Infrastructure & Security Engineer in Hereford

The company: We are a profitable, fast-scaling defence-tech startup - operating on the extreme edge of innovation in the evolving domain of unmanned systems / drones. Our world-class team of Engineers are delivering solutions deemed impossible by many, for some of the most complex and challenging problems in the Drones / UAS space. With strong revenue growth, a loyal customer base, and an ambitious scaling plan, we are entering an exciting new phase of growth — and this is a rare opportunity to join at the moment it matters most.

The role: As an Infrastructure Security Engineer, you will be responsible for the full lifecycle of our IT ecosystem—designing, building, and operating a resilient environment. You will bridge the gap between traditional system administration and advanced cybersecurity, ensuring that our company systems and infrastructure are not only functional but also hardened against evolving threats.

What you will do:

• Infrastructure Design & Implementation
• Microsoft Ecosystem: Install, configure, and maintain Microsoft Windows Server infrastructure, including expert-level management of Active Directory (AD) and Group Policy Objects to enforce security baselines.
• Hardware Lifecycle: Lead the setup and deployment of server, desktop, and laptop hardware across the organization.
• Hybrid Cloud Management: Manage and optimize a hybrid environment spanning on-premises infrastructure and cloud platforms. Have experience operating on site server virtualization technologies.
• Network & Remote Operations
• Network Management: Configure and maintain on-site network infrastructure, including enterprise-grade firewalls, routers, and managed switches.
• Remote Workforce Support: Implement secure and robust remote working solutions for mobile workers and small branch offices.
• Security Hardening & Monitoring
• System Hardening: Apply rigorous security hardening standards to all hardware and software components, following industry best practices. Implement robust disaster recovery solutions.
• Continuous Monitoring: Deploy and manage network and cybersecurity monitoring tools to ensure 24/7 visibility into system health and potential security breaches.
• Vulnerability Management: Conduct regular system audits and vulnerability assessments to identify and remediate risks before they can be exploited.
• Standards & Compliance Management
• Cyber Essentials Leadership: Maintain the five core technical controls (Firewalls, Secure Configuration, User Access Control, Malware Protection, and Patch Management) to ensure annual re-certification.
• ISO 27001 Alignment: Support the Information Security Management System (ISMS) by maintaining technical evidence for audits, including asset registers, network diagrams, and access logs.
• Documentation & Evidence: Create and maintain high-quality technical documentation and Standard Operating Procedures required for compliance frameworks.
• Advice and Policy: Deliver expert cybersecurity guidance and training to all levels of staff and senior leadership. Lead on the company-wide information management and cybersecurity policies.

Essential skills / experience:

• Proven track record in designing and running Windows Server environments and complex network architectures. Experience hardening IT infrastructure to provide a high degree of cyber security resilience.
• Technical Depth: Deep knowledge of Active Directory, DNS, DHCP, and VPN protocols. Deep knowledge of server technologies, IP networks and building firewall rules.
• Security Mindset: Hands-on experience with firewalls and security monitoring platforms.
• Adaptability: Ability to support a diverse fleet of hardware and a globally distributed workforce.

Compensation:

• Competitive base salary
• Annual bonus
• Stock options
• Private healthcare
• Life insurance + critical illness cover
• 35 days annual leave (inc bank holidays)