AVEVA is creating software trusted by over 90% of leading industrial companies.

Job Title: IDAM Engineer

Location: Cambridge/ Derry-Londonderry

Employment Type: Full Time

The Job

AVEVA is seeking an Identity and Access Management (IDAM) Engineer with expertise in hybrid Windows environments to join our IT team. This role involves maintaining both modern and legacy infrastructure to support our fast-growing software business, while enhancing our security posture through hands-on technical work and collaboration across engineering teams to drive key security initiatives.

Key Responsibilities

• Operate and maintain multi-site Active Directory environments, including domain controllers, replication, trust relationships, and hybrid integrations with Entra ID.
• Support and lead Active Directory migration and consolidation efforts, including domain restructuring, OU/GPO design, and forest transformation projects.
• Integrate and maintain hybrid identity systems involving Entra ID (Azure AD), including Entra Connect and synchronization troubleshooting.
• Maintain, monitor, and support Identity, Access Management (IAM), and Messaging systems across on-prem and cloud environments.
• Develop and adhere to standardized procedures for deploying, maintaining, and documenting identity infrastructure.
• Troubleshoot and resolve issues related to identity, access, authentication, authorization, accounts, and directory services.
• Collaborate with the security team to enforce hardened configurations, monitor for unauthorized access, and implement remediation as needed.
• Provide Level 2 support and engage with vendors or other engineering teams to resolve escalated directory-related issues.
• Produce accurate and up-to-date diagrams and documentation of AD and identity systems architecture.

Essential Skills and Experience

• Expert-level understanding of designing, implementing, and migrating Active Directory components, including replication, DNS, OU/GPO structure, AD Sites and Services, FSMO roles and multi-forest scenarios.
• Practical experience performing domain migrations, forest consolidations, and trust relationship configurations.
• Solid understanding of Entra ID (Azure AD), Entra Connect, Conditional Access, MFA, and hybrid identity models.
• Familiarity with Microsoft security baselines and secure identity management practices across both on-prem and cloud systems.
• Knowledge of user lifecycle management, including Access Reviews and Joiner-Mover-Leaver (JML) processes.
• Hands-on experience with SSO and authentication protocols (Kerberos, LDAP, SAML, OpenID Connect, OAuth).
• Proven ability to automate identity-related tasks using PowerShell and/or Group Policy automation tools.
• Comfortable producing reusable, scalable, and secure configurations.

• Scripting experience with PowerShell for managing Active Directory and Entra ID.
• Strong grasp of cybersecurity principles and their application to directory services and IAM.
• Excellent written and verbal communication skills in English.

Desirable Skills and Experience

• Minimum 2 years in IAM or Infrastructure roles, with a strong focus on Active Directory and hybrid identity environments.
• Hands-on experience with directory modernization initiatives such as domain flattening or legacy AD integration.
• Familiarity with IGA platforms, preferably One Identity or alternatives like SailPoint.
• Holds relevant technical certifications (e.g., Microsoft Certified: Identity and Access Administrator, Windows Server Hybrid Administrator Associate, CISSP).
• Bachelor’s degree in Computer Science, Engineering, or equivalent practical experience.
• Strong communicator, capable of translating complex identity and directory concepts for both technical and non-technical stakeholders.
• Pragmatic problem-solver with a business-aligned approach to secure infrastructure implementation.
• Proactively stays current with Microsoft identity technologies, AD best practices, and emerging IAM trends.
• Collaborative team player who thrives in both independent and cross-functional project environments.

UK Benefits include:

Flexible benefits fund, emergency leave days, adoption leave, 28 days annual leave (plus bank holidays), pension, life cover, private medical insurance, parental leave, education assistance program.

It’s possible we’re hiring for this position in multiple countries, in which case the above benefits apply to the primary location. Specific benefits vary by country, but our packages are similarly comprehensive.

Find out more: aveva.com/en/about/careers/benefits/

Hybrid working

By default, employees are expected to be in their local AVEVA office three days a week, but some positions are fully office-based. Roles supporting particular customers or markets are sometimes remote.

Hiring process

Interested? Great! Get started by submitting your cover letter and CV through our application portal. AVEVA is committed to recruiting and retaining people with disabilities. Please let us know in advance if you need reasonable support during your application process.

Find out more: aveva.com/en/about/careers/hiring-process

About AVEVA

AVEVA is a global leader in industrial software with more than 6,500 employees in over 40 countries. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life – such as energy, infrastructure, chemicals, and minerals – safely, efficiently, and more sustainably.

We are committed to embedding sustainability and inclusion into our operations, our culture, and our core business strategy. Learn more about how we are progressing against our ambitious 2030 targets: sustainability-report.aveva.com/

Find out more: aveva.com/en/about/careers/

AVEVA requires all successful applicants to undergo and pass a drug screening and comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may, subject to those laws, include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check. Certain positions dealing with sensitive and/or third-party personal data may involve additional background check criteria.

AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business. AVEVA provides reasonable accommodation to applicants with disabilities where appropriate. If you need reasonable accommodation for any part of the application and hiring process, please notify your recruiter. Determinations on requests for reasonable accommodation will be made on a case-by-case basis.