Back to jobs

Infrastructure and Security Engineer

Job description

Role Profile

Reports to: Head of Infrastructure, Network and Cyber Security

Key Relationships: Digital Transformation and Tech, Retail, Facilities, 3rd Party Partners

Location: Piccadilly though travel to all sites required on occasion

Role Purpose

Opportunity to take a strategic role within the infrastructure and security domain, driving advanced technical solutions and long-term security strategy across our cloud, on-premises servers, networking, storage, security, and backup ecosystem.

 

As an experienced expert, you will provide 2nd and 3rd line configuration, operation, management, and optimization, ensuring a highly secure, scalable, resilient, and high-performance infrastructure that underpins our business-critical operations.

 

This role demands strategic foresight, combining deep technical proficiency with a broader vision for infrastructure and security excellence. You will be instrumental in advancing our Zero Trust architecture, implementing cyber resilience frameworks, and enhancing cloud security, identity management, and compliance practices.

 

Beyond day-to-day technical execution, you will play a pivotal role in shaping the technology landscape, collaborating with internal teams and external partners to drive innovation, optimize security operations, and align infrastructure growth with evolving business needs.

 

This offers high-impact responsibilities, allowing you to champion best practices, mentor team members, and influence architectural decisions while working on cutting-edge projects that enhance business continuity, risk mitigation, and infrastructure scalability.

Responsibilities

Operational Responsibilities:

  • Serve as a hands-on technical lead, proactively identifying opportunities for improvement and delivering solution-oriented enhancements to infrastructure and securing our systems.
  • Maintain and optimize server hardware, hypervisors, virtual machines, operating systems, Microsoft services, including Intune, Entra, Office365, Azure, SQL Server, SCCM, and File & Directory services.
  • Collaborate with partners to ensure the health, resilience, and security of the Cisco Meraki network, taking a proactive stance in mitigating risks and preventing outages.
  • Lead internal and external vulnerability assessments, working with security partners to maintain PCIDSS compliance, overcome security challenges, and drive continuous improvements align to the NIST framework/ISO271002 standards.
  • Design and implement secure device imaging using Microsoft Intune & Autopilot, ensuring a standardized, scalable, and resilient setup for retail, hospitality POS, and all corporate end user devices.
  • Effective operation of security tooling by configuring and managing SIEM platforms, endpoint protection solutions, and identity access controls, implementing automated threat detection and forensic incident response to protect critical infrastructure and services.
  • Create and manage comprehensive infrastructure documentation, including procedures, technical diagrams, and operational standards to ensure clarity and efficiency in system management.
  • Undertake disaster recovery planning, testing, and execution, ensuring business continuity and resilience against potential disruptions.

People & Collaboration:

  • Work proactively alongside support, application and transformation teams, fostering collaborative problem-solving and ensuring a high-performance, secure infrastructure.
  • Deliver concise, well-structured documentation, providing clarity for teams and enabling rapid adoption of security and infrastructure best practices.
  • Partner with technology teams, embedding strategic infrastructure objectives into operational workflows to ensure long-term resilience.
  • Act as a trusted advisor, recognised as the go-to subject matter expert for infrastructure and security, and leading cross-functional initiatives to overcome boundaries and drive retail innovation.
  • Guide and support third-party engagements, ensuring vendors align with enterprise security standards, compliance requirements, and best practices.
  • Educate and empower both internal teams and the broader business, fostering a security-first culture and promoting best practices in networking, infrastructure, and business continuity.

Experience and Qualifications

Essential

  • Microsoft infrastructure including Windows Server Administrator, Active Directory AAD Administrator, Group Policy, and Microsoft 365 services and Azure Cloud resource management.
  • LAN / WAN / WIFI / TCP-IP / Firewalls / Switching/ Routing configuration and admin (Cisco)
  • Microsoft SQL Server basic administration
  • Deploying and managing virtualized environments using VMware vSphere, ESXi, and vCenter
  • PowerShell scripting
  • Server and storage hardware technology (Dell)
  • Identity & Access Management (IAM), Expertise in Microsoft Entra ID (formerly Azure AD), role-based access control (RBAC), and multi-factor authentication (MFA).
  • Cloud Security, Experience securing Azure environments, including Microsoft Defender for Cloud, Sentinel, and compliance frameworks like PCIDSS.
  • Threat Protection & Incident Response: Ability to identify vulnerabilities, implement threat protection, and respond to security incidents.
  • Patch Management & Endpoint Security: Experience in patching complex estate, ensuring regular updates, patching, and endpoint protection across Windows, Apache and Azure environments.
  • Familiarity with backup and disaster recovery tools and practices.
  • Experience with monitoring tools (e.g., SolarWinds, PRTG, Zabbix or similar).

 

Desirable

  • Cisco networking certifications CCNA/CCNP/ CCIE certification
  • Microsoft certifications (e.g., MCSA, MS-102, AZ-104).
  • Azure Certifications: Holding certifications like Microsoft Certified: Azure Security Engineer Associate (AZ-500) is a strong advantage.
  • Experience with security and compliance standards (e.g., ISO 27001, NIST, GDPR).
  • Familiarity with ITIL practices and ticketing systems.
  • Hybrid Cloud & Zero Trust Architecture: Experience with hybrid environments, Zero Trust principles, and secure cloud migrations.
  • Automation & Scripting: Familiarity with Terraform, or Azure CLI for automating security configurations.
  • Security Operations & Vulnerability Management: Exposure to SIEM tools, penetration testing, and security audits.
  • Vendor Management & Compliance: Experience working with third-party security providers and ensuring compliance with industry regulation
  • Experience with security and compliance standards (e.g., ISO 27001, NIST, GDPR).
  • Familiarity with ITIL practices and ticketing systems.

Competencies, Behaviours and Skills

Essential

  • Self-driven and ability to manage conflicting priorities
  • Customer-Centric Approach – Aligns infrastructure and security solutions with business needs, user experience, and service excellence
  • Communication & Collaboration – Skilled at explaining complex technical concepts in a clear, accessible manner, and working seamlessly with teams and stakeholders.
  • Adaptability - Open to new technologies, evolving security landscapes, and continuous professional development.
  • Proactive & Solution-Oriented Thinking – Anticipates potential risks and inefficiencies and takes initiative to implement improvements.
  • Attention to Detail & Accountability – Ensures precision in configurations, processes, and security implementations, taking ownership of responsibilities.
  • Resilience – Thrives in high-pressure environments, handling complex security incidents with a calm and focused approach.
  • Growth Mindset – Accountable for managing personal development plans and actively carving out time to self-study

 

Desirable 

  • Leadership & Influence – Inspires confidence as a trusted advisor, guiding teams on security awareness and infrastructure best practices.
  • Problem-Solving & Critical Thinking – Ability to analyse challenges, think creatively, and develop effective solutions to meet business needs.
  • Communication Adaptability – Demonstrates the ability to tailor messaging to suit both technical and non-technical audiences, ensuring clarity, engagement, and appropriate depth of detail based on the audience's level of expertise.
  • Financial Acumen & Budget Control – Demonstrates the ability to effectively plan, monitor, and manage financial resources, ensuring cost efficiency and alignment with strategic objectives. Consider technologies and consolidation to optimize spending, minimize waste, and deliver value while adhering to budgetary constraints

  

We are committed to developing your career and nurturing your talent, regardless of age; disability; gender reassignment; marriage and civil partnership; pregnancy and maternity; race; religion or belief; sex; sexual orientation. We respect and embrace each other's differences, to create a truly inclusive environment.

In the last year alone, our people have been recognised and celebrated, winning awards for their outstanding contributions to Retail, Technology, Global Hospitality & Tourism, Visual Merchandising & Display, Customer Service and Local Community Awards.

 

In return, we offer: 

  • A competitive salary
  • A generous store and restaurant discount of up to 40%
  • 25 days holidays (excluded bank holidays) and an extra day off for your birthday
  • A fantastic subsidised staff restaurant which uses Fortnum’s ingredients
  • A range of opportunities to develop and grow personally and professionally
  • Excellent pension scheme