IAM Engineer – Privileged Access & Secrets Management

Job description

We’re hiring a Privileged Access & Identity Security Engineer to join a highly technical, security-first organisation operating in a fast-paced, regulated environment. Identity, privileged access, and secrets are treated here as core security engineering problems, not just compliance controls.

This role sits within the Identity & Access Management (IAM) function, with a strong emphasis on Privileged Access Management (PAM), automation, and secure access to critical systems and platforms.

Responsibilities:

Privileged Access Management (PAM)

• Own and operate enterprise PAM platforms (e.g. CyberArk or equivalent)
• Design, implement, and maintain privileged access controls across Windows, Unix/Linux, and application environments
• Automate onboarding of privileged and service accounts, including credential rotation and reconciliation
• Enforce least privilege and just-in-time access principles
• Monitor privileged sessions and support investigations into access-related incidents

Secrets & Non-Human Access

• Manage credentials for applications, services, and automation workflows
• Support secure runtime credential retrieval and rotation
• Work with engineering teams to reduce hard-coded secrets and improve secrets hygiene
• Contribute to the evolution of secrets management and CI/CD integrations

IAM & Access Controls

• Partner with infrastructure, application, and security teams to implement robust access models
• Support RBAC and access policy alignment across on-prem and cloud platforms
• Maintain clean documentation, standards, and operating procedures

Governance, Audit & Operations

• Support access reviews, audit requests, and evidence production
• Contribute to incident response related to privileged access or credential exposure
• Help mature IAM and PAM processes through automation and continuous improvement

Must Have’s

• Strong hands-on experience with Privileged Access Management (PAM)
• Deep knowledge of CyberArk (Vault, PSM/PSMP, CPM, Privilege Cloud) or equivalent
• Experience automating privileged access onboarding and credential lifecycle
• Solid understanding of least privilege, JIT access, and privileged account risk
• Background working in regulated or high-security environments
• Comfortable operating as a senior individual contributor with real ownership

Nice to have

• Exposure to secrets management concepts or platforms
• Cloud experience (AWS and/or Azure)
• Scripting or automation (PowerShell, REST APIs, etc.)

Extra information

Status

Open

Education Level

Secondary School

Location

City of London

Type of Contract

Full-time jobs

Published at

09-02-2026

Profession type

Management

Full UK/EU driving license preferred

No

Car Preferred

No

Must be eligible to work in the EU

No

Cover Letter Required

No

Languages

English