Lead Azure Platform Security Engineer in Royal Tunbridge Wells

Hybrid - Tunbridge Wells, Redhill, or Bolton (2 - 3 days/week). We’re hiring a Lead Azure Platform Security Engineer to join a major UK enterprise organisation undergoing large-scale cloud transformation. This is a senior hands-on individual contributor role within the Platform Engineering function, working at the intersection of platform, architecture, and cyber security to strengthen and shape the organisation’s Azure security posture. You’ll collaborate closely with Cyber Security (including SOC teams), Architecture, and Engineering to drive secure-by-design standards across a complex Azure estate.

This is an engineering-led role focused on hands-on implementation and technical leadership – not just governance or policy definition. You’ll take ownership of platform security posture – analysing risks, prioritising improvements, and driving adoption of secure standards across a large Azure environment. Working extensively with Azure Policy, Defender for Cloud, identity controls, networking, and Infrastructure-as-Code tooling, you’ll help establish secure platform foundations for multiple engineering teams while acting as a senior technical voice across the business.

Key responsibilities include:

• Establishing and enforcing Azure security baselines and policies
• Implementing and scaling policy-as-code and platform guardrails
• Reviewing technical designs and providing security guidance across engineering teams
• Working with SOC and cyber teams to identify and remediate platform risks
• Driving security hardening initiatives and platform security improvements
• Defining and implementing secure standards for infrastructure and services
• Supporting compliance across internal and customer-facing systems
• Partnering with architects and engineering teams to embed security into delivery
• Providing technical leadership and helping shape platform security direction

The role combines day-to-day platform ownership (BAU) with project-driven improvements as the platform continues to evolve.

What You’ll Bring:

We’re looking for a senior engineer with strong technical depth, architectural thinking, and the ability to influence and guide security decisions across a complex environment:

• Strong experience with Microsoft Azure (particularly PaaS environments)
• Proven experience implementing Azure security controls hands-on (not just designing or advising)
• Strong experience implementing and enforcing Azure Policy at scale (policy-as-code, guardrails, compliance)
• Solid understanding of Azure networking and security controls (NSGs, ASGs, Private Endpoints, VNet design)
• Strong understanding of security hardening and platform security best practices
• Experience with tools such as Defender for Cloud, Key Vault, Sentinel
• Familiarity with CI/CD tooling (Azure DevOps, GitHub)
• Ability to assess risks and drive remediation through to completion
• Experience influencing security standards, platform direction, or architectural decisions
• Comfortable operating independently and owning outcomes
• Strong stakeholder engagement and communication skills

You should be able to clearly articulate what you have personally built, implemented, improved, and influenced across Azure platform security environments.

Desirable certifications:

• AZ-500 Azure Security Engineer
• SC-100 Cybersecurity Architect
• AZ-305 Azure Solutions Architect
• CCSP

Why This Role Stands Out:

• Senior individual contributor role with real influence
• Opportunity to shape security posture across a large estate
• Close collaboration with Cyber Security leadership
• Long-term transformation programme
• Platform standards impacting multiple engineering teams

Package:

• Performance-related bonus
• Private medical cover
• Generous annual leave + option to buy/sell days