×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer

Identity & Access Engineer; IAM

Job in Salford, Manchester, Greater Manchester, M9, England, UK
Listing for: Finova
Full Time position
Listed on 2026-06-03
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer
Salary/Wage Range or Industry Benchmark: 80000 - 100000 GBP Yearly GBP 80000.00 100000.00 YEAR
Job Description & How to Apply Below
Position: Identity & Access Engineer (IAM)
Location: Salford

Overview

Identity & Access Engineer (IAM) – Manchester Based (3 Days Hybrid)

Finova is the UK’s largest financial services technology provider. Our agile, cloud-native solutions enable banks, building societies, and lenders to deliver digital experiences while maintaining regulatory compliance. We are seeking a seasoned IAM Specialist to own the design and implementation of identity, access, and entitlements across a multi-cloud SaaS fintech platform.

Responsibilities
  • Translate architectural choices into practical, automated, and secure IAM implementations spanning workforce, customer, and machine identities.
  • Work with multi-cloud infrastructure across AWS, Azure, and GCP. Applications run on .NET / ASP.NET with SQL Server-backed role systems.
  • Enforce tenant isolation and least privilege to satisfy regulators, while defining access boundaries for AI pipelines, vector databases, and automated decision engines.
  • Collaborate in a highly collaborative, hands-on hybrid role, balancing high-level access modeling with day-to-day configuration, such as writing OPA Rego rules or configuring Azure AD Conditional Access policies.
About you

You are a highly analytical identity purist who recognizes that identity is the security perimeter in a cloud ecosystem. You bridge application engineering, cloud infrastructure, and regulatory audit as a subject matter expert on access control.

Key Attributes
  • The Structural Architect: mapping complex business roles into automated framework permissions while avoiding privilege creep.
  • Code-Driven Security Advocate: policy-as-code and auditable repositories with continuous testing for authorization logic.
  • Pragmatic Problem Solver: using Just-In-Time elevation, automated provisioning, and SSO to balance security and usability.
  • Rigorous Guard of Boundaries: strong focus on isolation details to defend against cross-tenant data leaks and broken access controls.
  • Experience:

    4–6 years in IAM, security engineering, or identity-focused cloud engineering with hands-on enterprise deployment.
  • Entra : deep practical knowledge of Azure AD (Entra ), including app registrations, Conditional Access, PIM, and federation configurations.
  • Multi-Cloud

    Competency:

    hands-on experience with at least two major clouds (AWS IAM, Azure RBAC, or GCP IAM) and familiarity with all three.
  • Application & DB IAM: experience implementing RBAC/ABAC in .NET / ASP.NET (Claims, ASP.NET Identity) and SQL Server access management (roles, RLS, data masking).
  • Federation Protocols: SAML 2.0, OIDC, OAuth 2.0, and SCIM provisioning workflows.
  • Policy-as-Code

    Skills:

    writing, testing, and deploying authorization policies (OPA/Rego, Azure Policy, or AWS SCPs) in CI/CD pipelines.
  • Modern IAM Tooling: familiarity with PIM/PAM, CIEM concepts, secretless Dev Ops patterns (OIDC-based pipeline identity), and secrets managers (Azure Key Vault, Hashi Corp Vault).
  • SaaS Architecture: understanding multi-tenancy and identifying missing tenant contexts or authorization bypass risks.
  • Communication: ability to articulate complex identity structures and compliance mandates to developers, architects, and auditors.
Nice-to-Have
  • Fintech

    Experience:

    IAM in regulated domains such as banking, payments, or insurance.
  • CIEM/IGA Platforms: familiarity with Entra Permissions Management, Ermetic, SailPoint, or Saviynt.
  • AI Infrastructure Security: access controls for model training environments, feature stores, or LLM integrations.
  • Certifications:

    SC-300, AWS Security Specialty, AZ-500, CISSP, or CCSP.
  • Automation Scripting:
    Power Shell or Python for automating access reviews and IAM operations.
  • Zero Trust Strategy: understanding of broader Zero Trust architectures integrating device, network, and identity decisions.
What you will be doing
  • Identity Architecture & Federation: design and implement identity framework across workforce, customer, and machine identities.
  • Primary IdP Management: configure and manage Azure AD (Entra ) tenant structures, app registrations, Conditional Access, and directory sync.
  • Enterprise Federation: implement SAML 2.0, OIDC, and WS-Federation patterns to onboard customer-managed IdPs for enterprise SSO.
  • Automated Provisioning: design SCIM-based provisioning and…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search