IAM Engineer in London

We offer a flexible working policy that supports a healthy balance between personal and professional wellbeing. This role requires in-office presence on Tuesdays & Thursdays to collaborate, connect, and learn from peers - while also maintaining the flexibility for meaningful work-life balance.

Being an IAM Engineer at iManage means you are iManage’s identity authority. You own the infrastructure that governs how every employee and service authenticates and accesses systems across a global, Microsoft-centric environment. Your core focus is Entra ID, SSO integrations for SaaS applications, and IAM automation - with secondary coverage for network infrastructure to support a distributed Infrastructure team. This is an individual contributor role based in London, working closely with colleagues in Belfast, Chicago, and Bangalore.

Responsibilities:

• Owning IAM infrastructure across the iManage environment: identity federation, SSO, directory services, and PAM via CyberArk.
• Designing and maintaining SSO integrations for SaaS applications using SAML 2.0, OAuth 2.0, OIDC, and SCIM.
• Administering Entra ID as the primary identity provider: user lifecycle, group management, app registrations, and conditional access.
• Configuring and maintaining Entra ID PIM, Identity Protection, entitlement management, and access reviews.
• Automating user lifecycle management (provisioning, deprovisioning, access reviews) via PowerShell, Graph API, and Entra ID Governance.
• Enforcing zero-trust principles, least-privilege access, and RBAC policies across the environment.
• Monitoring sign-in activity, risky users, and identity alerts; remediating in line with internal SLAs.
• Managing MFA policies including Conditional Access controls, authentication methods, and exception handling.
• Governing service account lifecycle: creation standards, CyberArk vaulting, credential rotation, and decommissioning.
• Maintaining documentation for IAM configurations, access policies, runbooks, and SOPs.
• Leading IAM incident response, performing root cause analysis, and implementing preventive controls.
• Owning stale account detection and remediation, drawing on Dayforce and Active Directory lifecycle signals.
• Supporting JML automation in partnership with Dayforce to ensure timely access changes across the employee lifecycle.
• Managing break-glass accounts including regular review, audit logging, and alerting.
• Providing on-call coverage for identity incidents and participating in scheduled IAM maintenance windows.

Qualifications:

• 5+ years of experience in infrastructure or systems engineering with a primary focus on identity and access management.
• Deep hands-on expertise with Microsoft Entra ID including conditional access, PIM, Identity Protection, entitlement management, and access reviews.
• Demonstrated experience designing and maintaining SSO integrations for SaaS applications using SAML 2.0, OAuth 2.0, OIDC, and SCIM.
• Strong scripting capability for IAM automation using PowerShell and Microsoft Graph API; Python or Bash a plus.
• Working knowledge of PAM concepts and tooling; experience with CyberArk preferred.
• Familiarity with Microsoft 365 E5 security tooling: Microsoft Defender for Identity, Microsoft Sentinel, and Purview.
• Foundational networking knowledge (TCP/IP, DNS, DHCP, VPN, firewall basics) sufficient to provide secondary coverage; Palo Alto familiarity a plus.
• Strong communication skills with the ability to convey technical detail clearly to both engineering peers and non-technical stakeholders.

iManage is committed to building a diverse and inclusive environment, and encourages everyone to show up as their full authentic selves. We welcome those that come with a growth mindset and a hunger for learning; so, if you are excited about this role but your past experience doesn’t align perfectly with every qualification we encourage you to apply anyways!

Benefits:

• Creating an inclusive environment where you’re encouraged to help shape the culture by bringing your unique perspective.
• Providing a market leading salary determined through a fair and consistent process, equitable for all our employees, and regularly reviewed against industry benchmarks.
• Rewarding me with an annual performance-based bonus.
• Providing enhanced parental leave (20 weeks for primary and 10 weeks for secondary caregiver at 100% pay).
• Matching my pension contribution (up to 6%).
• Offering BUPA private medical insurance & a Simplyhealth cash plan to assist with the everyday costs.
• Providing Group life cover, including life insurance, income protection, and critical illness protection.
• Encouraging me to make use of our top-tier flexible time off policy, which includes 25 days of annual leave and the flexibility to take further additional time off as needed.
• Having multiple company wellness days each year to prioritize mental health and well-being.
• Providing access to RethinkCare, a global behavioral health platform that enhances personal well-being, strengthens professional resilience, and empowers parental success through expert-led training and resources.

iManage provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.