Infrastructure Engineer (Security Remediation)

Posted 9 hours 39 minutes ago by La Fosse Associates

Permanent
Not Specified
Other
London, United Kingdom
Job Description
Cloud & Infrastructure Engineer (Security Remediation)

Location: Liverpool Street office, 3 days a week
Duration: 3 months (initial)
Start Date: ASAP
Day Rate:£350 - £450 (Outside IR35)

We are seeking an experienced Cloud & Infrastructure Engineer to lead security remediation work across a multi-region Microsoft Azure deployment in a hybrid configuration with legacy Active Directory. This role follows a recent security review of Azure and AD platforms, with an emphasis on implementing security best practices and hardening configurations.

The successful candidate will work with autonomy, reporting progress clearly to the project manager and stakeholders. While the main focus will be remediation activities, there may be limited requirements to provide BAU backfill support for major incidents or planned leave (estimated 80/20 split).

Key Responsibilities

  • Remediate high-risk Azure security configurations (e.g., NSGs, exposed services, identity governance gaps).

  • Strengthen and modernize legacy on-premises Active Directory configurations, addressing encryption protocols, delegation settings, and privileged access controls.

  • Implement Zero Trust-aligned security controls across Azure and Entra ID, including Conditional Access, MFA enforcement, and policy hardening.

  • Apply security standards into Infrastructure-as-Code (Terraform) modules to embed best practices into future deployments.

  • Collaborate with internal teams to ensure alignment with governance, compliance, and audit requirements.

Essential Skills & Experience

  • Proven experience in Azure security configuration and remediation.

  • Strong understanding of hybrid identity models, including Entra ID (Azure AD) and legacy Active Directory.

  • Hands-on expertise with:

    • Conditional Access, Azure Policy

    • Windows Server (on-prem and in Azure)

    • Hyper-V, Dell server infrastructure

  • Strong understanding of CIS/NIST security benchmarks and Zero Trust principles.

  • Ability to work independently and communicate effectively with both technical and non-technical stakeholders.

Nice to Have

Experience or familiarity with:

  • Terraform (Azure deployment)

  • Microsoft Intune & SCCM

  • Sentinel (SIEM)

  • Qualys

  • Proofpoint

  • Palo Alto GlobalProtect