Security Solutions Architect Location: UK - London, UK - Hatfield, UK - Liverpool, UK - Manchester, UK - Milton Keynes, UK - Nottingham, UK - Reading, UK - Sheffield Job-ID: 218065 Contract type: Standard Business Unit: IT Consulting Life on the team A fantastic opportunity has arisen to join our dynamic and rapidly expanding Consultancy Practice within Computacenter. The ideal candidate will have experience of working at the architect level within a consultancy environment with a focus on traditional, advanced and emerging security solutions. We are experiencing high growth across all our networking and security services and the position will suit a candidate that enjoys a fast moving and varied role, working into enterprise customers that require the definition and delivery of advanced security solutions. What you'll do We are looking for a highly skilled Security Solutions Architect to join our architecture team and lead design, positioning, and delivery of integrated security and identity solutions across enterprise environments. This role is central to our Professional Services capability, supporting customers within the Networking and Security practice advising our customers on modernising their security posture through Zero Trust, identity-first architectures, and cloud-native security models. This role combines deep technical expertise, strategic advisory and pre sales experience to support our go to market and sales function whilst helping to develop internal service collateral to deliver continued growth in this space. The architect will shape and position solutions with input from a team of highly experienced SME consultants with the aim to provide first class advice and outcomes to our Enterprise customers. Expected experience and activities for this position includes: Engagement activities: Advisory services Requirements gathering Solution and design definition Attend Customer opportunity / strategy meetings to understand and articulate business and technical strategy for the company and customer. Provide qualification of designs or opportunities and produce high level architecture/design documentation Work closely with Vendors / Partners to keep up to date with current and future technologies, products and strategies to manage the 'cradle to grave' solution cycle. Act as a Design Authority for nominated key accounts Act as Technical Authority and lead for complex, enterprise-scale, mission critical customer projects Work closely with peers and SMEs to create solutions for Computacenter customers Support colleagues in Solutions Sales to identify and create new propositions and services to take to market Research technology and deliver associated white papers to promote Computacenter's offerings. Maintain high level of industry awareness through training and self development Perform governance and due diligence around proposed solutions, ensuring they meet the documented customer requirements What you'll need Technical Experience Cross-Domain Integration: Network (identity aware access and segmentation) Workplace (device identity and conditional access) Cloud (IAM and workload identity) Applications (SSO, API security) Datacentre (privileged infrastructure access) In depth understanding of: Identity and Security Architecture Secure Services Edge (SSE) Cloud and Infrastructure Identity Certificate and PKI Strong experience across a number of vendor technologies: Proven expertise in security technologies such as firewalls, intrusion detection/prevention systems, encryption, identity and access management (IAM), endpoint security, etc. Strong understanding of security frameworks and standards (e.g., NIST, ISO 27001, CIS Controls). Experience with cloud security architectures and services (e.g., AWS, Azure, Google Cloud). Candidates are expected to support a number of the following certifications: CyberArk Sentry / Guardian CyberArk EPM / Secrets Manager Zscaler Certified Architect (ZTCA) ISC2 CISSP (Certified Information Systems Security Professional) Microsoft Azure Security Engineer / Identity Equal Opportunities As an equal opportunities employer, we're committed to ensuring fair and equal access to opportunities for all. Your application will be considered on its merits, regardless of your age, disability, ethnicity, gender identity, or any other characteristics protected by law. We are proud to be a Disability Confident Employer. We welcome applications from disabled people and accept applications in alternative formats. We also guarantee to interview applicants who have a disability.
16/05/2026
Full time
Security Solutions Architect Location: UK - London, UK - Hatfield, UK - Liverpool, UK - Manchester, UK - Milton Keynes, UK - Nottingham, UK - Reading, UK - Sheffield Job-ID: 218065 Contract type: Standard Business Unit: IT Consulting Life on the team A fantastic opportunity has arisen to join our dynamic and rapidly expanding Consultancy Practice within Computacenter. The ideal candidate will have experience of working at the architect level within a consultancy environment with a focus on traditional, advanced and emerging security solutions. We are experiencing high growth across all our networking and security services and the position will suit a candidate that enjoys a fast moving and varied role, working into enterprise customers that require the definition and delivery of advanced security solutions. What you'll do We are looking for a highly skilled Security Solutions Architect to join our architecture team and lead design, positioning, and delivery of integrated security and identity solutions across enterprise environments. This role is central to our Professional Services capability, supporting customers within the Networking and Security practice advising our customers on modernising their security posture through Zero Trust, identity-first architectures, and cloud-native security models. This role combines deep technical expertise, strategic advisory and pre sales experience to support our go to market and sales function whilst helping to develop internal service collateral to deliver continued growth in this space. The architect will shape and position solutions with input from a team of highly experienced SME consultants with the aim to provide first class advice and outcomes to our Enterprise customers. Expected experience and activities for this position includes: Engagement activities: Advisory services Requirements gathering Solution and design definition Attend Customer opportunity / strategy meetings to understand and articulate business and technical strategy for the company and customer. Provide qualification of designs or opportunities and produce high level architecture/design documentation Work closely with Vendors / Partners to keep up to date with current and future technologies, products and strategies to manage the 'cradle to grave' solution cycle. Act as a Design Authority for nominated key accounts Act as Technical Authority and lead for complex, enterprise-scale, mission critical customer projects Work closely with peers and SMEs to create solutions for Computacenter customers Support colleagues in Solutions Sales to identify and create new propositions and services to take to market Research technology and deliver associated white papers to promote Computacenter's offerings. Maintain high level of industry awareness through training and self development Perform governance and due diligence around proposed solutions, ensuring they meet the documented customer requirements What you'll need Technical Experience Cross-Domain Integration: Network (identity aware access and segmentation) Workplace (device identity and conditional access) Cloud (IAM and workload identity) Applications (SSO, API security) Datacentre (privileged infrastructure access) In depth understanding of: Identity and Security Architecture Secure Services Edge (SSE) Cloud and Infrastructure Identity Certificate and PKI Strong experience across a number of vendor technologies: Proven expertise in security technologies such as firewalls, intrusion detection/prevention systems, encryption, identity and access management (IAM), endpoint security, etc. Strong understanding of security frameworks and standards (e.g., NIST, ISO 27001, CIS Controls). Experience with cloud security architectures and services (e.g., AWS, Azure, Google Cloud). Candidates are expected to support a number of the following certifications: CyberArk Sentry / Guardian CyberArk EPM / Secrets Manager Zscaler Certified Architect (ZTCA) ISC2 CISSP (Certified Information Systems Security Professional) Microsoft Azure Security Engineer / Identity Equal Opportunities As an equal opportunities employer, we're committed to ensuring fair and equal access to opportunities for all. Your application will be considered on its merits, regardless of your age, disability, ethnicity, gender identity, or any other characteristics protected by law. We are proud to be a Disability Confident Employer. We welcome applications from disabled people and accept applications in alternative formats. We also guarantee to interview applicants who have a disability.
Sailpoint IAM Engineer (SC clearance) - inside IR35 - 100% remote Exalto consulting are currently recruiting for a contract Sailpoint IAM engineer, you must hold a valid and transferable SC clearance, this is a long-term contract role, inside IR35 and 100% remote working. Skills: CyberArk PAM IAM Privileged Access Mgt Identity and access mgt (IAM) SailPoint IdentityIQ Security Architecture Amazon Web Services Cloud Azure Cloud Google Cloud Platform If you have the above experience and hold a valid transferable SC clearance and are looking for a new contract role, please send your CV for immediate consideration as our client are looking to hire ASAP Sailpoint IAM Engineer (SC clearance) - inside IR35 - 100% remote
15/05/2026
Contractor
Sailpoint IAM Engineer (SC clearance) - inside IR35 - 100% remote Exalto consulting are currently recruiting for a contract Sailpoint IAM engineer, you must hold a valid and transferable SC clearance, this is a long-term contract role, inside IR35 and 100% remote working. Skills: CyberArk PAM IAM Privileged Access Mgt Identity and access mgt (IAM) SailPoint IdentityIQ Security Architecture Amazon Web Services Cloud Azure Cloud Google Cloud Platform If you have the above experience and hold a valid transferable SC clearance and are looking for a new contract role, please send your CV for immediate consideration as our client are looking to hire ASAP Sailpoint IAM Engineer (SC clearance) - inside IR35 - 100% remote
Purpose of the Role The Active Directory/Entra Specialist is the technical authority for the customer's hybrid identity platform. The role owns the design, operation, security, and continuous improvement of on-premises Active Directory Domain Services, Group Policy, ADFS, Entra ID (P2), Azure AD Connect, B2B and B2C flows, Conditional Access, MFA, Intune, and identity life cycle automation across all in-scope business programmes. Identity is the foundation of every other workload in the estate. This role therefore underwrites the availability, security and compliance of M365, SharePoint, Power Platform, Dynamics 365, Fabric and Azure services. The post-holder is on the front line for any P1 authentication outage, Conditional Access misconfiguration, or directory replication failure. Requirements 2.3 Key Technical Responsibilities Hybrid Active Directory Operations Administer multi-forest on-premises Active Directory Domain Services (modern schema, WS2016+ functional level), including domain controllers, FSMO roles, sites and services, replication topology, DNS, DHCP, time service (NT5DS), and trust relationships. Maintain and harden Group Policy Objects across the estate, including baseline security GPOs, audit policies, AppLocker/WDAC, BitLocker, Windows Update for Business, and computer/user configuration drift detection. Operate and patch ADFS on Legacy Windows Server (where present), administer claims rules, relying party trusts, certificate rotation, and plan migration of relying parties to Entra ID where commercially appropriate. Manage Azure AD Connect (auto-updating) including sync rules, source anchor, password hash sync/pass-through authentication, seamless SSO, staging mode validation, and re-permission/re-baseline activities. Diagnose and remediate replication failures, lingering objects, USN rollback, tombstone issues, NTLM/Kerberos auth failures, SPN duplication, and time-skew problems using repadmin, dcdiag, klist, KDCDiag, ADReplStatus and Microsoft 365 Connectivity Analyzer. Entra ID and Identity Lifecycle Administer Entra ID P2 tenants including users, groups, dynamic groups, administrative units, application registrations, enterprise applications, service principals, managed identities, and consent workflows. Configure and operate Conditional Access (sign-in risk, user risk, named locations, device compliance, session controls), Multi-Factor Authentication, passwordless sign-in (Windows Hello for Business, FIDO2, Authenticator), and Temporary Access Pass for onboarding. Operate Privileged Identity Management (PIM) for just-in-time role activation, approval workflows, access reviews and break-glass account governance; work with the on-premises PAM solution for tier-0 administration. Manage Entra ID B2B (guest collaboration) and B2C (custom policies, user flows, identity providers, custom branding, application integrations) for both internal and external-facing tenants. Implement Identity Governance: Entitlement Management, Access Packages, Access Reviews, Lifecycle Workflows, and HR-driven inbound provisioning where in scope. Endpoint Management with Intune Administer Microsoft Intune including device enrolment (Autopilot, Apple ABM, Android Enterprise), configuration profiles, compliance policies, app protection policies (MAM), Conditional Access integration, and Endpoint Privilege Management. Define and maintain Windows update rings, feature update profiles, driver update profiles, and Defender for Endpoint baselines via Intune Security Baselines. Operate Win32/LOB/Microsoft Store app deployment, package authoring (intunewin), update rings, and supersedence chains. Co-manage devices with Configuration Manager where present, troubleshoot enrolment failures using IME logs, MDM Diagnostics Tool, and the Intune Troubleshooting portal. Identity Automation and Tooling Author and maintain PowerShell automation using Microsoft Graph PowerShell SDK, Az PowerShell, ExchangeOnlineManagement, MSOnline (Legacy), AzureAD (Legacy), and ActiveDirectory modules - including JML (Joiner-Mover-Leaver) workflows, group membership reconciliation, stale object cleanup, and licence assignment. Build and operate identity-related runbooks in Azure Automation, Logic Apps, or Power Automate where appropriate. Use Microsoft Graph (REST + SDK) for advanced reporting, bulk operations, and integration with HR/ITSM platforms. Service Operations Own L2/L3 incident, problem and change resolution for identity-related tickets, achieving the contractual SLAs: P1 1-hour response/4-hour resolution, P2 4-hour response/1 working day resolution, P3 1 working day response/3 working days resolution. Lead root cause analysis (RCA) for P1 identity incidents and produce post-incident review reports within five working days. Contribute to monthly service reports with identity KPIs (sign-in success rate, MFA coverage, Conditional Access policy hits, privileged role activations, sync health, AAD Connect latency, certificate expiry watchlist). Participate in CAB review, change scheduling, and change risk assessment for identity changes; produce rollback plans and pre/post implementation checks. Mandatory Technical Skills Active Directory Domain Services on Windows Server 2016+ including schema management, sites and services, GPO design, ADFS, AD CS, AD Recycle Bin, and DR/recovery procedures (authoritative restore). Entra ID P2 deep configuration: Conditional Access, MFA, PIM, Identity Protection (sign-in risk, user risk, risky users), Identity Governance, Application Proxy, External Identities (B2B, B2C custom policies), and Hybrid Identity (AAD Connect). Microsoft Intune end-to-end device and application management, including Autopilot pre-provisioning, compliance, configuration, and Endpoint Security baselines. PowerShell Scripting (intermediate-to-advanced) using Microsoft Graph SDK, Az, and ActiveDirectory modules; ability to read/debug/extend existing scripts under change control. Working knowledge of Microsoft Defender for Identity (formerly Azure ATP) signals and integration with Defender XDR. Networking fundamentals: DNS, Kerberos, NTLM, OAuth 2.0, OpenID Connect, SAML 2.0, WS-Federation, certificate-based authentication, TLS/SSL troubleshooting, and modern auth flows. Working knowledge of ITIL v4 incident, problem, change and configuration management, and ITSM ticketing (eg, ServiceNow, Jira Service Management). Desirable Technical Skills Entra Permissions Management (CIEM). Microsoft Entra ID Verified ID (decentralised identity) familiarity. Group Policy Analytics in Intune for cloud migration. Experience operating tier-0 PAM solutions (CyberArk, BeyondTrust, Delinea) on-premises. Familiarity with FIDO2 hardware tokens, Windows LAPS (cloud), and Authentication Methods migration. Exposure to Azure VPN Gateway, ExpressRoute, and hybrid connectivity for identity authentication paths. Required Certifications Microsoft Certified: Identity and Access Administrator Associate (SC-300) - mandatory. Microsoft Certified: Endpoint Administrator Associate (MD-102) - mandatory. Microsoft 365 Certified: Administrator Expert (MS-102) - preferred. Microsoft Certified: Cybersecurity Architect Expert (SC-100) - desirable. ITIL 4 Foundation - preferred.
15/05/2026
Purpose of the Role The Active Directory/Entra Specialist is the technical authority for the customer's hybrid identity platform. The role owns the design, operation, security, and continuous improvement of on-premises Active Directory Domain Services, Group Policy, ADFS, Entra ID (P2), Azure AD Connect, B2B and B2C flows, Conditional Access, MFA, Intune, and identity life cycle automation across all in-scope business programmes. Identity is the foundation of every other workload in the estate. This role therefore underwrites the availability, security and compliance of M365, SharePoint, Power Platform, Dynamics 365, Fabric and Azure services. The post-holder is on the front line for any P1 authentication outage, Conditional Access misconfiguration, or directory replication failure. Requirements 2.3 Key Technical Responsibilities Hybrid Active Directory Operations Administer multi-forest on-premises Active Directory Domain Services (modern schema, WS2016+ functional level), including domain controllers, FSMO roles, sites and services, replication topology, DNS, DHCP, time service (NT5DS), and trust relationships. Maintain and harden Group Policy Objects across the estate, including baseline security GPOs, audit policies, AppLocker/WDAC, BitLocker, Windows Update for Business, and computer/user configuration drift detection. Operate and patch ADFS on Legacy Windows Server (where present), administer claims rules, relying party trusts, certificate rotation, and plan migration of relying parties to Entra ID where commercially appropriate. Manage Azure AD Connect (auto-updating) including sync rules, source anchor, password hash sync/pass-through authentication, seamless SSO, staging mode validation, and re-permission/re-baseline activities. Diagnose and remediate replication failures, lingering objects, USN rollback, tombstone issues, NTLM/Kerberos auth failures, SPN duplication, and time-skew problems using repadmin, dcdiag, klist, KDCDiag, ADReplStatus and Microsoft 365 Connectivity Analyzer. Entra ID and Identity Lifecycle Administer Entra ID P2 tenants including users, groups, dynamic groups, administrative units, application registrations, enterprise applications, service principals, managed identities, and consent workflows. Configure and operate Conditional Access (sign-in risk, user risk, named locations, device compliance, session controls), Multi-Factor Authentication, passwordless sign-in (Windows Hello for Business, FIDO2, Authenticator), and Temporary Access Pass for onboarding. Operate Privileged Identity Management (PIM) for just-in-time role activation, approval workflows, access reviews and break-glass account governance; work with the on-premises PAM solution for tier-0 administration. Manage Entra ID B2B (guest collaboration) and B2C (custom policies, user flows, identity providers, custom branding, application integrations) for both internal and external-facing tenants. Implement Identity Governance: Entitlement Management, Access Packages, Access Reviews, Lifecycle Workflows, and HR-driven inbound provisioning where in scope. Endpoint Management with Intune Administer Microsoft Intune including device enrolment (Autopilot, Apple ABM, Android Enterprise), configuration profiles, compliance policies, app protection policies (MAM), Conditional Access integration, and Endpoint Privilege Management. Define and maintain Windows update rings, feature update profiles, driver update profiles, and Defender for Endpoint baselines via Intune Security Baselines. Operate Win32/LOB/Microsoft Store app deployment, package authoring (intunewin), update rings, and supersedence chains. Co-manage devices with Configuration Manager where present, troubleshoot enrolment failures using IME logs, MDM Diagnostics Tool, and the Intune Troubleshooting portal. Identity Automation and Tooling Author and maintain PowerShell automation using Microsoft Graph PowerShell SDK, Az PowerShell, ExchangeOnlineManagement, MSOnline (Legacy), AzureAD (Legacy), and ActiveDirectory modules - including JML (Joiner-Mover-Leaver) workflows, group membership reconciliation, stale object cleanup, and licence assignment. Build and operate identity-related runbooks in Azure Automation, Logic Apps, or Power Automate where appropriate. Use Microsoft Graph (REST + SDK) for advanced reporting, bulk operations, and integration with HR/ITSM platforms. Service Operations Own L2/L3 incident, problem and change resolution for identity-related tickets, achieving the contractual SLAs: P1 1-hour response/4-hour resolution, P2 4-hour response/1 working day resolution, P3 1 working day response/3 working days resolution. Lead root cause analysis (RCA) for P1 identity incidents and produce post-incident review reports within five working days. Contribute to monthly service reports with identity KPIs (sign-in success rate, MFA coverage, Conditional Access policy hits, privileged role activations, sync health, AAD Connect latency, certificate expiry watchlist). Participate in CAB review, change scheduling, and change risk assessment for identity changes; produce rollback plans and pre/post implementation checks. Mandatory Technical Skills Active Directory Domain Services on Windows Server 2016+ including schema management, sites and services, GPO design, ADFS, AD CS, AD Recycle Bin, and DR/recovery procedures (authoritative restore). Entra ID P2 deep configuration: Conditional Access, MFA, PIM, Identity Protection (sign-in risk, user risk, risky users), Identity Governance, Application Proxy, External Identities (B2B, B2C custom policies), and Hybrid Identity (AAD Connect). Microsoft Intune end-to-end device and application management, including Autopilot pre-provisioning, compliance, configuration, and Endpoint Security baselines. PowerShell Scripting (intermediate-to-advanced) using Microsoft Graph SDK, Az, and ActiveDirectory modules; ability to read/debug/extend existing scripts under change control. Working knowledge of Microsoft Defender for Identity (formerly Azure ATP) signals and integration with Defender XDR. Networking fundamentals: DNS, Kerberos, NTLM, OAuth 2.0, OpenID Connect, SAML 2.0, WS-Federation, certificate-based authentication, TLS/SSL troubleshooting, and modern auth flows. Working knowledge of ITIL v4 incident, problem, change and configuration management, and ITSM ticketing (eg, ServiceNow, Jira Service Management). Desirable Technical Skills Entra Permissions Management (CIEM). Microsoft Entra ID Verified ID (decentralised identity) familiarity. Group Policy Analytics in Intune for cloud migration. Experience operating tier-0 PAM solutions (CyberArk, BeyondTrust, Delinea) on-premises. Familiarity with FIDO2 hardware tokens, Windows LAPS (cloud), and Authentication Methods migration. Exposure to Azure VPN Gateway, ExpressRoute, and hybrid connectivity for identity authentication paths. Required Certifications Microsoft Certified: Identity and Access Administrator Associate (SC-300) - mandatory. Microsoft Certified: Endpoint Administrator Associate (MD-102) - mandatory. Microsoft 365 Certified: Administrator Expert (MS-102) - preferred. Microsoft Certified: Cybersecurity Architect Expert (SC-100) - desirable. ITIL 4 Foundation - preferred.
Purpose of the Role: The M365/Entra Security & Governance Specialist owns the security posture, data governance, and compliance alignment of the customer's Microsoft estate. The role designs and operates Zero Trust controls, threat protection, information protection, insider risk management, and the audit/evidence machinery required to demonstrate alignment with ISO 27001, GDPR, NIST CSF and Microsoft's Secure Score baselines. The customer processes personal and special-category data on behalf of public-sector programmes. The role therefore carries direct accountability for protecting beneficiary data, ensuring lawful processing within the EEA, and providing evidence of control effectiveness to the customer's Cyber Security team and external auditors. This is a senior, hands-on technical role - not a paper-only governance position. Requirements Key Technical Responsibilities: Threat Protection - Microsoft Defender XDR Operate Microsoft Defender XDR across Defender for Endpoint, Defender for Office 365 (Plan 2), Defender for Identity, Defender for Cloud Apps, and Defender Vulnerability Management. Manage Defender for Endpoint deployment, onboarding (via Intune/GPO/script), attack surface reduction (ASR) rules, EDR in block mode, automated investigation and response (AIR), tamper protection, and live response. Tune Defender for Office 365 anti-phishing, Safe Links, Safe Attachments, anti-spoofing, impersonation protection, attack simulation training, and Threat Explorer queries. Operate Defender for Identity sensors on domain controllers and ADFS Servers; investigate identity-based attack paths (DCSync, Golden Ticket, Pass-the-Hash) and remediate exposures. Operate Defender for Cloud Apps for SaaS discovery, OAuth app governance, conditional access app control (reverse Proxy), session policies, and shadow IT reporting. Investigate alerts and incidents in the Defender XDR portal using KQL advanced hunting; build custom detections, suppression rules, and automated playbooks. SIEM and SOAR - Microsoft Sentinel Operate Microsoft Sentinel for the estate: data connectors (M365, Entra, Defender XDR, Azure Activity, Office 365, Threat Intelligence, Syslog/CEF), workspace architecture, retention, and cost optimisation. Author analytics rules (scheduled, NRT, Fusion, Microsoft Security), build watchlists, threat intelligence integrations (TAXII/MISP), and User Entity Behaviour Analytics (UEBA). Develop KQL detection content aligned to MITRE ATT&CK; operate hunting queries, bookmarks, and incident investigation graphs. Build SOAR automation using Azure Logic Apps playbooks for incident enrichment, containment (eg, disable user, force password reset, isolate device), and notification. Operate the 24/7 Sentinel-based monitoring stack in collaboration with the NOC analyst function. Information Protection and Data Governance - Microsoft Purview Design and operate Microsoft Purview Information Protection: sensitivity labels, label policies, auto-labelling (client and service-side), encryption with rights management, and co-authoring on encrypted documents. Build and tune Data Loss Prevention (DLP) policies for Exchange, SharePoint, OneDrive, Teams chat, Endpoint DLP and Power Platform; manage policy tips, overrides, and incident review. Operate Insider Risk Management policies, content Explorer, activity Explorer, and communication compliance where in scope. Design retention policies, retention labels, and records management aligned to the customer's records retention schedules and applicable public-sector records management frameworks. Operate eDiscovery (Standard and Premium): cases, holds, collections, reviews, custodian management, and chain-of-custody documentation. Operate Microsoft Purview Data Map, Data Catalog, and Data Estate Insights for the Microsoft Fabric/Power BI estate, including lineage, classification scans, and Data Loss Prevention for Fabric. Maintain audit and reporting using Purview Audit (Standard/Premium), Compliance Manager templates (ISO 27001, GDPR, NIS2), and customer-managed Compliance Manager assessments. Identity Security and Zero Trust Define and maintain the Conditional Access policy baseline using a documented policy framework (Persona-based or Microsoft Zero Trust deployment guidance), including emergency/break-glass access, named locations, and report-only validation. Operate Entra ID Protection - sign-in risk, user risk, risk policies, and risk investigation - including alignment with Defender XDR for unified incident view. Govern privileged access via PIM, role-assignable groups, access reviews, and Just-In-Time elevation; co-own break-glass account procedures with the AD/Entra Specialist. Operate Entra Permissions Management (CIEM) where licensed, providing visibility of multi-cloud permission risk. Compliance and Audit Maintain ISO 27001 control evidence and align with the customer's certification and surveillance audits; act as the technical lead for any audit observation related to the Microsoft estate. Maintain GDPR records of processing, support Data Protection Impact Assessments for new applications, and operate technical and organisational measures (TOMs). Map controls to NIST CSF, NIS2 (where applicable as an essential/important entity), and Microsoft Secure Score/Identity Secure Score; maintain a target posture and quarterly improvement plan. Produce monthly security KPIs for the SLA report - Secure Score trend, MFA coverage, DLP incidents, phishing simulation results, vulnerability remediation, patch compliance - and quarterly executive risk reports. Microsoft Copilot and AI Governance Operate the security envelope for Microsoft 365 Copilot and Copilot Studio including SharePoint sharing hygiene ("oversharing"), sensitivity-label-aware grounding, restricted SearchableContent, and Copilot interaction audit log review. Define and enforce a Responsible AI policy aligned with Microsoft's Responsible AI Standard - fairness, reliability, safety, privacy, security, inclusiveness, transparency, and accountability. Mandatory Technical Skills Microsoft Defender XDR (full stack) and Microsoft Sentinel - analytics, hunting (KQL), incident management, and SOAR playbook authoring. Microsoft Purview - Information Protection, DLP, Insider Risk, Records Management, eDiscovery, Audit, and Compliance Manager. Entra ID security: Conditional Access, MFA, PIM, Identity Protection, External Identities, and Permissions Management. Zero Trust architecture knowledge per Microsoft Zero Trust deployment guidance; ability to lead a Zero Trust roadmap discussion with senior stakeholders. ISO 27001:2022 control set; GDPR Articles 5, 6, 9, 25, 28, 30, 32-34; awareness of NIS2 and applicable national cyber-security guidance. KQL (Kusto Query Language) - fluent across Defender Advanced Hunting, Sentinel, and Log Analytics. PowerShell automation across Microsoft Graph Security, ExchangeOnlineManagement, and Compliance modules. Desirable Technical Skills Threat hunting using Sigma rules, MITRE ATT&CK navigator, and STIX/TAXII Intel feeds. SOC operations experience - shift handover, evidence preservation, incident life cycle (NIST SP 800-61). Familiarity with on-premises PAM (CyberArk, BeyondTrust) and hybrid SOC tooling beyond Microsoft. Microsoft Fabric/Purview Data Loss Prevention (Fabric DLP) and AI hub for Purview. Familiarity with Cyber Essentials Plus, NCSC Cyber Assessment Framework (CAF), and ENISA guidance. Required Certifications Microsoft Certified: Security Operations Analyst Associate (SC-200) - mandatory. Microsoft Certified: Information Protection and Compliance Administrator Associate (SC-400) - mandatory. Microsoft Certified: Identity and Access Administrator Associate (SC-300) - mandatory. Microsoft Certified: Cybersecurity Architect Expert (SC-100) - preferred. ISO/IEC 27001 Lead Implementer or Lead Auditor - preferred. CISSP, CISM, or equivalent - desirable.
15/05/2026
Purpose of the Role: The M365/Entra Security & Governance Specialist owns the security posture, data governance, and compliance alignment of the customer's Microsoft estate. The role designs and operates Zero Trust controls, threat protection, information protection, insider risk management, and the audit/evidence machinery required to demonstrate alignment with ISO 27001, GDPR, NIST CSF and Microsoft's Secure Score baselines. The customer processes personal and special-category data on behalf of public-sector programmes. The role therefore carries direct accountability for protecting beneficiary data, ensuring lawful processing within the EEA, and providing evidence of control effectiveness to the customer's Cyber Security team and external auditors. This is a senior, hands-on technical role - not a paper-only governance position. Requirements Key Technical Responsibilities: Threat Protection - Microsoft Defender XDR Operate Microsoft Defender XDR across Defender for Endpoint, Defender for Office 365 (Plan 2), Defender for Identity, Defender for Cloud Apps, and Defender Vulnerability Management. Manage Defender for Endpoint deployment, onboarding (via Intune/GPO/script), attack surface reduction (ASR) rules, EDR in block mode, automated investigation and response (AIR), tamper protection, and live response. Tune Defender for Office 365 anti-phishing, Safe Links, Safe Attachments, anti-spoofing, impersonation protection, attack simulation training, and Threat Explorer queries. Operate Defender for Identity sensors on domain controllers and ADFS Servers; investigate identity-based attack paths (DCSync, Golden Ticket, Pass-the-Hash) and remediate exposures. Operate Defender for Cloud Apps for SaaS discovery, OAuth app governance, conditional access app control (reverse Proxy), session policies, and shadow IT reporting. Investigate alerts and incidents in the Defender XDR portal using KQL advanced hunting; build custom detections, suppression rules, and automated playbooks. SIEM and SOAR - Microsoft Sentinel Operate Microsoft Sentinel for the estate: data connectors (M365, Entra, Defender XDR, Azure Activity, Office 365, Threat Intelligence, Syslog/CEF), workspace architecture, retention, and cost optimisation. Author analytics rules (scheduled, NRT, Fusion, Microsoft Security), build watchlists, threat intelligence integrations (TAXII/MISP), and User Entity Behaviour Analytics (UEBA). Develop KQL detection content aligned to MITRE ATT&CK; operate hunting queries, bookmarks, and incident investigation graphs. Build SOAR automation using Azure Logic Apps playbooks for incident enrichment, containment (eg, disable user, force password reset, isolate device), and notification. Operate the 24/7 Sentinel-based monitoring stack in collaboration with the NOC analyst function. Information Protection and Data Governance - Microsoft Purview Design and operate Microsoft Purview Information Protection: sensitivity labels, label policies, auto-labelling (client and service-side), encryption with rights management, and co-authoring on encrypted documents. Build and tune Data Loss Prevention (DLP) policies for Exchange, SharePoint, OneDrive, Teams chat, Endpoint DLP and Power Platform; manage policy tips, overrides, and incident review. Operate Insider Risk Management policies, content Explorer, activity Explorer, and communication compliance where in scope. Design retention policies, retention labels, and records management aligned to the customer's records retention schedules and applicable public-sector records management frameworks. Operate eDiscovery (Standard and Premium): cases, holds, collections, reviews, custodian management, and chain-of-custody documentation. Operate Microsoft Purview Data Map, Data Catalog, and Data Estate Insights for the Microsoft Fabric/Power BI estate, including lineage, classification scans, and Data Loss Prevention for Fabric. Maintain audit and reporting using Purview Audit (Standard/Premium), Compliance Manager templates (ISO 27001, GDPR, NIS2), and customer-managed Compliance Manager assessments. Identity Security and Zero Trust Define and maintain the Conditional Access policy baseline using a documented policy framework (Persona-based or Microsoft Zero Trust deployment guidance), including emergency/break-glass access, named locations, and report-only validation. Operate Entra ID Protection - sign-in risk, user risk, risk policies, and risk investigation - including alignment with Defender XDR for unified incident view. Govern privileged access via PIM, role-assignable groups, access reviews, and Just-In-Time elevation; co-own break-glass account procedures with the AD/Entra Specialist. Operate Entra Permissions Management (CIEM) where licensed, providing visibility of multi-cloud permission risk. Compliance and Audit Maintain ISO 27001 control evidence and align with the customer's certification and surveillance audits; act as the technical lead for any audit observation related to the Microsoft estate. Maintain GDPR records of processing, support Data Protection Impact Assessments for new applications, and operate technical and organisational measures (TOMs). Map controls to NIST CSF, NIS2 (where applicable as an essential/important entity), and Microsoft Secure Score/Identity Secure Score; maintain a target posture and quarterly improvement plan. Produce monthly security KPIs for the SLA report - Secure Score trend, MFA coverage, DLP incidents, phishing simulation results, vulnerability remediation, patch compliance - and quarterly executive risk reports. Microsoft Copilot and AI Governance Operate the security envelope for Microsoft 365 Copilot and Copilot Studio including SharePoint sharing hygiene ("oversharing"), sensitivity-label-aware grounding, restricted SearchableContent, and Copilot interaction audit log review. Define and enforce a Responsible AI policy aligned with Microsoft's Responsible AI Standard - fairness, reliability, safety, privacy, security, inclusiveness, transparency, and accountability. Mandatory Technical Skills Microsoft Defender XDR (full stack) and Microsoft Sentinel - analytics, hunting (KQL), incident management, and SOAR playbook authoring. Microsoft Purview - Information Protection, DLP, Insider Risk, Records Management, eDiscovery, Audit, and Compliance Manager. Entra ID security: Conditional Access, MFA, PIM, Identity Protection, External Identities, and Permissions Management. Zero Trust architecture knowledge per Microsoft Zero Trust deployment guidance; ability to lead a Zero Trust roadmap discussion with senior stakeholders. ISO 27001:2022 control set; GDPR Articles 5, 6, 9, 25, 28, 30, 32-34; awareness of NIS2 and applicable national cyber-security guidance. KQL (Kusto Query Language) - fluent across Defender Advanced Hunting, Sentinel, and Log Analytics. PowerShell automation across Microsoft Graph Security, ExchangeOnlineManagement, and Compliance modules. Desirable Technical Skills Threat hunting using Sigma rules, MITRE ATT&CK navigator, and STIX/TAXII Intel feeds. SOC operations experience - shift handover, evidence preservation, incident life cycle (NIST SP 800-61). Familiarity with on-premises PAM (CyberArk, BeyondTrust) and hybrid SOC tooling beyond Microsoft. Microsoft Fabric/Purview Data Loss Prevention (Fabric DLP) and AI hub for Purview. Familiarity with Cyber Essentials Plus, NCSC Cyber Assessment Framework (CAF), and ENISA guidance. Required Certifications Microsoft Certified: Security Operations Analyst Associate (SC-200) - mandatory. Microsoft Certified: Information Protection and Compliance Administrator Associate (SC-400) - mandatory. Microsoft Certified: Identity and Access Administrator Associate (SC-300) - mandatory. Microsoft Certified: Cybersecurity Architect Expert (SC-100) - preferred. ISO/IEC 27001 Lead Implementer or Lead Auditor - preferred. CISSP, CISM, or equivalent - desirable.
CyberArk Architect Location: London (2 days per week onsite) Rate: Up to £850 per day ( Inside IR35) Overview We are seeking a CyberArk Architect to support a large-scale identity and privileged access transformation programme. The role will focus on a strategic migration from BeyondTrust to CyberArk Cloud, requiring strong solution design and architecture capability. A strong CyberArk Architect with CyberArk Cloud and SIA experience is preferred, however a highly capable CyberArk Architect with enterprise-scale experience will also be considered due to the niche nature of the skill set. Key Responsibilities Lead solution design and architecture for CyberArk Cloud implementation Support and drive the transformation from BeyondTrust to CyberArk Cloud Define and contribute to enterprise architecture standards across privileged access management Work across stakeholders to ensure alignment of security architecture and transformation goals Provide technical leadership across design, migration, and integration workstreams Required Experience Strong CyberArk Architect background Experience with CyberArk Cloud and SIA Experience with BeyondTrust Enterprise architecture skill set Experience delivering transformation initiatives Strong solution design and architecture skills Financial services experience
15/05/2026
Full time
CyberArk Architect Location: London (2 days per week onsite) Rate: Up to £850 per day ( Inside IR35) Overview We are seeking a CyberArk Architect to support a large-scale identity and privileged access transformation programme. The role will focus on a strategic migration from BeyondTrust to CyberArk Cloud, requiring strong solution design and architecture capability. A strong CyberArk Architect with CyberArk Cloud and SIA experience is preferred, however a highly capable CyberArk Architect with enterprise-scale experience will also be considered due to the niche nature of the skill set. Key Responsibilities Lead solution design and architecture for CyberArk Cloud implementation Support and drive the transformation from BeyondTrust to CyberArk Cloud Define and contribute to enterprise architecture standards across privileged access management Work across stakeholders to ensure alignment of security architecture and transformation goals Provide technical leadership across design, migration, and integration workstreams Required Experience Strong CyberArk Architect background Experience with CyberArk Cloud and SIA Experience with BeyondTrust Enterprise architecture skill set Experience delivering transformation initiatives Strong solution design and architecture skills Financial services experience
Active Directory and Entra Specialist (Freelance/Contract) Purpose of the Role: The Active Directory / Entra Specialist is the technical authority for the customer's hybrid identity platform. The role owns the design, operation, security, and continuous improvement of on premises Active Directory Domain Services, Group Policy, ADFS, Entra ID (P2), Azure AD Connect, B2B and B2C flows, Conditional Access, MFA, Intune, and identity lifecycle automation across all in scope business programmes. Identity is the foundation of every other workload in the estate. This role therefore underwrites the availability, security, and compliance of M365, SharePoint, Power Platform, Dynamics 365, Fabric and Azure services. The post holder is on the front line for any P1 authentication outage, Conditional Access misconfiguration, or directory replication failure. Key Technical Responsibilities Hybrid Active Directory Operations: Administer multi forest on premises Active Directory Domain Services (modern schema, WS2016+ functional level), including domain controllers, FSMO roles, sites and services, replication topology, DNS, DHCP, time service (NT5DS), and trust relationships. Maintain and harden Group Policy Objects across the estate, including baseline security GPOs, audit policies, AppLocker / WDAC, BitLocker, Windows Update for Business, and computer/user configuration drift detection. Operate and patch ADFS on legacy Windows Server (where present), administer claims rules, relying party trusts, certificate rotation, and plan migration of relying parties to Entra ID where commercially appropriate. Manage Azure AD Connect (auto updating) including sync rules, source anchor, password hash sync / pass through authentication, seamless SSO, staging mode validation, and re permission / re baseline activities. Diagnose and remediate replication failures, lingering objects, USN rollback, tombstone issues, NTLM/Kerberos auth failures, SPN duplication, and time skew problems using repadmin, dcdiag, klist, KDCDiag, ADReplStatus and Microsoft 365 Connectivity Analyzer. Entra ID and Identity Lifecycle Administer Entra ID P2 tenants including users, groups, dynamic groups, administrative units, application registrations, enterprise applications, service principals, managed identities, and consent workflows. Configure and operate Conditional Access (sign in risk, user risk, named locations, device compliance, session controls), Multi Factor Authentication, passwordless sign in (Windows Hello for Business, FIDO2, Authenticator), and Temporary Access Pass for onboarding. Operate Privileged Identity Management (PIM) for just in time role activation, approval workflows, access reviews and break glass account governance; work with the on premises PAM solution for tier 0 administration. Manage Entra ID B2B (guest collaboration) and B2C (custom policies, user flows, identity providers, custom branding, application integrations) for both internal and external facing tenants. Implement Identity Governance: Entitlement Management, Access Packages, Access Reviews, Lifecycle Workflows, and HR driven inbound provisioning where in scope. Endpoint Management with Intune Administer Microsoft Intune including device enrolment (Autopilot, Apple ABM, Android Enterprise), configuration profiles, compliance policies, app protection policies (MAM), Conditional Access integration, and Endpoint Privilege Management. Define and maintain Windows update rings, feature update profiles, driver update profiles, and Defender for Endpoint baselines via Intune Security Baselines. Operate Win32 / LOB / Microsoft Store app deployment, package authoring (intunewin), update rings, and supersedence chains. Co manage devices with Configuration Manager where present, troubleshoot enrolment failures using IME logs, MDM Diagnostics Tool, and the Intune Troubleshooting portal. Identity Automation and Tooling Author and maintain PowerShell automation using Microsoft Graph PowerShell SDK, Az PowerShell, ExchangeOnlineManagement, MSOnline (legacy), AzureAD (legacy), and ActiveDirectory modules - including JML (Joiner Mover Leaver) workflows, group membership reconciliation, stale object cleanup, and licence assignment. Build and operate identity related runbooks in Azure Automation, Logic Apps, or Power Automate where appropriate. Use Microsoft Graph (REST + SDK) for advanced reporting, bulk operations, and integration with HR / ITSM platforms. Service Operations Own L2/L3 incident, problem and change resolution for identity related tickets, achieving the contractual SLAs: P1 1 hour response / 4 hour resolution, P2 4 hour response / 1 working day resolution, P3 1 working day response / 3 working days resolution. Lead root cause analysis (RCA) for P1 identity incidents and produce post incident review reports within five working days. Contribute to monthly service reports with identity KPIs (sign in success rate, MFA coverage, Conditional Access policy hits, privileged role activations, sync health, AAD Connect latency, certificate expiry watchlist). Participate in CAB review, change scheduling, and change risk assessment for identity changes; produce rollback plans and pre/post implementation checks. Mandatory Technical Skills Active Directory Domain Services on Windows Server 2016+ including schema management, sites and services, GPO design, ADFS, AD CS, AD Recycle Bin, and DR/recovery procedures (authoritative restore). Entra ID P2 deep configuration: Conditional Access, MFA, PIM, Identity Protection (sign in risk, user risk, risky users), Identity Governance, Application Proxy, External Identities (B2B, B2C custom policies), and Hybrid Identity (AAD Connect). Microsoft Intune end to end device and application management, including Autopilot pre provisioning, compliance, configuration, and Endpoint Security baselines. PowerShell scripting (intermediate to advanced) using Microsoft Graph SDK, Az, and ActiveDirectory modules; ability to read / debug / extend existing scripts under change control. Working knowledge of Microsoft Defender for Identity (formerly Azure ATP) signals and integration with Defender XDR. Networking fundamentals: DNS, Kerberos, NTLM, OAuth 2.0, OpenID Connect, SAML 2.0, WS Federation, certificate based authentication, TLS/SSL troubleshooting, and modern auth flows. Working knowledge of ITIL v4 incident, problem, change and configuration management, and ITSM ticketing (e.g., ServiceNow, Jira Service Management). Desirable Technical Skills Entra Permissions Management (CIEM). Microsoft Entra ID Verified ID (decentralised identity) familiarity. Group Policy Analytics in Intune for cloud migration. Experience operating tier 0 PAM solutions (CyberArk, BeyondTrust, Delinea) on premises. Familiarity with FIDO2 hardware tokens, Windows LAPS (cloud), and Authentication Methods migration. Exposure to Azure VPN Gateway, ExpressRoute, and hybrid connectivity for identity authentication paths. Required Certifications Microsoft Certified: Identity and Access Administrator Associate (SC 300) - mandatory. Microsoft Certified: Endpoint Administrator Associate (MD 102) - mandatory. Microsoft 365 Certified: Administrator Expert (MS 102) - preferred. Microsoft Certified: Cybersecurity Architect Expert (SC 100) - desirable. ITIL 4 Foundation - preferred.
11/05/2026
Full time
Active Directory and Entra Specialist (Freelance/Contract) Purpose of the Role: The Active Directory / Entra Specialist is the technical authority for the customer's hybrid identity platform. The role owns the design, operation, security, and continuous improvement of on premises Active Directory Domain Services, Group Policy, ADFS, Entra ID (P2), Azure AD Connect, B2B and B2C flows, Conditional Access, MFA, Intune, and identity lifecycle automation across all in scope business programmes. Identity is the foundation of every other workload in the estate. This role therefore underwrites the availability, security, and compliance of M365, SharePoint, Power Platform, Dynamics 365, Fabric and Azure services. The post holder is on the front line for any P1 authentication outage, Conditional Access misconfiguration, or directory replication failure. Key Technical Responsibilities Hybrid Active Directory Operations: Administer multi forest on premises Active Directory Domain Services (modern schema, WS2016+ functional level), including domain controllers, FSMO roles, sites and services, replication topology, DNS, DHCP, time service (NT5DS), and trust relationships. Maintain and harden Group Policy Objects across the estate, including baseline security GPOs, audit policies, AppLocker / WDAC, BitLocker, Windows Update for Business, and computer/user configuration drift detection. Operate and patch ADFS on legacy Windows Server (where present), administer claims rules, relying party trusts, certificate rotation, and plan migration of relying parties to Entra ID where commercially appropriate. Manage Azure AD Connect (auto updating) including sync rules, source anchor, password hash sync / pass through authentication, seamless SSO, staging mode validation, and re permission / re baseline activities. Diagnose and remediate replication failures, lingering objects, USN rollback, tombstone issues, NTLM/Kerberos auth failures, SPN duplication, and time skew problems using repadmin, dcdiag, klist, KDCDiag, ADReplStatus and Microsoft 365 Connectivity Analyzer. Entra ID and Identity Lifecycle Administer Entra ID P2 tenants including users, groups, dynamic groups, administrative units, application registrations, enterprise applications, service principals, managed identities, and consent workflows. Configure and operate Conditional Access (sign in risk, user risk, named locations, device compliance, session controls), Multi Factor Authentication, passwordless sign in (Windows Hello for Business, FIDO2, Authenticator), and Temporary Access Pass for onboarding. Operate Privileged Identity Management (PIM) for just in time role activation, approval workflows, access reviews and break glass account governance; work with the on premises PAM solution for tier 0 administration. Manage Entra ID B2B (guest collaboration) and B2C (custom policies, user flows, identity providers, custom branding, application integrations) for both internal and external facing tenants. Implement Identity Governance: Entitlement Management, Access Packages, Access Reviews, Lifecycle Workflows, and HR driven inbound provisioning where in scope. Endpoint Management with Intune Administer Microsoft Intune including device enrolment (Autopilot, Apple ABM, Android Enterprise), configuration profiles, compliance policies, app protection policies (MAM), Conditional Access integration, and Endpoint Privilege Management. Define and maintain Windows update rings, feature update profiles, driver update profiles, and Defender for Endpoint baselines via Intune Security Baselines. Operate Win32 / LOB / Microsoft Store app deployment, package authoring (intunewin), update rings, and supersedence chains. Co manage devices with Configuration Manager where present, troubleshoot enrolment failures using IME logs, MDM Diagnostics Tool, and the Intune Troubleshooting portal. Identity Automation and Tooling Author and maintain PowerShell automation using Microsoft Graph PowerShell SDK, Az PowerShell, ExchangeOnlineManagement, MSOnline (legacy), AzureAD (legacy), and ActiveDirectory modules - including JML (Joiner Mover Leaver) workflows, group membership reconciliation, stale object cleanup, and licence assignment. Build and operate identity related runbooks in Azure Automation, Logic Apps, or Power Automate where appropriate. Use Microsoft Graph (REST + SDK) for advanced reporting, bulk operations, and integration with HR / ITSM platforms. Service Operations Own L2/L3 incident, problem and change resolution for identity related tickets, achieving the contractual SLAs: P1 1 hour response / 4 hour resolution, P2 4 hour response / 1 working day resolution, P3 1 working day response / 3 working days resolution. Lead root cause analysis (RCA) for P1 identity incidents and produce post incident review reports within five working days. Contribute to monthly service reports with identity KPIs (sign in success rate, MFA coverage, Conditional Access policy hits, privileged role activations, sync health, AAD Connect latency, certificate expiry watchlist). Participate in CAB review, change scheduling, and change risk assessment for identity changes; produce rollback plans and pre/post implementation checks. Mandatory Technical Skills Active Directory Domain Services on Windows Server 2016+ including schema management, sites and services, GPO design, ADFS, AD CS, AD Recycle Bin, and DR/recovery procedures (authoritative restore). Entra ID P2 deep configuration: Conditional Access, MFA, PIM, Identity Protection (sign in risk, user risk, risky users), Identity Governance, Application Proxy, External Identities (B2B, B2C custom policies), and Hybrid Identity (AAD Connect). Microsoft Intune end to end device and application management, including Autopilot pre provisioning, compliance, configuration, and Endpoint Security baselines. PowerShell scripting (intermediate to advanced) using Microsoft Graph SDK, Az, and ActiveDirectory modules; ability to read / debug / extend existing scripts under change control. Working knowledge of Microsoft Defender for Identity (formerly Azure ATP) signals and integration with Defender XDR. Networking fundamentals: DNS, Kerberos, NTLM, OAuth 2.0, OpenID Connect, SAML 2.0, WS Federation, certificate based authentication, TLS/SSL troubleshooting, and modern auth flows. Working knowledge of ITIL v4 incident, problem, change and configuration management, and ITSM ticketing (e.g., ServiceNow, Jira Service Management). Desirable Technical Skills Entra Permissions Management (CIEM). Microsoft Entra ID Verified ID (decentralised identity) familiarity. Group Policy Analytics in Intune for cloud migration. Experience operating tier 0 PAM solutions (CyberArk, BeyondTrust, Delinea) on premises. Familiarity with FIDO2 hardware tokens, Windows LAPS (cloud), and Authentication Methods migration. Exposure to Azure VPN Gateway, ExpressRoute, and hybrid connectivity for identity authentication paths. Required Certifications Microsoft Certified: Identity and Access Administrator Associate (SC 300) - mandatory. Microsoft Certified: Endpoint Administrator Associate (MD 102) - mandatory. Microsoft 365 Certified: Administrator Expert (MS 102) - preferred. Microsoft Certified: Cybersecurity Architect Expert (SC 100) - desirable. ITIL 4 Foundation - preferred.
Active Directory and Entra Specialist 2.2 Purpose of the Role The Active Directory / Entra Specialist is the technical authority for the customer's hybrid identity platform. The role owns the design, operation, security, and continuous improvement of on-premises Active Directory Domain Services, Group Policy, ADFS, Entra ID (P2), Azure AD Connect, B2B and B2C flows, Conditional Access, MFA, Intune, and identity lifecycle automation across all in-scope business programmes. Identity is the foundation of every other workload in the estate. This role therefore underwrites the availability, security and compliance of M365, SharePoint, Power Platform, Dynamics 365, Fabric and Azure services. The post-holder is on the front line for any P1 authentication outage, Conditional Access misconfiguration, or directory replication failure. Requirements 2.3 Key Technical Responsibilities Hybrid Active Directory Operations Administer multi-forest on-premises Active Directory Domain Services (modern schema, WS2016+ functional level), including domain controllers, FSMO roles, sites and services, replication topology, DNS, DHCP, time service (NT5DS), and trust relationships. Maintain and harden Group Policy Objects across the estate, including baseline security GPOs, audit policies, AppLocker / WDAC, BitLocker, Windows Update for Business, and computer/user configuration drift detection. Operate and patch ADFS on legacy Windows Server (where present), administer claims rules, relying party trusts, certificate rotation, and plan migration of relying parties to Entra ID where commercially appropriate. Manage Azure AD Connect (auto-updating) including sync rules, source anchor, password hash sync / pass-through authentication, seamless SSO, staging mode validation, and re-permission / re-baseline activities. Diagnose and remediate replication failures, lingering objects, USN rollback, tombstone issues, NTLM/Kerberos auth failures, SPN duplication, and time-skew problems using repadmin, dcdiag, klist, KDCDiag, ADReplStatus and Microsoft 365 Connectivity Analyzer. Entra ID and Identity Lifecycle Administer Entra ID P2 tenants including users, groups, dynamic groups, administrative units, application registrations, enterprise applications, service principals, managed identities, and consent workflows. Configure and operate Conditional Access (sign-in risk, user risk, named locations, device compliance, session controls), Multi-Factor Authentication, passwordless sign-in (Windows Hello for Business, FIDO2, Authenticator), and Temporary Access Pass for onboarding. Operate Privileged Identity Management (PIM) for just-in-time role activation, approval workflows, access reviews and break-glass account governance; work with the on-premises PAM solution for tier-0 administration. Manage Entra ID B2B (guest collaboration) and B2C (custom policies, user flows, identity providers, custom branding, application integrations) for both internal and external-facing tenants. Implement Identity Governance: Entitlement Management, Access Packages, Access Reviews, Lifecycle Workflows, and HR-driven inbound provisioning where in scope. Endpoint Management with Intune Administer Microsoft Intune including device enrolment (Autopilot, Apple ABM, Android Enterprise), configuration profiles, compliance policies, app protection policies (MAM), Conditional Access integration, and Endpoint Privilege Management. Define and maintain Windows update rings, feature update profiles, driver update profiles, and Defender for Endpoint baselines via Intune Security Baselines. Operate Win32 / LOB / Microsoft Store app deployment, package authoring (intunewin), update rings, and supersedence chains. Co-manage devices with Configuration Manager where present, troubleshoot enrolment failures using IME logs, MDM Diagnostics Tool, and the Intune Troubleshooting portal. Identity Automation and Tooling Author and maintain PowerShell automation using Microsoft Graph PowerShell SDK, Az PowerShell, ExchangeOnlineManagement, MSOnline (legacy), AzureAD (legacy), and ActiveDirectory modules - including JML (Joiner-Mover-Leaver) workflows, group membership reconciliation, stale object cleanup, and licence assignment. Build and operate identity-related runbooks in Azure Automation, Logic Apps, or Power Automate where appropriate. Use Microsoft Graph (REST + SDK) for advanced reporting, bulk operations, and integration with HR / ITSM platforms. Service Operations Own L2/L3 incident, problem and change resolution for identity-related tickets, achieving the contractual SLAs: P1 1-hour response / 4-hour resolution, P2 4-hour response / 1 working day resolution, P3 1 working day response / 3 working days resolution. Lead root cause analysis (RCA) for P1 identity incidents and produce post-incident review reports within five working days. Contribute to monthly service reports with identity KPIs (sign-in success rate, MFA coverage, Conditional Access policy hits, privileged role activations, sync health, AAD Connect latency, certificate expiry watchlist). Participate in CAB review, change scheduling, and change risk assessment for identity changes; produce rollback plans and pre/post implementation checks. 2.4 Mandatory Technical Skills Active Directory Domain Services on Windows Server 2016+ including schema management, sites and services, GPO design, ADFS, AD CS, AD Recycle Bin, and DR/recovery procedures (authoritative restore). Entra ID P2 deep configuration: Conditional Access, MFA, PIM, Identity Protection (sign-in risk, user risk, risky users), Identity Governance, Application Proxy, External Identities (B2B, B2C custom policies), and Hybrid Identity (AAD Connect). Microsoft Intune end-to-end device and application management, including Autopilot pre-provisioning, compliance, configuration, and Endpoint Security baselines. PowerShell scripting (intermediate-to-advanced) using Microsoft Graph SDK, Az, and ActiveDirectory modules; ability to read / debug / extend existing scripts under change control. Working knowledge of Microsoft Defender for Identity (formerly Azure ATP) signals and integration with Defender XDR. Networking fundamentals: DNS, Kerberos, NTLM, OAuth 2.0, OpenID Connect, SAML 2.0, WS-Federation, certificate-based authentication, TLS/SSL troubleshooting, and modern auth flows. Working knowledge of ITIL v4 incident, problem, change and configuration management, and ITSM ticketing (e.g., ServiceNow, Jira Service Management). 2.5 Desirable Technical Skills Entra Permissions Management (CIEM). Microsoft Entra ID Verified ID (decentralised identity) familiarity. Group Policy Analytics in Intune for cloud migration. Experience operating tier-0 PAM solutions (CyberArk, BeyondTrust, Delinea) on-premises. Familiarity with FIDO2 hardware tokens, Windows LAPS (cloud), and Authentication Methods migration. Exposure to Azure VPN Gateway, ExpressRoute, and hybrid connectivity for identity authentication paths. 2.6 Required Certifications Microsoft Certified: Identity and Access Administrator Associate (SC-300) - mandatory. Microsoft Certified: Endpoint Administrator Associate (MD-102) - mandatory. Microsoft 365 Certified: Administrator Expert (MS-102) - preferred. Microsoft Certified: Cybersecurity Architect Expert (SC-100) - desirable. ITIL 4 Foundation - preferred.
10/05/2026
Full time
Active Directory and Entra Specialist 2.2 Purpose of the Role The Active Directory / Entra Specialist is the technical authority for the customer's hybrid identity platform. The role owns the design, operation, security, and continuous improvement of on-premises Active Directory Domain Services, Group Policy, ADFS, Entra ID (P2), Azure AD Connect, B2B and B2C flows, Conditional Access, MFA, Intune, and identity lifecycle automation across all in-scope business programmes. Identity is the foundation of every other workload in the estate. This role therefore underwrites the availability, security and compliance of M365, SharePoint, Power Platform, Dynamics 365, Fabric and Azure services. The post-holder is on the front line for any P1 authentication outage, Conditional Access misconfiguration, or directory replication failure. Requirements 2.3 Key Technical Responsibilities Hybrid Active Directory Operations Administer multi-forest on-premises Active Directory Domain Services (modern schema, WS2016+ functional level), including domain controllers, FSMO roles, sites and services, replication topology, DNS, DHCP, time service (NT5DS), and trust relationships. Maintain and harden Group Policy Objects across the estate, including baseline security GPOs, audit policies, AppLocker / WDAC, BitLocker, Windows Update for Business, and computer/user configuration drift detection. Operate and patch ADFS on legacy Windows Server (where present), administer claims rules, relying party trusts, certificate rotation, and plan migration of relying parties to Entra ID where commercially appropriate. Manage Azure AD Connect (auto-updating) including sync rules, source anchor, password hash sync / pass-through authentication, seamless SSO, staging mode validation, and re-permission / re-baseline activities. Diagnose and remediate replication failures, lingering objects, USN rollback, tombstone issues, NTLM/Kerberos auth failures, SPN duplication, and time-skew problems using repadmin, dcdiag, klist, KDCDiag, ADReplStatus and Microsoft 365 Connectivity Analyzer. Entra ID and Identity Lifecycle Administer Entra ID P2 tenants including users, groups, dynamic groups, administrative units, application registrations, enterprise applications, service principals, managed identities, and consent workflows. Configure and operate Conditional Access (sign-in risk, user risk, named locations, device compliance, session controls), Multi-Factor Authentication, passwordless sign-in (Windows Hello for Business, FIDO2, Authenticator), and Temporary Access Pass for onboarding. Operate Privileged Identity Management (PIM) for just-in-time role activation, approval workflows, access reviews and break-glass account governance; work with the on-premises PAM solution for tier-0 administration. Manage Entra ID B2B (guest collaboration) and B2C (custom policies, user flows, identity providers, custom branding, application integrations) for both internal and external-facing tenants. Implement Identity Governance: Entitlement Management, Access Packages, Access Reviews, Lifecycle Workflows, and HR-driven inbound provisioning where in scope. Endpoint Management with Intune Administer Microsoft Intune including device enrolment (Autopilot, Apple ABM, Android Enterprise), configuration profiles, compliance policies, app protection policies (MAM), Conditional Access integration, and Endpoint Privilege Management. Define and maintain Windows update rings, feature update profiles, driver update profiles, and Defender for Endpoint baselines via Intune Security Baselines. Operate Win32 / LOB / Microsoft Store app deployment, package authoring (intunewin), update rings, and supersedence chains. Co-manage devices with Configuration Manager where present, troubleshoot enrolment failures using IME logs, MDM Diagnostics Tool, and the Intune Troubleshooting portal. Identity Automation and Tooling Author and maintain PowerShell automation using Microsoft Graph PowerShell SDK, Az PowerShell, ExchangeOnlineManagement, MSOnline (legacy), AzureAD (legacy), and ActiveDirectory modules - including JML (Joiner-Mover-Leaver) workflows, group membership reconciliation, stale object cleanup, and licence assignment. Build and operate identity-related runbooks in Azure Automation, Logic Apps, or Power Automate where appropriate. Use Microsoft Graph (REST + SDK) for advanced reporting, bulk operations, and integration with HR / ITSM platforms. Service Operations Own L2/L3 incident, problem and change resolution for identity-related tickets, achieving the contractual SLAs: P1 1-hour response / 4-hour resolution, P2 4-hour response / 1 working day resolution, P3 1 working day response / 3 working days resolution. Lead root cause analysis (RCA) for P1 identity incidents and produce post-incident review reports within five working days. Contribute to monthly service reports with identity KPIs (sign-in success rate, MFA coverage, Conditional Access policy hits, privileged role activations, sync health, AAD Connect latency, certificate expiry watchlist). Participate in CAB review, change scheduling, and change risk assessment for identity changes; produce rollback plans and pre/post implementation checks. 2.4 Mandatory Technical Skills Active Directory Domain Services on Windows Server 2016+ including schema management, sites and services, GPO design, ADFS, AD CS, AD Recycle Bin, and DR/recovery procedures (authoritative restore). Entra ID P2 deep configuration: Conditional Access, MFA, PIM, Identity Protection (sign-in risk, user risk, risky users), Identity Governance, Application Proxy, External Identities (B2B, B2C custom policies), and Hybrid Identity (AAD Connect). Microsoft Intune end-to-end device and application management, including Autopilot pre-provisioning, compliance, configuration, and Endpoint Security baselines. PowerShell scripting (intermediate-to-advanced) using Microsoft Graph SDK, Az, and ActiveDirectory modules; ability to read / debug / extend existing scripts under change control. Working knowledge of Microsoft Defender for Identity (formerly Azure ATP) signals and integration with Defender XDR. Networking fundamentals: DNS, Kerberos, NTLM, OAuth 2.0, OpenID Connect, SAML 2.0, WS-Federation, certificate-based authentication, TLS/SSL troubleshooting, and modern auth flows. Working knowledge of ITIL v4 incident, problem, change and configuration management, and ITSM ticketing (e.g., ServiceNow, Jira Service Management). 2.5 Desirable Technical Skills Entra Permissions Management (CIEM). Microsoft Entra ID Verified ID (decentralised identity) familiarity. Group Policy Analytics in Intune for cloud migration. Experience operating tier-0 PAM solutions (CyberArk, BeyondTrust, Delinea) on-premises. Familiarity with FIDO2 hardware tokens, Windows LAPS (cloud), and Authentication Methods migration. Exposure to Azure VPN Gateway, ExpressRoute, and hybrid connectivity for identity authentication paths. 2.6 Required Certifications Microsoft Certified: Identity and Access Administrator Associate (SC-300) - mandatory. Microsoft Certified: Endpoint Administrator Associate (MD-102) - mandatory. Microsoft 365 Certified: Administrator Expert (MS-102) - preferred. Microsoft Certified: Cybersecurity Architect Expert (SC-100) - desirable. ITIL 4 Foundation - preferred.
Maidenhead, United Kingdom Posted on 07/05/2026 VE3 is a technology and business consultancy focused on delivering end-to-end technology solutions and products. We have successfully serviced enterprises across multiple markets, including the public and private sectors. Our services span all aspects of business, providing a holistic approach to managing an organization. We are committed to providing technical innovations and tools that empower organizations with critical information to facilitate decision-making that results in business transformation through cost savings and increased operational efficiency. Our commitment to quality is adopted throughout the organization and sets the foundation for delivering our full suite of capabilities. Job Description Active Directory and Entra Specialist Purpose of the Role The Active Directory / Entra Specialist is the technical authority for the customer's hybrid identity platform. The role owns the design, operation, security, and continuous improvement of on-premises Active Directory Domain Services, Group Policy, ADFS, Entra ID (P2), Azure AD Connect, B2B and B2C flows, Conditional Access, MFA, Intune, and identity lifecycle automation across all in-scope business programmes. Identity is the foundation of every other workload in the estate. This role therefore underwrites the availability, security and compliance of M365, SharePoint, Power Platform, Dynamics 365, Fabric and Azure services. The post-holder is on the front line for any P1 authentication outage, Conditional Access misconfiguration, or directory replication failure. Requirements Key Technical Responsibilities Hybrid Active Directory Operations Administer multi-forest on-premises Active Directory Domain Services (modern schema, WS2016+ functional level), including domain controllers, FSMO roles, sites and services, replication topology, DNS, DHCP, time service (NT5DS), and trust relationships. Maintain and harden Group Policy Objects across the estate, including baseline security GPOs, audit policies, AppLocker / WDAC, BitLocker, Windows Update for Business, and computer/user configuration drift detection. Operate and patch ADFS on legacy Windows Server (where present), administer claims rules, relying party trusts, certificate rotation, and plan migration of relying parties to Entra ID where commercially appropriate. Manage Azure AD Connect (auto-updating) including sync rules, source anchor, password hash sync / pass-through authentication, seamless SSO, staging mode validation, and re-permission / re-baseline activities. Diagnose and remediate replication failures, lingering objects, USN rollback, tombstone issues, NTLM/Kerberos auth failures, SPN duplication, and time-skew problems using repadmin, dcdiag, klist, KDCDiag, ADReplStatus and Microsoft 365 Connectivity Analyzer. Entra ID and Identity Lifecycle Administer Entra ID P2 tenants including users, groups, dynamic groups, administrative units, application registrations, enterprise applications, service principals, managed identities, and consent workflows. Configure and operate Conditional Access (sign-in risk, user risk, named locations, device compliance, session controls), Multi-Factor Authentication, passwordless sign-in (Windows Hello for Business, FIDO2, Authenticator), and Temporary Access Pass for onboarding. Operate Privileged Identity Management (PIM) for just-in-time role activation, approval workflows, access reviews and break-glass account governance; work with the on-premises PAM solution for tier-0 administration. Manage Entra ID B2B (guest collaboration) and B2C (custom policies, user flows, identity providers, custom branding, application integrations) for both internal and external-facing tenants. Implement Identity Governance: Entitlement Management, Access Packages, Access Reviews, Lifecycle Workflows, and HR-driven inbound provisioning where in scope. Endpoint Management with Intune Administer Microsoft Intune including device enrolment (Autopilot, Apple ABM, Android Enterprise), configuration profiles, compliance policies, app protection policies (MAM), Conditional Access integration, and Endpoint Privilege Management. Define and maintain Windows update rings, feature update profiles, driver update profiles, and Defender for Endpoint baselines via Intune Security Baselines. Operate Win32 / LOB / Microsoft Store app deployment, package authoring (intunewin), update rings, and supersedence chains. Co-manage devices with Configuration Manager where present, troubleshoot enrolment failures using IME logs, MDM Diagnostics Tool, and the Intune Troubleshooting portal. Identity Automation and Tooling Author and maintain PowerShell automation using Microsoft Graph PowerShell SDK, Az PowerShell, ExchangeOnlineManagement, MSOnline (legacy), AzureAD (legacy), and ActiveDirectory modules - including JML (Joiner-Mover-Leaver) workflows, group membership reconciliation, stale object cleanup, and licence assignment. Build and operate identity-related runbooks in Azure Automation, Logic Apps, or Power Automate where appropriate. Use Microsoft Graph (REST + SDK) for advanced reporting, bulk operations, and integration with HR / ITSM platforms. Service Operations Own L2/L3 incident, problem and change resolution for identity-related tickets, achieving the contractual SLAs: P1 1-hour response / 4-hour resolution, P2 4-hour response / 1 working day resolution, P3 1 working day response / 3 working days resolution. Lead root cause analysis (RCA) for P1 identity incidents and produce post-incident review reports within five working days. Contribute to monthly service reports with identity KPIs (sign-in success rate, MFA coverage, Conditional Access policy hits, privileged role activations, sync health, AAD Connect latency, certificate expiry watchlist). Participate in CAB review, change scheduling, and change risk assessment for identity changes; produce rollback plans and pre/post implementation checks. Mandatory Technical Skills Active Directory Domain Services on Windows Server 2016+ including schema management, sites and services, GPO design, ADFS, AD CS, AD Recycle Bin, and DR/recovery procedures (authoritative restore). Entra ID P2 deep configuration: Conditional Access, MFA, PIM, Identity Protection (sign-in risk, user risk, risky users), Identity Governance, Application Proxy, External Identities (B2B, B2C custom policies), and Hybrid Identity (AAD Connect). Microsoft Intune end-to-end device and application management, including Autopilot pre-provisioning, compliance, configuration, and Endpoint Security baselines. PowerShell scripting (intermediate-to-advanced) using Microsoft Graph SDK, Az, and ActiveDirectory modules; ability to read / debug / extend existing scripts under change control. Working knowledge of Microsoft Defender for Identity (formerly Azure ATP) signals and integration with Defender XDR. Networking fundamentals: DNS, Kerberos, NTLM, OAuth 2.0, OpenID Connect, SAML 2.0, WS-Federation, certificate-based authentication, TLS/SSL troubleshooting, and modern auth flows. Working knowledge of ITIL v4 incident, problem, change and configuration management, and ITSM ticketing (e.g., ServiceNow, Jira Service Management). Desirable Technical Skills Entra Permissions Management (CIEM). Microsoft Entra ID Verified ID (decentralised identity) familiarity. Group Policy Analytics in Intune for cloud migration. Experience operating tier-0 PAM solutions (CyberArk, BeyondTrust, Delinea) on-premises. Familiarity with FIDO2 hardware tokens, Windows LAPS (cloud), and Authentication Methods migration. Exposure to Azure VPN Gateway, ExpressRoute, and hybrid connectivity for identity authentication paths. Required Certifications Microsoft Certified: Identity and Access Administrator Associate (SC-300) - mandatory. Microsoft 365 Certified: Administrator Expert (MS-102) - preferred. Microsoft Certified: Cybersecurity Architect Expert (SC-100) - desirable.
09/05/2026
Full time
Maidenhead, United Kingdom Posted on 07/05/2026 VE3 is a technology and business consultancy focused on delivering end-to-end technology solutions and products. We have successfully serviced enterprises across multiple markets, including the public and private sectors. Our services span all aspects of business, providing a holistic approach to managing an organization. We are committed to providing technical innovations and tools that empower organizations with critical information to facilitate decision-making that results in business transformation through cost savings and increased operational efficiency. Our commitment to quality is adopted throughout the organization and sets the foundation for delivering our full suite of capabilities. Job Description Active Directory and Entra Specialist Purpose of the Role The Active Directory / Entra Specialist is the technical authority for the customer's hybrid identity platform. The role owns the design, operation, security, and continuous improvement of on-premises Active Directory Domain Services, Group Policy, ADFS, Entra ID (P2), Azure AD Connect, B2B and B2C flows, Conditional Access, MFA, Intune, and identity lifecycle automation across all in-scope business programmes. Identity is the foundation of every other workload in the estate. This role therefore underwrites the availability, security and compliance of M365, SharePoint, Power Platform, Dynamics 365, Fabric and Azure services. The post-holder is on the front line for any P1 authentication outage, Conditional Access misconfiguration, or directory replication failure. Requirements Key Technical Responsibilities Hybrid Active Directory Operations Administer multi-forest on-premises Active Directory Domain Services (modern schema, WS2016+ functional level), including domain controllers, FSMO roles, sites and services, replication topology, DNS, DHCP, time service (NT5DS), and trust relationships. Maintain and harden Group Policy Objects across the estate, including baseline security GPOs, audit policies, AppLocker / WDAC, BitLocker, Windows Update for Business, and computer/user configuration drift detection. Operate and patch ADFS on legacy Windows Server (where present), administer claims rules, relying party trusts, certificate rotation, and plan migration of relying parties to Entra ID where commercially appropriate. Manage Azure AD Connect (auto-updating) including sync rules, source anchor, password hash sync / pass-through authentication, seamless SSO, staging mode validation, and re-permission / re-baseline activities. Diagnose and remediate replication failures, lingering objects, USN rollback, tombstone issues, NTLM/Kerberos auth failures, SPN duplication, and time-skew problems using repadmin, dcdiag, klist, KDCDiag, ADReplStatus and Microsoft 365 Connectivity Analyzer. Entra ID and Identity Lifecycle Administer Entra ID P2 tenants including users, groups, dynamic groups, administrative units, application registrations, enterprise applications, service principals, managed identities, and consent workflows. Configure and operate Conditional Access (sign-in risk, user risk, named locations, device compliance, session controls), Multi-Factor Authentication, passwordless sign-in (Windows Hello for Business, FIDO2, Authenticator), and Temporary Access Pass for onboarding. Operate Privileged Identity Management (PIM) for just-in-time role activation, approval workflows, access reviews and break-glass account governance; work with the on-premises PAM solution for tier-0 administration. Manage Entra ID B2B (guest collaboration) and B2C (custom policies, user flows, identity providers, custom branding, application integrations) for both internal and external-facing tenants. Implement Identity Governance: Entitlement Management, Access Packages, Access Reviews, Lifecycle Workflows, and HR-driven inbound provisioning where in scope. Endpoint Management with Intune Administer Microsoft Intune including device enrolment (Autopilot, Apple ABM, Android Enterprise), configuration profiles, compliance policies, app protection policies (MAM), Conditional Access integration, and Endpoint Privilege Management. Define and maintain Windows update rings, feature update profiles, driver update profiles, and Defender for Endpoint baselines via Intune Security Baselines. Operate Win32 / LOB / Microsoft Store app deployment, package authoring (intunewin), update rings, and supersedence chains. Co-manage devices with Configuration Manager where present, troubleshoot enrolment failures using IME logs, MDM Diagnostics Tool, and the Intune Troubleshooting portal. Identity Automation and Tooling Author and maintain PowerShell automation using Microsoft Graph PowerShell SDK, Az PowerShell, ExchangeOnlineManagement, MSOnline (legacy), AzureAD (legacy), and ActiveDirectory modules - including JML (Joiner-Mover-Leaver) workflows, group membership reconciliation, stale object cleanup, and licence assignment. Build and operate identity-related runbooks in Azure Automation, Logic Apps, or Power Automate where appropriate. Use Microsoft Graph (REST + SDK) for advanced reporting, bulk operations, and integration with HR / ITSM platforms. Service Operations Own L2/L3 incident, problem and change resolution for identity-related tickets, achieving the contractual SLAs: P1 1-hour response / 4-hour resolution, P2 4-hour response / 1 working day resolution, P3 1 working day response / 3 working days resolution. Lead root cause analysis (RCA) for P1 identity incidents and produce post-incident review reports within five working days. Contribute to monthly service reports with identity KPIs (sign-in success rate, MFA coverage, Conditional Access policy hits, privileged role activations, sync health, AAD Connect latency, certificate expiry watchlist). Participate in CAB review, change scheduling, and change risk assessment for identity changes; produce rollback plans and pre/post implementation checks. Mandatory Technical Skills Active Directory Domain Services on Windows Server 2016+ including schema management, sites and services, GPO design, ADFS, AD CS, AD Recycle Bin, and DR/recovery procedures (authoritative restore). Entra ID P2 deep configuration: Conditional Access, MFA, PIM, Identity Protection (sign-in risk, user risk, risky users), Identity Governance, Application Proxy, External Identities (B2B, B2C custom policies), and Hybrid Identity (AAD Connect). Microsoft Intune end-to-end device and application management, including Autopilot pre-provisioning, compliance, configuration, and Endpoint Security baselines. PowerShell scripting (intermediate-to-advanced) using Microsoft Graph SDK, Az, and ActiveDirectory modules; ability to read / debug / extend existing scripts under change control. Working knowledge of Microsoft Defender for Identity (formerly Azure ATP) signals and integration with Defender XDR. Networking fundamentals: DNS, Kerberos, NTLM, OAuth 2.0, OpenID Connect, SAML 2.0, WS-Federation, certificate-based authentication, TLS/SSL troubleshooting, and modern auth flows. Working knowledge of ITIL v4 incident, problem, change and configuration management, and ITSM ticketing (e.g., ServiceNow, Jira Service Management). Desirable Technical Skills Entra Permissions Management (CIEM). Microsoft Entra ID Verified ID (decentralised identity) familiarity. Group Policy Analytics in Intune for cloud migration. Experience operating tier-0 PAM solutions (CyberArk, BeyondTrust, Delinea) on-premises. Familiarity with FIDO2 hardware tokens, Windows LAPS (cloud), and Authentication Methods migration. Exposure to Azure VPN Gateway, ExpressRoute, and hybrid connectivity for identity authentication paths. Required Certifications Microsoft Certified: Identity and Access Administrator Associate (SC-300) - mandatory. Microsoft 365 Certified: Administrator Expert (MS-102) - preferred. Microsoft Certified: Cybersecurity Architect Expert (SC-100) - desirable.
Job Title: Enterprise Identity Architect - IAM Architect Contract Length: 6 months (possibility for extension) Location: London (2 to 3 days a week on-site) Rate: Highly competitive rate available for suitable candidates Working Pattern: Full Time Overview Are you ready to take on a pivotal role in shaping the future of Identity and Access Management (IAM)? Our client is seeking a dynamic Enterprise Identity Architect to design, implement, and maintain a robust IAM strategy across a hybrid IT environment. You'll play a crucial role in ensuring secure, scalable, and compliant identity solutions that facilitate business agility and drive digital transformation. If you have a passion for identity architecture and a knack for innovation, this is the opportunity for you! Knowledge, Skills, Experience & Qualification To succeed in this role, you should have: Experience in Enterprise IAM - Configuration and Identity design solution is essential Deep knowledge of identity protocols (SAML, OAuth, OpenID Connect, LDAP, Kerberos) Experience with cloud IAM solutions (Entra-ID, Google Cloud Identity) Hands-on experience with IAM platforms such as Okta, ForgeRock, SailPoint, and CyberArk Strong understanding of Zero Trust principles and identity-centric security models Familiarity with DevSecOps practises and CI/CD integration for IAM Excellent stakeholder management skills, with the ability to collaborate with diverse teams across regions Certifications: Certified Identity and Access Manager (CIAM) and Certified Information Systems Security Professional (CISSP) is plus Key Job Functions As an Enterprise Identity Architect, you will: Develop and maintain the enterprise IAM architecture roadmap aligned with business and security objectives. Design cutting-edge identity federation, single sign-on (SSO), multi-factor authentication (MFA), and privileged access management (PAM) solutions. Lead the integration of IAM across hybrid environments, including on-premises Active Directory and cloud-native identity providers. Define standards for identity life cycle management, role-based access control (RBAC), and attribute-based access control (ABAC). Why Join Us? Be part of an innovative team that values creativity and collaboration. Work in a dynamic environment where your contributions will make a real impact. Enjoy a competitive rate and the possibility of extending your contract. Experience a flexible working pattern that promotes work-life balance. If you are a seasoned IAM professional looking to make a difference, we want to hear from you! Embrace this exciting opportunity to lead identity architecture initiatives and contribute to our client's mission. Apply Now! Join us in redefining the landscape of Identity and Access Management. Don't miss out on this chance to elevate your career with our client! Note: Only candidates with the required qualifications and experience will be contacted for further discussions. Pontoon is an employment consultancy. We put expertise, energy, and enthusiasm into improving everyone's chance of being part of the workplace. We respect and appreciate people of all ethnicities, generations, religious beliefs, sexual orientations, gender identities, and more. We do this by showcasing their talents, skills, and unique experience in an inclusive environment that helps them thrive. If you require reasonable adjustments at any stage, please let us know and we will be happy to support you.
28/08/2025
Contractor
Job Title: Enterprise Identity Architect - IAM Architect Contract Length: 6 months (possibility for extension) Location: London (2 to 3 days a week on-site) Rate: Highly competitive rate available for suitable candidates Working Pattern: Full Time Overview Are you ready to take on a pivotal role in shaping the future of Identity and Access Management (IAM)? Our client is seeking a dynamic Enterprise Identity Architect to design, implement, and maintain a robust IAM strategy across a hybrid IT environment. You'll play a crucial role in ensuring secure, scalable, and compliant identity solutions that facilitate business agility and drive digital transformation. If you have a passion for identity architecture and a knack for innovation, this is the opportunity for you! Knowledge, Skills, Experience & Qualification To succeed in this role, you should have: Experience in Enterprise IAM - Configuration and Identity design solution is essential Deep knowledge of identity protocols (SAML, OAuth, OpenID Connect, LDAP, Kerberos) Experience with cloud IAM solutions (Entra-ID, Google Cloud Identity) Hands-on experience with IAM platforms such as Okta, ForgeRock, SailPoint, and CyberArk Strong understanding of Zero Trust principles and identity-centric security models Familiarity with DevSecOps practises and CI/CD integration for IAM Excellent stakeholder management skills, with the ability to collaborate with diverse teams across regions Certifications: Certified Identity and Access Manager (CIAM) and Certified Information Systems Security Professional (CISSP) is plus Key Job Functions As an Enterprise Identity Architect, you will: Develop and maintain the enterprise IAM architecture roadmap aligned with business and security objectives. Design cutting-edge identity federation, single sign-on (SSO), multi-factor authentication (MFA), and privileged access management (PAM) solutions. Lead the integration of IAM across hybrid environments, including on-premises Active Directory and cloud-native identity providers. Define standards for identity life cycle management, role-based access control (RBAC), and attribute-based access control (ABAC). Why Join Us? Be part of an innovative team that values creativity and collaboration. Work in a dynamic environment where your contributions will make a real impact. Enjoy a competitive rate and the possibility of extending your contract. Experience a flexible working pattern that promotes work-life balance. If you are a seasoned IAM professional looking to make a difference, we want to hear from you! Embrace this exciting opportunity to lead identity architecture initiatives and contribute to our client's mission. Apply Now! Join us in redefining the landscape of Identity and Access Management. Don't miss out on this chance to elevate your career with our client! Note: Only candidates with the required qualifications and experience will be contacted for further discussions. Pontoon is an employment consultancy. We put expertise, energy, and enthusiasm into improving everyone's chance of being part of the workplace. We respect and appreciate people of all ethnicities, generations, religious beliefs, sexual orientations, gender identities, and more. We do this by showcasing their talents, skills, and unique experience in an inclusive environment that helps them thrive. If you require reasonable adjustments at any stage, please let us know and we will be happy to support you.
Role: Digital Identity Security Manager Location: Edinburgh Salary: Competitive salary and package dependent on experience Career Level: Manager Accenture is a leading global professional services company, providing a broad range of services in strategy and consulting, interactive, technology and operations, with digital capabilities across all of these services. With our thought leadership and culture of innovation, we apply industry expertise, diverse skill sets and next-generation technology to each business challenge. We believe in inclusion and diversity and supporting the whole person. Our core values comprise of Stewardship, Best People, Client Value Creation, One Global Network, Respect for the Individual and Integrity. Year after year, Accenture is recognized worldwide not just for business performance but for inclusion and diversity too. "Across the globe, one thing is universally true of the people of Accenture: We care deeply about what we do and the impact we have with our clients and with the communities in which we work and live. It is personal to all of us." - Julie Sweet, Accenture CEO. As a team: All of our professionals receive comprehensive training covering business, technical and professional skills development. You will have opportunities to hone your functional skills and expertise in Cyber Security. The sheer variety and scale of work we do, and the experience it offers, provides an unbeatable platform to build a career. In addition, our growth, combined with our integrated career counselling, offers great opportunities for rapid advancement. Accenture Security is one of the fastest growing areas of the business with significant growth plans through additional recruitment and acquisitions. Digital Identity is one of the key offerings of Accenture Security. It focusses on the design and implementation of identity services that help secure access to organisation's environments and data, in three main identity vectors: 1 - Consumer identity: securing customers' identities streamlining their access 2 - Workforce identity: securing and accelerating access from employees and third-party providers to applications and streamlining their access 3 - Privileged identity: managing privileged credentials and providing secure access to privileged individuals and applications Services include: Automated identity governance• Digital identity for consumers Digital identity innovation In our team you will learn: Working with truly global organisations and the related complexity of their cyber security requirements; Working in a multi-disciplined team of Strategy, Digital and Technology professionals to bring the best of Accenture to our clients; Working with and often managing a multi-shore delivery team to provide cost-effective consulting services; Customising Accenture's knowledge assets to support designs that are appropriate for each client; Designing pragmatic but effective cyber security defences for our clients. As a Digital Identity Manager, you will: Architect solutions in Digital Identity (DI) technologies. Solve challenging problems across DI domain. Support Requests for Proposals (RFPs). Manage teams responsible for the delivery of DI projects to customer. Demonstrate skills on Identity governance/provisioning, access management and privilege access management solutions. Explore Discovery Analytics to identify new and innovative opportunities Help grow the DI business We are looking for experience in the following skills: Expertise on Identity and Access Management (IAM) concepts - Provisioning / Reconciliation, SSO, Federation etc. Expertise on Privileged Access Management (PAM) concepts - privileged account discovery, onboarding, reconciliation, provisioning, etc. Strong design and implementation experience of at least one identity and access management projects using any of the leading IAM/PAM vendor products - CyberArk, ForgeRock / Oracle / SailPoint IAM; IAM requirements gathering and experience in conducting workshops; Hands on Development experience using Core Java / J2EE, Groovy, JavaScript; RESTful API Architecture & Implementation experience; Exposure to LDAP, Directory server concepts; Familiar with SQL and Database concepts, AWS, Jenkins, SVN; Familiar with standards such as OAuth, OpenID Connect, XACML; Familiar with DevOps methodology and tools; Knowledge on cloud infrastructure (AWS/Azure/GCP) based architecture and delivery; Knowledge Web Application Security Architecture. Implementation Experience on standards such as OAuth, OpenID Connect, XACML; Integration experience using Identity connector framework (ICF); Exposure to BPMN 2.0; Test and Deployment automation tools and methodologies; Experience on Application Security and SSO implementation for IOS / Android Apps; Hands-on knowledge on DevOps methodologies and tools like SVN/GIT, Jenkins, JIRA, confluence, various monitoring/alerting tools; Experience on Agile delivery; Custom development background based on IAM/PAM projects; Large scale SI Transformation project experience; Release Planning. Set yourself apart: Ability to demonstrate technical and commercial skills Mastery of new and upcoming Cybersecurity technologies Consulting experience Proven history Show more Show less Qualifications What's in it for you At Accenture in addition to a competitive basic salary, you will alsohave an extensive benefits package which includes 30 days' vacation per year, gym subsidy, private medical insurance and 3 extra days leave per year for charitable work of your choice! Flexibility and mobility are required to deliver this role as there will be requirements to spend time onsite with our clients and partners to enable delivery of the first-class services we are known for. About Accenture Accenture is a leading global professional services company, providing a broad range of services in strategy and consulting, interactive, technology and operations, with digital capabilities across all of these services. We combine unmatched experience and specialized capabilities across more than 40 industries - powered by the world's largest network of Advanced Technology and Intelligent Operations centers. With 509,000 people serving clients in more than 120 countries, Accenture brings continuous innovation to help clients improve their performance and create lasting value across their enterprises. Visit us at Accenture is an equal opportunities employer and welcomes applications from all sections of society and does not discriminate on grounds of race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, or gender identity, or any other basis as protected by applicable law. Closing Date for Applications 31/10/2022 Accenture reserves the right to close the role prior to this date should a suitable applicant be found. RROOTS SRG100
24/09/2022
Full time
Role: Digital Identity Security Manager Location: Edinburgh Salary: Competitive salary and package dependent on experience Career Level: Manager Accenture is a leading global professional services company, providing a broad range of services in strategy and consulting, interactive, technology and operations, with digital capabilities across all of these services. With our thought leadership and culture of innovation, we apply industry expertise, diverse skill sets and next-generation technology to each business challenge. We believe in inclusion and diversity and supporting the whole person. Our core values comprise of Stewardship, Best People, Client Value Creation, One Global Network, Respect for the Individual and Integrity. Year after year, Accenture is recognized worldwide not just for business performance but for inclusion and diversity too. "Across the globe, one thing is universally true of the people of Accenture: We care deeply about what we do and the impact we have with our clients and with the communities in which we work and live. It is personal to all of us." - Julie Sweet, Accenture CEO. As a team: All of our professionals receive comprehensive training covering business, technical and professional skills development. You will have opportunities to hone your functional skills and expertise in Cyber Security. The sheer variety and scale of work we do, and the experience it offers, provides an unbeatable platform to build a career. In addition, our growth, combined with our integrated career counselling, offers great opportunities for rapid advancement. Accenture Security is one of the fastest growing areas of the business with significant growth plans through additional recruitment and acquisitions. Digital Identity is one of the key offerings of Accenture Security. It focusses on the design and implementation of identity services that help secure access to organisation's environments and data, in three main identity vectors: 1 - Consumer identity: securing customers' identities streamlining their access 2 - Workforce identity: securing and accelerating access from employees and third-party providers to applications and streamlining their access 3 - Privileged identity: managing privileged credentials and providing secure access to privileged individuals and applications Services include: Automated identity governance• Digital identity for consumers Digital identity innovation In our team you will learn: Working with truly global organisations and the related complexity of their cyber security requirements; Working in a multi-disciplined team of Strategy, Digital and Technology professionals to bring the best of Accenture to our clients; Working with and often managing a multi-shore delivery team to provide cost-effective consulting services; Customising Accenture's knowledge assets to support designs that are appropriate for each client; Designing pragmatic but effective cyber security defences for our clients. As a Digital Identity Manager, you will: Architect solutions in Digital Identity (DI) technologies. Solve challenging problems across DI domain. Support Requests for Proposals (RFPs). Manage teams responsible for the delivery of DI projects to customer. Demonstrate skills on Identity governance/provisioning, access management and privilege access management solutions. Explore Discovery Analytics to identify new and innovative opportunities Help grow the DI business We are looking for experience in the following skills: Expertise on Identity and Access Management (IAM) concepts - Provisioning / Reconciliation, SSO, Federation etc. Expertise on Privileged Access Management (PAM) concepts - privileged account discovery, onboarding, reconciliation, provisioning, etc. Strong design and implementation experience of at least one identity and access management projects using any of the leading IAM/PAM vendor products - CyberArk, ForgeRock / Oracle / SailPoint IAM; IAM requirements gathering and experience in conducting workshops; Hands on Development experience using Core Java / J2EE, Groovy, JavaScript; RESTful API Architecture & Implementation experience; Exposure to LDAP, Directory server concepts; Familiar with SQL and Database concepts, AWS, Jenkins, SVN; Familiar with standards such as OAuth, OpenID Connect, XACML; Familiar with DevOps methodology and tools; Knowledge on cloud infrastructure (AWS/Azure/GCP) based architecture and delivery; Knowledge Web Application Security Architecture. Implementation Experience on standards such as OAuth, OpenID Connect, XACML; Integration experience using Identity connector framework (ICF); Exposure to BPMN 2.0; Test and Deployment automation tools and methodologies; Experience on Application Security and SSO implementation for IOS / Android Apps; Hands-on knowledge on DevOps methodologies and tools like SVN/GIT, Jenkins, JIRA, confluence, various monitoring/alerting tools; Experience on Agile delivery; Custom development background based on IAM/PAM projects; Large scale SI Transformation project experience; Release Planning. Set yourself apart: Ability to demonstrate technical and commercial skills Mastery of new and upcoming Cybersecurity technologies Consulting experience Proven history Show more Show less Qualifications What's in it for you At Accenture in addition to a competitive basic salary, you will alsohave an extensive benefits package which includes 30 days' vacation per year, gym subsidy, private medical insurance and 3 extra days leave per year for charitable work of your choice! Flexibility and mobility are required to deliver this role as there will be requirements to spend time onsite with our clients and partners to enable delivery of the first-class services we are known for. About Accenture Accenture is a leading global professional services company, providing a broad range of services in strategy and consulting, interactive, technology and operations, with digital capabilities across all of these services. We combine unmatched experience and specialized capabilities across more than 40 industries - powered by the world's largest network of Advanced Technology and Intelligent Operations centers. With 509,000 people serving clients in more than 120 countries, Accenture brings continuous innovation to help clients improve their performance and create lasting value across their enterprises. Visit us at Accenture is an equal opportunities employer and welcomes applications from all sections of society and does not discriminate on grounds of race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, or gender identity, or any other basis as protected by applicable law. Closing Date for Applications 31/10/2022 Accenture reserves the right to close the role prior to this date should a suitable applicant be found. RROOTS SRG100
Role: Digital Identity Security Manager Location: Glasgow Salary: Competitive salary and package dependent on experience Career Level: Manager Accenture is a leading global professional services company, providing a broad range of services in strategy and consulting, interactive, technology and operations, with digital capabilities across all of these services. With our thought leadership and culture of innovation, we apply industry expertise, diverse skill sets and next-generation technology to each business challenge. We believe in inclusion and diversity and supporting the whole person. Our core values comprise of Stewardship, Best People, Client Value Creation, One Global Network, Respect for the Individual and Integrity. Year after year, Accenture is recognized worldwide not just for business performance but for inclusion and diversity too. "Across the globe, one thing is universally true of the people of Accenture: We care deeply about what we do and the impact we have with our clients and with the communities in which we work and live. It is personal to all of us." - Julie Sweet, Accenture CEO. As a team: All of our professionals receive comprehensive training covering business, technical and professional skills development. You will have opportunities to hone your functional skills and expertise in Cyber Security. The sheer variety and scale of work we do, and the experience it offers, provides an unbeatable platform to build a career. In addition, our growth, combined with our integrated career counselling, offers great opportunities for rapid advancement. Accenture Security is one of the fastest growing areas of the business with significant growth plans through additional recruitment and acquisitions. Digital Identity is one of the key offerings of Accenture Security. It focusses on the design and implementation of identity services that help secure access to organisation's environments and data, in three main identity vectors: 1 - Consumer identity: securing customers' identities streamlining their access 2 - Workforce identity: securing and accelerating access from employees and third-party providers to applications and streamlining their access 3 - Privileged identity: managing privileged credentials and providing secure access to privileged individuals and applications Services include: Automated identity governance• Digital identity for consumers Digital identity innovation In our team you will learn: Working with truly global organisations and the related complexity of their cyber security requirements; Working in a multi-disciplined team of Strategy, Digital and Technology professionals to bring the best of Accenture to our clients; Working with and often managing a multi-shore delivery team to provide cost-effective consulting services; Customising Accenture's knowledge assets to support designs that are appropriate for each client; Designing pragmatic but effective cyber security defences for our clients. As a Digital Identity Manager, you will: Architect solutions in Digital Identity (DI) technologies. Solve challenging problems across DI domain. Support Requests for Proposals (RFPs). Manage teams responsible for the delivery of DI projects to customer. Demonstrate skills on Identity governance/provisioning, access management and privilege access management solutions. Explore Discovery Analytics to identify new and innovative opportunities Help grow the DI business We are looking for experience in the following skills: Expertise on Identity and Access Management (IAM) concepts - Provisioning / Reconciliation, SSO, Federation etc. Expertise on Privileged Access Management (PAM) concepts - privileged account discovery, onboarding, reconciliation, provisioning, etc. Strong design and implementation experience of at least one identity and access management projects using any of the leading IAM/PAM vendor products - CyberArk, ForgeRock / Oracle / SailPoint IAM; IAM requirements gathering and experience in conducting workshops; Hands on Development experience using Core Java / J2EE, Groovy, JavaScript; RESTful API Architecture & Implementation experience; Exposure to LDAP, Directory server concepts; Familiar with SQL and Database concepts, AWS, Jenkins, SVN; Familiar with standards such as OAuth, OpenID Connect, XACML; Familiar with DevOps methodology and tools; Knowledge on cloud infrastructure (AWS/Azure/GCP) based architecture and delivery; Knowledge Web Application Security Architecture. Implementation Experience on standards such as OAuth, OpenID Connect, XACML; Integration experience using Identity connector framework (ICF); Exposure to BPMN 2.0; Test and Deployment automation tools and methodologies; Experience on Application Security and SSO implementation for IOS / Android Apps; Hands-on knowledge on DevOps methodologies and tools like SVN/GIT, Jenkins, JIRA, confluence, various monitoring/alerting tools; Experience on Agile delivery; Custom development background based on IAM/PAM projects; Large scale SI Transformation project experience; Release Planning. Set yourself apart: Ability to demonstrate technical and commercial skills Mastery of new and upcoming Cybersecurity technologies Consulting experience Proven history Show more Show less Qualifications What's in it for you At Accenture in addition to a competitive basic salary, you will alsohave an extensive benefits package which includes 30 days' vacation per year, gym subsidy, private medical insurance and 3 extra days leave per year for charitable work of your choice! Flexibility and mobility are required to deliver this role as there will be requirements to spend time onsite with our clients and partners to enable delivery of the first-class services we are known for. About Accenture Accenture is a leading global professional services company, providing a broad range of services in strategy and consulting, interactive, technology and operations, with digital capabilities across all of these services. We combine unmatched experience and specialized capabilities across more than 40 industries - powered by the world's largest network of Advanced Technology and Intelligent Operations centers. With 509,000 people serving clients in more than 120 countries, Accenture brings continuous innovation to help clients improve their performance and create lasting value across their enterprises. Visit us at Accenture is an equal opportunities employer and welcomes applications from all sections of society and does not discriminate on grounds of race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, or gender identity, or any other basis as protected by applicable law. Closing Date for Applications 31/10/2022 Accenture reserves the right to close the role prior to this date should a suitable applicant be found. RROOTS SRG100
24/09/2022
Full time
Role: Digital Identity Security Manager Location: Glasgow Salary: Competitive salary and package dependent on experience Career Level: Manager Accenture is a leading global professional services company, providing a broad range of services in strategy and consulting, interactive, technology and operations, with digital capabilities across all of these services. With our thought leadership and culture of innovation, we apply industry expertise, diverse skill sets and next-generation technology to each business challenge. We believe in inclusion and diversity and supporting the whole person. Our core values comprise of Stewardship, Best People, Client Value Creation, One Global Network, Respect for the Individual and Integrity. Year after year, Accenture is recognized worldwide not just for business performance but for inclusion and diversity too. "Across the globe, one thing is universally true of the people of Accenture: We care deeply about what we do and the impact we have with our clients and with the communities in which we work and live. It is personal to all of us." - Julie Sweet, Accenture CEO. As a team: All of our professionals receive comprehensive training covering business, technical and professional skills development. You will have opportunities to hone your functional skills and expertise in Cyber Security. The sheer variety and scale of work we do, and the experience it offers, provides an unbeatable platform to build a career. In addition, our growth, combined with our integrated career counselling, offers great opportunities for rapid advancement. Accenture Security is one of the fastest growing areas of the business with significant growth plans through additional recruitment and acquisitions. Digital Identity is one of the key offerings of Accenture Security. It focusses on the design and implementation of identity services that help secure access to organisation's environments and data, in three main identity vectors: 1 - Consumer identity: securing customers' identities streamlining their access 2 - Workforce identity: securing and accelerating access from employees and third-party providers to applications and streamlining their access 3 - Privileged identity: managing privileged credentials and providing secure access to privileged individuals and applications Services include: Automated identity governance• Digital identity for consumers Digital identity innovation In our team you will learn: Working with truly global organisations and the related complexity of their cyber security requirements; Working in a multi-disciplined team of Strategy, Digital and Technology professionals to bring the best of Accenture to our clients; Working with and often managing a multi-shore delivery team to provide cost-effective consulting services; Customising Accenture's knowledge assets to support designs that are appropriate for each client; Designing pragmatic but effective cyber security defences for our clients. As a Digital Identity Manager, you will: Architect solutions in Digital Identity (DI) technologies. Solve challenging problems across DI domain. Support Requests for Proposals (RFPs). Manage teams responsible for the delivery of DI projects to customer. Demonstrate skills on Identity governance/provisioning, access management and privilege access management solutions. Explore Discovery Analytics to identify new and innovative opportunities Help grow the DI business We are looking for experience in the following skills: Expertise on Identity and Access Management (IAM) concepts - Provisioning / Reconciliation, SSO, Federation etc. Expertise on Privileged Access Management (PAM) concepts - privileged account discovery, onboarding, reconciliation, provisioning, etc. Strong design and implementation experience of at least one identity and access management projects using any of the leading IAM/PAM vendor products - CyberArk, ForgeRock / Oracle / SailPoint IAM; IAM requirements gathering and experience in conducting workshops; Hands on Development experience using Core Java / J2EE, Groovy, JavaScript; RESTful API Architecture & Implementation experience; Exposure to LDAP, Directory server concepts; Familiar with SQL and Database concepts, AWS, Jenkins, SVN; Familiar with standards such as OAuth, OpenID Connect, XACML; Familiar with DevOps methodology and tools; Knowledge on cloud infrastructure (AWS/Azure/GCP) based architecture and delivery; Knowledge Web Application Security Architecture. Implementation Experience on standards such as OAuth, OpenID Connect, XACML; Integration experience using Identity connector framework (ICF); Exposure to BPMN 2.0; Test and Deployment automation tools and methodologies; Experience on Application Security and SSO implementation for IOS / Android Apps; Hands-on knowledge on DevOps methodologies and tools like SVN/GIT, Jenkins, JIRA, confluence, various monitoring/alerting tools; Experience on Agile delivery; Custom development background based on IAM/PAM projects; Large scale SI Transformation project experience; Release Planning. Set yourself apart: Ability to demonstrate technical and commercial skills Mastery of new and upcoming Cybersecurity technologies Consulting experience Proven history Show more Show less Qualifications What's in it for you At Accenture in addition to a competitive basic salary, you will alsohave an extensive benefits package which includes 30 days' vacation per year, gym subsidy, private medical insurance and 3 extra days leave per year for charitable work of your choice! Flexibility and mobility are required to deliver this role as there will be requirements to spend time onsite with our clients and partners to enable delivery of the first-class services we are known for. About Accenture Accenture is a leading global professional services company, providing a broad range of services in strategy and consulting, interactive, technology and operations, with digital capabilities across all of these services. We combine unmatched experience and specialized capabilities across more than 40 industries - powered by the world's largest network of Advanced Technology and Intelligent Operations centers. With 509,000 people serving clients in more than 120 countries, Accenture brings continuous innovation to help clients improve their performance and create lasting value across their enterprises. Visit us at Accenture is an equal opportunities employer and welcomes applications from all sections of society and does not discriminate on grounds of race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, or gender identity, or any other basis as protected by applicable law. Closing Date for Applications 31/10/2022 Accenture reserves the right to close the role prior to this date should a suitable applicant be found. RROOTS SRG100
