AVEVA is creating software trusted by over 90% of leading industrial companies.
Job Title: IDAM Engineer
Location: Cambridge/ Derry-Londonderry
Employment Type: Full Time
The Job
AVEVA is seeking an Identity and Access Management (IDAM) Engineer with expertise in hybrid Windows environments to join our IT team. This role involves maintaining both modern and legacy infrastructure to support our fast-growing software business, while enhancing our security posture through hands-on technical work and collaboration across engineering teams to drive key security initiatives.
Key Responsibilities
1. Operate and maintain multi-site Active Directory environments, including domain controllers, replication, trust relationships, and hybrid integrations with Entra ID.
2. Support and lead Active Directory migration and consolidation efforts, including domain restructuring, OU/GPO design, and forest transformation projects.
3. Integrate and maintain hybrid identity systems involving Entra ID (Azure AD), including Entra Connect and synchronization troubleshooting.
4. Maintain, monitor, and support Identity, Access Management (IAM), and Messaging systems across on-prem and cloud environments.
5. Develop and adhere to standardized procedures for deploying, maintaining, and documenting identity infrastructure.
6. Troubleshoot and resolve issues related to identity, access, authentication, authorization, accounts, and directory services.
7. Collaborate with the security team to enforce hardened configurations, monitor for unauthorized access, and implement remediation as needed.
8. Provide Level 2 support and engage with vendors or other engineering teams to resolve escalated directory-related issues.
9. Produce accurate and up-to-date diagrams and documentation of AD and identity systems architecture.
Essential Skills and Experience
10. Expert-level understanding of designing, implementing, and migrating Active Directory components, including replication, DNS, OU/GPO structure, AD Sites and Services, FSMO roles and multi-forest scenarios.
11. Practical experience performing domain migrations, forest consolidations, and trust relationship configurations.
12. Solid understanding of Entra ID (Azure AD), Entra Connect, Conditional Access, MFA, and hybrid identity models.
13. Familiarity with Microsoft security baselines and secure identity management practices across both on-prem and cloud systems.
14. Knowledge of user lifecycle management, including Access Reviews and Joiner-Mover-Leaver (JML) processes.
15. Hands-on experience with SSO and authentication protocols (Kerberos, LDAP, SAML, OpenID Connect, OAuth).
16. Proven ability to automate identity-related tasks using PowerShell and/or Group Policy automation tools.
17. Comfortable producing reusable, scalable, and secure configurations.
18. Scripting experience with PowerShell for managing Active Directory and Entra ID.
19. Strong grasp of cybersecurity principles and their application to directory services and IAM.
20. Excellent written and verbal communication skills in English.
Desirable Skills and Experience
21. Minimum 2 years in IAM or Infrastructure roles, with a strong focus on Active Directory and hybrid identity environments.
22. Hands-on experience with directory modernization initiatives such as domain flattening or legacy AD integration.
23. Familiarity with IGA platforms, preferably One Identity or alternatives like SailPoint.
24. Holds relevant technical certifications (e.g., Microsoft Certified: Identity and Access Administrator, Windows Server Hybrid Administrator Associate, CISSP).
25. Bachelor’s degree in Computer Science, Engineering, or equivalent practical experience.
26. Strong communicator, capable of translating complex identity and directory concepts for both technical and non-technical stakeholders.
27. Pragmatic problem-solver with a business-aligned approach to secure infrastructure implementation.
28. Proactively stays current with Microsoft identity technologies, AD best practices, and emerging IAM trends.
29. Collaborative team player who thrives in both independent and cross-functional project environments.
UK Benefits include:
Flexible benefits fund, emergency leave days, adoption leave, 28 days annual leave (plus bank holidays), pension, life cover, private medical insurance, parental leave, education assistance program.
It’s possible we’re hiring for this position in multiple countries, in which case the above benefits apply to the primary location. Specific benefits vary by country, but our packages are similarly comprehensive.
Find out more: aveva.com/en/about/careers/benefits/
Hybrid working
By default, employees are expected to be in their local AVEVA office three days a week, but some positions are fully office-based. Roles supporting particular customers or markets are sometimes remote.
Hiring process
Interested? Great! Get started by submitting your cover letter and CV through our application portal. AVEVA is committed to recruiting and retaining people with disabilities. Please let us know in advance if you need reasonable support during your application process.
Find out more: aveva.com/en/about/careers/hiring-process
About AVEVA
AVEVA is a global leader in industrial software with more than 6,500 employees in over 40 countries. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life – such as energy, infrastructure, chemicals, and minerals – safely, efficiently, and more sustainably.
We are committed to embedding sustainability and inclusion into our operations, our culture, and our core business strategy. Learn more about how we are progressing against our ambitious 2030 targets: sustainability-report.aveva.com/
Find out more: aveva.com/en/about/careers/