Infrastructure and Security Engineer

Role ProfileReports to : Head of Infrastructure, Network and Cyber SecurityKey Relationships : Digital Transformation and Tech,Retail,Facilities,3rd Party PartnersLocation : Piccadilly though travel to all sites required on occasionRole PurposeOpportunity to take a strategic role within the infrastructure and security domain, driving advanced technical solutions and long-term security strategy across our cloud, on-premises servers, networking, storage, security, and backup ecosystem.As an experienced expert, you will provide 2nd and 3rd line configuration, operation, management, and optimization, ensuring a highly secure, scalable, resilient, and high-performance infrastructure that underpins our business-critical operations.This role demands strategic foresight, combining deep technical proficiency with a broader vision for infrastructure and security excellence. You will be instrumental in advancing our Zero Trust architecture, implementing cyber resilience frameworks, and enhancing cloud security, identity management, and compliance practices.Beyond day-to-day technical execution, you will play a pivotal role in shaping the technology landscape, collaborating with internal teams and external partners to drive innovation, optimize security operations, and align infrastructure growth with evolving business needs.This offers high-impact responsibilities, allowing you to champion best practices, mentor team members, and influence architectural decisions while working on cutting-edge projects that enhance business continuity, risk mitigation, and infrastructure scalability.ResponsibilitiesOperational Responsibilities :Serve as a hands-on technical lead, proactively identifying opportunities for improvement and delivering solution-oriented enhancements to infrastructure and securing our systems.Maintain and optimize server hardware, hypervisors, virtual machines, operating systems, Microsoft services, including Intune, Entra, Office365, Azure, SQL Server, SCCM, and File & Directory services.Collaborate with partners to ensure the health, resilience, and security of the Cisco Meraki network, taking a proactive stance in mitigating risks and preventing outages.Lead internal and external vulnerability assessments, working with security partners to maintain PCIDSS compliance, overcome security challenges, and drive continuous improvements align to the NIST framework / ISO271002 standards.Design and implement secure device imaging using Microsoft Intune & Autopilot, ensuring a standardized, scalable, and resilient setup for retail, hospitality POS, and all corporate end user devices.Effective operation of security tooling by configuring and managing SIEM platforms, endpoint protection solutions, and identity access controls, implementing automated threat detection and forensic incident response to protect critical infrastructure and services.Create and manage comprehensive infrastructure documentation, including procedures, technical diagrams, and operational standards to ensure clarity and efficiency in system management.Undertake disaster recovery planning, testing, and execution, ensuring business continuity and resilience against potential disruptions.People & Collaboration :Work proactively alongside support, application and transformation teams, fostering collaborative problem-solving and ensuring a high-performance, secure infrastructure.Deliver concise, well-structured documentation, providing clarity for teams and enabling rapid adoption of security and infrastructure best practices.Partner with technology teams, embedding strategic infrastructure objectives into operational workflows to ensure long-term resilience.Act as a trusted advisor, recognised as the go-to subject matter expert for infrastructure and security, and leading cross-functional initiatives to overcome boundaries and drive retail innovation.Guide and support third-party engagements, ensuring vendors align with enterprise security standards, compliance requirements, and best practices.Educate and empower both internal teams and the broader business, fostering a security-first culture and promoting best practices in networking, infrastructure, and business continuity.Experience and QualificationsEssentialMicrosoft infrastructure including Windows Server Administrator, Active Directory AAD Administrator, Group Policy, and Microsoft 365 services and Azure Cloud resource management.LAN / WAN / WIFI / TCP-IP / Firewalls / Switching / Routing configuration and admin (Cisco)Microsoft SQL Server basic administrationDeploying and managing virtualized environments using VMware vSphere, ESXi, and vCenterPowerShell scriptingServer and storage hardware technology (Dell)Identity & Access Management (IAM), Expertise in Microsoft Entra ID (formerly Azure AD), role-based access control (RBAC), and multi-factor authentication (MFA).Cloud Security, Experience securing Azure environments, including Microsoft Defender for Cloud, Sentinel, and compliance frameworks like PCIDSS.Threat Protection & Incident Response : Ability to identify vulnerabilities, implement threat protection, and respond to security incidents.Patch Management & Endpoint Security : Experience in patching complex estate, ensuring regular updates, patching, and endpoint protection across Windows, Apache and Azure environments.Familiarity with backup and disaster recovery tools and practices.Experience with monitoring tools (e.g., SolarWinds, PRTG, Zabbix or similar).DesirableCisco networking certifications CCNA / CCNP / CCIE certificationMicrosoft certifications (e.g., MCSA, MS-102, AZ-104).Azure Certifications : Holding certifications like Microsoft Certified : Azure Security Engineer Associate (AZ-500) is a strong advantage.Experience with security and compliance standards (e.g., ISO 27001, NIST, GDPR).Familiarity with ITIL practices and ticketing systems.Hybrid Cloud & Zero Trust Architecture : Experience with hybrid environments, Zero Trust principles, and secure cloud migrations.Automation & Scripting : Familiarity with Terraform, or Azure CLI for automating security configurations.Security Operations & Vulnerability Management : Exposure to SIEM tools, penetration testing, and security audits.Vendor Management & Compliance : Experience working with third-party security providers and ensuring compliance with industry regulationExperience with security and compliance standards (e.g., ISO 27001, NIST, GDPR).Familiarity with ITIL practices and ticketing systems.Competencies, Behaviours and SkillsEssentialSelf-driven and ability to manage conflicting prioritiesCustomer-Centric Approach – Aligns infrastructure and security solutions with business needs, user experience, and service excellenceCommunication & Collaboration – Skilled at explaining complex technical concepts in a clear, accessible manner, and working seamlessly with teams and stakeholders.Adaptability - Open to new technologies, evolving security landscapes, and continuous professional development.Proactive & Solution-Oriented Thinking – Anticipates potential risks and inefficiencies and takes initiative to implement improvements.Attention to Detail & Accountability – Ensures precision in configurations, processes, and security implementations, taking ownership of responsibilities.Resilience – Thrives in high-pressure environments, handling complex security incidents with a calm and focused approach.Growth Mindset – Accountable for managing personal development plans and actively carving out time to self-studyDesirableLeadership & Influence – Inspires confidence as a trusted advisor, guiding teams on security awareness and infrastructure best practices.Problem-Solving & Critical Thinking – Ability to analyse challenges, think creatively, and develop effective solutions to meet business needs.Communication Adaptability – Demonstrates the ability to tailor messaging to suit both technical and non-technical audiences, ensuring clarity, engagement, and appropriate depth of detail based on the audience's level of expertise.Financial Acumen & Budget Control – Demonstrates the ability to effectively plan, monitor, and manage financial resources, ensuring cost efficiency and alignment with strategic objectives. Consider technologies and consolidation to optimize spending, minimize waste, and deliver value while adhering to budgetary constraintsWe are committed to developing your career and nurturing your talent, regardless of age; disability; gender reassignment; marriage and civil partnership; pregnancy and maternity; race; religion or belief; sex; sexual orientation. We respect and embrace each other's differences, to create a truly inclusive environment.In the last year alone, our people have been recognised and celebrated, winning awards for their outstanding contributions to Retail, Technology, Global Hospitality & Tourism, Visual Merchandising & Display, Customer Service and Local Community Awards.In return, we offer :A competitive salaryA generous store and restaurant discount of up to 40%25 days holidays (excluded bank holidays) and an extra day off for your birthdayA fantastic subsidised staff restaurant which uses Fortnum’s ingredientsA range of opportunities to develop and grow personally and professionallyExcellent pension scheme #J-18808-Ljbffr