Lead Specialist Engineer - Modern Identity
Job summary
The CDO Directorate provides business-critical systems and services to UKHSA business users at all locations at which UKHSA staff work. Information Communication Technology (ICT) has primary responsibility for technical infrastructure and the corporate services running upon it. ICT has staff at a number of locations throughout UKHSA.
We are currently looking for two Lead Specialist Engineers - Modern Identity to join the Tech Services team.
Main duties of the job
- Deliver subject matter expertise in Identity and Access management (IAM), ensuring delivery of business requirements.
- Manage and monitor systems associated to IAM, Privileged Access Management (PAM), Single Sign-On (SSO)/Federation and Multi-factor Authentication (MFA). Provide proposals for improvement to aforementioned services through reviewing operational performance.
- Investigate and provide accurate responses to requests for support.
- Ensure all work is carried out and documented in accordance with required standards, methods and procedures.
- Enforce security policies and support existing systems in accordance with policies, standards, guidelines, and procedures.
- Participate in the evaluation, design, development, and implementation of IAM solutions to enhance information systems security and prevent the unauthorized use, release, modification, or destruction of data.
- Identifies areas of potential security enhancement whilst maintaining an excellent end user working experience.
More duties to follow in Detailed job description and main responsibilities.
About us
We pride ourselves as being an employer of choice, where Everyone Matters promoting equality of opportunity to actively encourage applications from everyone, including groups currently underrepresented in our workforce.
UKHSA ethos is to be an inclusive organisation for all our staff and stakeholders. To create, nurture and sustain an inclusive culture, where differences drive innovative solutions to meet the needs of our workforce and wider communities. We do this through celebrating and protecting differences by removing barriers and promoting equity and equality of opportunity for all.
Please visit our careers site for more information https://gov.uk/ukhsa/careers
Job description
Job responsibilities
As part of our Identity Management team, as a senior member, you will get the opportunity to work on vital projects with a wide range of responsibilities. You will work within specified technical specialties and provide technical expertise in the configuration, implementation and automation of relevant applications. You should expect to be involved in a wide range of challenging engagements, from strategy roll-out, to large scale Modern Identity transformations, to controls review.
Daily Operational Duties
- Incident and Request management via ITSM suite.
- Management and Monitoring of key UKHSA IAM services:
- Certificate \ PKI lifecycle
- Entra ID Privileged Access Management
- Azure Enterprise Applications onboarding and lifecycle
- SCIM Provisioning and SSO Alignment
- Active Directory Domain services, Identity, DNS, GPO etc
- Amazon Web Services Identity related components
- Microsoft Defender for Identity and Server Endpoints
- Ongoing alignment of services to best practices with Cyber Security.
Communication and Key Working Relationships
Internal
- Other ICT engineers at all levels
- Colleagues in the Technology Department
- Customers within UKHSA at all levels
- UKHSA Senior Managers and Executive
- Application managers and developers in other UKHSA directorates
External
- Relevant suppliers of hardware, software and services
- Maintenance organisations
- External customers as appropriate and as directed by line manager
Professional Development
You should pursue a programme of continuous professional development in accordance with any relevant professional registration or statutory requirements, while maintaining appropriate awareness of service provider requirements.
The above is not an exhaustive list, and is only an outline of the core components, tasks and outcomes required of the role. You will carry out any other duties as may reasonably be required by your line manager.
The job description and person specification may also be reviewed on an ongoing basis in accordance with the changing needs of the division and the UKHSA.
Essential Criteria
- Strong hands-on experience with cloud-based Microsoft identity services, including and not limited to, authentication and authorization, conditional access, enterprise application management, defender for identity and identity lifecycle.
- Experience with core on-premises identity services with hybrid configuration, including and not limited to Active Directory Domain services, DNS, Group Policy and Certificate Services.
- Solid understanding of networking concepts, protocols, and security best practices.
- Proven ability to diagnose and resolve complex technical issues.
- Effective communication skills, both written and verbal.
- Strong analytical and problem-solving capabilities.
Desirable Criteria
- Experience of Amazon Web Services Identity Solutions.
- Experience in building and maintaining access management systems with non-Microsoft technologies such as FreeIPA, OpenAM, AWS Cognito or other OpenID connect, Oauth or SAML services providers.
- Experience of Automation related to identity services, including the use of infrastructure as code (IAC) and PowerShell.
- Knowledge of cloud-based security models and services.
- Familiarity with ITIL processes for incident, change, and problem management.
Selection Process Details
This vacancy is using Success Profiles and will assess your Behaviours and Experience, Technical Skills and Ability.
Success Profiles - GOV.UK
Application & Sift
At sift stage you will be assessed against the 6 Essential Criteria listed in this job advert.
You will be required to complete an:
- Application form (Employer/ Activity history section on the application)
- Up to 750 word supporting statement
This should outline how your skills, abilities, experience and knowledge provide evidence of your suitability for the role, with reference to the Essential Criteria listed in this job advert.
You will receive a joint score for your application form and statement. The application form is the kind of information you would put into your CV please be advised you will not be able to upload your CV. Please complete the application form in as much detail as possible.Please do not email us your CV.
Healthjobs UK has a word limit of 1,500 but your supporting statement must be no more than 750 words.We will not consider any words over 750.
Longlisting
In the event of a large number of applications, we may longlist into 3 piles of:
- Meets all Essential Criteria
- Meets some Essential Criteria
- Meets no Essential Criteria
Only those that 'Meets all Essential Criteria' will progress to Shortlisting.
Shortlisting
In the event of a large number of applications, we may conduct an initial sift on the following 2 Essential Criteria:
- Strong hands-on experience with cloud-based Microsoft identity services, including and not limited to, authentication and authorization, conditional access, enterprise application management, defender for identity and identity lifecycle.
- Experienced with core on-premises identity services with hybrid configuration, including and not limited to Active Directory Domain services, DNS, Group Policy and Certificate Services.
Desirable criteria may be used in the event of a large number of applications/successful candidates.
If you are successful at this stage, you will progress to interview.
Feedback will not be provided at this stage.
Interview
You will be invited to a remote interview.
Interview dates to be confirmed.
Behaviours and Experience, Technical Skills and Ability will be assessed at interview.
The Behaviours and Experience being assessed during the interview will be as follows:
- Working Together - Lead Behaviour
- Managing a Quality Service
- Making Effective Decisions
Technical Skills and Ability will be evaluated through technical questions given during the interview.
Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.
Eligibility Criteria
Open to all external applicants (anyone) from outside the Civil Service (including by definition internal applicants).
Salary Details
Grade: SEO
SEO Inner: £46,310 - £52,113SEO Outer: £44,148 - £50,121SEO National: £41,983 - £48,128
Per annum, pro rata.
This role attracts a Market Pay Supplement (MPS) of up to £5,000 which will be awarded based on capability assessment.
If you are successful at interview, and are moving from another government department, NHS, or Local Authority, the relevant starting salary principles for level transfers or promotions will apply. Otherwise, roles are offered at the pay scale minimum for the grade, but in exceptional circumstances there may be flexibility if you are able to demonstrate you are already in receipt of an existing, higher salary. Pay increases are through the relevant annual pay award for the role and terms.
Location
This role is being offered as hybrid working based at any of our core HQ Offices in Birmingham, Leeds, Liverpool and London/Canary Wharf and at any of our Scientific Campus' in Chilton, Porton or Colindale/London.
We offer great flexible working opportunities at UKHSA and operate using a hybrid working model where business needs allow. This provides us with greater flexibility about how and where we work, to get the best from our workforce. As a hybrid worker, you will be expected to spend a minimum of 60% of your contractual working hours (approximately 3 days a week pro rata, (averaged over a month) working at our office. Our core HQ offices are modern and newly refurbished with excellent city centre transport links and benefit from co-location with other government departments such as the Department for Health and Social Care (DHSC).
Security Clearance Level Requirement
Successful candidates must pass a basic disclosure and barring security check before they can be appointed.
For meaningful National Security Vetting checks to be carried out individuals need to have lived in the UK for a sufficient period of time. You should normally have been resident in the United Kingdom for the last 5 years as the role requires Security Check (SC). UK residency less than the outlined periods may not necessarily bar you from gaining national security vetting and applicants should contact the Vacancy Holder/Recruiting Manager listed in the advert for further advice.
Person Specification
Application form and supporting statement
- Application form and supporting statement
Interview - Behaviours
- Working Together - Lead Behaviour
- Making Effective Decisions
- Managing a Quality Service
Interview - Questions
- Technical skills and abilities
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Certificate of Sponsorship
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website.
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants.
Employer details
Employer name
UK Health Security Agency
Address
Core Offices and Scientific Campuses
London
NW9 5EQ
Employer's website
https://www.gov.uk/government/organisations/uk-health-security-agency