Infrastructure Security Engineer in London

Microsoft Infrastructure Security Engineer

Location: London (1 day per week on-site)

Contract Length: 6 months (extension possible)

Day Rate: Up to £850 (inside IR35)

Clearance Required: SC clearance (must be active)

Key Skills Required: Entra ID & Privileged Identity Management (PIM)

About the Role

Our client, a key delivery partner in UK government cyber security programmes, is seeking an experienced Microsoft Security Engineer to lead a critical technical delivery workstream. You will play a pivotal role in implementing a secure and scalable separation of high-privilege user accounts across a hybrid Active Directory and Microsoft Entra (Azure AD) environment.

This opportunity is fully funded and mid-flight, with a defined scope of work and direct stakeholder engagement.

Key Responsibilities

• Conduct technical investigations into a complex hybrid On-Prem AD and Entra environment.
• Design, document, test, and implement a secure approach to separating high-privilege accounts in line with NCSC and Microsoft best practices.
• Execute closed user group testing, followed by phased rollout to 30–150 users with minimal disruption.
• Produce high-quality documentation suitable for direct client consumption and governance.
• Collaborate with internal and client security teams to ensure successful deployment.
• Support incident response planning and execute break-glass scenarios as required.

Qualifications and Skills

• Proven experience as a Infrastructure Engineer or Security Engineer within secure or government settings.
• Deep expertise in Active Directory (OU design, GPOs, Tier-0 security models).
• Advanced knowledge of Entra ID (Azure AD) and Entra AD Connect – especially filtering rules and sync troubleshooting.
• Strong understanding of Privileged Identity Management (PIM) and associated alerting and approval workflows.
• Experience in hybrid disentanglement of Tier-0 identities and secure re-provisioning.
• Familiarity with zero-trust security principles, including PAW, least privilege, and attack surface reduction.
• Confident author of technical documentation and test plans.
• Strong communication skills and ability to manage client expectations under pressure.

Want to know more?

If you're a confident and capable Infrastructure / SecurityEngineer looking for your next challenge, apply now or reach out directly for more information.