Job responsibilities
The Lead Specialist Engineer will work within the Specialist Identity and Access Management Team. The team operates an automation discipline which is managed by a Senior Identity and Access Management Architect.
The Lead Specialist Engineer will work with the other team members, who between them will work within specified technical specialties and provide technical expertise in the configuration, implementation and automation of relevant technical areas.
Automation is the cornerstone of all work undertaken by the team, this role will focus heavily on developing and maintaining automated processes that underpin key technologies that are supported by the Identity & Access Management Team;
- Identity Lifecyle
- Windows PowerShell
- Active Directory
- Azure Active Directory \ Entra ID
- DNS
- Group Policy
- Azure Administration
- DHCP
- Microsoft Certification Authority PKI
- End User operating System security policy
- SQL
- Microsoft Defender
- MBAM
- Azure DevOps
The Lead Specialist Engineer will also have experience of administering as many of the above as possible.
Daily operational duties will include:
- Incident and Request management via ITSM suite.
- Management and Monitoring of existing IAM automation services, predominately focusing on Microsoft PowerShell and Graph API.
- Development, Test and Release of additional Automation services following DevOps principals.
- Maintain Git repositories for IAM services.
- Ongoing alignment of services to best practices with Cyber Security.
This is not an exhaustive list.
Communication and key working relationships
Internal
- Other ICT engineers at all levels
- Colleagues in the ICT Department
- Customers within UKHSA at all levels.
- UKHSA Senior Managers and Executive
- Application managers and developers in other UKHSA directorates
External
- Relevant suppliers of hardware, software and services
- Maintenance organisations
- External customers as appropriate and as directed by line manager
Professional development
You should pursue a programme of continuous professional development in accordance with any relevant professional registration or statutory requirements, while maintaining appropriate awareness of service provider requirements.
Essential role criteria
- Formal technical qualification (e.g. MCP, MCSA\E) or equivalentrelevant experience in a similar senior engineer role
- Demonstrable PowerShell scripting / Automation knowledge and experience
- Substantive experience in a technical support role, supporting Microsoft Windows Server Operating System based Identity Management Services
- Experience/knowledge of Azure Services (IaaS,PaaS,Serverless)
- Clear communicator with excellent writing, report writing and presentation skills; capable of constructing and delivering clear ideas and concepts concisely and accurately for diverse audiences.
- Evidence of excellent customer service skills and a commitment to improving services and performance for end users.
- Ability to analyse and interpret information, pre-empt and evaluate issues, and recommend and appropriate course of action to address the issues
- Problem solving skills and ability to respond to sudden unexpected demands
- Ability to work on own initiative and organise own workload without supervision working to tight and often changing timescales.
Desirable role criteria:
- Azure DevOps Pipeline experience via Git repositories
- Terraforming and Container experience
- Any development experience/certificates or other scripting languages like python
- A good understanding of the health and social care environment and roles and responsibilities within it
Selection Process
This vacancy is using Success Profiles and will assess your behaviours and technical skills.
Stage 1: Application & Sift
You will be required to complete an application form. You will be assessed on the listed essential criteria, and this will be in the form of:
- an application form (Employer/ Activity history section on the application)
- a 750 word supporting statement
This should outline how your skills, experience, and knowledge, provide evidence of your suitability for the role, with reference to the essential criteria.
Please note you will not be able to upload your CV. You must complete the application form in as much detail as possible. Please do not email us your CV.
The Application form and supporting statement will be marked together.
Longlisting: In the event of a large number of applications we will longlist into 3 piles of:
- Meets all essential criteria
- Meets some essential criteria
- Meets no essential criteria
Only those meeting all essential criteria will be taken through to shortlisting.Shortlisting: In the event of a large number of applications we will shortlist on:
- Demonstratable PowerShell scripting / Automation knowledge and experience
- Substantive experience in a technical support role, supporting Microsoft Windows Server Operating System based Identity Management Services
- Experience/knowledge of Azure Services (IaaS,PaaS,Serverless)
Desirable criteria may be used in the event of a large number of applications / large amount of successful candidates.
If you are successful at this stage, you will progress to interview and assessment.
Please do not exceed 750 words. We will not consider any words over and above this number.
Feedback will not be provided at this stage.
Stage 2: Interview (Success profiles)
You will be invited to a remote interview.
Behaviours and technical skills will be tested at interview.
The Behaviours tested during the interview stage will be:
- Making Effective Decisions
- Working Together
- Managing a Quality Service
- Working at Pace
Interviews will be held week commencing 19th January 2026. Please note, these dates are subject to change.
Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.
Location
This role is being offered as hybrid working based at any of our Core HQs in Birmingham, Leeds, Liverpool or London.
We offer great flexible working opportunities at UKHSA and operate using a hybrid working model where business needs allow. This provides us with greater flexibility about how and where we work, to get the best from our workforce. As a hybrid worker, you will be expected to spend a minimum of 60% of your contractual working hours (approximately 3 days a week pro rata, averaged over a month) in one of our core HQs.
Our core HQ offices are modern and newly refurbished with excellent city centre transport link and benefit from benefit from co-location with other government departments such as the Department for Health and Social Care (DHSC).
Eligibility Criteria
Open to all external applicants (anyone) from outside the Civil Service (including by definition internal applicants).
Security Clearance Level Requirement
Successful candidates must pass a disclosure and barring security check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is Security Check clearance.
For meaningful National Security Vetting checks to be carried out individuals need to have lived in the UK for a sufficient period of time. You should normally have been resident in the United Kingdom for the last 10 years as the role requires Security Check (SC) clearance.UK residency less than the outlined periods may not necessarily bar you from gaining national security vetting and applicants should contact the Vacancy Holder / Recruiting Manager listed in the advert for further advice.
