Cloud & Systems Engineer

Working with the Head of IT and Cybersecurity, IT service providers, and the broader business, the Cloud & Systems Engineer is responsible for ensuring a stable, secure, and compliant cloud-based IT environment for our staff across the globe. The role is pivotal in meeting our SOC 2, ISO/IEC 27001:2022, and Essential Eight obligations while enabling a modern Microsoft 365 and Azure-first workplace.

Major Responsibilities 

TECHNICAL SUPPORT

• Plan, document, migrate, and deliver change management and post-implementation support for IT projects across cloud and on-prem services.
• Advise on secure configuration of the Microsoft 365 stack (Entra ID/Azure AD, Exchange Online, Defender, Intune, SharePoint/OneDrive, Teams).
• Coordinate and manage activities of local and overseas IT Service Providers to agreed SLAs/OLAs.
• Champion adoption of digital workplace practices, automation, and self-service.
• Partner with the business on cloud provider technology reviews and cost-optimization (FinOps basics). 

SECURITY & COMPLIANCE 

• Backups & Recovery: Policy-based backups for cloud and on-prem workloads; quarterly restore tests; maintain RPO/RTO targets and documented BC/DR playbooks.
• Vulnerability & Patch Management: Intune/Defender-anchored cadence for OS, apps, and firmware; SLAs by severity; application allow-listing where feasible.
• Hardening & Configuration: Apply CIS/Microsoft baselines for endpoints, browsers, and Office; restrict macros and legacy auth.
• Identity & Access: Enforce MFA and conditional access; least-privilege, JIT/JEA admin; quarterly access reviews; automated JML controls.
• Network Security: Zero-trust principles, segmentation, VPN/ZTNA, DNS filtering; periodic rule reviews and architecture diagrams kept current.
• Threat Protection & Monitoring: Operate Microsoft Defender XDR/Sentinel analytics, tune detections, triage alerts, and coordinate response with providers.
• Change & Release: Run change control with risk assessment, approvals, back-out plans, and post-change validation; retain records as documented information.
• Incident Management: Triage and remediate security events; maintain playbooks, evidence capture, legal/contractual notification paths, and PIRs.
• Asset & Vendor Management: Maintain asset inventory/SBOM; support supplier due-diligence, onboarding, and security clauses; monitor critical supplier controls.
• Cryptography & Data Protection: Enforce encryption in transit/at rest, DLP policies, sensitivity labels, and key-management practices.
• Compliance Evidence & Audits: Produce/maintain artefacts (policies, diagrams, SoA mappings, tickets, logs, test results) to support SOC 2, ISO 27001 internal/external audits, and Essential Eight assessments.

INFORMATION SECURITY MANAGEMENT SYSTEM SUPPORT (ISMS)

• Support the ISMS lifecycle: risk identification, assessment, and treatment planning; maintain risk register items relevant to infrastructure and SaaS platforms.
• Contribute to the Statement of Applicability (SoA) and keep control ownership, scope, and rationale current for technical controls (Annex A.5–A.8).
• Maintain and improve documented information (policies, standards, procedures, guidelines, records) in line with control A.5.32–A.5.36.
• Participate in internal audits and management reviews; track and close non-conformities and corrective actions.
• Ensure alignment of operational metrics and logs with audit sampling needs (traceability from policy → control → evidence).

OTHER

• Drive continuous improvement across technology, security, and service processes, document standards and playbooks.
• Contribute to monthly service and security reporting (SLAs, incidents, vulnerabilities, patch compliance, costs).
• Support business continuity and disaster recovery exercises; maintain DR playbooks and dependencies.

 

Qualifications, Skills and Experience

• Tertiary qualification in Information Systems, Computer Science, or related discipline (or equivalent experience).
• Demonstrable experience with:
  • Operating Systems & Platforms: Windows client/server, Azure, Azure AD/Entra ID.
  • Microsoft 365 & Security: Exchange Online, SharePoint/OneDrive, Teams, Intune, Defender (Endpoint/Identity/Office), Purview fundamentals.
  • Directory & Identity: Active Directory, Group Policy, SSO/SAML/OIDC, conditional access, MFA.
  • Networking: WAN/LAN, firewalls, VPN/ZTNA, DNS, DHCP, SD-WAN fundamentals.
• Strong troubleshooting skills; excellent prioritization and customer focus.
• Clear communication—translating technical concepts for non-technical audiences.
• Planning and time management to meet deadlines; high attention to detail.
• Proactive, responsive, flexible, and solution-focused; effective autonomously.
• Collaboration across cross-functional and geographically distributed teams.

Beneficial (non-mandatory) exposure:

Microsoft 365 Security, Sentinel/SIEM, MS Secure Score, DR, scripting/automation (PowerShell), Netskope, MDM for macOS/iOS/Android, experience supporting SOC 2 / ISO 27001 audits.

Demonstrable experience with:

• Operating Systems & Platforms: Windows client/server, Azure, Azure AD/Entra ID.
• Microsoft 365 & Security: Exchange Online, SharePoint/OneDrive, Teams, Intune, Defender (Endpoint/Identity/Office), Purview fundamentals.
• Directory & Identity: Active Directory, Group Policy, SSO/SAML/OIDC, conditional access, MFA.
• Networking: WAN/LAN, firewalls, VPN/ZTNA, DNS, DHCP, SD-WAN fundamentals.

Soft skills and ways of working:

• Strong troubleshooting skills; excellent prioritization and customer focus.
• Clear communication—translating technical concepts for non-technical audiences.
• Planning and time management to meet deadlines; high attention to detail.
• Proactive, responsive, flexible, and solution-focused; effective autonomously.
• Collaboration across cross-functional and geographically distributed teams.