IT Systems Engineer at Norton Blake, London Area, £Contract Rate

IT Systems Engineer (Level 2)

6 Months

£300 Outside IR35

Hybrid

About the Role

As IT Systems Engineer (Level 2), you will be the senior technical resource within the IT team, acting as the primary escalation point for complex issues whilst taking ownership of the Microsoft 365, Azure and security platforms that underpin the business.

This is a hands-on engineering role combining support, infrastructure administration, security, automation and platform governance. You'll work closely with the Level 1 Analyst, lead technical improvements, and play a key role in maturing BGS's independent IT environment.

We're looking for someone who enjoys solving problems, improving systems, automating repetitive tasks, and taking ownership of technology rather than simply maintaining it.

Key Responsibilities

IT Operations & Support

• Act as the senior escalation point for complex technical issues across the Microsoft estate.
• Handle support tickets alongside the Level 1 Analyst, taking ownership of incidents through to resolution.
• Mentor and develop the Level 1 Analyst through ticket reviews, coaching and knowledge sharing.
• Maintain service availability and contribute to operational continuity planning.

Microsoft 365 & Azure Administration

• Administer Microsoft Entra ID including user lifecycle management, Conditional Access, MFA, dynamic groups, RBAC and Identity Governance.
• Manage Exchange Online, including mail flow, transport rules, shared mailboxes, distribution lists and email security.
• Administer Microsoft Intune, Autopilot, compliance policies, configuration profiles and application deployment.
• Manage SharePoint Online and Microsoft Teams governance, permissions and site administration.
• Support Azure resources including subscriptions, resource groups, virtual machines and platform governance.
• Administer Microsoft Defender and related security tooling, including policy management and incident response.

Tenant Management & Security

• Own and maintain the organisation's Microsoft 365 and Azure tenant configuration, governance and security posture.
• Manage tenant-level administration including domains, subscriptions, permissions, governance policies and identity controls.
• Support Microsoft 365 and Azure tenant migration projects including user, mailbox, SharePoint, OneDrive, Teams and device migrations.
• Manage enterprise applications, SSO integrations, app registrations and third-party identity providers.
• Conduct access reviews, enforce least-privilege principles and maintain security governance standards.
• Manage DNS through Cloudflare, including SPF, DKIM and DMARC configuration.
• Support vulnerability remediation, audit readiness and compliance initiatives.

Projects & Automation

• Lead infrastructure improvement initiatives, platform governance and automation projects.
• Develop and maintain PowerShell and Microsoft Graph API automation scripts.
• Contribute to internal tooling and business automation platforms.
• Evaluate and implement new technologies, integrations and service improvements.
• Maintain technical documentation, runbooks and change records.

Skills & Experience

Essential

• 3+ years' experience in a hands-on IT Engineering, Infrastructure or Senior Support role.
• Strong Microsoft 365 administration experience including Entra ID, Exchange Online, Intune and SharePoint.
• Experience administering Conditional Access, MFA, RBAC and Identity Governance.
• Strong understanding of Microsoft Defender and security best practice.
• Experience supporting or participating in Microsoft 365 and/or Azure tenant migrations.
• PowerShell scripting and automation experience.
• Solid networking knowledge including DNS, TCP/IP, VPNs and firewall concepts.
• Strong troubleshooting skills and the ability to take ownership of technical issues.

Desirable

• Microsoft Graph API experience.
• Cloudflare DNS administration.
• Azure Logic Apps or Azure App Services.
• Microsoft Sentinel, Defender for Cloud or Microsoft Purview.
• Experience integrating third-party identity providers such as Okta or PingFederate.
• AZ-104, MS-102, SC-300 or similar Microsoft certifications.
• Python or other scripting languages.

Person Specification

• Takes ownership and sees problems through to resolution.
• Security-conscious with a strong appreciation for governance and risk.
• Comfortable balancing operational support with project delivery.
• Documentation-first and methodical in approach.
• Able to mentor others whilst remaining hands-on technically.
• Continuously looking for opportunities to improve, automate and simplify.