MFA Technical Engineer Role (Solid IAM and MFA experience)

MFA Technical Engineer Role ( Solid IAM and MFA experience)

The role is for a MFA Technical Engineer with significant experience in delivery projects into large organisations with many stakeholders. The successful candidates must therefore have strong social skills across different mediums and ability to communicate a vision based on developing technology. The successful candidate will have a strong general technical background with hands on experience delivering IAM and infrastructure projects.

Inside IR35 - Based in Sheffield 2-3 day a week - non-negotiable

Key responsibilities

• Engineer and support MFA solutions across enterprise identity platforms (eg, Azure AD/Entra ID, iSeries, ADFS, etc).
• Deliver authentication patterns: OIDC/OAuth2, SAML2, Kerberos/LDAP, session management, token lifecycle.
• Integrate apps with enterprise IAM/SSO platforms (AD, ADLDS, ADFS, Entra).
• Integrate MFA with applications using standards and protocols (SAML 2.0, OAuth 2.0, OpenID Connect, RADIUS, LDAP).
• Strong understanding of authentication vs authorisation, identity lifecycle, and trust boundaries.
• Implement and maintain authentication policies (conditional access, step-up authentication, risk-based controls, device posture).
• Manage MFA factors and lifecycle: push, OTP, FIDO2/WebAuthn, hardware tokens, SMS/voice (where permitted), backup codes, recovery flows.
• Monitor service health and security events; tune alerting and dashboards.
• Troubleshoot complex authentication issues (SSO/MFA failures, token/certificate issues, clock drift, network/proxy constraints).
• Partner with IAM, Cyber Security, Architecture, and application teams to deliver secure-by-design integrations.
• Strong understanding of authentication vs authorisation, identity lifecycle, and trust boundaries.
• Produce and maintain technical documentation, runbooks, and knowledge articles; contribute to operational readiness
• Support audits and control testing; evidence compliance with security and regulatory requirements. Participate in on-call/incident response, problem management, and continuous improvement.

Essential Skills

• Knowledge of Multi-Factor Authentication/Passwordless Authentication technology is required.
• Strong hands-on experience with federated protocols (OIDC/OAuth2/SAML).
• Experience with at least one IdP platform and troubleshooting tools.
• Strong understanding of authentication vs authorisation, identity lifecycle, and trust boundaries.
• Support PoC/Pilot testing and planning for rollout for new authentication patterns.
• Work with Architecture on production infrastructure design.
• Present at stakeholder forums to provide updates on the project deliverables and achievements. Is technically versed on modern authentication protocols and can have technical discussion to support issues identified during implementations.
• Conduct reviews with service owners to complete/review technology assessments to determine suitable approach. Plan and support IAM Authentication implementation.
• Familiar with JIRA/Confluence and can support our journey to use these tools better. Hands-on experience engineering MFA/SSO within an enterprise IAM environment.
• Working knowledge of PKI, certificates, TLS, and key management concepts. Experience operating production services: monitoring, incident management, change/release processes.

Desirable Skills

• Previous experience of working in financial services, ideally HSBC experience. EntraID/AzureAD experience.
• Scripting/automation skills (PowerShell and/or Python) and familiarity with APIs.
• Experience with FIDO2/WebAuthn and phishing-resistant MFA rollouts. Knowledge of Zero Trust and adaptive/risk-based authentication.
• Familiarity with privileged access controls (PAM) and strong authentication for admin workflows.
• Cloud identity experience (Azure/AWS/GCP) and hybrid identity (AD, ADFS).
• ITIL practices and experience in regulated environments (financial services).
• Understanding of regulatory/security expectations (least privilege, auditability).

Qualifications

Degree in Computer Science, Engineering, Cyber Security, or equivalent experience.

Security/IAM certifications are a plus (eg, Microsoft Identity, Okta/Ping certs, CISSP/SSCP, GIAC-role dependent).