Cyber Security Analyst, Identity

In this role, you will help ensure that Heathrow’s Identity & Access Management approach is securely designed, effectively managed, and aligned with the highest cyber security principles. You’ll bring a strong understanding of identity governance, user access lifecycle management, directory services, and privileged access management, ensuring our systems meet both industry standards and regulatory requirements.

• Identity Lifecycle Management – Reviewing and automating joiner-mover-leaver (JML) processes, enforcing RBAC, and integrating identities with cloud and third-party services.
• Authentication Controls – Verifying SSO, directory-services, and MFA configurations across all internal and external applications.
• Secure Auth Design & Troubleshooting – Advising on secure authentication flows and investigating authentication failures or access anomalies.
• Access Governance Oversight – Running periodic access reviews, analysing entitlements for toxic combinations, and ensuring least-privilege and segregation-of-duties.
• Access Policy & Reporting – Maintaining access policies, approval workflows, and supplying timely logs and evidence for audits and regulatory reporting.
• PAM Platform Configuration – Aligning the privileged-access-management platform with industry best practice and integrating it with wider security tooling.
• Privileged Access Assurance & Incident Support – Reviewing privileged assignments, monitoring privileged activity, and supporting cyber-incident investigations.
• Identity Analytics & Monitoring – Leveraging SIEM, building playbooks, dashboards, and KPIs to detect anomalous identity behaviour and drive continuous improvement.
• Threat-Hunting & CDC Support – Using identity data for threat hunting and assisting the Cyber Defence Centre in triaging identity-related incidents.
• Documentation, Collaboration & Continuous Improvement – Maintaining IDAM standards, contributing to projects and upgrades, staying current with trends, and participating in audits and risk assessments.

• Strong experience specialising in identity and access management, including hands-on experience with identity platforms (Azure AD, Entra, Defender for Identity, BeyondTrust). 
• Strong understanding of identity lifecycle, RBAC, and access control models.
• Familiarity with cloud environments from an IDAM perspective.
• Experience in ensuring compliance with industry standards and regulations related to identity security (e.g., NIST, ISO 27001, PCI-DSS, GDPR).
• Strong knowledge of identity governance, authentication protocols (SAML, OAuth, OpenID Connect), and directory services (AD, Azure AD).
• Hands-on experience with identity-related security audits, access reviews, and compliance requirements.
• Proven ability to analyse and interpret access data, logs, and entitlements to identify security risks.
• Understanding of Zero Trust architecture and principles as applied to IDAM.
• Familiarity with identity analytics tools and SIEM solutions for correlating IDAM events (e.g., Sentinel).

Ideally, you’ll have: 

• Experience participating in internal and external audits, including evidence gathering and control walkthroughs.
• Experience of working with PAM technologies (e.g. BeyondTrust)
• Experience working with ITSM platforms like ServiceNow to manage access workflows and incidents.
• Understanding of the security challenges within regulated industries.