Job Title
IDAM PAM Engineer
Location
United Kingdom (Cambridge / London)
Employment Type
Full-time, permanent
Overview
AVEVA is seeking Privileged Access Management (PAM) Engineers to lead the delivery of highly automated, enterprise grade privileged access controls as part of our IDAM function. This is a senior, hands on engineering role with significant responsibility and influence.
Key Responsibilities
- Lead the automation first design and engineering of PAM solutions
- Play a senior role in CyberArk (or similar) implementation and expansion
- Engineer fully automated onboarding for privileged user accounts, service and application accounts, credentials, secrets, and keys
- Integrate PAM with SailPoint for automated governance, lifecycle, and access reviews
- Define PAM standards, onboarding patterns, and automation frameworks
- Automate privileged access requests, approvals, and provisioning via ServiceNow
- Build automated PAM and SailPoint reporting for audits and compliance
- Reduce manual PAM operations through scripting and orchestration
- Secure privileged access across Active Directory environments, Windows and Linux platforms, Azure and cloud services, applications and DevOps pipelines
- Act as senior escalation point for PAM related incidents
- Partner with Security Architecture and Audit on control design and evidence automation
- Produce high quality architecture diagrams, runbooks, and engineering documentation
- Apply AI assisted tooling to enhance troubleshooting and operational insight
Essential Requirements
- Significant, hands on experience in Privileged Access Management
- Hands on SailPoint experience is mandatory
- Strong experience with CyberArk (PAS, PSM, EPM) or equivalent tools
- Proven ability to engineer and automate PAM at scale
- Strong understanding of privileged access risks and threat vectors
- Advanced experience with Active Directory and hybrid identity environments
- Strong automation and scripting skills (PowerShell, Python, APIs)
- Experience supporting audits using automated evidence and reporting
- Ability to operate as a senior engineer, providing technical leadership
Desired Skills
- Experience using ServiceNow and/or Jira to automate privileged access workflows
- Broader knowledge of IAM, IGA, Zero Trust, or identity security domains
- Experience working with DevOps teams, including securing pipelines and secrets
- Bachelor's degree in Computer Science, Engineering, Mathematics, or related discipline; or equivalent experience
- Relevant certifications (e.g., CyberArk, SailPoint, Microsoft Security, Cloud Security)
- Strong communication and stakeholder management skills
- Customer focused mindset, balancing security with business usability
- Demonstrated growth mindset, passionate about continuous learning
- Experience mentoring or guiding other engineers
Benefits
- Flexible benefits fund
- Emergency leave days
- Adoption leave
- 28 days annual leave (plus bank holidays)
- Pension
- Life cover
- Private medical insurance
- Parental leave
- Education assistance program
Equal Opportunity & Background Checks
AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. All successful applicants will undergo a drug screening and comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may, subject to those laws, include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check. Certain positions dealing with sensitive and/or third party personal data may involve additional background check criteria.