Senior Infrastructure and Security Engineer

Posted 4 hours 33 minutes ago by Westminster Opera Co.

£125,000 - £150,000 Annual
Permanent
Full Time
I.T. & Communications Jobs
London, United Kingdom
Job Description
Senior Infrastructure and Security Engineer Job Introduction

Required for: as soon as possible

Location: Deans Yard - Westminster School

Contract: full-time, permanent

Salary:£58,000 to £62,000 per annum, dependent on experience

Benefits of working at Westminster include:

  • free School lunches when working on site
  • discretionary Christmas shut down period
  • free access to the School's leisure facilities, including a fitness gym (restricted hours)
  • Cycle to Work Scheme and season ticket loans following completion of our standard probation period
  • private medical insurance (opt in)

The deadline for applications is 09:00 on Monday 23rd March 2026. Interviews will take place in-person shortly after the closing date.

The Senior Infrastructure and Security Engineer is responsible for the stability, security and strategic development of the School's core IT infrastructure. The role provides technical leadership for network, firewall, server, cloud and identity platforms, ensuring they are robust, secure and aligned with safeguarding and cyber security best practice.

The postholder acts as the technical authority for infrastructure, overseeing standards, proactively identifying risks and driving enhancements that protect the School while supporting reliable delivery service.

Unlike infrastructure roles focused primarily on administration, this position carries accountability for how systems are designed, secured, maintained and improved.

Reporting to the IT Operations Manager (departmental oversight), the Senior Infrastructure and Security Engineer retains responsibility for the technical ownership, security and operational resilience of the School's core IT infrastructure, including networks, firewalls, servers, cloud platforms and identity services. In delivering this responsibility, the role provides day-to-day technical direction to the IT and Network Engineer to ensure infrastructure standards, resilience and security requirements are consistently applied. The role sets and maintains infrastructure standards, ensuring systems are secure, appropriately managed and aligned with cyber security and safeguarding requirements, and provides senior technical leadership for infrastructure strategy, risk reduction and continuous improvement.

Due to the nature of this role, they will be required to work on site at our main site in Dean's Yard with visits to our linked prep school, Westminster Under School, as required.

Role Responsibilities: Infrastructure Ownership and Assurance
  • Hold technical responsibility for the health, resilience and security of network, firewall, server and cloud infrastructure, including Azure-hosted servers, virtual machines and associated platform services
  • Define and maintain infrastructure standards, documentation and support models
  • Ensure platforms are appropriately patched, supported and lifecycle-managed
  • Oversee backup, disaster recovery and business continuity readiness
  • Own the configuration, governance and lifecycle management of Microsoft 365 (M365) services, including Exchange Online, SharePoint, Teams and OneDrive
  • Administer and develop Azure infrastructure, including virtual machines, virtual networks, Azure Active Directory / Entra ID, and resource group governance
Cyber Security and Safeguarding
  • Lead the continual improvement of the School's cyber security posture
  • Ensure infrastructure aligns with safeguarding obligations and recognised frameworks (e.g., Cyber Essentials / NCSC guidance)
  • Own vulnerability management, remediation planning and security configuration
  • Coordinate technical response to security incidents
  • Configure and manage Microsoft Purview, including data classification, sensitivity labels, data loss prevention (DLP) policies, information protection and compliance features across M365 and Azure
  • Manage Microsoft Defender for Endpoint, Defender for Cloud, and related services/tooling to detect, investigate and respond to threats
  • Administer Conditional Access policies, Multi-Factor Authentication (MFA), Privileged Identity Management (PIM) and Zero Trust controls across Azure AD / Entra ID
Technical Leadership
  • Act as the senior escalation point for complex infrastructure issues beyond third-line support
  • Provide guidance and mentoring to engineers and helpdesk staff
  • Review existing architecture and recommend improvements
Network and Platform Strategy
  • Ensure firewalls, segmentation, filtering and access controls are appropriately designed and maintained
  • Plan capacity, resilience and future infrastructure requirements
  • Evaluate new technologies and lead technical implementation
  • Design and maintain hybrid identity infrastructure, integrating on-premises Active Directory with Azure Active Directory / Entra ID via Azure AD Connect or equivalent
  • Oversee M365 tenant configuration, licensing management, Teams telephony (where applicable), and integration with on-premises and third-party systems
  • Manage Azure cost governance, subscription architecture and resource tagging to ensure cloud spend is controlled and aligned with operational requirements
Governance and Risk
  • Maintain accurate architecture diagrams and configuration standards
  • Conduct regular infrastructure health reviews
  • Identify single points of failure and technical debt
Project Delivery Lead infrastructure elements of major IT projects
  • Produce technical designs and implementation plans
  • Manage suppliers involved in infrastructure delivery
Hours of work

This is a full-time role of 35 hours per week, with a one-hour unpaid lunchbreak each day.

Working hours will fall within the 8:00 to 18:00 operational window, with specific start and finish times determined by service requirements and agreed with the IT Operations Manager.

The Senior Infrastructure and Security Engineer may be required to work out-of-hours when necessary to support planned maintenance, system upgrades or urgent issues. Where such additional work is required and has been agreed with the IT Operations Manager, appropriate time off in lieu may be granted. Time off in lieu is not automatic and applies only to significant additional hours worked by prior agreement or subsequent approval.

Equal Opportunities We are an equal opportunities employer. We therefore encourage candidates to apply irrespective of age, disability, marriage or civil partnership status, pregnancy or maternity, race, religion and belief, gender identity, sex or sexual orientation.

Safeguarding and Child Protection Westminster School is committed to safeguarding and promoting the welfare of children. Applicants must be willing to undergo child protection screening appropriate to the post, including checks with past employers and the Disclosure and Barring Service.