Cyber Security IdAM Senior Specialist

Based at least 2 days a week in our Bath Head Office, you will report to the Cyber Security Engineering Team Leader. You will develop the Cyber Security Identity and Access Management (IdAM) functions, deliveries and continuous improvement of identity security across the organisation. You will ensure identity security operates as a strategic control pillar rather than a reactive support function.

The Cyber Security IdAM Senior Specialist drives the operational effectiveness, resilience and continuous improvement of the organisation's Identity and Access Management capabilities. The role ensures robust access control, secure authentication standards and regulatory alignment across on-premises, cloud and hybrid environments. It provides senior technical authority in identity security, working across IT, security, governance and business teams to embed best practice, reduce identity-related risk exposure and enhance the organisation's overall security posture.

In particular, you will:

• Investigate and resolve identity-related security incidents, including unauthorised access, privilege misuse and credential compromise.
• Develop and refine SIEM detection use cases and identity-centric analytics to enable earlier identification and containment of threats.
• Drive adoption of evolving identity security practices, including Zero Trust principles, modern authentication standards and identity analytics.
• Deliver roadmap enhancements to ensure IdAM capabilities remain aligned to the threat landscape and business risk profile.
• Act as technical service owner for key security platforms, ensuring performance, resilience and continual optimisation.
• Oversee monitoring and analysis of identity telemetry, authentication patterns and privilege usage to detect anomalous behaviour and systemic risk.
• Provide clear, risk-focused reporting and recommendations to senior management, supporting informed decision-making and prioritisation of remediation efforts.
• Provide authoritative identity security input into projects, architectural design reviews and technology implementations.
• Ensure new systems, integrations and application deployments align with enterprise authentication, authorisation and lifecycle standards.
• Maintain and continuously improve secure configuration baselines across identity infrastructure, including both cloud and on-premise environments.
• Lead optimisation and hardening of enterprise IdAM platforms, including privileged access controls, identity governance and directory security.
• Oversee access governance activities, including periodic access reviews, privilege rationalisation and enforcement of least-privilege principles.
• Identify and remediate systemic identity risk through conditional access enforcement, legacy protocol reduction, authentication strengthening and directory security enhancement.
• Produce and maintain high-quality documentation, including standards, procedures, runbooks and post-incident reports.
• Provide identity risk metrics and performance insight to support operational planning and strategic decision-making.
• Provide senior technical guidance and mentorship to analysts, engineers and apprentices, building identity security capability within the team.
• Act as a trusted advisor on identity and access matters across the business, balancing security requirements with operational practicality.
• Provide considered, proportionate guidance where security deviations are identified, ensuring remediation without unnecessary disruption.
• Promote a culture of shared accountability for identity security, strengthening collaboration between technical and business stakeholders.

Essential areas of expertise include:

• Advanced working knowledge of enterprise security tooling, including PAM, IAG, SIEM, EDR, and NDR platforms, with the ability to design detection logic, tune telemetry and optimise signal-to-noise ratios in complex environments.
• Advanced working knowledge of enterprise IdPs such as AD and Entra ID.
• Proven ability to mentor, coach and uplift junior security professionals and apprentices, fostering technical growth, operational discipline and investigative capability.
• Extensive experience analysing, investigating and responding to security events within cloud environments, including identity abuse, privilege escalation and control bypass scenarios.
• Extensive experience analysing and responding to threats within on-premise infrastructure, including directory services, legacy authentication protocols and lateral movement techniques.
• Demonstrated commitment to continuous improvement of security posture, proactively identifying control gaps and driving measurable remediation.
• Highly developed written communication skills, including production of policies, standards, technical documentation, post-incident reports and executive-level summaries.
• Strong verbal communication skills, with the ability to articulate complex technical risks in a clear, proportionate manner to both technical and non-technical stakeholders.
• Ability to operate effectively across multi-disciplinary teams, influencing infrastructure, development, OT, governance and business stakeholders to embed secure practices.
• Comprehensive knowledge of security protocols, authentication mechanisms, cryptographic standards and modern access control technologies.
• Strong understanding of adversary tactics, techniques and procedures (TTPs), including application of frameworks such as MITRE ATT.