Cyber Security Analyst, Identity

Together, we're working to welcome millions more passengers, while ensuring aviation can continue to be a force for good by leading global efforts in sustainability. At Heathrow, you can be part of this – providing solutions that make every journey better for millions each year. That means ensuring we meet the changing needs of the passengers, colleagues and partners who use our airport to work, travel, trade, shop, eat, explore and connect. Our Solutions team covers project management, process improvement, business change, technology, cyber defence, masterplanning, infrastructure and procurement. It brings together people with the skills to deliver prestigious and often large-scale projects, from transforming terminals to making big reductions in our carbon emissions.

Every day will test your skills and give you the opportunity to make your mark. You might be working with the technology and data that power our city within a city, driving vital commercial agreements with everyone from retailers to airlines, or improving the unique infrastructure that includes everything from 200 buildings to 250 HV substations. It's a collaborative environment, where you can rely on the support of the experts around you as you take on projects you'll both take pride in and feel passionate about.

In this role, you will help ensure that Heathrow's Identity & Access Management approach is securely designed, effectively managed, and aligned with the highest cyber security principles. You'll bring a strong understanding of identity governance, user access lifecycle management, directory services, and privileged access management, ensuring our systems meet both industry standards and regulatory requirements.

• Identity Lifecycle Management – Reviewing and automating joiner-mover-leaver (JML) processes, enforcing RBAC, and integrating identities with cloud and third-party services.
• Authentication Controls – Verifying SSO, directory-services, and MFA configurations across all internal and external applications.
• Secure Auth Design & Troubleshooting – Advising on secure authentication flows and investigating authentication failures or access anomalies.
• Access Governance Oversight – Running periodic access reviews, analysing entitlements for toxic combinations, and ensuring least-privilege and segregation-of-duties.
• Access Policy & Reporting – Maintaining access policies, approval workflows, and supplying timely logs and evidence for audits and regulatory reporting.
• PAM Platform Configuration – Aligning the privileged-access-management platform with industry best practice and integrating it with wider security tooling.
• Privileged Access Assurance & Incident Support – Reviewing privileged assignments, monitoring privileged activity, and supporting cyber-incident investigations.
• Identity Analytics & Monitoring – Leveraging SIEM, building playbooks, dashboards, and KPIs to detect anomalous identity behaviour and drive continuous improvement.
• Threat-Hunting & CDC Support – Using identity data for threat hunting and assisting the Cyber Defence Centre in triaging identity-related incidents.

• Documentation, Collaboration & Continuous Improvement – Maintaining IDAM standards, contributing to projects and upgrades, staying current with trends, and participating in audits and risk assessments.

• Strong experience specialising in identity and access management, including hands-on experience with identity platforms (Azure AD, Entra, Defender for Identity, BeyondTrust).

• Strong understanding of identity lifecycle, RBAC, and access control models.
• Familiarity with cloud environments from an IDAM perspective.
• Experience in ensuring compliance with industry standards and regulations related to identity security (e.g., NIST, ISO 27001, PCI-DSS, GDPR).
• Strong knowledge of identity governance, authentication protocols (SAML, OAuth, OpenID Connect), and directory services (AD, Azure AD).
• Hands-on experience with identity-related security audits, access reviews, and compliance requirements.
• Proven ability to analyse and interpret access data, logs, and entitlements to identify security risks.
• Understanding of Zero Trust architecture and principles as applied to IDAM.
• Familiarity with identity analytics tools and SIEM solutions for correlating IDAM events (e.g., Sentinel).

Ideally, you'll have:

• Experience participating in internal and external audits, including evidence gathering and control walkthroughs.
• Experience of working with PAM technologies (e.g. BeyondTrust)
• Experience working with ITSM platforms like ServiceNow to manage access workflows and incidents.
• Understanding of the security challenges within regulated industries.