The Role
At SecureCloud+ We are seeking a highly skilled Infrastructure Engineer with expertise in Public Key Infrastructure (PKI), security integration, and high-availability systems. The ideal candidate will have a strong understanding of Microsoft technologies, including Active Directory (AD) and Exchange, as well as experience with virtualisation, storage, and backup strategies in enterprise environments. You will work on implementing and maintaining secure, scalable, and resilient infrastructures that support mission-critical services, ensuring compliance with best practices and security standards.
Role Responsibilities
Key responsibilities include, but are not limited to:
Microsoft Certificate Services (PKI):
Design, implement, and manage Microsoft Public Key Infrastructure (PKI) and integrate it with Hardware Security Modules (HSMs).
Disk Encryption & Key Management:
Implement and manage disk encryption services using KMIP-compliant solutions like CipherTrust. Ensure proper encryption key lifecycle management.
Active Directory & Group Policy Management:
Manage and configure Active Directory (AD) services including Group Policy, DNS, Domain Trusts, and Role-Based Access Control (RBAC).
Security Compliance & Hardening:
Implement security best practices using CIS Benchmarks. Identify and address security issues caused by hardening measures, providing necessary workarounds.
Vulnerability Management & Security Audits:
Oversee security scanning processes, ITHC (IT Health Checks), penetration testing, and ensure timely resolution of identified vulnerabilities.
Documentation & Design:
Create and maintain detailed low-level design (LLD) documents. Perform peer reviews of technical documentation to ensure accuracy and clarity.
SQL Server Administration:
Administer SQL Server 2019+ with a focus on high availability (HA) configurations like clustering and Always On availability groups. Manage security, backup, and maintenance plans.
Exchange Server (On-Premise):
Maintain high availability of on-premise Exchange environments, with a focus on Database Availability Groups (DAGs).
Windows Clustering Services:
Implement and maintain Windows Server clusters, specifically related to file servers, SQL Server, and Exchange.
VMware & Storage Management:
Manage and support VMware environments, VXRail infrastructure, and enterprise storage solutions (e.g., VSAN, NetApp, Dell EMC).
Backup Strategies:
Develop and maintain backup strategies for SQL, Exchange, and other critical systems. Understand the impact of backups, including log growth, on overall system performance.
Network Time Protocol (NTP):
Implement and maintain NTP solutions, ensuring time synchronisation across enterprise systems according to best practices.
Specialised Toolsets & Secure Environments:
Work with secure toolsets like Paradox & Becrypt for specialised environments. Understand data diodes and ImpEx tools for secure data transfer.
Education and Experience Requirements
As the Senior Infrastructure Engineer (On Prem), you will have:
Technical Expertise:
- Strong knowledge of Microsoft Certificate Services (PKI) and HSM integration.
- Experience with disk encryption using KMIP solutions (CipherTrust).
- Expertise in Active Directory (AD) management, including Group Policy, RBAC, DNS, and Domain Trusts.
- Hands-on experience with CIS Benchmarks, vulnerability management, and security issue remediation.
- Proficiency in designing and supporting SQL Server 2019+ environments, with a focus on HA (Always On, Clustering).
- Strong knowledge of on-premise Exchange Server (DAGs).
- Solid experience with VMware, VXRail, and storage solutions (VSAN, NetApp, Dell EMC).
- Familiarity with Windows Clustering, specifically for SQL, Exchange, and file servers.
- Understanding of NTP implementation and best practices.
- Experience with secure environments, data diodes, and specialised tools like Paradox & Becrypt.
Soft Skills:
- Strong communication skills for peer reviewing and creating technical documentation.
- Ability to work independently and as part of a team in a dynamic environment.
- Strong problem-solving skills and the ability to troubleshoot complex infrastructure issues.
Certifications:
Relevant certifications such as Microsoft Certified Solutions Expert (MCSE), VMware Certified Professional (VCP), Certified Information Systems Security Professional (CISSP), or equivalent are preferred.
UKSV is required for this position. Candidates must possess or be eligible to obtain clearance.
To be eligible for UKSV you must be a UK National and/or have been a UK Resident for 5+ years.
The Company
SecureCloud+ specialises in providing fully managed secure ICT services to the UK's Defence and Security sectors, as well as other government departments with complex and demanding security requirements. SecureCloud+ prides itself on its successful track-record of delivering real benefits to its customers, but also on its ethos of investing in its employees’ personal and professional growth.
Are you ready to embark on this exciting career opportunity? We look forward to welcoming you to our esteemed team at SecureCloud+.
Already work with us. Internal applicants please send your CV direct to recruitment.
SecureCloud+ is an equal opportunities employer and does not discriminate based on age, sex, colour, religion, race, disability, or sexual orientation. Our hiring decisions are based on an individual’s experience and qualifications for the job advertised.