Senior Identity Security Engineer in Reading

We are seeking a Senior Identity Security Engineer to design, implement and enhance large‑scale identity environments across Microsoft Active Directory, Entra ID, PKI/ADCS and modern hybrid platforms. This role combines hands‑on engineering with leadership in security design, implementation and assessment, requiring someone who can resolve complex identity challenges end‑to‑end and deliver robust, high‑impact solutions. You will work closely with engineering, architecture and operational teams across a range of sectors, to deliver secure, resilient identity and certificate services across on‑premises, hybrid and cloud environments.

Responsibilities

• Design and architect modern Microsoft identity platforms, including new Active Directory and Entra ID environments, design patterns, standards and long‑term roadmaps for secure, scalable foundations.
• Integrate third‑party identity services, including platforms such as Okta, Ping, Duo, Auth0 and Yubico.
• Assess and improve existing identity environments by identifying risks, technical debt, reliability issues and leading the engineering work to implement practical, measurable improvements.
• Engineer PKI and certificate lifecycle services at scale, including PKI/ADCS design and operation, certificate automation, cloud integrations and modern machine‑identity use cases.
• Plan and lead safe migrations and legacy exits, including decommissioning legacy AD forests, MIM, ADFS and outdated identity components.
• Drive adoption of passwordless and modern authentication, implementing solutions such as Windows Hello, passkeys, FIDO2 and supporting clients through change and adoption.
• Evolve organisations toward cloud‑first identity models, implementing hybrid identity strategies, modern authentication, attribute mastering and secure workload/device identity patterns.
• Automate identity and certificate operations using automation, DevSecOps practices and infrastructure‑as‑code to deliver secure, consistent and maintainable identity services.
• Advise clients on IAM best practices, standards and regulatory requirements, including GDPR, ISO 27001 and NIST Frameworks.

About You

• Strong engineering background with deep expertise across Active Directory, Entra ID and PKI/ADCS in large, complex environments.
• Pragmatic, methodical problem‑solver able to diagnose and resolve identity issues end‑to‑end in hybrid platforms.
• Effective communicator and collaborator, working across architecture, engineering and operations teams.
• Trusted by clients and colleagues; delivers practical, secure solutions that reduce real‑world risk.
• Broad experience across Active Directory, PKI, hybrid identity and modern authentication, including tiering, automation and identity hygiene.
• Skilled in identity migrations and legacy exits, covering AD consolidation, ADFS/MIM retirement and modernisation.
• Strong automation capability with PowerShell, CI/CD, monitoring and IaC to improve reliability and consistency.

Experience in the following areas would be advantageous

• Microsoft identity & security certifications (SC‑300, SC‑100, AZ‑500 or equivalent AD/Entra/PKI qualifications).
• Security or architecture credentials like CISSP, ISSAP, CRISC, TOGAF or SABSA.
• Cloud platform certifications across Azure, AWS, GCP or Terraform.

What we look for in our people

• Strong alignment with FSP values and ethos.
• Commitment to teamwork, quality and mutual success.
• Proactivity with an ability to operate with pace and energy.
• Strong communication and interpersonal skills.
• Dedication to excellence and quality.

Who are FSP?

FSP is a leading consultancy specialising in Digital, Security and AI solutions. Our success is enabled by our unwavering commitment to excellence, our people‑centric culture alongside best‑in‑class operations, ensuring impactful and sustainable outcomes for our clients. As a long standing and highly accredited Microsoft Partner, with extensive solution designations, we partner with clients across a range of commercial sectors, enabling digital transformation, innovation and robust cyber security. We navigate the complexities of data sensitivity, confidentiality, governance and compliance. We blend strategic insight, depth of technical expertise, delivery and operational excellence to meet the specific requirements outlined. We take a collaborative, one‑team approach with our clients to drive sustainable change, providing outstanding client experience and delivering exceptional results that are aligned with business priorities.

Why work for FSP?

• A collaborative and supportive environment in which you can grow and develop your career.
• The tools and opportunity to do work you can be proud of.
• A chance to work alongside some of the best people in the industry, who always seek to share their knowledge and experience.
• Hybrid working – we empower you to make smart choices about when and where to work to achieve great results.
• Industry leading coaching and mentoring.
• Competitive salary and an excellent benefits package.

Equal and Fair Opportunity

FSP is an equal opportunity employer and we welcome applications from all suitable candidates. We consider all applicants for employment regardless of age, disability, sexual orientation, gender identity, family or parental status, race, colour, nationality, ethnic or national origin, religion or belief. Research suggests that applicants from underrepresented groups are less likely to apply for roles if they do not precisely meet requirements, or if they felt there were clear barriers as to who should apply. If you are excited about a potential role with us but are concerned that you may not be a perfect fit, please do apply, as you may be the ideal candidate for this role or for a different vacancy within FSP. We endeavour to always provide fair opportunity for applicants to showcase themselves in the best way possible during any interviews or meetings. If you require any adjustments for a call or in‑person meeting, please let us know.