Infrastructure Engineer in Manchester

The opportunity

Our client, a large UK-based multi-site enterprise, is delivering a multi-year cybersecurity, controls and resilience programme aligned to NIST CSF v2.0 and ISO/IEC 27001:2022. They require an experienced, hands-on Infrastructure Engineer to design, implement and uplift infrastructure controls translating cyber security requirements into resilient, scalable and supportable technical implementations.

Scope of the role

• Secure infrastructure engineering design, build and enhance secure configurations (secure baselines, hardening, segmentation) across on-premise, cloud and hybrid environments.
• Remediate security findings arising from audits, risk assessments and maturity reviews.
• Engineer and embed technical controls supporting NIST CSF and ISO/IEC 27001 objectives.
• Support security tooling integration (SIEM log sources, EDR/XDR dependencies, vulnerability tooling).
• Enable and validate security telemetry coverage audit policy configuration, log forwarding/collection, event quality (normalisation, time sync, enrichment).
• Deliver vulnerability, patch and configuration management end-to-end authenticated scanning enablement, triage, remediation, re-test and evidence of closure.
• Document exceptions and compensating controls where remediation is not immediately feasible.
• Support resilience, backup, recovery and availability improvements from a security perspective, plus control-evidence production and infrastructure-related incident remediation.

Essential experience

• Strong infrastructure engineering background across on-premise and/or cloud (OS, compute/virtualisation, storage, backup/recovery, enterprise networking).
• Implementing and maintaining secure build standards (hardening, baseline configuration, secure management access) and remediating configuration drift.
• End-to-end vulnerability management: scoping, authenticated scanning enablement, triage/prioritisation, remediation, re-test/verification and closure evidence.
• Translating vulnerability findings into practical fixes (patching, configuration, cipher/protocol updates) and coordinating maintenance windows.
• Solid patch management and lifecycle practice (testing, rollback, comms, risk assessment).
• Enabling security telemetry: onboarding/maintaining log sources, audit policy configuration, retention, and troubleshooting data quality/coverage.
• Working knowledge of identity and privileged access controls for infrastructure (directory services, service accounts, least privilege, PAM concepts).
• Working knowledge of network security controls (segmentation, firewalling, secure remote admin, DNS/DHCP hygiene, TLS/certificates).
• Implementing and evidencing IT controls (access, change, logging/monitoring, backup/restore testing) with audit-ready documentation.
• Operating within formal ITSM and change control (incident/problem/change) with risk-based change assessment.
• Strong documentation, evidence discipline and stakeholder communication.

Desirable

• Engineering controls mapped to recognised frameworks (NIST CSF, ISO/IEC 27001) with evidence collection.
• Cloud security engineering (Azure and/or AWS) IAM guardrails, workload logging, policy-as-code, hybrid connectivity.
• Automation/scripting (PowerShell, Bash) and IaC / config management (Terraform, Ansible, DSC) and CI/CD patterns.
• Authenticated scanning at scale (credential vaulting, least-privilege scan accounts, rotation).
• Exception handling / risk acceptance processes and compensating control documentation.
• Endpoint/server/workload protection dependencies and resolving platform conflicts.
• Privileged access management uplift (tiering, admin workstations, just-in-time access, break-glass).
• Resilience improvements (recovery testing, backup hardening, ransomware recovery, DR inputs).
• Experience in large, distributed estates (multiple sites, WAN constraints, mixed legacy/modern platforms).
• Relevant certifications (major cloud, networking, ITIL, or security engineering credentials).

Out of scope

• Acting as programme or project manager.
• Ownership of security policy or governance frameworks (beyond technical input/evidence).
• Day-to-day BAU incident management outside the agreed scope.
• Non-security / non-controls infrastructure work.

Working arrangements

Hybrid working (UK) a blend of remote and regular on-site presence at client offices. Essential equipment provided. Operates within a controlled enterprise environment with formal change, release and service management processes.