Senior Infrastructure Engineer - DfE - SEO (IT)

Please note - Nottingham, Leeds, Bristol and Newcastle currently have site controls in place. Therefore, these location options are only available to existing DfE employees already assigned to these office locations. The Department for Education is seeking to recruit IT Infrastructure Engineers to work across multiple endeavours, predominantly in the Microsoft Azure public cloud. We continually seek new & innovative opportunities in our cloud estate for efficiencies, economies of scale and new value to users across established cloud computing platforms to make them better for users, increase value for money and reduce complexity. Specialist Identity Infrastructure Engineers in the Department for Education design, build, operate and support the organisation's centrally managed Identity Directory Services that underpin the Department's Digital services. If you are successful, you will work within DfE's Cyber and Information Security division as part of a team providing specialist support including the following. Identity management and administration. Security, management, governance and automation of DfEs centrally managed Identity Directory Services, Microsoft Active Directory and Azure Entra. Includes design, build, operate and maintain core Directory Services, ensuring that they remain available, secure, and that they continue to meet requirements. Managed infrastructure and securing identity services. Build, operate and maintain cloud and on-premises infrastructure resources for business applications. Back-up and restore, security vulnerability management, capacity management, service optimisation, incident resolution, request fulfilment, service controls, and asset management. Service improvement. Develop new, and enhance existing infrastructure services within the identity workspace, managing processes to simplify infrastructure, enhance security, improve reliability & performance, avoid costs, scale & expand, prevent legacy, meet new requirements, or address emerging problem statements. Job description As a Senior Infrastructure Engineer specialising in Identity and Access Management, you will work within a team of security specialists and engineers maintaining, building and operating Directory Services solutions as directed and according to policy. You will: Provide management, administration, operation and maintenance of Active Directory, Azure Entra and Microsoft Certificate services. Manage IDAM related Azure services, such as Enterprise Applications and Identity Protection, advising and troubleshooting services. Manage and administer Service Desk queue specific to restricted identity and certificate requests. Assist in the development of upgrade plans and paths, future design, working with colleagues across wider DfE family. Contribute to business cases for new technology or refresh within Identity and Cryptography, including analysis of existing technologies, development of proposals for change and improvement. Undertake management of activities for securing Directory Services, enhancements and system changes including assessment of risks. Troubleshoot Directory Services risk assessments, implementing changes to address known risks. Liaise with business colleagues on release planning and scheduling of Directory Services integrated solutions, including communication of progress. Ensure that post release reviews are conducted. Advocate user-centric, agile approaches which focus on rapid, effective delivery of high-quality digital services. Work with and support third parties in providing infrastructure services. Work with technical and security architects to translate architectural designs into operations. Share knowledge of tools and techniques with the wider team and community, growing awareness, inclusivity and balance. Take a proactive role in the identification, evaluation and management of appropriate changes to team managed services (including automation). Security Vetting If you are successful, you must be prepared to undergo the Security Check (SC) clearance process. Please see the guidance for further information. Person specification Essential Criteria: Experience of building, managing, configuring and maintaining Microsoft Identity and Access Management systems and services including Active Directory, Azure Entra and Microsoft Certificate services. Experience of applying security management to identities, such as role-based access control, disaster recovery, Local Administrator Password Solution (LAPS), security log monitoring, patch management, policy-based security settings, authentication methods, external identities, privileged identity management, identity protection, identity score remediation. Experience of building, configuring, operating and maintaining infrastructure resources in Microsoft Azure environments such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), commercial-off-the-shelf (COTS) software, tenants, management groups, subscriptions, identity & access, network topology and connectivity, certificate services, cryptographic key management, availability & performance monitoring, developer collaboration software, virtual desktop, virtual machines and update management. Experience of using automation techniques to configure services, automate processes and extract information. This may include using software, tooling, scripting and other automation techniques such as Azure Automation, PowerShell, Azure Command-Line Interface (CLI), JavaScript Object Notation (JSON), Bicep, Terraform, Python and Ansible. Experience of administering security controls, options and configuration settings to protect cloud computing services, and to mitigate against security threats and vulnerabilities. Experience of proactive problem management and troubleshooting ie availability and performance monitoring, reviewing incidents to spot patterns and trends, and breaking down IT infrastructure problems into component parts to identify and diagnose and remediate root causes. Desirable Criteria: Microsoft Azure verified credentials, certification or qualifications. Experience of building, managing, configuring and maintaining Public Key Infrastructure including offline root CA management, Issuing Server configurations and administration, distribution server management, certificate lifecycle management, certificate revocation list lifecycle management, Disaster Recovery. Experience of defining integration builds to combine IT infrastructure components to create a consolidated solution, and co-ordinating & testing build activities across systems. Experience of collaborating with, and conveying technical concepts to, both technical and non-technical stakeholders. An understanding of the benefits of service levels and service frameworks and how to operate within them to deliver, operate and maintain IT infrastructure services. Experience of working with and applying design standards, methods and tools; and developing systems designs for review to ensure the selection of appropriate technology, efficient use of resources and integration of multiple systems and technology. Experience of reviewing requirements and specifications, defining test conditions and analysing and reporting test activities and results. Desirable criteria will only be assessed at interview, in the event of a tie break situation, to make an informed decision.