PURPOSE OF THE ROLE
The Senior Cloud & Cyber Engineer is responsible for designing, implementing, and maintaining secure cloud infrastructure and services. This role ensures the integrity, confidentiality, and availability of our organisation’s data and systems, while also driving innovation and efficiency in our cloud operations.
KEY RESPONSIBILITIES
* Cloud Infrastructure Security : Design, implement, and maintain secure cloud environments (Amazon Web Services - AWS, Azure, Google Cloud Platform - GCP) ensuring high availability, scalability, and security.
* Security Architecture : Lead the development of security architecture across cloud and on-premises environments, ensuring adherence to best practices and regulatory requirements.
* Security Monitoring & Incident Response : Oversee security monitoring processes, including proactive threat detection, intrusion prevention, and incident response. Lead investigations into security breaches and recommend corrective actions.
* Identity & Access Management (IAM) : Implement and maintain robust IAM strategies including role-based access control, multi-factor authentication, and secure Application
* Programmable Interfaces - API access across cloud environments.
* Compliance & Risk Management : Ensure the organisation meets compliance standards such as ISO 27001, General Data Protection Regulation - GDPR, Network Information Systems Regulations – NIS and others, conducting risk assessments and vulnerability audits regularly.
* Network Security : Design and implement network security controls such as firewalls, Virtual Private Networks, and network segmentation for cloud-based and hybrid environments to protect critical infrastructure.
* Security Policy & Governance : Define and maintain cloud and security policies, ensuring governance frameworks are followed across the organisation.
* Data Security & Encryption : Design and manage encryption solutions for data at rest and in transit, ensuring compliance with industry standards and regulatory requirements.
* Mentorship & Leadership : Provide technical leadership and mentorship to engineers and analysts, fostering a culture of security-first practices and continuous improvement.
* Continuous Improvement : Stay up to date with the latest cloud and security trends, threats, vulnerabilities, and technologies, applying that knowledge to improve the organisation’s security posture.
* Project Management : Oversee cloud and security projects from conception to completion, ensuring timely delivery and alignment with business objectives.
* Stakeholder Engagement : Collaborate with internal and external stakeholders to understand requirements and deliver solutions that meet their needs.
* Innovation : Drive the adoption of new technologies and methodologies to enhance our cloud and security posture.
* Budgeting : Develop and manage budgets for cloud and cybersecurity projects, ensuring cost-effective use of resources.
* Cost Optimisation : Identify opportunities for cost savings in cloud operations and security measures without compromising quality or security.
* Vendor Management : Evaluate and manage relationships with cloud service providers and security vendors, negotiating contracts and ensuring value for money.
Financial Management
Supervise the management of the day-to-day consumption of Microsoft Azure infrastructure and associated Enterprise subscription costs, £500k+ per year. Lead the creation of business cases to support and justify major investments in the expansion of new and existing services and platform(s)
People Management
Deputise for the IT Infrastructure Manager and provide management and support to the infrastructure team – IT Cloud Engineer, Cyber Security Analyst and others as the Team expands.
SKILLS, EXPERIENCE & KNOWLEDGE
The role will support, and when required, lead the delivery of IT infrastructure and security services to the Trust. This will need excellent planning, communication and management skills to ensure that the team deliver an effective and secure service. To be considered for this position you should possess the following skills and experience.
Essential
* 7+ years of experience in cloud engineering, security engineering, or a related role.
* Bachelor’s or master’s degree in computer science, Information Security, Engineering, or a related Technology based field.
* Proven experience building and securing cloud platforms and services (Amazon Web Service - AWS, Microsoft Azure, Google Cloud Platform - GCP).
* Experience in security architecture, incident response, and risk management.
* Deep and detailed understanding of cloud services (AWS, Azure, GCP) and cloud-native security tools.
* High level of proficiency in networking and security technologies (firewalls, Virtual Private Networks, Intrusion Detection Systems / Intrusion Prevention Systems – IDS/IPS).
* Hands-on experience with Identity and Access Management (IAM), encryption technologies, and secure Key Management Services (KMS).
* Expertise with automation tools and security framework practices.
* Experience with vulnerability scanning tools, Security Information and Event Management (SIEM) systems, and security monitoring platforms.
* Strong scripting and automation skills (e.g. Python, Bash, PowerShell).
* Extensive Cloud migration experience- moving both services and associated data from On-Prem to Azure / Microsoft 365
* Strong skills with Microsoft Active Directory, Azure Active Directory, Microsoft 365 and associated technologies.
* Understanding of end-to-end cloud infrastructure solutions and the relevant application overlays
* Excellent understanding of overall cloud infrastructure delivery lifecycle, supporting methodologies and their processes
* Familiarity of scripting and automation technologies, such as Terraform and Ansible.
* Proven experience in managing key technology suppliers and related contractual obligations in the delivery and management of Infrastructure and Security Services
* Leadership and mentoring skills, with the ability to guide junior engineers and promote best practices with the team.
Desirable
* Azure Certification: Solutions Architecture and Security
* Certified Information Systems Security Professional (CISSP)
* Certified Cloud Security Professional (CCSP)
* Certified Ethical Hacker (CEH) or similar certifications
* Knowledge of Microsoft Dynamics Finance Operations and Customer Engagement
* Experience of project delivery with a “DevOps” approach
* Knowledge of business change methods and techniques
* Knowledge and experience of Microsoft’s Power Platform
* Networking experience (Cisco Certified Network Associate - CCNA)
* Application packaging experience
* General understanding of the heritage environment, and the challenges and opportunities of the charity /” not for profit” sector.
The Key Responsibilities, Scope of Job, and Required Qualifications, Skills, Experience & Knowledge reflect the requirements of the job at the time of issue. The Trust reserves the right to amend these with appropriate consultation and/or request the post-holder to undertake any activities that it believes to be reasonable within the broad scope of the job or his/her general abilities