IAM / PAM Specialist

UKAEA's mission is to lead the delivery of sustainable fusion energy and maximise scientific and economic impact. The Computing Division underpins this mission by delivering secure, scalable, and innovative digital solutions across scientific computing, modelling, simulation, software engineering, business systems, data acquisition, and core IT services.

Within the Computing Division, the Enterprise Infrastructure Solutions unit is responsible for the design, delivery, and management of centrally supported IT infrastructure and applications. This includes enterprise compute platforms, data networks, UNIX/Linux/Windows environments, cloud services, data centres, commercial software solutions, and end-user support across all UKAEA sites.

The IAM / PAM Specialist will play a pivotal role in designing and delivering UKAEA's greenfield Identity and Access Management (IAM) and Privileged Access Management (PAM) solutions, while contributing to the development of the Security Information and Event Management (SIEM) and Security Operations Centre (SOC) capabilities.

You will lead the IAM/PAM workstreams and provide specialist input into SIEM/SOC implementation, ensuring all solutions align with secure-by-design principles, NIST and ISO 27001 frameworks, and UKAEA's cyber security objectives.

This is a hands-on and leadership-focused role that combines technical delivery, strategic oversight, and mentoring of junior members of the cyber team. You will also provide technical oversight where Managed Service Providers (MSPs) are engaged, ensuring solution quality, integration, and compliance with UKAEA standards.

Accountabilities:

· Lead the end-to-end design and delivery of IAM and PAM services as part of a greenfield cyber security programme.

· Collaborate with architects and SOC leads to integrate IAM/PAM telemetry into SIEM tooling for enhanced visibility and detection.

· Provide technical oversight and assurance when engaging Managed Service Providers (MSPs) or third-party vendors.

· Support the development and implementation of SIEM/SOC capabilities, assisting in log source onboarding, alert tuning, and incident response improvements.

· Mentor and train junior team members, building internal capability in identity and access management.

· Define and maintain IAM and PAM architecture artefacts, roadmaps, and design standards aligned with enterprise governance.

· Monitor and manage security configurations across Active Directory, Microsoft 365, Azure, and business SaaS platforms (e.g., SharePoint, Teams, Exchange Online, OneDrive).

· Support secure deployment and access controls in cloud-hosted and hybrid business systems.

· Administer and optimise IAM policies, Conditional Access, MFA, and privilege escalation controls.

· Review access permissions for business-critical applications and enforce role-based access control (RBAC).

· Participate in application onboarding and provide security consultation on app integrations and APIs.

· Assist in the response and investigation of security alerts and incidents related to cloud environments.

· Collaborate with enterprise architects, infrastructure engineers, and support teams to embed secure-by-design principles across services.

· Maintain up-to-date documentation of cloud security controls, procedures, and exception registers.

· Stay informed of emerging threats in cloud ecosystems and recommend appropriate mitigation strategies.

Budget Responsibility:

None

Specific Qualifications/Experience:

· Essential

o Demonstrable experience in greenfield IAM/PAM implementations, preferably using Entra ID, CyberArk, BeyondTrust, or similar platforms.

o Proven ability to lead technical delivery while mentoring junior engineers or analysts.

o Experience providing technical oversight for MSPs or third-party security service providers.

o Demonstrable hands-on experience with Microsoft Entra ID (Azure AD), Conditional Access, and Identity Protection.

o Understanding of modern authentication protocols (OAuth2.0, SAML, OpenID Connect).

o Familiarity with SaaS security, user lifecycle management, and enterprise access models.

o Working knowledge of security and compliance frameworks such as CAF, ISO 27001, NIST CSF, and GDPR.

o Analytical and investigative skills with the ability to identify risk patterns and remediation actions.

o Knowledge of Privileged Identity Management (PIM), Just-In-Time (JIT) access, or PAM solutions.

o Strong documentation and communication skills to support audits and security reviews.

o Ability to obtain SC-level national security clearance

· Desirable

o At least a HND in Information Security, Computer Science, or a related STEM field, or equivalent experience. Degree Preferred

o Understanding of SIEM/SOC integration and the relationship between IAM telemetry and security monitoring.

o Familiarity with ITSM workflows and change control procedures.

o Experience conducting security risk assessments for third-party SaaS solutions.

o Experience supporting greenfield security architecture or SOC build programmes.

o Familiarity with tools such as Microsoft Sentinel, Splunk, or Elastic SIEM.

Additional Duties:

May be requested to represent the Group in meetings , act as an SME in Projects and may hold internal appointments.

May also provide technical oversight to managed service providers and contribute to team capability development through coaching and mentoring.