Network and Security Manager
Heathrow/Stafford/Hybrid (with travel to UK sites)
Hours: Full time, 37.5 hours per week
Salary: Competitive Salary DOE plus vehicle/vehicle allowance and company bonus
This is an incredible opportunity to work for a forward-thinking community equipment services provider, who'll support you to be the best you can be in your chosen field
Join us as our new Network and Security Managerat Medequip Assistive Technology Ltd and let us empower you to truly make a difference.
Our continued employee development programmes, internal training and exceptional leadership will give you the ability to continuously develop yourself professionally whilst providing person-centred support.
You'll be supported by an excellent team of professional and ever developing co-workers who all identify and align with Medequip's values.
Who are Medequip?
Medequip is the leading provider of medical equipment services to local authorities and the NHS across the UK, delivering a wide range of equipment and support to people in their own homes, keeping people independent for longer.
About the role
As the Network and Security Manager for Medequip Assistive Technology Ltd you will be accountable for the design, security, performance, and continuous evolution of network services across Medequip Assistive Technology and its group companies (Ross Care, Consolor). This includes all internal and external network infrastructures, SD-WAN, VPNs, Azure networking, firewall infrastructure, secure cloud interconnectivity, and third-party integrations
This is a hands-on technical role, requiring active involvement in design, configuration, troubleshooting, and delivery alongside leadership responsibilities
Your day-to-day responsibilities will include, but not be limited to:
* Work closely with IT Director, Head of IT and Innovation Lead to align with business goals and regulatory requirements when developing the Cybersecurity & Network Strategy.
* Anticipate future needs, threats, and opportunities
* Define and maintain a Network Architecture Blueprint, ensuring alignment with overall IT and security strategy.
* Lead the transition from legacy hub-and-spoke to full SD-WAN architecture, integrating regional depots, fulfilment centres, and home workers.
* Architect end-to-end hybrid connectivity (site-to-site VPNs, Azure vWAN, ExpressRoute, S2S tunnels), supporting multi-tenant 365 architecture and shared services.
* Plan and execute layered segmentation strategies across VLANs, firewalls, and access control layers to isolate workloads and departments securely.
* Work with the Head of IT and Enterprise Architect to align networking decisions with future cloud-native and SaaS application adoption.
* Take ownership of:
* On-premise switching, routing and wireless (Cisco, Meraki, Fortinet)
* SD-WAN and LTE/4G backup circuits
* VPN appliances and SSL remote access infrastructure
* Network visibility platforms (e.g., Meraki Insights, NetFlow, PRTG, Grafana Cloud)
* Azure-based networking (vNETs, subnets, NSGs, Azure Firewall, Private Endpoints)
* Develop and maintain full infrastructure-as-code templates (Bicep/Terraform) for deploying standardised cloud networking resources.
* Implement robust zero-trust policies and coordinate with Information Security Governance Committee (ISGC) on continuous security posture improvement.
* Own network-level controls for ISO 27001, DSPT, NHS Cyber Alerts, and Cyber Essentials Plus.
* Lead quarterly firewall rule reviews, pen test remediation workstreams, and site-level network audits.
* Deploy and monitor IPS/IDS and layer-7 firewall policies; respond to events in collaboration with SOC providers (e.g., Littlefish).
* Build towards network micro-segmentation, integrating NAC (e.g., Cisco ISE, ClearPass) and identity-aware access control with Azure AD.
* Own full-service KPIs and SLAs across MPLS/leased line/FTTP/4G failover circuits, prioritising 99.9% uptime and high QoE.
* Maintain and continuously improve network documentation, including CMDB integration, topology maps, port assignments, and device lifecycle tracking.
* Use synthetic testing and monitoring tools to proactively identify packet loss, latency, jitter, and bottlenecks.
* Manage strategic relationships with providers such as Kerv, BT, Vodafone, Daisy, and managed firewall partners.
* Lead technical scopes of work, renewals, and performance reviews with ISPs, managed services, and equipment vendors.
* Negotiate support and licensing contracts (e.g., Cisco SmartNet, Azure Bandwidth, SD-WAN subscriptions).
About you
Above all, you will identify and align with our company values:
* We keep our promises.
* We empower people to be accountable for their actions and performance.
* We help people with empathy, courtesy, dignity and kindness.
* We show respect and are trusted by our colleagues, suppliers and customers.
* We believe in teamwork and are passionate about our work.
* We encourage innovation and the development of technology.
* We embrace change and seek to achieve excellence.
* We deliver cost effective, efficient and safe healthcare solutions.
Qualifications and experience required.
* 8+ years' experience in enterprise network engineering or architecture, including multi-site environments.
* Proven experience with:
* Cisco/Meraki switching, routing and wireless
* SD-WAN solutions (e.g., Meraki SD-WAN, Fortinet, Cisco Viptela, or Azure vWAN)
* Cloud networking in Azure (inc. Private Link, ExpressRoute, NSGs, UDRs)
* Layer 7 firewall configuration, NAT, VPNs, and remote access solutions
* Design and document network solutions.
* Hands-on experience with Wi-Fi heatmapping, NAC, IP management, DNS, DHCP, and QoS.
* Confident with CLI, PowerShell, and infrastructure-as-code principles.
What we offer
* 33 days (inclusive of Bank Holidays)
* Company Bonus
* Car allowance
* Continued professional development, training and learning support and opportunities for career progression.
* Pension scheme
* Healthcare scheme
* Life assurance
* Cycle to work scheme
* Free eye test, provided by Specsavers
* 15% Manage At Home discount
* Care First employee assistance program including free counselling.
* Access to Perkbox discount platform
* Free DBS check
We welcome applications from all sections of the Community as an Equal Opportunities Employer. We are also happy to make any reasonable adjustments at any stage of the recruitment process should you need it, please let us know.
We take our data privacy seriously and commit to processing your data in line with GDPR guidelines. Medequip's Privacy Notice sets out the basis on which the personal data collected from you, or that you provide to us, will be processed in connection with our recruitment processes.
This role may be subject to an enhanced DBS disclosure and satisfactory references.
This role is not eligible for sponsorship. Candidates without satisfactory right to work in the UK are unlikely to be suitable.
Job Types: Full-time, Permanent
Work Location: In person