IDAM Engineer

AVEVA are looking for an Identity and Access Management (IDAM) focused Engineer with a strong background in engineering hybrid Windows platforms to join our growing team. The AVEVA IT team is dedicated to securing access to AVEVA’s platforms. The IDAM Engineer will be responsible for delivering and maintaining modern and legacy infrastructure required to support a rapidly growing software company. You will play a crucial role in furthering the security posture of the organisation through a combination of technical hands-on work and collaboration with cross-functional engineers to drive transformational security projects.

This role requires a strong focus on automation of IAM processes, including automating all types of IAM requests raised in tools such as ServiceNow or Jira, and ensuring reports and data extractions are automated rather than manually generated. The engineer must also have experience using AI tools to optimise day-to-day tasks and reporting, expertise in engineering Joiner-Mover-Leaver (JML) processes, and experience with SailPoint or similar identity governance platforms. Additionally, the role requires experience supporting Microsoft Exchange or other mail services.

• Maintain and monitor IAM and Messaging systems, including Microsoft Exchange
• Operate and maintain multi-site Active Directory domains & forests, inclusive of cloud infrastructure components within Microsoft Azure
• Adhere to and develop guidelines/processes for deploying, monitoring, maintaining, and documenting essential infrastructure services
• Respond to critical issue occurrences to resolution
• Provide accurate, complete, and up-to-date diagrams and documentation of systems architecture
• Provide level 2 support and coordinate as needed with technology vendors (performing diagnosis on incidents, implementing standard changes to the infrastructure)
• Troubleshoot and manage the resolution of issues relating to identities, systems, access, accounts, authentication, authorisation, entitlements, and permissions
• Work in concert with security teams to harden infrastructure systems and monitor for malware and unauthorised access
• Manage Exchange Online and Hybrid Exchange environments, including mail flow, connectors, and transport rules
• Configure and maintain mailbox policies, anti-spam/phishing policies via Defender for M365, secure mail routing and email encryption
• Automate IAM request fulfilment workflows raised in ServiceNow or Jira to improve efficiency and accuracy
• Implement automation for reporting and data extraction to ensure audit readiness and reduce manual effort
• Engineer and optimise JML processes to ensure secure and efficient identity lifecycle management
• Leverage AI-driven solutions for operational tasks, troubleshooting, and reporting

• A solid foundation in Microsoft security policies and configurations spanning Microsoft cloud services (SaaS/PaaS), IAM, and Privilege Access Management domains
• A strong understanding of industry-standard SSO technologies and authentication methods (OpenID Connect, SAML, OAuth, Kerberos, LDAP, etc.)
• Production-level experience implementing and supporting Microsoft security infrastructure
• Deep understanding of mail flow and email security solutions (DKIM, SPF, DMARC)
• An eagerness to produce scalable and repeatable security practices through automation
• Demonstrated experience managing and securing Azure resources using code-driven methods
• A broad knowledge and understanding of the cyber security threat landscape
• Significant and proven experience of dealing with IDAM systems incidents and associated response measures
• Experience with Microsoft Exchange or other enterprise mail services
• Proven experience managing an Exchange Hybrid environment with Defender for M365
• Experience with SailPoint or similar identity governance platforms
• Expertise in engineering JML processes
• Experience with AI technologies and ability to apply AI-driven solutions in operational workflows

• At least 2 years of professional experience in IAM-focused roles delivering security in cloud-native, distributed architectural solutions in complex environments
• Knowledge and/or a proven record of success in the following areas:

• Continuous integration, development and testing practices and DevOps tools
• Familiarity with scripting languages, such as PowerShell and Python, to automate IDAM tasks

• Flexible benefits fund
• Emergency leave days
• Adoption leave
• 28 days annual leave (plus bank holidays)
• Pension
• Life cover
• Private medical insurance
• Parental leave
• Education assistance program

By default, employees are expected to be in their local AVEVA office three days a week, but some positions are fully office-based. Roles supporting particular customers or markets are sometimes remote.

AVEVA is a global leader in industrial software with more than 6,500 employees in over 40 countries. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life – such as energy, infrastructure, chemicals, and minerals – safely, efficiently, and more sustainably. We are committed to embedding sustainability and inclusion into our operations, our culture, and our core business strategy.

AVEVA requires all successful applicants to undergo and pass a drug screening and comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may, subject to those laws, include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check. Certain positions dealing with sensitive and/or third-party personal data may involve additional background check criteria.

AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business.