Skip to main content
Back to jobs

IDAM PAM Engineer

External
aveva logoAveva · London Cannon Street
Full-timeRemote2w ago
AzureCloud SecurityComplianceDocumentationIAMJira
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role

Responsibilities

  • Lead the automation‑first design and engineering of PAM solutions
  • Play a senior role in CyberArk (or similar) implementation and expansion
  • Engineer fully automated onboarding for: Privileged user accounts
  • Service and application accounts
  • Credentials, secrets, and keys
  • Integrate PAM with SailPoint for automated governance, lifecycle, and access reviews
  • Define PAM standards, onboarding patterns, and automation frameworks
  • Automate privileged access requests, approvals, and provisioning via ServiceNow
  • Build automated PAM and SailPoint reporting for audits and compliance
  • Reduce manual PAM operations through scripting and orchestration
  • Secure privileged access across: Active Directory environments
  • Windows and Linux platforms
  • Azure and cloud services
  • Applications and DevOps pipelines
  • Act as senior escalation point for PAM‑related incidents
  • Partner with Security Architecture and Audit on control design and evidence automation
  • Produce high‑quality architecture diagrams, runbooks, and engineering documentation
  • Apply AI‑assisted tooling to enhance troubleshooting and operational insight
  • Essential requirements
  • Significant, hands‑on experience in Privileged Access Management
  • Hands‑on SailPoint experience is mandatory
  • Strong experience with CyberArk (PAS, PSM, EPM) or equivalent tools
  • Proven ability to engineer and automate PAM at scale
  • Strong understanding of privileged access risks and threat vectors
  • Advanced experience with Active Directory and hybrid identity environments
  • Strong automation and scripting skills (PowerShell, Python, APIs)
  • Experience supporting audits using automated evidence and reporting
  • Ability to operate as a senior engineer, providing technical leadership

Requirements

  • Experience using ServiceNow and/or Jira to automate privileged access workflows
  • Broader knowledge of IAM, IGA, Zero Trust, or identity security domains
  • Experience working with DevOps teams, including securing pipelines and secrets
  • Bachelor's degree in Computer Science, Engineering, Mathematics, or related discipline; or equivalent experience
  • Relevant certifications (e.g. CyberArk, SailPoint, Microsoft Security, Cloud Security)
  • Strong communication and stakeholder management skills
  • Customer‑focused mindset, balancing security with business usability
  • Demonstrated growth mindset, passionate about continuous learning
  • Experience mentoring or guiding other engineers
  • IT at AVEVA
  • Find out more: https://www.aveva.com/en/about/careers/
  • UK Benefits include:
  • Flexible benefits fund, emergency leave days, adoption leave, 28 days annual leave (plus bank holidays), pension, life cover, private medical insurance, parental leave, education assistance program.
  • It's possible we're hiring for this position in multiple countries, in which case the above benefits apply to the primary location. Specific benefits vary by country, but our packages are similarly comprehensive.
  • Find out more: aveva.com/en/about/careers/benefits/
  • Hybrid working
  • By default, employees are expected to be in their local AVEVA office three days a week, but some positions are fully office-based. Roles supporting particular customers or markets are sometimes remote.
  • Hiring process
  • Interested? Great! Get started by submitting your cover letter and CV through our application portal. AVEVA is committed to recruitin

Benefits

Health insuranceVision insuranceRemote work optionsFlexible scheduleParental leave

Additional Information

AVEVA is creating software trusted by over 90% of leading industrial companies. Job Title: IDAM PAM Engineer Location: United Kingdom (Cambridge / London) Employment Type: Full-time, permanent The job AVEVA is seeking Privileged Access Management (PAM) Engineers to lead the delivery of highly automated, enterprise‑grade privileged access controls as part of our IDAM function. This is a senior, hands‑on engineering role with significant responsibility and influence. You will design, build, and operate PAM capabilities with automation as a core principle, integrating SailPoint as the enterprise IGA platform and supporting the current and future adoption of CyberArk (or equivalent). You will act as a senior technical authority, defining standards, patterns, and automation approaches while working closely with Security Architecture, Infrastructure, and Audit teams.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at aveva? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect