MFA Technical Engineer Role (Solid IAM and MFA experience) in Sheffield

The role is for a MFA Technical Engineer with significant experience in delivery projects into large organisations with many stakeholders. Successful candidates must have strong social skills across different mediums and the ability to communicate a vision based on developing technology. The successful candidate will have a strong general technical background with hands-on experience delivering IAM and infrastructure projects.

Inside IR35 – Based in Sheffield, 2-3 days a week – non-negotiable

• Engineer and support MFA solutions across enterprise platforms (Azure AD/Entra ID, iSeries, ADFS, etc.)
• Deliver authentication patterns: OIDC/OAuth2, SAML2, Kerberos/LDAP, session management, token lifecycle.
• Integrate apps with enterprise IAM/SSO platforms (AD, ADLDS, ADFS, Entra).
• Integrate MFA with applications using standards and protocols (SAML 2.0, OAuth 2.0, OpenID Connect, RADIUS, LDAP).
• Implement and maintain authentication policies (conditional access, step-up authentication, risk-based controls, device posture).
• Manage MFA factors and lifecycle: push, OTP, FIDO2/WebAuthn, hardware tokens, SMS/voice (where permitted), backup codes, recovery flows.
• Monitor service health and security events; tune alerting and dashboards.
• Troubleshoot complex authentication issues (SSO/MFA failures, token/certificate issues, clock drift, network/proxy constraints).
• Partner with IAM, Cyber Security, Architecture, and application teams to deliver secure-by-design integrations.
• Produce and maintain technical documentation, runbooks, and knowledge articles; contribute to operational readiness.
• Support audits and control testing; provide evidence of compliance with security and regulatory requirements.
• Participate in on-call/incident response, problem management, and continuous improvement.

• Knowledge of Multi-Factor Authentication and Passwordless authentication technology.
• Strong hands-on experience with federated protocols (OIDC/OAuth2/SAML).
• Experience with at least one IdP platform and troubleshooting tools.
• Support PoC/Pilot testing and planning for rollout of new authentication patterns.
• Work with Architecture on production infrastructure design.
• Present at stakeholder forums to provide updates on project deliverables and achievements.
• Conduct reviews with service owners to complete/review technology assessments.
• Familiar with JIRA/Confluence and can support our journey to use these tools better.
• Hands-on experience engineering MFA/SSO within an enterprise IAM environment.
• Working knowledge of PKI, certificates, TLS, and key management concepts.
• Experience operating production services: monitoring, incident management, change/release processes.

• Previous experience working in financial services, ideally HSBC experience.
• EntraID/AzureAD experience.
• Scripting/automation skills (PowerShell and/or Python) and familiarity with APIs.
• Experience with FIDO2/WebAuthn and phishing-resistant MFA rollouts.
• Knowledge of Zero Trust and adaptive/risk-based authentication.
• Familiarity with privileged access controls (PAM) and strong authentication for admin workflows.
• Cloud experience (Azure/AWS/GCP) and hybrid environments (AD, ADFS).
• ITIL practices and experience in regulated environments (financial services).
• Understanding of regulatory/security expectations (least privilege, auditability).

• Degree in Computer Science, Engineering, Cyber Security, or equivalent experience.
• Security/IAM certifications are a plus (Microsoft, Okta/Ping certs, CISSP/SSCP, GIAC or role-dependent).