IT Systems Engineer

As IT Systems Engineer (Level 2), you will be the senior hands-on technical resource within the team, acting as the primary escalation point for complex issues and taking direct ownership of platform administration across Azure/Entra ID, Exchange Online, Microsoft Intune, Defender, SharePoint, and Cloudflare DNS. You will supervise and mentor the Level 1 analyst, drive automation improvements, and play an active role in continuing to mature BGS's independent IT environment.

This role suits a technically confident engineer with strong M365/Azure hands-on experience who thrives where initiative is rewarded and the scope of impact is broad., Service Desk & Technical Leadership

• Handle IT support requests directly alongside the Level 1 analyst - this is a hands-on role and ticket work is a core part of it
• Take ownership of complex or time-sensitive incidents from the queue, applying deeper technical knowledge to drive faster resolution
• Act as the escalation point for issues beyond Level 1 scope, providing guidance and co-resolution rather than simply redirecting
• Review tickets regularly with the Level 1 analyst, using real cases to coach and develop their skills
• Contribute to service continuity planning and ensure coverage during peak periods or absences

Microsoft 365 & Azure Administration

• Administer Azure AD / Entra ID including user lifecycle, dynamic groups, Conditional Access policies, and Named Locations
• Manage Exchange Online configuration including transport rules, mail flow, shared mailboxes, and distribution lists
• Oversee Microsoft Intune device compliance policies, configuration profiles, and Autopilot deployment across Windows and mobile
• Administer SharePoint Online and Teams environments including site architecture, permissions, and governance
• Manage Microsoft Defender for Endpoint and Microsoft 365 Defender, including policy tuning and incident response

Infrastructure & Security

• Own DNS administration via Cloudflare, including record management and email authentication (SPF, DKIM, DMARC)
• Maintain and improve email security posture, monitoring deliverability and managing third-party filtering integrations
• Administer Azure App Services, Logic Apps, and related cloud resources supporting internal tooling
• Support network infrastructure including firewall policy review, VPN management, and office connectivity
• Conduct regular access reviews, enforce least-privilege principles, and contribute to security audit readiness

Projects & Automation

• Take an active engineering role in BGS infrastructure maturation - owning policy builds, automation rollouts, and platform governance
• Develop and maintain PowerShell and Microsoft Graph API scripts to automate repetitive administration tasks
• Contribute to the development and maintenance of internal IT tooling, including the HR Lifecycle automation platform built on Azure and the Anthropic Claude API
• Evaluate and implement new tooling or integrations (e.g. Jira Service Management, SSO via Entra ID) following a documentation-first approach
• Produce and maintain technical documentation, runbooks, and change records to support operational continuity, * A genuinely broad technical remit - owning enterprise cloud infrastructure, security, and automation for a growing energy business
• Direct involvement in maturing BGS's fully independent IT infrastructure, with real ownership of platform decisions
• Supervision of a Level 1 analyst with scope to shape team processes and support culture
• Exposure to AI-powered internal tooling built on Azure and the Anthropic Claude API
• Support for professional development and certifications (Microsoft, CompTIA, and others)
• Hybrid working from our London office
• A high-trust environment where your technical judgement is respected and your contributions are visible

Do you have experience in VPN?, Essential

• 3+ years in a hands-on IT engineering or senior support role within an M365/Azure environment
• Strong working knowledge of Azure AD / Entra ID: user lifecycle, groups, Conditional Access, MFA, and app registrations
• Demonstrable experience administering Exchange Online, including mail flow, transport rules, and email security (SPF/DKIM/DMARC)
• Experience with Microsoft Intune / Endpoint Manager: device compliance, configuration profiles, and Autopilot
• Proficiency in PowerShell scripting for administration and automation
• Solid understanding of networking concepts: DNS, TCP/IP, VPN, firewall principles
• Confident communicator able to translate technical detail for non-technical stakeholders

Desirable

• Hands-on experience with Microsoft Graph API (REST calls, app registrations, delegated/application permissions)
• Familiarity with Cloudflare DNS administration
• Exposure to Azure Logic Apps, Azure App Services, or equivalent automation/integration platforms
• Familiarity with Jira Service Management or similar ITSM platforms
• Microsoft certifications: AZ-104, MS-102, SC-300, or equivalent (or actively working towards)
• Experience with Python or other scripting languages for tooling and API integration work, * Technically self-sufficient, with a bias towards ownership and resolution rather than escalation
• Documentation-first mindset - prepares thoroughly and approaches production changes methodically and reversibly
• Comfortable operating as both an individual contributor and a peer mentor in a small team
• Calm and structured under pressure, able to manage competing priorities without losing precision
• Security-conscious by default, treating access governance and data protection as core responsibilities
• Curious and improvement-oriented, always looking to automate the repeatable and improve the maintainable

Brook Green Supply is a growing energy business based in London, operating its own fully independent Microsoft 365 and Azure infrastructure. The IT function is a lean, high-ownership team responsible for the full technology stack - from end-user support through to cloud identity, device management, security, and ongoing infrastructure programmes.