Senior Infrastructure & Security Engineer

Commerce Decisions, part of Harris Computer Company are currently seeking an experienced Senior Infrastructure & Security Engineer on a full-time, permanent basis operating on a remote working model.

Commerce Decisions is part of Harris. Harris’ strategy focuses on acquiring software businesses, strengthening and managing them well, and growing them for the future. Our companies provide mission-critical software solutions to a global customer base across various vertical markets. We are part of Constellation Software Inc. (TSX: CSU), one of the world’s most active acquirers of software businesses.

Role Responsibilities

Infrastructure & cloud operations

• Design, implement and run cloud infrastructure across Azure and Oracle Cloud (OCI) spanning the UK and Canada, for high availability, scalability and security.

• Administer a mixed Linux and Windows server estate, plus Docker and Kubernetes workloads.

• Own deployment of monthly SaaS releases, updates and patches into Staging, internal and hosted customer environments (Dev produces the release package).

• Light MySQL maintenance: version upgrades, backup monitoring, replica health checks and tuning improvements.

• Manage internal IT assets and users via ManageEngine; monitor staff device patch status.

• Maintain internal servers and QA/test environments.

• Investigate and resolve infrastructure issues and bugs, supporting the wider engineering team.

Automation & modernisation (≈50% of the role)

• Lead the migration of manually-built Oracle Cloud environments onto Terraform and Ansible, with proper change management.

• Partner with Development to identify and build automation that improves releases and deployment. A key future initiative is building an installer to deploy updates remotely to self-hosted customers — replacing the time-consuming, costly on-site visits.

• Drive automation and modernisation as a continuous theme, treating infrastructure-as-code as the living source of truth for infrastructure state.

Security engineering

• Patch management across the estate.

• Maintain and improve hardened environments to CIS benchmarks – you’ll lead the technical hardening standards and drive their implementation.

• Threat-horizon monitoring: track IT news, vendor advisories, CVE feeds, NCSC and similar for issues relevant to our stack, and drive remediation.

• Operate security tooling (CrowdStrike, ESET, Rapid7, or equivalents): deploy agents, ensure coverage and updates, monitor dashboards, and triage and analyse alerts.

• Coordinate penetration tests end-to-end and own scoping — as the person with the deepest knowledge of our exposed attack surface — through execution, triage, remediation and evidencing closure.

• Author and review customer security questionnaires and bid responses about our hosting environments and security controls.

• Provide technical evidence and implement controls in support of ISO 27001 and Cyber Essentials Plus; occasionally contribute to MOD-aligned security responses (e.g. JSP 440, Secure by Design).

Networking

• Hands-on (and IaC) with Cloud based load balancers, SSL certs & ciphers, WAFs (configuration and management), security headers, network security groups and VPNs.

Resilience & business continuity

• Capacity monitoring and resilience planning; design for high availability and scalability (Kubernetes and similar), in collaboration with Development.

• Lead disaster-recovery and business-continuity capability: design it, test it regularly, and automate backup/restore and failover wherever possible.

• Build and maintain alerting and observability so the right people can see what they need — consolidating and improving across Grafana/Loki (application logs), ManageEngine log analytics (server logs) and PRTG (server sensors).

Documentation & operating rhythm

• Maintain infrastructure-as-code as the primary record of infrastructure state, supported by clear runbooks, operational processes and decisions in Confluence and Jira.

• Weekly tracking of work in progress and incoming work.

The successful candidate will have these skills and experience:

• Collaboration closely with R&D and Customer Support and Success teams to ensure the best outcomes for our customers

• Strong hands-on infrastructure/IT operations background across a mixed estate.

• Production experience with at least one major public cloud (Azure, AWS, OCI or GCP) and a strong grasp of the underlying concepts.

• Practical experience with Terraform, Ansible or similar in production.

• Confident administering both Linux and Windows servers.

• Solid understanding of containers and orchestration, Kubernetes in particular.

• Demonstrable networking skills: load balancers, WAFs, VPNs, security headers, network security groups.

• Practical security operations: patching, hardening (e.g. to CIS), vulnerability management, and operating endpoint/threat tooling and acting on what it surfaces.

• Experience coordinating penetration tests and driving triage and remediation through to closure.

• Experience designing for resilience, high availability and business continuity (backup/restore, DR, regular testing).

• Strong analytical and logical troubleshooting, root-cause discipline, you'll work methodically and effectively under pressure, knowing when to escalate.

• Genuine curiosity for emerging tools and technologies, including AI, and the confidence to adopt them and push improvements forward.

• Clear written communication — you'll draft answers to customer security questions and contribute technical evidence to audits.

• Eligible for and able to obtain UK SC clearance (broadly: UK residency for a defined recent period). Clearance is mandatory to access our hosted systems; we sponsor the process.

Desirable Skills & Experience

• Active SC clearance at point of hire.

• Hands-on Oracle Cloud Infrastructure (OCI).

• Direct experience with the specific security tooling: CrowdStrike, ESET, Rapid7.

• Octopus Deploy.

• ManageEngine.

• MySQL administration.

• Observability stacks: Grafana/Loki, PRTG.

• Experience migrating manually-built environments to infrastructure-as-code.

• Direct experience with ISO 27001, Cyber Essentials Plus and MOD frameworks (JSP 440, Secure by Design).

• Prior experience in a defence, government, or other regulated/secure environment.

Location

UK Based.

Travel – required to company offices, events, customer sites, partner sites, conferences, industry events, corporate events etc. as necessary

Benefits

Harris offers an extremely competitive UK employee benefits programme.

• 25 days holiday

• 5 Personal Days leave entitlement

• An annual Lifestyle Reward amounting £325 per annum/pro rata.

• Private medical and dental care

• Employee Share Ownership Plan

Supporting your application

Our recruitment process will comprise of interviews and, at times, a written exercise, an assessment day and/or a presentation. As an equal opportunities’ employer, we want to make sure we do all we can to make this a positive experience for you. When applying, please make us aware on your application of any adjustments or additional support we can provide you with before or on the day of an interview.