Senior Security Engineer - CIAM XDP

Senior Security Engineer for CIAM at Barclays, responsible for developing, implementing, and maintaining cryptographic solutions, identity and access management (IAM) systems, and security controls for banking systems and sensitive information.

• Develop, implement, and maintain solutions that safeguard banking systems and sensitive information.
• Provide subject matter expertise on security systems and engineering patterns.
• Develop and implement protocols, algorithms, and software applications to protect sensitive data and systems.
• Manage and protect secrets, ensuring secure generation, storage, and usage.
• Execute audits to monitor, identify, and assess vulnerabilities in the bank's infrastructure and software.
• Support response to potential security breaches.
• Identify advancements to support innovation and adoption of new cryptographic technologies and techniques.
• Collaborate with developers and security teams across the bank to align cryptographic solutions with business objectives, security policies, and regulatory requirements.
• Develop, implement, and maintain Identity and Access Management (IAM) solutions and systems.

• Experience across configuration and integration with Hardware Security Module (HSM) and AWS Secrets Manager (ASM) tooling, certificate lifecycle management (e.g., rotation, revocation), and automating security workflows.
• Experience using GitLab CI/CD pipelines, AWS CLI or Chef.
• Strong experience with Cloud Security, including AWS security controls, policies and automation, CLI tools, role-based and attribute-based access controls, cryptographic protocols, secure key lifecycle management, advanced threat modeling, SOC operations, securing microservices and APIs, DevSecOps best practices, vulnerability scanning, tools, approaches, vulnerability patching, and vendor management for security.
• Strong experience in penetration testing and hands-on coding in at least one of: JavaScript, Java, Python.
• Hands-on configuration, deployment and operation of ForgeRock COTS-based IAM solutions (e.g., PingGateway, PingAM, PingIDM, PingDS) with embedded security gates, HTTP header signing, access token and data-at-rest encryption, PKI-based self-sovereign identity, or open source.
• Assessment of key critical skills: risk and controls, change and transformation, business acumen, strategic thinking, digital and technology, and job-specific technical skills.

London office.