AVEVA is creating software trusted by over 90% of leading industrial companies.
Job Title: IDAM PAM Engineer
Location: United Kingdom (Cambridge / London)
Employment Type: Full-time, permanent
The job
AVEVA is seeking Privileged Access Management (PAM) Engineers to lead the delivery of highly automated, enterprise‑grade privileged access controls as part of our IDAM function.
This is a senior, hands‑on engineering role with significant responsibility and influence. You will design, build, and operate PAM capabilities with automation as a core principle, integrating SailPoint as the enterprise IGA platform and supporting the current and future adoption of CyberArk (or equivalent).
You will act as a senior technical authority, defining standards, patterns, and automation approaches while working closely with Security Architecture, Infrastructure, and Audit teams.
Key responsibilities
- Lead the automation‑first design and engineering of PAM solutions
- Play a senior role in CyberArk (or similar) implementation and expansion
- Engineer fully automated onboarding for:
- Privileged user accounts
- Service and application accounts
- Credentials, secrets, and keys
- Integrate PAM with SailPoint for automated governance, lifecycle, and access reviews
- Define PAM standards, onboarding patterns, and automation frameworks
- Automate privileged access requests, approvals, and provisioning via ServiceNow
- Build automated PAM and SailPoint reporting for audits and compliance
- Reduce manual PAM operations through scripting and orchestration
- Secure privileged access across:
- Active Directory environments
- Windows and Linux platforms
- Azure and cloud services
- Applications and DevOps pipelines
- Act as senior escalation point for PAM‑related incidents
- Partner with Security Architecture and Audit on control design and evidence automation
- Produce high‑quality architecture diagrams, runbooks, and engineering documentation
- Apply AI‑assisted tooling to enhance troubleshooting and operational insight
Essential requirements
- Significant, hands‑on experience in Privileged Access Management
- Hands‑on SailPoint experience is mandatory
- Strong experience with CyberArk (PAS, PSM, EPM) or equivalent tools
- Proven ability to engineer and automate PAM at scale
- Strong understanding of privileged access risks and threat vectors
- Advanced experience with Active Directory and hybrid identity environments
- Strong automation and scripting skills (PowerShell, Python, APIs)
- Experience supporting audits using automated evidence and reporting
- Ability to operate as a senior engineer, providing technical leadership
Desired skills
- Experience using ServiceNow and/or Jira to automate privileged access workflows
- Broader knowledge of IAM, IGA, Zero Trust, or identity security domains
- Experience working with DevOps teams, including securing pipelines and secrets
- Bachelor’s degree in Computer Science, Engineering, Mathematics, or related discipline; or equivalent experience
- Relevant certifications (e.g. CyberArk, SailPoint, Microsoft Security, Cloud Security)
- Strong communication and stakeholder management skills
- Customer‑focused mindset, balancing security with business usability
- Demonstrated growth mindset, passionate about continuous learning
- Experience mentoring or guiding other engineers
IT at AVEVA
Our global team of 300+ IT professionals is responsible for the systems and platforms that keep AVEVA running. By empowering our colleagues and ensuring the smooth operation of the company, we help keep the business healthy and productivity high. We also provide key support for the transformation and modernisation efforts globally.
We pride ourselves on a collaborative, inclusive and authentic culture that provides a framework allowing for autonomy, whilst always being available for support and guidance. We respect the differences that each team member brings and seek to include those perspectives in our solutions for our business functions. The energy and sense of purpose is evident when talking to team members, you will feel part of something special from the first day you join.
Find out more: https://www.aveva.com/en/about/careers/
UK Benefits include:
Flexible benefits fund, emergency leave days, adoption leave, 28 days annual leave (plus bank holidays), pension, life cover, private medical insurance, parental leave, education assistance program.
It’s possible we’re hiring for this position in multiple countries, in which case the above benefits apply to the primary location. Specific benefits vary by country, but our packages are similarly comprehensive.
Find out more: aveva.com/en/about/careers/benefits/
Hybrid working
We work in a hybrid way at AVEVA. Most roles are based at a local AVEVA office, with an expectation of being on-site 50% of your working hours to support collaboration and connection. Some positions are fully office-based depending on the nature of the work, and certain roles that support specific customers or markets may be remote. The working arrangement for this position will be confirmed during the hiring process.
Hiring process
Interested? Great! Get started by submitting your cover letter and CV through our application portal. AVEVA is committed to recruiting and retaining people with disabilities. Please let us know in advance if you need reasonable support during your application process.
Find out more: aveva.com/en/about/careers/hiring-process
About AVEVA
AVEVA is a global leader in industrial software with more than 6,500 employees in over 40 countries. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life – such as energy, infrastructure, chemicals, and minerals – safely, efficiently, and more sustainably.
We are committed to embedding sustainability and inclusion into our operations, our culture, and our core business strategy. Learn more about how we are progressing against our ambitious 2030 targets: sustainability-report.aveva.com/
Find out more: aveva.com/en/about/careers/
AVEVA requires all successful applicants to undergo and pass a drug screening and comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may, subject to those laws, include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check. Certain positions dealing with sensitive and/or third-party personal data may involve additional background check criteria.
AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business. AVEVA provides reasonable accommodation to applicants with disabilities where appropriate. If you need reasonable accommodation for any part of the application and hiring process, please notify your recruiter. Determinations on requests for reasonable accommodation will be made on a case-by-case basis.
