IAM Engineer – Privileged Access & Secrets Management

We’re hiring a Privileged Access & Identity Security Engineer to join a highly technical, security-first organisation operating in a fast-paced, regulated environment. Identity, privileged access, and secrets are treated here as core security engineering problems, not just compliance controls. This role sits within the Identity & Access Management (IAM) function, with a strong emphasis on Privileged Access Management (PAM), automation, and secure access to critical systems and platforms.

Responsibilities: Privileged Access Management (PAM) Own and operate enterprise PAM platforms (e.g. CyberArk or equivalent) Design, implement, and maintain privileged access controls across Windows, Unix/Linux, and application environments Automate onboarding of privileged and service accounts, including credential rotation and reconciliation Enforce least privilege and just-in-time access principles Monitor privileged sessions and support investigations into access-related incidents

Secrets & Non-Human Access Manage credentials for applications, services, and automation workflows Support secure runtime credential retrieval and rotation Work with engineering teams to reduce hard-coded secrets and improve secrets hygiene Contribute to the evolution of secrets management and CI/CD integrations IAM & Access Controls Partner with infrastructure, application, and security teams to implement robust access models Support RBAC and access policy alignment across on-prem and cloud platforms Maintain clean documentation, standards, and operating procedures Governance, Audit & Operations Support access reviews, audit requests, and evidence production Contribute to incident response related to privileged access or credential exposure Help mature IAM and PAM processes through automation and continuous improvement Must Have’s Strong hands-on experience with Privileged Access Management (PAM) Deep knowledge of CyberArk (Vault, PSM/PSMP, CPM, Privilege Cloud) or equivalent Experience automating privileged access onboarding and credential lifecycle Solid understanding of least privilege, JIT access, and privileged account risk Background working in regulated or high-security environments Comfortable operating as a senior individual contributor with real ownership Nice to have Exposure to secrets management concepts or platforms Cloud experience (AWS and/or Azure) Scripting or automation (PowerShell, REST APIs, etc.)