Senior IAM Engineer

About Allica Bank

Allica is the UK’s fastest growing company - and the fastest-growing financial technology (Fintech) firm ever. Our purpose is to help established SMEs, one of the last major underserved opportunities in Fintech.

Established SMEs are the backbone of local communities - representing over a third of our economy - yet have been largely neglected both by traditional high street banks and modern fintech providers.

Department Description

The Allica Security team play a key role in protecting the bank and are responsible for all aspects of security surrounding Applications, Infrastructure and Security Operational Policy. Our mission is to provide the best-in-class security to protect the bank. We live and breathe the Allica values and deliver services intelligently using automation, intelligence, and innovation.

Role Description

We are looking for an experienced Identity and Access Management SME to join our security team to help reduce security risks by improving IAM infrastructure and controls. The person we are looking for would work closely with the engineering teams and will require a mix of technical knowledge and collaborative skills.

As part of the Information Security team, you will be supporting Allica’s fast growth momentum with the design, implementation and maintenance of the tools which help to support out internal employees, as well as Allica’s customers. You will work with stakeholders across the business to support Information Security objectives, as well as those related to the wider bank.

Principal Accountabilities

• Operate and maintain the identity platform – Ensure continuous, secure operation of PingFederate, PingAccess, PingDirectory and PingOne MFA across two Azure regions, achieving a minimum 99.95 percent service availability.

• Architect and deliver integrations – Define, document and govern reusable patterns for OIDC/OAuth 2.0, SAML 2.0, SCIM, FIDO2/WebAuthn and mTLS to support customer-facing applications, APIs and third-party SaaS.

• Automate infrastructure and configuration – Implement infrastructure-as-code (Terraform) and Git-based CI/CD pipelines; enforce zero-touch certificate and secret management via Azure Key Vault.

• Execute hardening and lifecycle management – Plan, test and deploy product upgrades, schema modifications and security patches, maintaining the estate at N-1 or later for all Ping components.

• Design, perform regular chaos and fail-over exercises, and maintain disaster-recovery artefacts that meet stated RTO/RPO targets.

• Provide observability and incident response – Develop telemetry dashboards configure actionable alerts and lead incident triage with Security Operations and Incident response team.

• Produce documentation and knowledge transfer – Maintain comprehensive runbooks, architecture artefacts and compliance evidence, mentor platform and development teams in secure integration practices.

Attributes

• Specialised Ping expertise – Minimum five years’ production experience administering and upgrading PingFederate, PingAccess and PingDirectory in multi-region environments.

• Microsoft Entra proficiency – Demonstrable capability with Conditional Access, Identity Governance, External ID and Graph-based automation.

• Protocol depth – Advanced knowledge of OAuth 2.0/OIDC, SAML 2.0, SCIM, LDAP, mTLS and FIDO2/WebAuthn, including packet-level troubleshooting.

• Infrastructure-as-code discipline – Proven use of Terraform or Bicep, with CI/CD pipelines in Azure DevOps or GitHub Actions, and scripting fluency in PowerShell, Bash or Python.

• Security and regulatory acumen – Working understanding of PSD2/Open Banking, PCI-DSS, ISO 27001, PRA/FCA operational-resilience expectations and NIST 800-207 zero-trust principles.

• Having expertise in SailPoint would be a valuable addition, particularly given its relevance to current and upcoming IAM-related initiatives.

• Reliability engineering mindset – Experience defining SLOs, managing error budgets, conducting chaos engineering and producing rigorous root-cause analyses.

• Analytical and sceptical approach – Ability to challenge architectural assumptions, facilitate threat-modelling workshops and substantiate recommendations with empirical data.

• Exceptional communication skills – Adept at translating complex identity concepts for technical and executive audiences and influencing stakeholders across the organisation.

• Commitment to continuous improvement – Evidenced engagement with the Ping and broader IAM community, proactive adoption of emerging features and tools that materially enhance security or efficiency.

Working at Allica Bank

At Allica Bank we want to ensure our employees have the right tools and environment in which to succeed in their role and in support of our customers.

Our employees are at the heart of everything we do, so our benefits are designed with you in mind:

• Full onboarding support and continued development opportunities

• Options for flexible working

• Regular social activities

• Pension contributions

• Discretionary bonus scheme

• Private health cover

• Life assurance

• Family friendly policies including enhanced Maternity & Paternity leave

Don’t tick every box?

Don’t worry if you don’t have all the skills or requirements listed on the job description. If you think you’ll be a good fit, we’d still love to hear from you!

Flexible working

We know the ‘9-to-5’ isn’t right for everyone. That’s why Allica Bank is fully committed to flexible and hybrid working. Please let us know what is best for you and, if we can, we will do our best to accommodate.

Diversity

We’re a diverse bunch here at Allica, with all kinds of experiences, backgrounds and lifestyles. Our openness and differences make us stronger, and we want everybody to feel comfortable bringing as much of themselves to work with them as they like.