Skip to main content
99 years and 349 days since the five-day weekRead the story
Posted about 7 hours ago
Sainsbury's logo
Sainsbury's

IAM Engineer

4 x 10hr daysHybrid · London, UK

IAM Engineer (Identity and Access Management)

400057178

FULL_TIME

Other

Permanent

London Store Support Centre and Home, Sainsbury's Supermarkets Ltd 33 Charterhouse Street, London Greater London, EC1M 6HA

Competitive Plus Benefits

<p><span>We’d all like amazing work to do, and real work-life balance. That’s waiting for you at Sainsbury’s. Think about the scale it takes for us to feed the nation. The level of data, transactions and variety it involves. Then you’ll realise that ours is a modern software engineering environment because it has to be. We’ve made serious investment into a Tech Academy and into setting standards and principles. We iterate, learn, experiment and push ways of working such as Agile, Scrum and XP. So you can look forward to awesome opportunities in everything from AI to reusable tech.</span></p> <p><strong><u>Identity and Access Management Engineer</u></strong></p> <p><strong>Essential Criteria</strong></p> <p>· Practical experience in Identity & Access Management (IAM) principles including authentication, authorisation, Access control models (RBAC / ABAC / PBAC), identity lifecycle management (Joiners / Movers / Leavers) and an awareness of Zero Trust.</p> <p>· Working knowledge of AI-driven or data-led initiatives within IAM or cybersecurity, with an understanding of how analytics can support identity security and governance.</p> <p>· Ability to analyse identity telemetry (audit logs, sign-in logs, access data) to support investigations, identify trends, and contribute to operational and security improvements.</p> <p>· Hands-on experience with Microsoft Entra ID (Azure AD), including:</p> <p>o User and group management (static and dynamic groups)</p> <p>o Role assignments, service principals, and application registrations</p> <p>o Familiarity with tenants, directories, objects, and attribute structures</p> <p>o Supporting Conditional Access, SSPR, MFA, and passwordless authentication (e.g. Windows Hello for Business, FIDO2)</p> <p>o Identity governance activities including Access reviews, Entitlement Management and access control models.</p> <p>o MS and 3rd party Agentic AI agents governance and lifecycle management.</p> <p>· Engineering experience in Active Directory:</p> <p>o User and group management, OU structures, Group Policy Objects (GPOs)</p> <p>o Basic LDAP knowledge</p> <p>o Understanding of Hybrid identity integration (Azure AD Connect / Cloud Sync)</p> <p>o Awareness of AD tiering concepts and disaster recovery principles</p> <p>· Experience working with Identity Governance tooling such as Saviynt / SailPoint or any other similar product.</p> <p>· Ability to define AI or identity-analytics use cases, particularly in areas such as identity governance, lifecycle management, and access risk reduction.</p> <p>· Awareness of the identity threat landscape and an understanding of how analytics or AI techniques can help detect and reduce identity‑based risks.</p> <p>· Ability to work with the Engineering Manager, Product Manager, Stakeholders and senior engineers to deliver technical tasks and milestones aligned to agreed IAM roadmaps.</p> <p>· Proven ability to work collaboratively with IT teams, product teams, security operations, and service partners to support secure IAM delivery and protect colleague and customer data.</p> <p>· Exhibit excellent communication and presentation skills, able to convey complex issues and findings clearly and effectively.</p> <p>· Demonstrates a strong technical and delivery focussed mindset, able to follow designs, apply sound engineering practices, and contribute to secure, scalable IAM solutions.</p> <p>· Shows a commitment to continuous learning, staying current with identity, security, and AI developments, and applying new knowledge to improve IAM services.</p> <p>&nbsp;</p> <p>&nbsp;</p> <p><strong>Additional Criteria</strong></p> <p>· Understanding of AI and machine learning concepts to analyse identity-related data (e.g. sign-in logs, access patterns, usage trends)</p> <p>· Awareness of AI-assisted automation use cases within IAM:</p> <p>o Access or sign‑in anomaly detection</p> <p>o Risk-based access decisions</p> <p>o Intelligent access reviews or entitlement recommendations</p> <p>· Experience or familiarity with Microsoft security and analytics tools (e.g. Entra ID logs, Azure Monitor, Log Analytics, Sentinel).</p> <p>· Awareness of ethical AI and responsible use of AI, especially in security-sensitive and personal-data contexts.</p> <p>· Exposure to Privileged Access Management (PAM) solutions and role-based privileged access (hands-on experience beneficial but not essential)</p> <p>· Understanding data governance, data quality, and information security principles, particularly where AI models consume identity data.</p> <p>· Relevant professional certifications (or actively working towards), such as:</p> <p>o Microsoft Identity or Security certifications</p> <p>o AI / data analytics certifications</p> <p>o CISSP, CISM, or equivalent (desirable)</p> <p>&nbsp;</p> <p><span>We are committed to being a truly inclusive retailer, so you’ll be welcomed whoever you are and wherever you work. Around here, there’s always the chance to try something new&nbsp;</span><span>-&nbsp;</span><span>whether that’s as part of an evolving team or somewhere else across the business - and we take development seriously and promise to support you. We also recognise and celebrate colleagues when they go the extra mile and, where possible, offer flexible working. When you join our team, we’ll also offer you an amazing range of benefits. Here are some of them:<br> &nbsp;<br> &nbsp;Starting off with colleague discount, you'll be able to get 10% off at Sainsbury's, Argos, TU and Habitat after 4 weeks. This increases to 15% off at Sainsbury’s every Friday and Saturday and 15% off at Argos every pay day. We've also got you covered for your future with our pensions scheme and life cover. You'll also be able to share in our success as you may be eligible for a performance-related bonus of up to 10% of salary, depending on how we perform. &nbsp;<br> &nbsp;<br> &nbsp;Your wellbeing is important to us too. You'll receive an annual holiday allowance, and you can buy additional holiday. We also offer other benefits that will help your money go further such as season ticket loans, cycle to work scheme, health cash plans, pay advance (where you can access some of your pay before pay day) as well access to a great range of discounts from hundreds of other retailers. And if you ever need it there is also an employee assistance programme.<br> &nbsp;<br> &nbsp;Moments that matter are as important to us as they are to you which is why we give up to 26 weeks’ pay for maternity or adoption leave and up to 4 weeks’ pay for paternity leave.&nbsp;<br> &nbsp;<br> &nbsp;Please see www.sainsburys.jobs for a range of our benefits (note, length of service and eligibility criteria may apply).</span></p>

2026-04-14 15:02:29

https://hdhe.fa.em3.oraclecloud.com/hcmUI/CandidateExperience/en/sites/CX/jobs/preview/400057178/apply/email?mode=location

Back to search

IAM Engineer (Identity and Access Management)

Salary: Competitive Plus Benefits Location: London Store Support Centre and Home, London, EC1M 6HA Contract type: Permanent Business area: Sainsbury's Tech Closing date: 21 April 2026 Requisition ID: 400057178

We’d all like amazing work to do, and real work-life balance. That’s waiting for you at Sainsbury’s. Think about the scale it takes for us to feed the nation. The level of data, transactions and variety it involves. Then you’ll realise that ours is a modern software engineering environment because it has to be. We’ve made serious investment into a Tech Academy and into setting standards and principles. We iterate, learn, experiment and push ways of working such as Agile, Scrum and XP. So you can look forward to awesome opportunities in everything from AI to reusable tech.

Identity and Access Management Engineer

Essential Criteria

· Practical experience in Identity & Access Management (IAM) principles including authentication, authorisation, Access control models (RBAC / ABAC / PBAC), identity lifecycle management (Joiners / Movers / Leavers) and an awareness of Zero Trust.

· Working knowledge of AI-driven or data-led initiatives within IAM or cybersecurity, with an understanding of how analytics can support identity security and governance.

· Ability to analyse identity telemetry (audit logs, sign-in logs, access data) to support investigations, identify trends, and contribute to operational and security improvements.

· Hands-on experience with Microsoft Entra ID (Azure AD), including:

o User and group management (static and dynamic groups)

o Role assignments, service principals, and application registrations

o Familiarity with tenants, directories, objects, and attribute structures

o Supporting Conditional Access, SSPR, MFA, and passwordless authentication (e.g. Windows Hello for Business, FIDO2)

o Identity governance activities including Access reviews, Entitlement Management and access control models.

o MS and 3rd party Agentic AI agents governance and lifecycle management.

· Engineering experience in Active Directory:

o User and group management, OU structures, Group Policy Objects (GPOs)

o Basic LDAP knowledge

o Understanding of Hybrid identity integration (Azure AD Connect / Cloud Sync)

o Awareness of AD tiering concepts and disaster recovery principles

· Experience working with Identity Governance tooling such as Saviynt / SailPoint or any other similar product.

· Ability to define AI or identity-analytics use cases, particularly in areas such as identity governance, lifecycle management, and access risk reduction.

· Awareness of the identity threat landscape and an understanding of how analytics or AI techniques can help detect and reduce identity‑based risks.

· Ability to work with the Engineering Manager, Product Manager, Stakeholders and senior engineers to deliver technical tasks and milestones aligned to agreed IAM roadmaps.

· Proven ability to work collaboratively with IT teams, product teams, security operations, and service partners to support secure IAM delivery and protect colleague and customer data.

· Exhibit excellent communication and presentation skills, able to convey complex issues and findings clearly and effectively.

· Demonstrates a strong technical and delivery focussed mindset, able to follow designs, apply sound engineering practices, and contribute to secure, scalable IAM solutions.

· Shows a commitment to continuous learning, staying current with identity, security, and AI developments, and applying new knowledge to improve IAM services.

Additional Criteria

· Understanding of AI and machine learning concepts to analyse identity-related data (e.g. sign-in logs, access patterns, usage trends)

· Awareness of AI-assisted automation use cases within IAM:

o Access or sign‑in anomaly detection

o Risk-based access decisions

o Intelligent access reviews or entitlement recommendations

· Experience or familiarity with Microsoft security and analytics tools (e.g. Entra ID logs, Azure Monitor, Log Analytics, Sentinel).

· Awareness of ethical AI and responsible use of AI, especially in security-sensitive and personal-data contexts.

· Exposure to Privileged Access Management (PAM) solutions and role-based privileged access (hands-on experience beneficial but not essential)

· Understanding data governance, data quality, and information security principles, particularly where AI models consume identity data.

· Relevant professional certifications (or actively working towards), such as:

o Microsoft Identity or Security certifications

o AI / data analytics certifications

o CISSP, CISM, or equivalent (desirable)

We are committed to being a truly inclusive retailer, so you’ll be welcomed whoever you are and wherever you work. Around here, there’s always the chance to try something new - whether that’s as part of an evolving team or somewhere else across the business - and we take development seriously and promise to support you. We also recognise and celebrate colleagues when they go the extra mile and, where possible, offer flexible working. When you join our team, we’ll also offer you an amazing range of benefits. Here are some of them:

Starting off with colleague discount, you'll be able to get 10% off at Sainsbury's, Argos, TU and Habitat after 4 weeks. This increases to 15% off at Sainsbury’s every Friday and Saturday and 15% off at Argos every pay day. We've also got you covered for your future with our pensions scheme and life cover. You'll also be able to share in our success as you may be eligible for a performance-related bonus of up to 10% of salary, depending on how we perform.

Your wellbeing is important to us too. You'll receive an annual holiday allowance, and you can buy additional holiday. We also offer other benefits that will help your money go further such as season ticket loans, cycle to work scheme, health cash plans, pay advance (where you can access some of your pay before pay day) as well access to a great range of discounts from hundreds of other retailers. And if you ever need it there is also an employee assistance programme.

Moments that matter are as important to us as they are to you which is why we give up to 26 weeks’ pay for maternity or adoption leave and up to 4 weeks’ pay for paternity leave.

Please see www.sainsburys.jobs for a range of our benefits (note, length of service and eligibility criteria may apply).

Want to learn more about our teams?

Visit our teams page

back to top