Description
JOB TITLE: Lead Infrastructure Engineer – Web Access Protection
SALARY: £92,701 - £109,060
LOCATION(S): Leeds, Edinburgh, Manchester
HOURS: Full Time
WORKING PATTERN: Our work style is hybrid, which involves spending at least two days per week, or 40% of our time, at one of our office sites.
About this opportunity
The Chief Security Office (CSO) is a vital part of delivering the Group’s vision of putting customers at the heart of everything we do, helping Britain prosper and protecting the Group and our customers from security threats. We’re responsible for defining and communicating Lloyds Banking Group’s security strategy and providing critical Enterprise Security Services that not only operate the controls keeping the Group safe whilst also enabling the digital transformation agenda of the wider organisation.
Lloyds Banking Group seeks an innovative Lead Infrastructure Engineer to craft the future approach to securing our colleague and machine web-access journey within our Edge Security Lab, while driving the deployment and ongoing development of our SASE solution.
This role is ideal for senior engineering leaders with recent, hands-on technical experience, comfortable working directly with code, automation, and modern delivery pipelines. You’ll balance fostering engineering excellence across the team with providing strategic oversight and contributing directly to technical delivery!
This is a unique opportunity to lead a skilled team of engineers and product professionals, delivering security solutions that are scalable, resilient, and built for automation. We're looking for someone who combines deep technical expertise, a strong engineering mindset, and a collaborative leadership style, with the coding capability needed to work directly with modern engineering patterns and guide others through best practice implementation!
What you’ll be doing:
Technical Leadership
1. Providing hands-on DevOps engineering expertise, embedding modern practices such as Infrastructure as Code, Policy as Code, CI/CD, API‑driven automation, automated testing, and observability into all solutions.
2. Lead the development, build, and ongoing improvement of web access protection infrastructure. It supports every component of a new SASE solution, such as proxy services (forward/reverse), protected corporate browsers, and API traffic controls.
3. Define and evolve the infrastructure and security strategy related to internet connectivity, including B2B integrations and policy controls (“proxy” / browser).
4. Collaborate with product owners to shape the roadmap, with a focus on scalability, automation, and operational resilience.
5. Lead root cause investigations and remediation for major incidents, working with multi-functional security and platform teams.
Team Management
6. Line manage and coach a team of Engineers, promoting a high‑performance culture and developing their capability to adopt modern engineering practices - including moving from ClickOps to DevOps through automation, code‑driven delivery, and continuous improvement.
7. Set objectives, provide mentoring, and support continuous professional development.
8. Plan and lead team capacity, budgeting, and resource allocation to align with strategic goals.
9. Encourage experimentation, innovation, and adoption of modern engineering practices.
10. Open to challenges and to challenging the status quo.
Operational Excellence
11. Drive the transition away from managing services through third‑party portals, introducing policy‑as‑code and configuration‑as‑code to support automated, consistent, and scalable delivery.
12. Coordinate the delivery, monitoring, and continuous improvement of the SASE solution, secure enterprise browser, and machine‑traffic infrastructure.
13. Lead the incident and change management lifecycle for web access infrastructure services.
14. Ensure services are highly resilient, well‑documented, and aligned with compliance and audit requirements.
15. Maintain strong relationships with internal product teams and external vendors to ensure service quality.
Risk, Security & Compliance
16. Develop and implement security and access policies for web traffic, aligned to enterprise risk management frameworks.
17. Support detection and response efforts by integrating with SIEM and analytics platforms.
18. Maintain a strong balance between security and usability, particularly in the context of browser controls and user experience.
19. Participate in security reviews, risk assessments, and policy updates related to platforms providing web access.
Why join us?
We’re transforming at pace. Investing billions in our people, data and tech to change the way we meet the needs of our 28 million customers. We’re growing, and we’d love you to be part of the journey.
What we’re looking for:
20. Proven, hands-on modern engineering experience across infrastructure, policy and config as code, with recent delivery using CI/CD pipelines and tooling such as GitHub, Terraform and Python.
21. Leadership experience in infrastructure engineering with line management responsibilities.
22. Experience with secure web platforms (e.g., Zscaler, Palo Alto, Blue Coat, McAfee Web Gateways / SkyHigh etc.) and secure enterprise browsers (e.g., Chrome Enterprise, Island, Talon, Edge for Business).
23. Familiarity with security controls, data loss prevention, and browser isolation techniques.
24. Experience coordinating incident resolution and change processes within infrastructure or security services.
25. Strong stakeholder management and ability to influence product and platform strategy.
And any of these would be great:
26. Experience in regulated environments and responding to audits.
27. Participation in an on-call rota and supporting 24/7 services.
28. Security certifications (e.g., CISSP, CCSP)
This is a place for you
Our ambition is to be the leading UK business for diversity, equity and inclusion supporting our customers, colleagues and communities, and we’re committed to creating an environment in which everyone can thrive, learn and develop.
We provide reasonable adjustments throughout the recruitment process to reduce or remove barriers. Just let us know what you need.
We also offer a wide-ranging benefits package, which includes:
29. A generous pension contribution of up to 15%
30. An annual performance-related bonus
31. Share schemes including free shares
32. Benefits you can adapt to your lifestyle, such as discounted shopping
33. 30 days’ holiday, with bank holidays on top
34. A range of wellbeing initiatives and generous parental leave policies
Ready to make an impact? Apply today.
At Lloyds Banking Group, we're driven by a clear purpose; to help Britain prosper. Across the Group, our colleagues are focused on making a difference to customers, businesses and communities. With us you'll have a key role to play in shaping the financial services of the future, whilst the scale and reach of our Group means you'll have many opportunities to learn, grow and develop.
We keep your data safe. So, we'll only ever ask you to provide confidential or sensitive information once you have formally been invited along to an interview or accepted a verbal offer to join us which is when we run our background checks. We'll always explain what we need and why, with any request coming from a trusted Lloyds Banking Group person.
We're focused on creating a values-led culture and are committed to building a workforce which reflects the diversity of the customers and communities we serve. Together we’re building a truly inclusive workplace where all of our colleagues have the opportunity to make a real difference.