Title:
Senior Security Principal, Identity Security
KBR is seeking a Senior Security Principal, Identity Security to serve as a senior technical authority within our global cybersecurity organization. This principal-level role combines identity security architecture, engineering leadership, governance, and operational excellence across complex, highly regulated enterprise environments. You will help define identity security strategy, establish technical standards and roadmaps, and provide hands-on leadership for initiatives spanning Microsoft Entra ID, Active Directory, hybrid identity, authentication, privileged access management, identity governance, workload identities, and certificate services.
Partnering closely with cybersecurity, infrastructure, cloud, application, network, and business teams, you will drive the design and implementation of secure identity solutions that reduce risk, strengthen access controls, and support enterprise transformation. The ideal candidate brings deep technical expertise, strategic vision, and a proven ability to influence security outcomes across large-scale global environments. This is a permanent, full-time position based in the United Kingdom. Due to the nature of the work and customer requirements, candidates must be eligible to obtain and maintain the appropriate UK security clearance.
In September 2025, KBR announced that we are spinning our Mission Technology Solutions business into a separate public company. This role will ultimately be part of the new company. The Mission Technology Solutions business partners with governments and defense, intelligence, space, aviation, and critical infrastructure customers to deliver high-end engineering, science, technology, and mission support solutions.
Key Responsibilities
-
Serve as the senior technical authority for enterprise identity security architecture, engineering, and governance.
-
Define and maintain identity security strategy, multi-year roadmaps, technical standards, reference architectures, and control frameworks.
-
Lead the design, implementation, and optimization of Microsoft Entra ID, Active Directory Domain Services, hybrid identity platforms, and directory synchronization services.
-
Architect and enhance authentication and access control solutions, including Conditional Access, multifactor authentication (MFA), passwordless authentication, session controls, and device-based access requirements.
-
Strengthen privileged access management through Microsoft Entra Privileged Identity Management (PIM), role-based access control (RBAC), just-in-time access, administrative tiering, and least-privilege practices.
-
Establish and mature identity governance capabilities, including access reviews, entitlement management, identity lifecycle processes, and joiner, mover, and leaver controls.
-
Review and guide enterprise application integrations using SAML, OAuth, OpenID Connect, federation, and single sign-on technologies.
-
Define security controls and governance requirements for application registrations, service principals, managed identities, workload identities, and service accounts.
-
Provide technical leadership for public key infrastructure (PKI), certificate services, trust models, and certificate lifecycle management.
-
Identify, assess, and remediate identity-related risks, including excessive privileges, legacy authentication protocols, stale accounts, unmanaged credentials, and inappropriate access.
-
Lead or support investigations involving identity compromise, privileged account abuse, authentication systems, and directory services.
-
Partner with security operations teams to improve identity threat detection, monitoring, and response capabilities using platforms such as Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Defender for Identity.
-
Review security architecture for major cloud initiatives, enterprise transformation programs, acquisitions, divestitures, and tenant migration projects.
-
Ensure identity security controls align with applicable regulatory, compliance, and contractual requirements, including Cyber Essentials Plus, ISO 27001, NCSC guidance, NIST frameworks, and other government or industry security standards.
-
Develop automation, reporting, and operational improvements using PowerShell, Microsoft Graph, KQL, Logic Apps, and infrastructure-as-code technologies.
-
Mentor engineers and administrators through technical leadership, design reviews, knowledge sharing, and problem-solving support.
-
Communicate technical risks, architectural decisions, and strategic recommendations to senior leaders, business stakeholders, and auditors.
Basic Qualifications
Education & Experience:
-
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Systems, Engineering, or a related field; or an equivalent combination of education, technical training, certifications, and relevant experience.
-
10+ years of experience in identity and access management (IAM), identity security, cybersecurity engineering, security architecture, or a related discipline.
-
Experience designing, implementing, and supporting complex enterprise identity and access management environments.
-
Experience leading identity security initiatives, architecture reviews, or transformation programs within large-scale organizations.
-
Eligibility to obtain and maintain the appropriate UK security clearance
Skills & Competencies:
-
Deep expertise in Microsoft Entra ID, Active Directory, and hybrid identity environments.
-
Strong knowledge of identity governance, privileged access management, Conditional Access, and modern authentication technologies.
-
Experience with federation, single sign-on, application identity, and identity lifecycle management.
-
Strong understanding of multifactor authentication (MFA), FIDO2, Windows Hello for Business, certificate-based authentication, SAML, OAuth, and OpenID Connect.
-
Knowledge of PKI, certificate services, and identity-related security threats and controls.
-
Knowledge of public key infrastructure (PKI), certificate services, trust models, and certificate lifecycle management.
-
Strong problem-solving, communication, stakeholder management, and technical leadership skills.
-
Experience investigating identity security incidents and utilizing Microsoft Sentinel, Microsoft Defender XDR, Microsoft Defender for Identity, or similar security platforms.
-
Ability to drive strategic initiatives and influence cross-functional teams in complex enterprise environments.
Preferred Qualifications
-
Experience supporting multiple Microsoft tenants across commercial, government, or highly regulated environments.
-
Hands-on experience with PowerShell, Microsoft Graph, KQL, Logic Apps, Terraform, or similar automation and infrastructure-as-code technologies.
-
Experience integrating identity security controls with enterprise platforms such as Microsoft Intune, Microsoft Purview, Palo Alto Networks, Cisco ISE, Zscaler, or similar technologies.
-
Experience supporting mergers, acquisitions, divestitures, tenant migrations, forest consolidations, or large-scale transformation initiatives.
-
Experience operating within highly regulated industries such as government, defense, aerospace, critical infrastructure, financial services, healthcare, or scientific research.
-
Relevant certifications such as CISSP, CCSP, CISM, Microsoft Certified: Cybersecurity Architect Expert, Microsoft Certified: Identity and Access Administrator Associate, or equivalent.
-
Experience supporting UK government security frameworks, regulatory requirements, NCSC guidance, or sovereign cloud environments.