Security & Platform Engineer

Role Overview

This position sits within a Windows Infrastructure team responsible for engineering and operating secure, scalable, and highly available Windows and end‑user platforms. The role has a strong focus on secure‑by‑design engineering across Microsoft Azure, Microsoft 365, Intune, and Citrix VDI. You will act as the security specialist for Windows and end‑user platforms, partnering closely with Security stakeholders to drive platform integrity and resilience.

Key Responsibilities

• Engineer, improve, and maintain a secure, scalable, and highly available Windows platform spanning Azure, Microsoft 365, Intune, and Citrix VDI.
• Take ownership of the Citrix DaaS / Virtual Apps & Desktops environment, driving performance, stability, and security.
• Lead the standardisation and hardening of Windows 10/11 builds, VDI images, and cloud‑hosted workloads.
• Embed secure‑by‑design practices across Windows, identity, cloud, and VDI engineering initiatives.
• Deploy and manage endpoint and identity security controls, including Intune baselines, Conditional Access, Entra ID protections, and device compliance/posture policies.
• Implement hardening frameworks using Group Policy, Intune, CIS/Microsoft baselines, and privileged access controls.
• Contribute to vulnerability remediation, secure configuration efforts, incident response, and audit/compliance requirements.
• Continuously improve performance, reliability, and cost efficiency across Azure, Microsoft 365, Intune, and Citrix estates.
• Develop automation and infrastructure-as-code using PowerShell, Terraform, ARM templates, and related tooling.
• Automate build, configuration, compliance, and validation processes across Windows and Citrix platforms.

Required Skills & Experience

• Strong grounding in security engineering across Windows and cloud platforms.
• Extensive hands-on experience with Azure, Entra ID, Microsoft 365, Intune, and Windows 10/11 in enterprise environments.
• Deep technical expertise in Citrix DaaS and Citrix Virtual Apps & Desktops.
• Strong knowledge of Active Directory, Group Policy, DNS, and related identity services.
• Experience with Autopilot and modern endpoint deployment models.
• Solid understanding of Windows patching, lifecycle management, and operational security best practices.
• Practical experience with Conditional Access, identity protection, device compliance, posture management, and secure configuration standards.
• Ability to implement and maintain hardening standards such as CIS benchmarks and Microsoft security baselines (GPO/Intune).
• Advanced PowerShell scripting and automation experience.
• Experience working with Terraform, ARM templates, and configuration management tooling (e.g., Ansible, MECM).