Windows Platform Security Engineer

Windows Platform Security Engineer | Systematic Hedge Fund – Up to £200k TC

A high-performance systematic hedge fund is seeking a Security & Platform Engineer (Windows Infrastructure) to design and secure the Windows and end-user platforms that support its trading and research environment. The team builds and maintains secure-by-design services across Azure, Microsoft 365, Entra ID, Intune, and Citrix VDI, ensuring the platform remains resilient, scalable, and fit for continued growth.

This role suits someone who enjoys deep technical ownership, combining strong Windows expertise with a security-first engineering mindset in a high-performance environment.

Role Overview

• Design and operate secure, highly available Windows platforms across Azure, Microsoft 365, Intune, Entra ID, and Citrix VDI.
• Own and evolve the Citrix DaaS / Virtual Apps & Desktops environment, ensuring performance, resilience, and security.
• Drive standardisation and hardening across Windows 10/11, VDI images, and cloud-hosted workloads.
• Embed secure-by-design principles into Windows, identity, endpoint, and VDI platform engineering.
• Implement and maintain endpoint and identity security controls, including Intune security baselines, Conditional Access, device compliance, and privileged access.
• Manage patching, updates, and lifecycle processes to meet security and operational standards.
• Build automation and infrastructure-as-code using PowerShell, Terraform, ARM templates, and related tooling.
• Reduce manual operations through repeatable, auditable automation and platform engineering.
• Act as an escalation point for complex issues across Windows, Azure, Citrix, identity, and endpoint platforms.
• Produce and maintain technical documentation, designs, and operational runbooks.

Requirements

• Strong hands-on experience engineering and securing Windows-based platforms in an enterprise environment.
• Extensive experience with Microsoft Azure, Entra ID, Microsoft 365, Intune, and Windows 10/11.
• Strong background in Active Directory, Group Policy, DNS, and identity services.
• Experience implementing endpoint security, Conditional Access, device compliance, and configuration hardening (CIS / Microsoft baselines).
• Advanced PowerShell scripting skills with a strong automation mindset.
• Experience with Terraform, ARM templates, and configuration or endpoint management tooling.
• Familiarity with Windows patching, lifecycle management, monitoring, and performance tuning.
• Able to collaborate effectively with Infrastructure and Security teams, balancing security, usability, and operational efficiency.

Company Highlights

• Technology-led culture – drives both trading and internal engineering investment
• c.1,000 employees – large enough for scale, small enough for meaningful individual impact
• Brand-new London HQ – core engineering and trading hub with free on-site gym
• Flat structure – direct access to senior engineers and C-level leadership
• Excellent Glassdoor ratings consistently quoting a strong work-life balance
• Strong Benefits: Free breakfast & lunch, 13% pension, year-one guaranteed bonus, allowance of work abroad days, private health, and more

#J-18808-Ljbffr…