Identity and Access Engineer

Role OVO-View

Team: Attack Surface Management (Cyber Defence)

Salary banding: £52,000 - £82,000

Experience: Experienced

Working pattern: Full-Time

Reporting to: Senior Security Engineering Manager

Sponsorship: Unfortunately we are unable to offer sponsorship for this role.

This role in 3 words: Secure Frictionless Access

Top 3 qualities for this role: Passionate, Collaborative, Detailed

In the words of the team, you should leave your current role for this one because….

“Our Attack Surface Management squad has the primary responsibility of managing OVO’s attack surface, continuously monitoring for opportunities attackers might exploit to compromise OVO’s systems and data. Our colleagues depend on us to discover gaps in OVO’s information security management system, identify operational improvements to fix security exposure efficiently, and prevent them occurring again.  In this team and the fast-paced Cloud Native engineering and SaaS environments we help secure, we recognise identity is an incredibly complex Attack Surface. You will help engineer a seamless, secure identity journey for all identities within OVO to maximise the strength of identity protection for our people and technologies delivering Plan Zero.”

Where you’ll work:

At OVO, we understand that a one size fits all approach doesn’t work for everyone. That’s why we created the OVO Way of Flexibility.

All our roles are hub based (Bristol, Glasgow or London), providing a dedicated space for collaboration, connection and teamwork. You’ll also have the flexibility to work from home.

Everyone belongs at OVO

At OVO, we are on a mission to solve one of humanity's biggest challenges, the climate crisis. And we know it takes all of us to change the world. That's why we need diverse people from all abilities, gender identities, ethnicities, ages, sexual orientations, life experiences and backgrounds to join us.

Teamworking for the planet

Everything we do here spins around Plan Zero. So, naturally, the team you’ll be joining plays a gigantic role in making that happen. Here’s how:

We’re hiring creators, challengers and coaches. Every role we’re hiring puts people at the heart of our security strategy and uses technology and operational processes to build a resilient and performant business. The Path to Zero is paved with secure technologies and operations!

This role in a nutshell:

Our colleagues depend on us to deliver a rich, safe digital experience that is also a hard target for cyber threats. OVO has scaled rapidly in recent years - our processes and platforms need to meet and exceed those scaled demands. You’ll lead projects to implement best practice across the identity journey such as implementation and automated monitoring of security controls, ingestion and analysis of logs, and providing documentation and governance to OVO staff around Identity Protection. You’ll be given challenging tasks, and you will take ownership and responsibility for driving them forwards.

Your key outcomes will be:

• Enhance the security of the identity journey of all identities for OVO systems and staff across the technology estate by security control implementation, monitoring and management.
• Reveal hidden and unintended relationships within and across identity platforms 
• Utilise identity tooling and define processes based on your expertise to reduce organisational risk and improve compliance of identity hygiene.
• Work collaboratively with other teams to proactively assist in providing guidance, expertise, and response to identity issues and security gaps.

Systems: Familiarity working with the following technologies and platforms would be advantageous (but is not required):

• Identity and Access Management and Privileged Access Management platforms (e.g., Okta)
• Identity Providers (e.g., Google, EntraID, and AD)
• Identity Attack Tree enumeration and testing knowledge (e.g. Bloodhound)
• GCP mainly, but also AWS and Azure native security, posture, and compliance monitoring
• Automation and/or scripting experience (e.g., Tines, Powershell, Bash)
• REST APIs and Restful Principles
• Cloud Native Application Protection and Cloud Security Posture Management with an identity focus (e.g. Wiz)
• Secure Credential Policies and Rotation with Associated Tooling (e.g., KMS, Vault).
• Web Application Firewall and Zero Trust Solutions (e.g. Cloudflare, BeyondCorps, Identity-aware Proxy)
• Detection and Response Tooling (e.g., SIEM)
• Issue and Project Tracking (Jira)
• Cyber Asset and Attack Surface Management
• GRC platforms (e.g. Hyperproof)

You’ll be a successful Identity and Access Engineer (Security) at OVO if you…

• Are a challenger: you embrace failure as an opportunity to learn and do not shy away from difficult conversations in order to drive identity protection best practice and standardise. You are a champion for maximising the use of data and automation to enhance the identity lifecycle and monitoring alongside effective outcomes.
• Are a creator: you are an engineer with a bias for action, able to effectively problem-solve security gaps and weaknesses in the identity journey. You will be able to think outside the box to come up with alternative solutions to the norm when fixing problems. You will have a strong understanding of securing both human and non-human accounts and relevant security controls and tools to enhance identity protection.
• Are a communicator and coach: you are committed to ongoing personal and team development, for example evangelising a secure and safe identity experience with clear and direct written and verbal communication. You will be able to take technical concepts and reframe them so that different audiences can understand them.

Let’s talk about what’s in it for you

We’ll pay you between £52,000 and £82,000, depending on your specific skills and experience. 

We keep our pay ranges broad on purpose to give us, and you, flexibility to match your experience to our zero carbon mission.

You’ll be eligible for an on-target bonus of 15%. We have one OVO bonus plan that focuses on the collective performance of our people to deliver our Plan Zero goal. 

We also offer plenty of green benefits and progressive policies to help you feel like you belong at OVO…and there’s flex pay. We'll give you 9% Flex Pay on top of your salary – 4% of this is auto enrolled into your pension, and the remaining 5% is yours to do what you like with. You can use this to buy from our extensive range of flexible benefits, including our green benefits which we've put at the heart of our offering, add to your pension or even take it as cash.

Here’s a taster of what’s on offer: 

For starters, you’ll get 34 days of holiday (including bank holidays).

For your health
With benefits like a healthcare cash plan or private medical insurance depending on your career level, critical illness cover, life assurance, health assessments, and more

For your wellbeing
With gym membership, travel insurance, workplace ISA, will writing services, dental insurance, and more

For your lifestyle
With extra holiday buying, discount dining, home & tech loans, and supporting your favourite charities with give-as-you-earn donations

For your home 
Get up to £400 towards any OVO Energy plan, plus great discounts on solar, smart thermostats and EV chargers

For your commute
Nab a great deal on ultra-low emission car leasing, plus our cycle to work scheme and public transport season ticket loans

Want to hear about our full range of flexible benefits and progressive people policies? Our People Team can tell you everything you need to know.

For your Belonging

To find better ways to support our people, we need to listen to each other’s experiences and find ways to build a truly inclusive and diverse workplace. As part of this, we have 8 Belonging Networks at OVO. Led by our people, for our people - so when you join OVO, you can play a part - big or small - with any of the Networks. It's up to you.

Oh, and one last thing...

We’d be thrilled if you tick off all our boxes yet we also believe it’s just as important we tick off all of yours. And if you think you have most of what we’re looking for but not every single thing, go ahead and hit apply. We’d still love to hear from you! If you have any additional requirements, there’s a space to let us know on the application form; we want to make the process as easy and comfortable for you as possible..