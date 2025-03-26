Job summary

Entity:

Technology



Job Family Group:

IT&S Group



Job Description:

You will work with

A globally distributed team of experienced engineers, identity architects, and platform specialists who are passionate about building secure, scalable, and modern directory services. You'll collaborate closely with key collaborators across IAM, Security, Cloud, Infrastructure, and Compliance teams to drive the transformation of our directory ecosystem. Our team thrives in a culture that values automation, innovation, and continuous improvement. Whether you're giving as an individual guide or influencing others across teams, you'll be part of a high-impact environment that supports flexible career paths, develop engineering excellence, and adopts a security-first approach.

Let me tell you about the role

As a Principal Enterprise Technology Engineer, you will play a strategic role in crafting and securing enterprise-wide technology landscapes, ensuring their resilience, performance, and compliance. You will provide deep expertise in security, infrastructure, and operational excellence, driving large-scale transformation and automation initiatives. Your role will encompass platform architecture, system integration, cybersecurity, and operational continuity. You will be collaborating with senior IT leadership, architects, and business collaborators, working to establish robust governance models, technology roadmaps, and innovative security frameworks to safeguard critically important enterprise applications.

As an Enterprise Engineer – Core Directories, you will play a key role in evolving how we run, automate, and secure our directory infrastructure, including Active Directory (AD), Entra ID (AAD), and related identity platforms.

This role is passionate about engineering reliable, scalable, and API-driven directory services. You will drive the adoption of Infrastructure as Code (IaC), Configuration as Code (CaC), and Posture Management as Code, ensuring that directory operations follow modern engineering principles.

You will also be central to the transition from AD to Entra ID, ensuring that both human and non-human identities are led effectively. Your work will ensure directory capabilities (e.g., DNS management, account creation, group management) are accessible via APIs and coordinated into modern CI/CD workflows.

This is a critical engineering role where you will work with IAM, security, and cloud teams to build a next-generation directory services platform.

What you will deliver

Modernizing Directory Infrastructure – Implement Infrastructure as Code (IaC), Configuration as Code (CaC), and Posture as Code to automate and improve reliability.

Building API-Driven Directory Services – Enable self-service access to key directory functions (e.g., account creation, group management, DNS) via APIs.

Ensuring Secure & Scalable Operations – Apply platform engineering standard methodologies to build a scalable, resilient, and automated directory platform.

Supporting AD to Entra ID Transition – Assist in the gradual migration from on-prem Active Directory to Entra ID, ensuring a magnificent user experience.

Improving CI/CD & GitOps Practices – Ensure all directory changes follow CI/CD pipelines, GitOps workflows, and policy enforcement.

Cross-Platform IAM Integration – Work closely with IAM, cloud, and security teams to ensure a cohesive identity ecosystem.

Security & Compliance – Align directory operations with Zero Trust security, NIST, ISO 27001, and other compliance frameworks.

What you will need to be successful (experience and qualifications)

Technical skills we need from you

Bachelor’s degree or equivalent experience in technology, Engineering, or a related field.

Identity & Access Management (IAM) Expertise

Shown understanding of Active Directory (AD) & Entra ID (AAD), including domain management, directory synchronization, and identity security.

Understanding modern IAM architectures, including Zero Trust, workload identity, and federated authentication.

Platform Engineering & Automation

Experience with Infrastructure as Code (Terraform, Pulumi, CloudFormation or similar) and Configuration as Code (Ansible, Chef, Puppet etc).

Experience implementing CI/CD pipelines (GitHub Actions, GitLab CI/CD, Azure DevOps) and GitOps or equivalent experience workflows.

Strong programming/scripting skills (Python, PowerShell, Go, Bash) for automation and infrastructure management.

Experience with observability, monitoring, and logging tools (Prometheus, Grafana, ELK Stack, Azure Monitor or similar).

Security & Compliance

Strong understanding of identity security standard methodologies, Zero Trust models, and IAM compliance frameworks (ISO 27001, NIST, CIS Benchmarks).

Experience with Posture as Code for security configuration management and drift detection.

API & Integration Knowledge

Experience working with REST APIs, Graph API, SCIM, and integrating IAM services into cloud-native applications.

Ability to expose directory services (DNS, account creation, group management) via APIs for self-service and automation.

Essential skills

We expect all engineers in our organization to align with the following principles:

Automation-First Approach – You build automated, self-service, and infrastructure-as-code solutions to reduce manual effort.

Scalability & Reliability Focus – You ensure that directory services are resilient, scalable, and optimized for cloud-native environments.

Security-Driven Approach– You embed IAM security, compliance, and standard processes into all solutions.

Collaboration & Collaborator Engagement – You work closely with IAM, Security, Cloud, and DevOps teams to align platform capabilities.

Continuous Learning & Innovation – You stay ahead of emerging IAM trends, automation tools, and platform engineering advancements.

Skills that set you apart

Expertise in Directory Modernization: Hands-on experience owning the transformation from on-prem Active Directory to Entra ID, with a strong grasp of hybrid identity architectures and federated authentication.

Infrastructure & Automation Leadership: Deep proficiency in Infrastructure as Code (e.g., Terraform) and scripting (Python, PowerShell) to build scalable, self-service identity platforms coordinated with CI/CD pipelines.

Security-First Engineering Approach: Proven track record to implement Zero Trust principles and align directory operations with frameworks like NIST, ISO 27001, and CIS Benchmarks—ensuring both compliance and resilience.

About bp

Our purpose is to deliver energy to the world, today and tomorrow. For over 100 years, bp has focused on discovering, developing, and producing oil and gas in the nations where we operate. We are one of the few companies globally that can provide governments and customers with an integrated energy offering. Delivering our strategy sustainably is fundamental to achieving our ambition to be a net zero company by 2050 or sooner!

What we offer:

It’s crucial to us that the differences we see in the world around us are reflected in our workplace. Who you are is what counts, not where you’re from or how you live your life. At bp, we support our people to learn and grow in a diverse and ambitious environment. We believe that our team is strengthened by diversity. We are committed to fostering an inclusive environment in which everyone is respected and treated fairly. There are many aspects of our employees’ lives that are meaningful, so we offer benefits to enable your work to fit with your life. These benefits include:

Generous salary package including an annual bonus program and individual performance-based incentives.

Additional EPF contributions totaling 15%.

Excellent work-life balance & flexible working arrangements

Collaborative environment that celebrates achievements, diversity, and culture!

Ongoing career development and progression opportunities in a global organization

16 weeks paid parental leave (4 weeks partner leave)



Travel Requirement

No travel is expected with this role



Relocation Assistance:

This role is not eligible for relocation



Remote Type:

This position is a hybrid of office/remote working



Skills:



