Identity & Privileged Access Security Engineer | Technology-Driven Trading Firm

[Up to c. £175k Comp Package | On-Site Working]

We’re representing a leading investment management firm seeking an Identity & Privileged Access Security Engineer to strengthen identity, authentication, and privileged access controls across the estate. Sitting within cybersecurity, the role focuses on reducing excessive admin rights, tightening identity-based attack paths, and ensuring privileged access remains effective in production.

You’ll own key Microsoft identity capabilities - including Entra , Conditional Access, phishing-resistant MFA, privileged elevation, access reviews, and identity governance - in a hands‑on role that blends platform ownership, automation, and close collaboration with cloud, endpoint, and Sec Ops teams...

• Operate and enhance privileged access controls across internal platforms, including elevation workflows, policy lifecycle management, audit validation, and resilience testing
• Maintain and improve Microsoft Entra  across hybrid identity, external collaboration, authentication methods, and user lifecycle processes
• Own Conditional Access controls, including device posture requirements, risky sign‑in handling, phishing‑resistant MFA enforcement, and exception governance
• Run regular privileged access reviews across in-scope systems, identifying excessive permissions and driving remediation activity
• Manage phishing‑resistant authentication processes, including hardware key enrolment, replacement workflows, recovery routes, and supplier coordination
• Maintain admin tiering standards across privileged accounts, including naming conventions, lifecycle automation, stale account removal, and drift monitoring
• Partner with cloud security teams on Azure RBAC, PIM activation patterns, and identity‑to‑resource permission models
• Work with endpoint engineering teams to ensure Conditional Access policies align with device compliance and posture requirements
• Collaborate with security operations to improve identity detections covering suspicious sign‑ins, token abuse, MFA fatigue, privileged account anomalies, and related attack patterns
• Support identity protection for senior or high‑risk users, ensuring hardened authentication, monitoring, and access controls are consistently applied
• Build Power Shell and Microsoft Graph automation to streamline joiner/mover/leaver processes, access reviews, privileged account management, and reporting

• 3-6 years’ experience in identity engineering, IAM, privileged access management, or identity security roles
• Strong hands‑on experience with Microsoft Entra  production environments, including hybrid identity, Entra Connect or Cloud Sync, B2B collaboration, and authentication method migration
• Practical experience designing and operating Conditional Access policies across enterprise environments
• Understanding of privileged access models, including Entra PIM, admin tiering, emergency access, JIT elevation, or comparable PAM tooling
• Hands‑on exposure to Active Directory hardening, including delegation clean‑up, privileged group review, Admin
  
  SDHolder, ACL remediation, or Tier‑0 protection
• Experience with phishing‑resistant authentication approaches such as FIDO2, Web Authn, passkeys, or hardware security keys
• Strong Power Shell capability and practical experience using Microsoft Graph for automation or reporting
• Ability to assess over‑privilege, identify identity control gaps, and drive remediation with technical stakeholders
• Strong academic background, including a degree from a Russell Group university or international equivalent
• (Preferred) Experience with identity governance platforms such as SailPoint, Saviynt, or Entra
• (Preferred) Microsoft identity or security certifications such as SC-300 or SC-100
• (Preferred) Background in financial services or another regulated environment with strong identity control and audit expectations