AVEVA is creating software trusted by over 90% of leading industrial companies.
Job Title: IDAM Engineer
Location: Cambridge/ London
Employment Type: Full Time
The Job
AVEVA are looking for an Identity and Access Management (IDAM) focused Engineer with a strong background in engineering hybrid Windows platforms to join our growing team. The AVEVA IT team is dedicated to securing access to AVEVA’s platforms. The IDAM Engineer will be responsible for delivering and maintaining modern and legacy infrastructure required to support a rapidly growing software company. You will play a crucial role in furthering the security posture of the organisation through a combination of technical hands-on work and collaboration with cross-functional engineers to drive transformational security projects.
This role requires a strong focus on automation of IAM processes, including automating all types of IAM requests raised in tools such as ServiceNow or Jira, and ensuring reports and data extractions are automated rather than manually generated. The engineer must also have experience using AI tools to optimise day-to-day tasks and reporting, expertise in engineering Joiner-Mover-Leaver (JML) processes, and experience with SailPoint or similar identity governance platforms. Additionally, the role requires experience supporting Microsoft Exchange or other mail services.
Key Responsibilities
· Maintain and monitor IAM and Messaging systems, including Microsoft Exchange
· Operate and maintain multi-site Active Directory domains & forests, inclusive of cloud infrastructure components within Microsoft Azure
· Adhere to and develop guidelines/processes for deploying, monitoring, maintaining, and documenting essential infrastructure services
· Respond to critical issue occurrences to resolution
· Provide accurate, complete, and up-to-date diagrams and documentation of systems architecture
· Provide level 2 support and coordinate as needed with technology vendors (performing diagnosis on incidents, implementing standard changes to the infrastructure)
· Troubleshoot and manage the resolution of issues relating to identities, systems, access, accounts, authentication, authorisation, entitlements, and permissions
· Work in concert with security teams to harden infrastructure systems and monitor for malware and unauthorised access
· Manage Exchange Online and Hybrid Exchange environments, including mail flow, connectors, and transport rules.
· Configure and maintain mailbox policies, anti-spam/phishing policies via Defender for M365, secure mail routing and email encryption.
· Automate IAM request fulfilment workflows raised in ServiceNow or Jira to improve efficiency and accuracy
· Implement automation for reporting and data extraction to ensure audit readiness and reduce manual effort
· Engineer and optimise JML processes to ensure secure and efficient identity lifecycle management
· Leverage AI-driven solutions for operational tasks, troubleshooting, and reporting
Essential Skills and Experience
· A solid foundation in Microsoft security policies and configurations spanning Microsoft cloud services (SaaS/PaaS), IAM, and Privilege Access Management domains
· A strong understanding of industry-standard SSO technologies and authentication methods (OpenID Connect, SAML, OAuth, Kerberos, LDAP, etc.)
· Production-level experience implementing and supporting Microsoft security infrastructure
· Deep understanding of mail flow and email security solutions (DKIM, SPF, DMARC)
· An eagerness to produce scalable and repeatable security practices through automation
· Demonstrated experience managing and securing Azure resources using code-driven methods
· A broad knowledge and understanding of the cyber security threat landscape
· Significant and proven experience of dealing with IDAM systems incidents and associated response measures
· Experience with Microsoft Exchange or other enterprise mail services
· Proven experience managing an Exchange Hybrid environment with Defender for M365
· Experience with SailPoint or similar identity governance platforms
· Expertise in engineering JML processes
· Experience with AI technologies and ability to apply AI-driven solutions in operational workflows
Desirable Skills and Experience
· At least 2 years of professional experience in IAM-focused roles delivering security in cloud-native, distributed architectural solutions in complex environments
· Knowledge and/or a proven record of success in the following areas:
o Continuous integration, development and testing practices and DevOps tools
o Familiarity with scripting languages, such as PowerShell and Python, to automate IDAM tasks
· At least 2 years of professional experience in M365 administration with a focus on Exchange Hybrid and Teams Enterprise Voice management.
· Bachelor’s degree in Computer Science, Engineering, Mathematics, or related field; or equivalent combination of education/professional experience
· Relevant technical certifications a plus
· Strong ability to communicate with both technical and non-technical team members
· Customer-focused mindset and capable of delivering security solutions that meet business needs while achieving high security standards
· Growth mindset, passionate to learn and use new/emerging technologies
· Must work well independently and as part of a larger team, collaborating on cross-functional initiatives
UK Benefits include:
Flexible benefits fund, emergency leave days, adoption leave, 28 days annual leave (plus bank holidays), pension, life cover, private medical insurance, parental leave, education assistance program.
It’s possible we’re hiring for this position in multiple countries, in which case the above benefits apply to the primary location. Specific benefits vary by country, but our packages are similarly comprehensive.
Find out more: aveva.com/en/about/careers/benefits/
Hybrid working
By default, employees are expected to be in their local AVEVA office three days a week, but some positions are fully office-based. Roles supporting particular customers or markets are sometimes remote.
Hiring process
Interested? Great! Get started by submitting your cover letter and CV through our application portal. AVEVA is committed to recruiting and retaining people with disabilities. Please let us know in advance if you need reasonable support during your application process.
Find out more: aveva.com/en/about/careers/hiring-process
About AVEVA
AVEVA is a global leader in industrial software with more than 6,500 employees in over 40 countries. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life – such as energy, infrastructure, chemicals, and minerals – safely, efficiently, and more sustainably.
We are committed to embedding sustainability and inclusion into our operations, our culture, and our core business strategy. Learn more about how we are progressing against our ambitious 2030 targets: sustainability-report.aveva.com/
Find out more: aveva.com/en/about/careers/
AVEVA requires all successful applicants to undergo and pass a drug screening and comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may, subject to those laws, include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check. Certain positions dealing with sensitive and/or third-party personal data may involve additional background check criteria.
AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business. AVEVA provides reasonable accommodation to applicants with disabilities where appropriate. If you need reasonable accommodation for any part of the application and hiring process, please notify your recruiter. Determinations on requests for reasonable accommodation will be made on a case-by-case basis.