Security Infrastructure Engineer

Do you have experience in platform security or infrastructure engineering with a focus on technical controls, secure configuration, and vulnerability management? Join Elysium Healthcare as a Security Infrastructure Engineer and play a key role in strengthening the security of our infrastructure estate.

 In this hands-on role, you’ll work closely with the Infrastructure, Cloud, and IT Operations teams to lead the implementation and enforcement of secure configurations, patching regimes, and hardening standards across Windows Server, Linux, Active Directory, virtualisation platforms, and Microsoft Azure.

You’ll be responsible for developing and maintaining secure configuration baselines (e.g. CIS Benchmarks, Microsoft Security Baselines), enforcing compliance, and embedding preventative controls into day-to-day operations. You will also lead the organisation’s vulnerability assessment process — from scanning and risk interpretation to remediation coordination and reporting on technical risk posture.

As the designated Information Security representative in the Technical Design Authority (TDA), you will review infrastructure and cloud changes to ensure alignment with internal policies and frameworks such as NIST CSF, ISO 27001, and the NHS DSPT. Your input will guide design proposals, technical change requests, and uplift programmes.

In addition, you’ll support internal security projects, assist with the integration of security tooling (e.g. Defender agents, logging, configuration enforcement), and contribute to operational documentation and SOPs to ensure consistent, secure practices across all platforms.

 As a Security Infrastructure Engineer, you will be:

• Develop, maintain, and apply secure configuration baselines (e.g. CIS Benchmarks, Microsoft Security Baselines) across infrastructure platforms
• Collaborate with Infrastructure and Cloud teams to ensure secure builds, effective patch management, and consistent baseline enforcement
• Define and monitor configuration compliance using tools such as Microsoft Endpoint Manager, Azure Policy, and Microsoft Defender for Cloud
• Lead vulnerability scanning and remediation coordination, ensuring risks are tracked and resolved in line with internal policies
• Represent Information Security in Technical Design Authority (TDA) and change governance forums, providing expert review of infrastructure proposals
• Document security control requirements for infrastructure projects and tooling deployments
• Support the integration of infrastructure-focused security tooling (e.g. Defender agents, logging pipelines, policy enforcement tools)
• Identify and remediate configuration drift and other technical security risks across infrastructure platforms
• Contribute to IT build guides, SOPs, and operational documentation to embed secure-by-design practices across the estate

 To be successful in this role, you will have:

• Experience in a platform security or infrastructure engineering role with responsibility for technical security controls
• Hands-on experience with secure configuration, hardening, and patching across Windows Server, Active Directory, Linux, and Azure environments
• Familiarity with Microsoft security tools such as Group Policy, Endpoint Manager, Azure Policy, and configuration compliance enforcement
• Strong knowledge of vulnerability assessment practices and coordination of remediation across IT teams
• Experience providing security input into infrastructure design, change proposals, or uplift programmes
• Understanding of relevant frameworks and regulatory standards (e.g. NIST CSF, CIS Controls, ISO/IEC 27001:2022, NHS DSPT, CE+)
• Practical knowledge of secure configuration standards such as CIS Benchmarks and Microsoft Security Baselines
• Ability to assess technical proposals for security implications and translate them into clear, actionable guidance
• Strong documentation skills, with experience contributing to build guides, SOPs, and project delivery documentation
• Confidence working across teams to embed controls and support operational resilience

 What you will get:

• A Competitive Annual Salary
• The equivalent of 33 days annual leave Pro Rata (inc Bank Holidays) – plus your birthday off!
• Free meals and parking
• Wellbeing support and activities to help you maintain a great work-life balance.
• 24 hour GP Service to ensure you are the best you can be
• Career development and training to help you achieve your career goals.
• Pension contribution to secure your future.
• Life Assurance for added peace of mind.
• Enhanced Maternity Package so you can truly enjoy this special time.

There is also a range of other benefits including retail discounts, special offers and much more.

About your next employer:

You will be working for an established, stable and agile company with over 8,000 employees and a unique approach to the delivery of care. With a network of over 90 services across England and Wales covering Mental Health, Neurological, Learning Disabilities & Autism, Children & Education, there is opportunity for you to grow and move. 

Elysium Healthcare is part of Ramsay Health Care with a global network that extends across 10 countries and employs over 86,000 people globally. 

Elysium Healthcare follows safer recruitment of staff for all appointments and is a Disability Confident employer, committed to inclusive and accessible recruitment. It is a requirement that all staff understand it is each person’s individual responsibility to promote and safeguard the welfare of service users. All candidates will be subject to a DBS disclosure.