provisioning logic and integration behaviour. Review APIs, data feeds, directory integrations, microservices, ETL/transformation logic and platform configuration. Work with developers, data specialists, DevOps engineers and service teams to diagnose complex issues and make practical design decisions. Provide architecture support during defect analysis, root-cause investigation, service support and backlog refinement. Move comfortably between architecture diagrams, backlog items, logs, schemas, interface specifications and implementation detail. Identify where existing components should be retained, simplified, consolidated, retired or replaced with simpler patterns. Ensure architectural decisions are technically sound, supportable in live service, and understood by the teams who need to build and run them. Platform Improvement and Roadmap Review existing platform complexity, including interfaces, microservices, custom components and integration patterns. Shape practical options for reducing complexity and improving supportability. Support API-based integration patterns where they reduce complexity and improve resilience. Work with cloud/platform specialists to identify monitoring, resilience, containerisation and operational improvement opportunities. Provide architectural input into future identity patterns, including Microsoft Entra-aligned options where appropriate. Reduce complexity without driving unnecessary re-engineering or business disruption. Service Supportability Work closely with Service Operations, L2/L3 support, Data, Dev and DevOps teams to improve ownership and reduce dependency on specialist intervention. Support the development of runbooks, operational models, support routes and knowledge-transfer material. Ensure the architecture is supportable by BAU, not just deliverable by project teams. Help distinguish between application, data, infrastructure, supplier and service-operation ownership. Support incident and problem analysis where architectural input is required. Essential Experience Strong enterprise identity and access management experience. Proven experience as a lead or senior architect on complex live platforms. Experience working in secure government, public sector or similarly regulated environments. Strong understanding of identity life cycle, access management, workflow, audit, governance and integration patterns. Demonstrable ability to work at detailed technical level across identity schemas, data flows, APIs, microservices, platform configuration and live-service support issues. Experience working across application development, data, infrastructure, service operations and supplier teams. Ability to simplify complex technical landscapes and make pragmatic architecture decisions. Strong stakeholder management and communication skills. Active SC clearance. Desirable Experience Experience with enterprise IAM platforms such as OpenText/NetIQ, SailPoint, Microsoft Entra, ForgeRock, CyberArk, Okta or similar. Microsoft Entra/Azure AD/M365 identity integration experience. AWS-hosted application or platform experience. API gateway, LDAP, directory services, data feeds and enterprise integration experience. Experience with microservices, ETL patterns, workflow engines or complex integration platforms. Experience of service transition, BAU readiness and operational handover. Experience modernising or simplifying Legacy-to-cloud services. Familiarity with secure-by-design principles, auditability and regulated-service operation.
CBSbutler Holdings Limited trading as CBSbutler
Yeovil, Somerset
Principal Infrastructure Engineer +6 months + +DV cleared role - current active clearance is essentia l +Inside IR35 + 700 - 725 a day +On site in Yeovil We are seeking an experienced Principal Infrastructure Engineer to lead complex infrastructure projects and drive innovation within our organisation. This role offers a unique opportunity to shape the future of our technical architecture while collaborating with cross-functional teams to deliver scalable and reliable infrastructure solutions. Key Responsibilities: Lead the design, development, and implementation of enterprise-level infrastructure solutions, including networking, cloud services, and data centers. Provide technical expertise and mentorship to senior engineers and technical teams. Develop strategies for infrastructure scalability, security, and performance optimization. Oversee infrastructure migrations, upgrades, and maintenance activities with minimal disruption. Collaborate with stakeholders to define technical requirements and translate business needs into effective infrastructure solutions. Stay current with industry trends and emerging technologies to recommend innovative approaches. Ensure compliance with security policies, standards, and best practices. Create comprehensive documentation for infrastructure architecture, configurations, and procedures. Required Skills & Qualifications: Windows and Linux operating systems Virtualisation platforms (VMware, Hyper-V) Privileged Access Management concepts and implementation (CyberArk or similar) Secure credential storage, rotation, and access control models Integration of PAM into enterprise platforms and services Networking concepts (TCP/IP, DNS, DHCP, firewalls) Automation and scripting (PowerShell, Bash, Python, Ansible, Terraform) Knowledge of cyber security controls and accreditation requirements Experience across the systems engineering lifecycle Design and implementation of privileged access models across complex systems Delivery within highly controlled / secure environments (e.g. air-gapped, defence). If you'd like to discuss this Principal Infrastructure Engineer role in more detail, please send your updated CV to (url removed) and I will get in touch.
Jul 09, 2026
Contractor
Principal Infrastructure Engineer +6 months + +DV cleared role - current active clearance is essentia l +Inside IR35 + 700 - 725 a day +On site in Yeovil We are seeking an experienced Principal Infrastructure Engineer to lead complex infrastructure projects and drive innovation within our organisation. This role offers a unique opportunity to shape the future of our technical architecture while collaborating with cross-functional teams to deliver scalable and reliable infrastructure solutions. Key Responsibilities: Lead the design, development, and implementation of enterprise-level infrastructure solutions, including networking, cloud services, and data centers. Provide technical expertise and mentorship to senior engineers and technical teams. Develop strategies for infrastructure scalability, security, and performance optimization. Oversee infrastructure migrations, upgrades, and maintenance activities with minimal disruption. Collaborate with stakeholders to define technical requirements and translate business needs into effective infrastructure solutions. Stay current with industry trends and emerging technologies to recommend innovative approaches. Ensure compliance with security policies, standards, and best practices. Create comprehensive documentation for infrastructure architecture, configurations, and procedures. Required Skills & Qualifications: Windows and Linux operating systems Virtualisation platforms (VMware, Hyper-V) Privileged Access Management concepts and implementation (CyberArk or similar) Secure credential storage, rotation, and access control models Integration of PAM into enterprise platforms and services Networking concepts (TCP/IP, DNS, DHCP, firewalls) Automation and scripting (PowerShell, Bash, Python, Ansible, Terraform) Knowledge of cyber security controls and accreditation requirements Experience across the systems engineering lifecycle Design and implementation of privileged access models across complex systems Delivery within highly controlled / secure environments (e.g. air-gapped, defence). If you'd like to discuss this Principal Infrastructure Engineer role in more detail, please send your updated CV to (url removed) and I will get in touch.
IAM Delivery Consultant Position: IAM Delivery Consultant (Hands-on Engineering Focus) Base Salary: 80,000 + benefits package Location: UK Hybrid (Flexible blend of home, office, and client site) Security Clearance: Mandatory requirement (Active SC Clearance preferred, or must be strictly eligible) Mandatory Security Clearance Criteria This role requires immediate vetting for secure client projects. Please confirm you meet the following baseline requirements before applying: UK Residency: You must have resided continuously within the United Kingdom for the last 5 years. Background Check: You must be able to clear a 3-year continuous employment history check and an unspent criminal record check (DBS). Nationality: You must be eligible to obtain and maintain UK Security Check (SC) clearance. Certain secure delivery work streams within this portfolio are strictly restricted to sole UK Nationals. The Opportunity This is a dedicated, hands-on implementation and delivery role within an established global cybersecurity consulting practice. We are specifically looking for an Identity and Access Management (IAM) specialist rather than a security generalist. Our practice is currently experiencing a strong pipeline of delivery work. This position is built for an engineer or consultant who wants to go directly on-site with major enterprise clients, work natively with the software, and build out robust identity frameworks. The long-term career path for this role involves broadening your mastery across multiple enterprise identity tools, expanding from deployment into technical architecture and solution design. Key Responsibilities Technical Delivery: Lead the active implementation, configuration, and optimization of enterprise IAM software directly within client environments. Core Engineering: Move past high-level strategy to execute hands-on technology deployment and process improvement work across IGA or Access Management platforms. Requirement Translation: Analyze complex technical and business requirements to ensure real-world implementations match modern identity governance frameworks. Required Skills and Experience We are targeting mid-level to senior specialists with at least 5 years of total IT/Security experience, featuring a minimum of 3 years dedicated solely to the IAM domain . Primary Technology Focus: Hands-on deployment experience with Saviynt or Ping Identity is highly prioritized for this vacancy. Secondary Technologies: Secondary consideration will be given to deep technical experience across SailPoint, CyberArk, Okta, BeyondTrust, or Microsoft Azure/Entra ID. Domain Breadth: Strong practical delivery experience in at least one core pillar-Identity Governance and Administration (IGA) or Access Management-paired with functional exposure to a second. Continuous Learning: Active certifications or demonstrable self-directed technical training (such as personal lab configurations or sandbox environments) will be viewed very favorably. What We Offer Targeted Upskilling: Strong financial investment into your professional accreditation path, with immediate opportunities to train and certify on in-demand IGA and Access Management platforms. Comprehensive Wellbeing: Access to trained mental health champions across the business alongside subscription access to premium healthcare and wellbeing applications (including Thrive and Peppy). Inclusive Hiring: We operate as a Level 2 Disability Confident Employer, offering a guaranteed interview scheme to any applicant with a disability who meets the minimum essential criteria for this deployment role.
Jul 08, 2026
Full time
IAM Delivery Consultant Position: IAM Delivery Consultant (Hands-on Engineering Focus) Base Salary: 80,000 + benefits package Location: UK Hybrid (Flexible blend of home, office, and client site) Security Clearance: Mandatory requirement (Active SC Clearance preferred, or must be strictly eligible) Mandatory Security Clearance Criteria This role requires immediate vetting for secure client projects. Please confirm you meet the following baseline requirements before applying: UK Residency: You must have resided continuously within the United Kingdom for the last 5 years. Background Check: You must be able to clear a 3-year continuous employment history check and an unspent criminal record check (DBS). Nationality: You must be eligible to obtain and maintain UK Security Check (SC) clearance. Certain secure delivery work streams within this portfolio are strictly restricted to sole UK Nationals. The Opportunity This is a dedicated, hands-on implementation and delivery role within an established global cybersecurity consulting practice. We are specifically looking for an Identity and Access Management (IAM) specialist rather than a security generalist. Our practice is currently experiencing a strong pipeline of delivery work. This position is built for an engineer or consultant who wants to go directly on-site with major enterprise clients, work natively with the software, and build out robust identity frameworks. The long-term career path for this role involves broadening your mastery across multiple enterprise identity tools, expanding from deployment into technical architecture and solution design. Key Responsibilities Technical Delivery: Lead the active implementation, configuration, and optimization of enterprise IAM software directly within client environments. Core Engineering: Move past high-level strategy to execute hands-on technology deployment and process improvement work across IGA or Access Management platforms. Requirement Translation: Analyze complex technical and business requirements to ensure real-world implementations match modern identity governance frameworks. Required Skills and Experience We are targeting mid-level to senior specialists with at least 5 years of total IT/Security experience, featuring a minimum of 3 years dedicated solely to the IAM domain . Primary Technology Focus: Hands-on deployment experience with Saviynt or Ping Identity is highly prioritized for this vacancy. Secondary Technologies: Secondary consideration will be given to deep technical experience across SailPoint, CyberArk, Okta, BeyondTrust, or Microsoft Azure/Entra ID. Domain Breadth: Strong practical delivery experience in at least one core pillar-Identity Governance and Administration (IGA) or Access Management-paired with functional exposure to a second. Continuous Learning: Active certifications or demonstrable self-directed technical training (such as personal lab configurations or sandbox environments) will be viewed very favorably. What We Offer Targeted Upskilling: Strong financial investment into your professional accreditation path, with immediate opportunities to train and certify on in-demand IGA and Access Management platforms. Comprehensive Wellbeing: Access to trained mental health champions across the business alongside subscription access to premium healthcare and wellbeing applications (including Thrive and Peppy). Inclusive Hiring: We operate as a Level 2 Disability Confident Employer, offering a guaranteed interview scheme to any applicant with a disability who meets the minimum essential criteria for this deployment role.
IAM Delivery Consultant Position: IAM Delivery Consultant (Hands-on Engineering Focus) Base Salary: £80,000 + benefits package Location: UK Hybrid (Flexible blend of home, office, and client site) Security Clearance: Mandatory requirement (Active SC Clearance preferred, or must be strictly eligible) Mandatory Security Clearance Criteria This role requires immediate vetting for secure client projects. Please confirm you meet the following baseline requirements before applying: UK Residency: You must have resided continuously within the United Kingdom for the last 5 years. Background Check: You must be able to clear a 3-year continuous employment history check and an unspent criminal record check (DBS). Nationality: You must be eligible to obtain and maintain UK Security Check (SC) clearance. Certain secure delivery work streams within this portfolio are strictly restricted to sole UK Nationals. The Opportunity This is a dedicated, hands-on implementation and delivery role within an established global cybersecurity consulting practice. We are specifically looking for an Identity and Access Management (IAM) specialist rather than a security generalist. Our practice is currently experiencing a strong pipeline of delivery work. This position is built for an engineer or consultant who wants to go directly on-site with major enterprise clients, work natively with the software, and build out robust identity frameworks. The long-term career path for this role involves broadening your mastery across multiple enterprise identity tools, expanding from deployment into technical architecture and solution design. Key Responsibilities Technical Delivery: Lead the active implementation, configuration, and optimization of enterprise IAM software directly within client environments. Core Engineering: Move past high-level strategy to execute hands-on technology deployment and process improvement work across IGA or Access Management platforms. Requirement Translation: Analyze complex technical and business requirements to ensure real-world implementations match modern identity governance frameworks. Required Skills and Experience We are targeting mid-level to senior specialists with at least 5 years of total IT/Security experience, featuring a minimum of 3 years dedicated solely to the IAM domain . Primary Technology Focus: Hands-on deployment experience with Saviynt or Ping Identity is highly prioritized for this vacancy. Secondary Technologies: Secondary consideration will be given to deep technical experience across SailPoint, CyberArk, Okta, BeyondTrust, or Microsoft Azure/Entra ID. Domain Breadth: Strong practical delivery experience in at least one core pillar-Identity Governance and Administration (IGA) or Access Management-paired with functional exposure to a second. Continuous Learning: Active certifications or demonstrable self-directed technical training (such as personal lab configurations or sandbox environments) will be viewed very favorably. What We Offer Targeted Upskilling: Strong financial investment into your professional accreditation path, with immediate opportunities to train and certify on in-demand IGA and Access Management platforms. Comprehensive Wellbeing: Access to trained mental health champions across the business alongside subscription access to premium healthcare and wellbeing applications (including Thrive and Peppy). Inclusive Hiring: We operate as a Level 2 Disability Confident Employer, offering a guaranteed interview scheme to any applicant with a disability who meets the minimum essential criteria for this deployment role.
Jul 08, 2026
Full time
IAM Delivery Consultant Position: IAM Delivery Consultant (Hands-on Engineering Focus) Base Salary: £80,000 + benefits package Location: UK Hybrid (Flexible blend of home, office, and client site) Security Clearance: Mandatory requirement (Active SC Clearance preferred, or must be strictly eligible) Mandatory Security Clearance Criteria This role requires immediate vetting for secure client projects. Please confirm you meet the following baseline requirements before applying: UK Residency: You must have resided continuously within the United Kingdom for the last 5 years. Background Check: You must be able to clear a 3-year continuous employment history check and an unspent criminal record check (DBS). Nationality: You must be eligible to obtain and maintain UK Security Check (SC) clearance. Certain secure delivery work streams within this portfolio are strictly restricted to sole UK Nationals. The Opportunity This is a dedicated, hands-on implementation and delivery role within an established global cybersecurity consulting practice. We are specifically looking for an Identity and Access Management (IAM) specialist rather than a security generalist. Our practice is currently experiencing a strong pipeline of delivery work. This position is built for an engineer or consultant who wants to go directly on-site with major enterprise clients, work natively with the software, and build out robust identity frameworks. The long-term career path for this role involves broadening your mastery across multiple enterprise identity tools, expanding from deployment into technical architecture and solution design. Key Responsibilities Technical Delivery: Lead the active implementation, configuration, and optimization of enterprise IAM software directly within client environments. Core Engineering: Move past high-level strategy to execute hands-on technology deployment and process improvement work across IGA or Access Management platforms. Requirement Translation: Analyze complex technical and business requirements to ensure real-world implementations match modern identity governance frameworks. Required Skills and Experience We are targeting mid-level to senior specialists with at least 5 years of total IT/Security experience, featuring a minimum of 3 years dedicated solely to the IAM domain . Primary Technology Focus: Hands-on deployment experience with Saviynt or Ping Identity is highly prioritized for this vacancy. Secondary Technologies: Secondary consideration will be given to deep technical experience across SailPoint, CyberArk, Okta, BeyondTrust, or Microsoft Azure/Entra ID. Domain Breadth: Strong practical delivery experience in at least one core pillar-Identity Governance and Administration (IGA) or Access Management-paired with functional exposure to a second. Continuous Learning: Active certifications or demonstrable self-directed technical training (such as personal lab configurations or sandbox environments) will be viewed very favorably. What We Offer Targeted Upskilling: Strong financial investment into your professional accreditation path, with immediate opportunities to train and certify on in-demand IGA and Access Management platforms. Comprehensive Wellbeing: Access to trained mental health champions across the business alongside subscription access to premium healthcare and wellbeing applications (including Thrive and Peppy). Inclusive Hiring: We operate as a Level 2 Disability Confident Employer, offering a guaranteed interview scheme to any applicant with a disability who meets the minimum essential criteria for this deployment role.
IAM Delivery Consultant Position: IAM Delivery Consultant (Hands-on Engineering Focus) Base Salary: 80,000 + benefits package Location: UK Hybrid (Flexible blend of home, office, and client site) Security Clearance: Mandatory requirement (Active SC Clearance preferred, or must be strictly eligible) Mandatory Security Clearance Criteria This role requires immediate vetting for secure client projects. Please confirm you meet the following baseline requirements before applying: UK Residency: You must have resided continuously within the United Kingdom for the last 5 years. Background Check: You must be able to clear a 3-year continuous employment history check and an unspent criminal record check (DBS). Nationality: You must be eligible to obtain and maintain UK Security Check (SC) clearance. Certain secure delivery work streams within this portfolio are strictly restricted to sole UK Nationals. The Opportunity This is a dedicated, hands-on implementation and delivery role within an established global cybersecurity consulting practice. We are specifically looking for an Identity and Access Management (IAM) specialist rather than a security generalist. Our practice is currently experiencing a strong pipeline of delivery work. This position is built for an engineer or consultant who wants to go directly on-site with major enterprise clients, work natively with the software, and build out robust identity frameworks. The long-term career path for this role involves broadening your mastery across multiple enterprise identity tools, expanding from deployment into technical architecture and solution design. Key Responsibilities Technical Delivery: Lead the active implementation, configuration, and optimization of enterprise IAM software directly within client environments. Core Engineering: Move past high-level strategy to execute hands-on technology deployment and process improvement work across IGA or Access Management platforms. Requirement Translation: Analyze complex technical and business requirements to ensure real-world implementations match modern identity governance frameworks. Required Skills and Experience We are targeting mid-level to senior specialists with at least 5 years of total IT/Security experience, featuring a minimum of 3 years dedicated solely to the IAM domain . Primary Technology Focus: Hands-on deployment experience with Saviynt or Ping Identity is highly prioritized for this vacancy. Secondary Technologies: Secondary consideration will be given to deep technical experience across SailPoint, CyberArk, Okta, BeyondTrust, or Microsoft Azure/Entra ID. Domain Breadth: Strong practical delivery experience in at least one core pillar-Identity Governance and Administration (IGA) or Access Management-paired with functional exposure to a second. Continuous Learning: Active certifications or demonstrable self-directed technical training (such as personal lab configurations or sandbox environments) will be viewed very favorably. What We Offer Targeted Upskilling: Strong financial investment into your professional accreditation path, with immediate opportunities to train and certify on in-demand IGA and Access Management platforms. Comprehensive Wellbeing: Access to trained mental health champions across the business alongside subscription access to premium healthcare and wellbeing applications (including Thrive and Peppy). Inclusive Hiring: We operate as a Level 2 Disability Confident Employer, offering a guaranteed interview scheme to any applicant with a disability who meets the minimum essential criteria for this deployment role.
Jul 07, 2026
Full time
IAM Delivery Consultant Position: IAM Delivery Consultant (Hands-on Engineering Focus) Base Salary: 80,000 + benefits package Location: UK Hybrid (Flexible blend of home, office, and client site) Security Clearance: Mandatory requirement (Active SC Clearance preferred, or must be strictly eligible) Mandatory Security Clearance Criteria This role requires immediate vetting for secure client projects. Please confirm you meet the following baseline requirements before applying: UK Residency: You must have resided continuously within the United Kingdom for the last 5 years. Background Check: You must be able to clear a 3-year continuous employment history check and an unspent criminal record check (DBS). Nationality: You must be eligible to obtain and maintain UK Security Check (SC) clearance. Certain secure delivery work streams within this portfolio are strictly restricted to sole UK Nationals. The Opportunity This is a dedicated, hands-on implementation and delivery role within an established global cybersecurity consulting practice. We are specifically looking for an Identity and Access Management (IAM) specialist rather than a security generalist. Our practice is currently experiencing a strong pipeline of delivery work. This position is built for an engineer or consultant who wants to go directly on-site with major enterprise clients, work natively with the software, and build out robust identity frameworks. The long-term career path for this role involves broadening your mastery across multiple enterprise identity tools, expanding from deployment into technical architecture and solution design. Key Responsibilities Technical Delivery: Lead the active implementation, configuration, and optimization of enterprise IAM software directly within client environments. Core Engineering: Move past high-level strategy to execute hands-on technology deployment and process improvement work across IGA or Access Management platforms. Requirement Translation: Analyze complex technical and business requirements to ensure real-world implementations match modern identity governance frameworks. Required Skills and Experience We are targeting mid-level to senior specialists with at least 5 years of total IT/Security experience, featuring a minimum of 3 years dedicated solely to the IAM domain . Primary Technology Focus: Hands-on deployment experience with Saviynt or Ping Identity is highly prioritized for this vacancy. Secondary Technologies: Secondary consideration will be given to deep technical experience across SailPoint, CyberArk, Okta, BeyondTrust, or Microsoft Azure/Entra ID. Domain Breadth: Strong practical delivery experience in at least one core pillar-Identity Governance and Administration (IGA) or Access Management-paired with functional exposure to a second. Continuous Learning: Active certifications or demonstrable self-directed technical training (such as personal lab configurations or sandbox environments) will be viewed very favorably. What We Offer Targeted Upskilling: Strong financial investment into your professional accreditation path, with immediate opportunities to train and certify on in-demand IGA and Access Management platforms. Comprehensive Wellbeing: Access to trained mental health champions across the business alongside subscription access to premium healthcare and wellbeing applications (including Thrive and Peppy). Inclusive Hiring: We operate as a Level 2 Disability Confident Employer, offering a guaranteed interview scheme to any applicant with a disability who meets the minimum essential criteria for this deployment role.
CBSbutler Holdings Limited trading as CBSbutler
Yeovil, Somerset
DV Cleared Privileged Access Management (PAM) SME Contract: Initial 6-Month Contract Rate: 90- 95 per hour (Inside IR35) Location: Yeovil, UK Working Pattern: Minimum 3-4 days per week on site, with a preference for full-time on-site presence. Extended working hours can be accommodated to reduce the number of days required on site. Security Clearance: Current UK Developed Vetting (DV) Clearance is mandatory Overview We are seeking an experienced DV Cleared Privileged Access Management (PAM) Subject Matter Expert (SME) to support the design, implementation, integration, and ongoing enhancement of secure privileged access solutions within highly secure and regulated environments. This role requires a hands-on technical specialist with deep expertise in PAM technologies, secure platform engineering, and cyber security controls. The successful candidate will play a key role in delivering secure access management capabilities across complex enterprise and mission-critical environments. Key Responsibilities Act as the technical authority for Privileged Access Management solutions and associated platform technologies. Lead the design, implementation, and integration of PAM solutions across on-premise, hybrid, and cloud environments. Capture, analyse, and translate complex business and technical requirements into secure PAM architectures and solutions. Develop high-level and low-level technical designs aligned with security-by-design principles. Own technical delivery activities, including planning, estimation, implementation, testing, and reporting. Design and implement privileged access models across complex enterprise environments. Integrate PAM platforms with enterprise services, applications, and infrastructure components. Develop automation capabilities for account onboarding, offboarding, credential rotation, and access workflows. Provide technical leadership, mentoring, and knowledge transfer to engineering teams. Support security accreditation activities and ensure compliance with relevant cyber security standards and controls. Engage with stakeholders to present technical solutions, provide recommendations, and justify design decisions. Essential Skills & Experience Current UK Developed Vetting (DV) Clearance - mandatory. Extensive experience delivering enterprise-scale Privileged Access Management solutions. Strong hands-on experience with PAM platforms, including CyberArk or equivalent solutions. Expertise in secure credential storage, password rotation, session management, and privileged access control models. Experience integrating PAM solutions into enterprise platforms and services. Strong knowledge of Windows and Linux operating systems . Experience with virtualisation technologies including VMware and Hyper-V . Solid understanding of networking concepts, including: TCP/IP DNS DHCP Firewalls Strong automation and scripting capabilities using: PowerShell Bash Python Ansible Terraform Knowledge of cyber security controls, governance, and accreditation requirements. Experience working across the full systems engineering lifecycle. Proven experience delivering solutions within highly controlled and secure environments, including air-gapped, government, or defence environments. Strong analytical, problem-solving, and stakeholder management skills. Desirable Skills Experience with cloud platforms including AWS and Azure . Infrastructure as Code (IaC) implementation experience. Experience integrating with enterprise services such as Active Directory, PKI, monitoring platforms, and SIEM solutions. Experience with DevSecOps tooling and CI/CD pipelines. API-driven automation of privileged account lifecycle management. Integration of PAM platforms with SIEM/SOC tooling for monitoring and audit. Experience with containerisation technologies including Docker and Kubernetes . Knowledge of enterprise Identity and Access Management (IAM) solutions. Security Clearance This position requires active UK Developed Vetting (DV) clearance prior to commencement. Candidates without current DV clearance cannot be considered for this assignment.
Jul 03, 2026
Contractor
DV Cleared Privileged Access Management (PAM) SME Contract: Initial 6-Month Contract Rate: 90- 95 per hour (Inside IR35) Location: Yeovil, UK Working Pattern: Minimum 3-4 days per week on site, with a preference for full-time on-site presence. Extended working hours can be accommodated to reduce the number of days required on site. Security Clearance: Current UK Developed Vetting (DV) Clearance is mandatory Overview We are seeking an experienced DV Cleared Privileged Access Management (PAM) Subject Matter Expert (SME) to support the design, implementation, integration, and ongoing enhancement of secure privileged access solutions within highly secure and regulated environments. This role requires a hands-on technical specialist with deep expertise in PAM technologies, secure platform engineering, and cyber security controls. The successful candidate will play a key role in delivering secure access management capabilities across complex enterprise and mission-critical environments. Key Responsibilities Act as the technical authority for Privileged Access Management solutions and associated platform technologies. Lead the design, implementation, and integration of PAM solutions across on-premise, hybrid, and cloud environments. Capture, analyse, and translate complex business and technical requirements into secure PAM architectures and solutions. Develop high-level and low-level technical designs aligned with security-by-design principles. Own technical delivery activities, including planning, estimation, implementation, testing, and reporting. Design and implement privileged access models across complex enterprise environments. Integrate PAM platforms with enterprise services, applications, and infrastructure components. Develop automation capabilities for account onboarding, offboarding, credential rotation, and access workflows. Provide technical leadership, mentoring, and knowledge transfer to engineering teams. Support security accreditation activities and ensure compliance with relevant cyber security standards and controls. Engage with stakeholders to present technical solutions, provide recommendations, and justify design decisions. Essential Skills & Experience Current UK Developed Vetting (DV) Clearance - mandatory. Extensive experience delivering enterprise-scale Privileged Access Management solutions. Strong hands-on experience with PAM platforms, including CyberArk or equivalent solutions. Expertise in secure credential storage, password rotation, session management, and privileged access control models. Experience integrating PAM solutions into enterprise platforms and services. Strong knowledge of Windows and Linux operating systems . Experience with virtualisation technologies including VMware and Hyper-V . Solid understanding of networking concepts, including: TCP/IP DNS DHCP Firewalls Strong automation and scripting capabilities using: PowerShell Bash Python Ansible Terraform Knowledge of cyber security controls, governance, and accreditation requirements. Experience working across the full systems engineering lifecycle. Proven experience delivering solutions within highly controlled and secure environments, including air-gapped, government, or defence environments. Strong analytical, problem-solving, and stakeholder management skills. Desirable Skills Experience with cloud platforms including AWS and Azure . Infrastructure as Code (IaC) implementation experience. Experience integrating with enterprise services such as Active Directory, PKI, monitoring platforms, and SIEM solutions. Experience with DevSecOps tooling and CI/CD pipelines. API-driven automation of privileged account lifecycle management. Integration of PAM platforms with SIEM/SOC tooling for monitoring and audit. Experience with containerisation technologies including Docker and Kubernetes . Knowledge of enterprise Identity and Access Management (IAM) solutions. Security Clearance This position requires active UK Developed Vetting (DV) clearance prior to commencement. Candidates without current DV clearance cannot be considered for this assignment.
Principal Platform Engineer (CyberArk/PAM) Active DV Clearance Highly Preferred, Lapsed DV Considered UKEO 6 Month Contract Initially £100/hour Umbrella Fully Onsite in Yeovil (compressed hours considered) We're recruiting for an experienced Principal Platform Engineer to join a high-profile defence programme, providing specialist expertise across Privileged Access Management (PAM) within a secure enterprise environment. This role is suited to someone with strong CyberArk and enterprise platform experience who enjoys solving complex technical challenges, influencing solution design and acting as the subject matter expert within a multidisciplinary engineering team. Key Responsibilities Act as the technical authority for the Privileged Access Management (PAM) domain. Lead the design and implementation of secure platform solutions across on-premise, hybrid and cloud environments. Capture, analyse and interpret complex customer requirements to drive secure solution design. Produce and review High-Level and Low-Level Designs (HLDs/LLDs). Provide technical leadership and guidance to engineering teams throughout project delivery. Ensure solutions align with secure-by-design principles, security controls and accreditation requirements. Contribute to technology strategy, innovation and engineering best practice. Engage with technical and business stakeholders, presenting and justifying technical recommendations and design decisions. Essential Skills & Experience Strong experience designing and implementing Privileged Access Management (PAM) solutions using CyberArk or a comparable enterprise PAM platform. Excellent understanding of privileged access models, credential management, password vaulting, credential rotation and secure access controls. Experience integrating PAM solutions with enterprise technologies including Windows , Linux , Active Directory , virtualisation platforms (VMware/Hyper-V) and networking services. Good understanding of networking concepts including TCP/IP, DNS, DHCP and firewalls. Experience producing and reviewing High-Level and Low-Level Designs (HLDs/LLDs) and translating business requirements into secure technical solutions. Knowledge of cyber security controls, accreditation requirements and secure-by-design principles. Experience across the systems engineering lifecycle. Familiarity with automation and scripting technologies including PowerShell, Bash, Python, Ansible or Terraform. Experience delivering solutions within highly secure or regulated environments. Strong communication skills with the ability to provide technical leadership, mentor engineers and communicate effectively with both technical and non-technical stakeholders. If you're an experienced PAM specialist with strong CyberArk knowledge and enjoy acting as the technical authority on complex secure platforms, we'd be keen to hear from you.
Jul 02, 2026
Contractor
Principal Platform Engineer (CyberArk/PAM) Active DV Clearance Highly Preferred, Lapsed DV Considered UKEO 6 Month Contract Initially £100/hour Umbrella Fully Onsite in Yeovil (compressed hours considered) We're recruiting for an experienced Principal Platform Engineer to join a high-profile defence programme, providing specialist expertise across Privileged Access Management (PAM) within a secure enterprise environment. This role is suited to someone with strong CyberArk and enterprise platform experience who enjoys solving complex technical challenges, influencing solution design and acting as the subject matter expert within a multidisciplinary engineering team. Key Responsibilities Act as the technical authority for the Privileged Access Management (PAM) domain. Lead the design and implementation of secure platform solutions across on-premise, hybrid and cloud environments. Capture, analyse and interpret complex customer requirements to drive secure solution design. Produce and review High-Level and Low-Level Designs (HLDs/LLDs). Provide technical leadership and guidance to engineering teams throughout project delivery. Ensure solutions align with secure-by-design principles, security controls and accreditation requirements. Contribute to technology strategy, innovation and engineering best practice. Engage with technical and business stakeholders, presenting and justifying technical recommendations and design decisions. Essential Skills & Experience Strong experience designing and implementing Privileged Access Management (PAM) solutions using CyberArk or a comparable enterprise PAM platform. Excellent understanding of privileged access models, credential management, password vaulting, credential rotation and secure access controls. Experience integrating PAM solutions with enterprise technologies including Windows , Linux , Active Directory , virtualisation platforms (VMware/Hyper-V) and networking services. Good understanding of networking concepts including TCP/IP, DNS, DHCP and firewalls. Experience producing and reviewing High-Level and Low-Level Designs (HLDs/LLDs) and translating business requirements into secure technical solutions. Knowledge of cyber security controls, accreditation requirements and secure-by-design principles. Experience across the systems engineering lifecycle. Familiarity with automation and scripting technologies including PowerShell, Bash, Python, Ansible or Terraform. Experience delivering solutions within highly secure or regulated environments. Strong communication skills with the ability to provide technical leadership, mentor engineers and communicate effectively with both technical and non-technical stakeholders. If you're an experienced PAM specialist with strong CyberArk knowledge and enjoy acting as the technical authority on complex secure platforms, we'd be keen to hear from you.
Location: London (City) - (4 days office/1 remote) Salary: £75,000 - £85,000 + annual discretionary bonus Hours: 11am-7pm (fixed shift) About the firm Our client is a leading global law firm with world-class offices in the heart of the City. The firm has recently moved into a brand-new building offering outstanding facilities, including free breakfast, lunch and dinner, a fully equipped on-site gym, and a modern, collaborative working environment. The opportunity This is a new role within the EMEA Identity & Access Management team, supporting a global user base and working closely with teams in the US and APAC. The position offers a mix of hands-on BAU operations and project delivery focused on improving automation, access controls and privileged account management across the firm's enterprise environment. You'll work alongside experienced IAM engineers to maintain and enhance the firm's Microsoft identity platforms, supporting the joiner-mover-leaver lifecycle and driving continuous improvement in identity security and governance. Key responsibilities Manage and maintain Active Directory, Azure/Entra ID and M365 identity services Support and enhance the firm's PAM platform (Delinea) - experience with CyberArk or BeyondTrust also welcome Administer PIM, Conditional Access and MFA policies across the Entra environment Develop and maintain PowerShell scripts for automation and reporting Collaborate with global IAM and Infrastructure teams on projects and incident resolution Ensure access governance, compliance and audit requirements are met across systems Contribute to roadmap development and platform improvements within the EMEA region What we're looking for Strong hands-on experience with Active Directory and Azure/Entra ID administration Knowledge of PAM solutions such as Delinea, CyberArk or BeyondTrust Good understanding of M365, Intune and identity security principles Confident using PowerShell for automation and troubleshooting Familiarity with PIM, MFA and Conditional Access Experience working in large, global or professional services environments Collaborative mindset and a genuine interest in identity security What's on offer Salary up to £85,000 depending on experience Annual discretionary bonus On-site working (4 days office/1 remote) Free breakfast, lunch and dinner each day Free on-site gym Excellent benefits package Genuine career progression - clear path to Senior Engineer or IAM Architect as the team expands If you're an experienced IAM or Infrastructure Engineer looking to step into a global role with a strong Microsoft and PAM focus, we'd love to hear from you. Please apply with your CV
Oct 08, 2025
Full time
Location: London (City) - (4 days office/1 remote) Salary: £75,000 - £85,000 + annual discretionary bonus Hours: 11am-7pm (fixed shift) About the firm Our client is a leading global law firm with world-class offices in the heart of the City. The firm has recently moved into a brand-new building offering outstanding facilities, including free breakfast, lunch and dinner, a fully equipped on-site gym, and a modern, collaborative working environment. The opportunity This is a new role within the EMEA Identity & Access Management team, supporting a global user base and working closely with teams in the US and APAC. The position offers a mix of hands-on BAU operations and project delivery focused on improving automation, access controls and privileged account management across the firm's enterprise environment. You'll work alongside experienced IAM engineers to maintain and enhance the firm's Microsoft identity platforms, supporting the joiner-mover-leaver lifecycle and driving continuous improvement in identity security and governance. Key responsibilities Manage and maintain Active Directory, Azure/Entra ID and M365 identity services Support and enhance the firm's PAM platform (Delinea) - experience with CyberArk or BeyondTrust also welcome Administer PIM, Conditional Access and MFA policies across the Entra environment Develop and maintain PowerShell scripts for automation and reporting Collaborate with global IAM and Infrastructure teams on projects and incident resolution Ensure access governance, compliance and audit requirements are met across systems Contribute to roadmap development and platform improvements within the EMEA region What we're looking for Strong hands-on experience with Active Directory and Azure/Entra ID administration Knowledge of PAM solutions such as Delinea, CyberArk or BeyondTrust Good understanding of M365, Intune and identity security principles Confident using PowerShell for automation and troubleshooting Familiarity with PIM, MFA and Conditional Access Experience working in large, global or professional services environments Collaborative mindset and a genuine interest in identity security What's on offer Salary up to £85,000 depending on experience Annual discretionary bonus On-site working (4 days office/1 remote) Free breakfast, lunch and dinner each day Free on-site gym Excellent benefits package Genuine career progression - clear path to Senior Engineer or IAM Architect as the team expands If you're an experienced IAM or Infrastructure Engineer looking to step into a global role with a strong Microsoft and PAM focus, we'd love to hear from you. Please apply with your CV
Role Title: PAM Engineer Location: Wokingham (Hybrid) Duration: 4 Months Rate: £505p/d max via Umbrella Clearance: Either hold or be eligible for SC Clearance Key Responsibilities - Design, deploy, and manage PAM solutions (eg, CyberArk, BeyondTrust, Delinea) - Implement least privilege access models and enforce secure credential management - Monitor and audit privileged access activities across systems and applications - Integrate PAM tools with SIEM, IAM, and other security platforms - Develop and maintain policies, procedures, and documentation for PAM operations - Conduct regular access reviews, privilege audits, and risk assessments - Collaborate with IT, DevOps, and Security teams to ensure seamless PAM integration - Provide technical support and troubleshooting for PAM-related issues - Stay current with industry trends, threats, and best practices in access management Required Skills & Qualifications - Experience in PAM engineering or cybersecurity roles - Proficiency with PAM tools such as CyberArk, BeyondTrust, or Delinea - Strong understanding of Active Directory, LDAP, and authentication protocols - Experience with Scripting (PowerShell, Python) for automation and reporting - Familiarity with compliance frameworks (ISO 27001, NIST, GDPR) - Excellent problem-solving, communication, and documentation skills Preferred Qualifications - Relevant certifications (eg, CyberArk Defender, CISSP, CISM) - Experience in cloud environments (AWS, Azure, GCP) and hybrid infrastructures - Knowledge of DevSecOps practices and CI/CD pipeline integration
Oct 07, 2025
Contractor
Role Title: PAM Engineer Location: Wokingham (Hybrid) Duration: 4 Months Rate: £505p/d max via Umbrella Clearance: Either hold or be eligible for SC Clearance Key Responsibilities - Design, deploy, and manage PAM solutions (eg, CyberArk, BeyondTrust, Delinea) - Implement least privilege access models and enforce secure credential management - Monitor and audit privileged access activities across systems and applications - Integrate PAM tools with SIEM, IAM, and other security platforms - Develop and maintain policies, procedures, and documentation for PAM operations - Conduct regular access reviews, privilege audits, and risk assessments - Collaborate with IT, DevOps, and Security teams to ensure seamless PAM integration - Provide technical support and troubleshooting for PAM-related issues - Stay current with industry trends, threats, and best practices in access management Required Skills & Qualifications - Experience in PAM engineering or cybersecurity roles - Proficiency with PAM tools such as CyberArk, BeyondTrust, or Delinea - Strong understanding of Active Directory, LDAP, and authentication protocols - Experience with Scripting (PowerShell, Python) for automation and reporting - Familiarity with compliance frameworks (ISO 27001, NIST, GDPR) - Excellent problem-solving, communication, and documentation skills Preferred Qualifications - Relevant certifications (eg, CyberArk Defender, CISSP, CISM) - Experience in cloud environments (AWS, Azure, GCP) and hybrid infrastructures - Knowledge of DevSecOps practices and CI/CD pipeline integration
CyberArk Secret Manager Engineer | Freelance | London/Paris/Brussels/Hybrid (8 days/month onsite) Duration: 12 months Rate: Flexible Inside of IR35 We're looking for an experienced CyberArk Engineer to join Euroclear's Chief Information Security Office (CISO) within the Identity and Access Management (IDAM) team. This is a fantastic opportunity to play a key role in strengthening Euroclear's Privileged Access Management (PAM) posture by deploying and integrating CyberArk Secret Manager across a complex enterprise environment. You'll lead the end-to-end implementation of CyberArk's Application Access Manager (AAM) capabilities - including Credential Provider (CP) , Central Credential Provider (CCP) , and Application Service Credential Provider (ASCP) . Your focus will be on enabling secure, automated, and compliant management of service and functional accounts across Windows and Linux systems. Key Responsibilities: Deploy, configure, and integrate CyberArk Secret Manager/AAM components (CP, CCP, ASCP). Design credential management solutions for service accounts, ensuring high availability and compliance. Integrate CyberArk with applications, Middleware, and databases for secure credential retrieval and rotation. Automate deployments and configuration using Ansible , PowerShell , Bash , and REST APIs . Manage Safes, platforms, permissions, and onboarding in CyberArk PAM. Produce design documentation, runbooks, and integration guides. Collaborate with application and infrastructure teams to troubleshoot issues and optimise integrations. What We're Looking For: ? Proven hands-on experience with CyberArk Secret Manager/AAM (non-negotiable). ? Strong PAM administration skills - Safes, platforms, permissions. ? Windows & Linux integration experience. ? Automation experience with Ansible , Scripting (PowerShell, Bash), and APIs. ? Independent, proactive, and solutions-oriented mindset. Please do send across to me the most up to date CV to (see below) *Rates depend on experience and client requirements
Oct 06, 2025
Contractor
CyberArk Secret Manager Engineer | Freelance | London/Paris/Brussels/Hybrid (8 days/month onsite) Duration: 12 months Rate: Flexible Inside of IR35 We're looking for an experienced CyberArk Engineer to join Euroclear's Chief Information Security Office (CISO) within the Identity and Access Management (IDAM) team. This is a fantastic opportunity to play a key role in strengthening Euroclear's Privileged Access Management (PAM) posture by deploying and integrating CyberArk Secret Manager across a complex enterprise environment. You'll lead the end-to-end implementation of CyberArk's Application Access Manager (AAM) capabilities - including Credential Provider (CP) , Central Credential Provider (CCP) , and Application Service Credential Provider (ASCP) . Your focus will be on enabling secure, automated, and compliant management of service and functional accounts across Windows and Linux systems. Key Responsibilities: Deploy, configure, and integrate CyberArk Secret Manager/AAM components (CP, CCP, ASCP). Design credential management solutions for service accounts, ensuring high availability and compliance. Integrate CyberArk with applications, Middleware, and databases for secure credential retrieval and rotation. Automate deployments and configuration using Ansible , PowerShell , Bash , and REST APIs . Manage Safes, platforms, permissions, and onboarding in CyberArk PAM. Produce design documentation, runbooks, and integration guides. Collaborate with application and infrastructure teams to troubleshoot issues and optimise integrations. What We're Looking For: ? Proven hands-on experience with CyberArk Secret Manager/AAM (non-negotiable). ? Strong PAM administration skills - Safes, platforms, permissions. ? Windows & Linux integration experience. ? Automation experience with Ansible , Scripting (PowerShell, Bash), and APIs. ? Independent, proactive, and solutions-oriented mindset. Please do send across to me the most up to date CV to (see below) *Rates depend on experience and client requirements
Job Title: Lead Security Solution Architect- PAM Location: Hybrid-London, UK (Days/Week Onsite) Duration: 6months+ 550GBP/Day Inside IR35 Project Overview CLIENT is working on a strategic Identity and Access Management programme and is re-shaping the way Authentication, Federation, Privileged Access Management, Access Governance, Secrets Management and API Security is done across the bank. One of the pillars of that programe is Privileged Access Management (PAM). CLIENT is working on uplifting controls and capabilities in privileged access for the Group and introducing the strategic password vaulting solution that will enable to meet strategic requirements. We are seeking an experienced Lead Security Solution Architect that can complement an existing team of Solution Architects to progress with designs of different components of the PAM solution and other supporting systems it will need to integrate with as part of the end-to-end journey. Security Solution Architects manage end-to-end solution design and are responsible for delivering architecture design documents in line with functional and non-functional business requirements, strategies, principles, standards, and patterns. Alongside the creation of high-level designs, Security Solution Architects will be required to record key decisions, design deviations, and technical risks and issues where appropriate. Security Solution Architects should be comfortable presenting and sharing solutions at design authorities and senior leadership & stakeholders. The Lead Security Solution Architect will provide technical thought leadership and direction to their project team and may represent the project/programme as subject matter expert. This role will require someone experienced in managing a team of on-shore and off-shore resources to deliver High- and Low-level designs to the required quality and standard. Principal Preferred Requirements Cybersecurity Expertise: Significant experience and proven technical depth within one of the following domains of cybersecurity; security operations & incident response, threat & vulnerability management, identity & access management, cryptography, infrastructure, network, application, data, cloud Broad background across information technology with the ability to communicate clearly with non-security technical SMEs at a comfortable level Experience in both operational and transformation cybersecurity roles or a clear working understanding of both perspectives Experience working in large-scale IT transformation programmes Experience working with PAM solutions such as CyberArk, Centrify, Delinea and OneIdentity Preparing end-to-end configuration of the strategic PAM capability - including on-prem deployments as well as Cloud native toolings Assisting in preparation of demonstrable journeys on the configured PAM tooling Platform & Technology: BizzDesign, Archi, or generic UML visualisation experience for high-level designs High proficiency and expertise in Jira for project & tasks management Working proficiency in Confluence for documentation Principal Accountabilities and Responsibilities Architecture & Design: Produce, manage, and update end-to-end solution designs in line with reference architecture & business requirements (including High and Low Level Designs Articulate and publish key design decision records and options to ensure all solutions follow a logical, transparent decision-making process Articulate, publish, and ensure approval of any design deviations resulting in technical debt Ensure any technical risks or issues arising from a solution design are recorded and mitigated. Produces, manages and translates the requirements into the architecture for that solution, ensuring technology and services meet the customer needs and expected business outcomes Ensures the design of the solutions are efficient, timely and cost effective throughout the project life cycle Clear understanding of both the motivations of the business and technical security Promote strong documentation and clerkship Governance: Ensures all high-level designs, architecture patterns, decision records, deviation requests, and technical risks or issue records undergo architectural and project governance processes Ensure all architecture artefacts undergo appropriate peer review prior to design authority presentation Present publications at technical design authorities for input, feedback, and approval Risk and Dependency Management: Effectively manages and escalates both technical and project risks or issues Articulates solutions and remediation steps to technical risks & issues Ability to map design decisions to resultant technical risks & issues to articulate the cause and rationale which leads to any negatively impacting change Leadership & Teamwork Provides technical thought leadership to the Design Team and the Project Ability to manage a project team of technical architects, engineers, and/or analysts Ability to take a deputised role in programme management-related tasks where necessary Qualifications & Certifications: Masters or doctorate degree in cybersecurity, computer science, software engineering, or related field CISSP/CISM certification or other broad cybersecurity industry-recognised certificate SABSA or TOGAF certified preferred Priyanka Sharma Senior Delivery Consultant
Oct 02, 2025
Contractor
Job Title: Lead Security Solution Architect- PAM Location: Hybrid-London, UK (Days/Week Onsite) Duration: 6months+ 550GBP/Day Inside IR35 Project Overview CLIENT is working on a strategic Identity and Access Management programme and is re-shaping the way Authentication, Federation, Privileged Access Management, Access Governance, Secrets Management and API Security is done across the bank. One of the pillars of that programe is Privileged Access Management (PAM). CLIENT is working on uplifting controls and capabilities in privileged access for the Group and introducing the strategic password vaulting solution that will enable to meet strategic requirements. We are seeking an experienced Lead Security Solution Architect that can complement an existing team of Solution Architects to progress with designs of different components of the PAM solution and other supporting systems it will need to integrate with as part of the end-to-end journey. Security Solution Architects manage end-to-end solution design and are responsible for delivering architecture design documents in line with functional and non-functional business requirements, strategies, principles, standards, and patterns. Alongside the creation of high-level designs, Security Solution Architects will be required to record key decisions, design deviations, and technical risks and issues where appropriate. Security Solution Architects should be comfortable presenting and sharing solutions at design authorities and senior leadership & stakeholders. The Lead Security Solution Architect will provide technical thought leadership and direction to their project team and may represent the project/programme as subject matter expert. This role will require someone experienced in managing a team of on-shore and off-shore resources to deliver High- and Low-level designs to the required quality and standard. Principal Preferred Requirements Cybersecurity Expertise: Significant experience and proven technical depth within one of the following domains of cybersecurity; security operations & incident response, threat & vulnerability management, identity & access management, cryptography, infrastructure, network, application, data, cloud Broad background across information technology with the ability to communicate clearly with non-security technical SMEs at a comfortable level Experience in both operational and transformation cybersecurity roles or a clear working understanding of both perspectives Experience working in large-scale IT transformation programmes Experience working with PAM solutions such as CyberArk, Centrify, Delinea and OneIdentity Preparing end-to-end configuration of the strategic PAM capability - including on-prem deployments as well as Cloud native toolings Assisting in preparation of demonstrable journeys on the configured PAM tooling Platform & Technology: BizzDesign, Archi, or generic UML visualisation experience for high-level designs High proficiency and expertise in Jira for project & tasks management Working proficiency in Confluence for documentation Principal Accountabilities and Responsibilities Architecture & Design: Produce, manage, and update end-to-end solution designs in line with reference architecture & business requirements (including High and Low Level Designs Articulate and publish key design decision records and options to ensure all solutions follow a logical, transparent decision-making process Articulate, publish, and ensure approval of any design deviations resulting in technical debt Ensure any technical risks or issues arising from a solution design are recorded and mitigated. Produces, manages and translates the requirements into the architecture for that solution, ensuring technology and services meet the customer needs and expected business outcomes Ensures the design of the solutions are efficient, timely and cost effective throughout the project life cycle Clear understanding of both the motivations of the business and technical security Promote strong documentation and clerkship Governance: Ensures all high-level designs, architecture patterns, decision records, deviation requests, and technical risks or issue records undergo architectural and project governance processes Ensure all architecture artefacts undergo appropriate peer review prior to design authority presentation Present publications at technical design authorities for input, feedback, and approval Risk and Dependency Management: Effectively manages and escalates both technical and project risks or issues Articulates solutions and remediation steps to technical risks & issues Ability to map design decisions to resultant technical risks & issues to articulate the cause and rationale which leads to any negatively impacting change Leadership & Teamwork Provides technical thought leadership to the Design Team and the Project Ability to manage a project team of technical architects, engineers, and/or analysts Ability to take a deputised role in programme management-related tasks where necessary Qualifications & Certifications: Masters or doctorate degree in cybersecurity, computer science, software engineering, or related field CISSP/CISM certification or other broad cybersecurity industry-recognised certificate SABSA or TOGAF certified preferred Priyanka Sharma Senior Delivery Consultant