Reporting to the Senior Manager of Cyber Engineering & Architecture, the Identity Security Engineer will be a core member of the engineering team, responsible for the governance and continuous improvement of the Aer Lingus’ identity security posture (which includes privileged access). This hands‑on role supports delivery of identity security standards, secure‑by‑design architectures, identity lifecycle management, access controls and processes.

The role will work closely with cross-functional teams in Cyber, technology and applications, to implement identity controls and process governance, automation for identity lifecycle processes, management and oversight of our identity security posture and the health of underlying identity platforms. Responsibilities to include:

• Support ownership of identity & privileged security policies, standards and architecture patterns across AD, Entra and IGA services.
• Implement and maintain identity lifecycle workflows and governance processes (joiners/movers/leavers, access requests, access reviews) leveraging SailPoint.
• Support implementation of a privileged access platform, and the development of privileged access controls as part of identity services, including governance and lifecycle processes.
• Engineer continuous improvements of identity security controls, PAM and IAM lifecycle processes, enabling self-service and scalable services through automation
• Deliver identity posture monitoring, and ongoing improvements of identity security controls.
• Provide SME support for identity-related security incidents and investigations, contributing to containment and remediation activities.
• Support the building of identity metrics and dashboards, for centralised oversight of identity security controls coverage, effectiveness and risks.
• Collaborate with application and platform teams to embed secure-by-design identity patterns (authentication, authorisation, RBAC, least privilege).
• Maintain documentation and blueprints for identity security standards and processes, including configuration management of the identity security platforms.
• Contribute to cross‑domain security architecture reviews.
• Partner with Cyber Defence ensuring appropriate identity telemetry is being monitored.
• Support cyber alignment with compliance requirements & regulations.
• Provide direction and oversight to third party providers that are supporting and operating identity services and platforms.

• Minimum of 10 years’ industry experience with at least 5 years in identity management or identity security engineering roles.
• Hands‑on experience with Active Directory and/or Entra in an enterprise environment.
• Hands‑on experience designing, implementing and governing identity lifecycle and access lifecycle processes using an IGA platform 
• Experience designing & implementing privileged access management controls and processes
• Experience working with stakeholders to implement access governance and least privilege controls.
• Relevant certifications e.g., Microsoft identity/security, CISSP/CISM/CIAM/CRISC
• Strong understanding of IAM principles including zero trust, least privilege, RBAC, access reviews/certifications, segregation of duties concepts and lifecycle governance.
• Ability to define secure identity architecture patterns and translate them into practical standards and blueprints.
• Ability to implement identity standards and controls consistently and document outcomes.
• Strong analytical and troubleshooting skills for identity and access issues.
• Good communication and collaboration skills across technology, cyber and business teams.
• Engineering experience with Identity Protection, IAM, and governance e.g. SailPoint, CyberArk, BeyondTrust, MS Defender for Identity, Crowdstrike Identity, SilverFort
• Scripting/automation exposure (e.g., PowerShell) to improve identity governance processes.
• Experience with identity threat detection concepts and integration with SOC monitoring.
• Experience with non‑human identity governance patterns and modern authentication protocols.