Infrastructure Engineer-Devops, Palo alto in Warrington

HCLTech is a global technology company, delivering industry-leading capabilities centered around digital, engineering, cloud and AI, powered by a broad portfolio of technology services and products. We work with clients across all major verticals, providing industry solutions for Financial Services, Manufacturing, Life Sciences and Healthcare, Technology and Services, Telecom and Media, Retail and CPG, and Public Services.

Our purpose is to bring together the best of technology and our people to supercharge progress for everyone, everywhere our clients, partners, their stakeholders, communities, and the planet. As a company, we are deeply focused on accelerating our ESG agenda and creating technology-enabled sustainable solutions with and for our clients and partners.

Job Location: Edinburgh, Leeds, Halifax, Manchester or Bristol

Hybrid mode: 2 days a week (Work from client location)

The Infrastructure Engineer role is focused on secure web access and SASE engineering. The role is responsible for the end-to-end design, build, deployment, and lifecycle management of technologies that enable secure web access for both users and machine-based traffic. This includes SASE platforms, secure enterprise browser solutions, and controls governing human and machine to machine access.

Role Overview

The role is responsible for the engineering, configuration, deployment, and lifecycle management of technologies enabling secure colleague and machine web access. This includes involvement across SASE components, secure enterprise browsing solutions, and controls supporting both human and machine-to-machine traffic.

Key Responsibilities

• Contribute hands-on DevOps engineering expertise using Infrastructure as Code, Policy as Code, CI/CD, API-driven automation, automated testing, and observability.
• Build, enhance, and maintain web access protection infrastructure, including proxy services, protected corporate browsers, and web/API traffic controls.
• Evolve infrastructure and security patterns for internet connectivity, B2B integrations, and browser/policy control.
• Support product and platform teams with technical input across design, architecture, and roadmap evolution.
• Conduct root cause analysis and support incident remediation in collaboration with security and platform teams.

Operational Delivery

• Implement policy-as-code and configuration-as-code approaches to remove reliance on manual portal-based administration.
• Support the monitoring, stability, and continual improvement of SASE services, secure enterprise browser technologies, and machine-traffic infrastructure.
• Support incident, change, and problem management activities for web access protection services.
• Ensure services meet resilience, documentation, compliance, and audit requirements.
• Collaborate with internal teams and external vendors to ensure high-quality service delivery.

Risk, Security & Compliance

• Implement and maintain security and access policies for web traffic aligned to enterprise risk frameworks.
• Integrate with SIEM and analytics platforms to support threat detection and response.
• Balance security controls with usability, particularly in the browser and colleague web-access journey.
• Participate in security reviews, risk assessments, and updates to relevant policies.

Required Experience

• Strong hands-on modern engineering experience, including CI/CD tooling (e.g., GitHub), Terraform, Python, infrastructure/policy/config-as-code.
• Experience working with SASE platforms (e.g., Zscaler, Palo Alto, Blue Coat, McAfee Web Gateway/SkyHigh) and secure enterprise browsers (e.g., Chrome Enterprise, Island, Talon, Edge for Business).
• Knowledge of security controls, DLP, browser isolation, and SASE patterns.
• Experience contributing to incident resolution and change processes.
• Strong communication and collaboration skills to work across technical and product teams.

Desirable Experience

• Experience in regulated environments.
• Relevant security certifications (e.g., CISSP, CCSP).