DEPARTMENT: Technology
LOCATION: Stamford Bridge, London
CONTRACT: Permanent, Full Time
Role Overview
We are looking for a Cloud & Infrastructure Engineer to join our Technology team. You will work across our cloud and on‑premises estate, supporting the design, deployment, and operation of infrastructure built on Microsoft Azure, Microsoft 365, Cisco networking, and Hyper‑V.
Working as part of a small, collaborative technology team, you will contribute to key projects including the migration from VMware to Azure and Hyper‑V, infrastructure‑as‑code development using Terraform and GitHub Actions, and the maintenance of security and governance standards aligned to Premier League Information Security Baselines and industry frameworks.
This is a hands‑on engineering role that requires strong technical breadth across cloud, networking, identity, and security – combined with the ability to work independently and take ownership of your own workstream.
We encourage you to apply as soon as possible. In the event that we receive a large number of applications, the position may be filled before the listed closing date. To avoid missing out, please submit your application at your earliest convenience.
Key Responsibilities
* Support the design and maintenance of Azure cloud architecture across the Azure Landing Zone, ensuring scalability, resilience, and cost efficiency within a hub‑spoke network topology
* Contribute to the migration of on‑premises VMware workloads to Azure IaaS and Hyper‑V, supporting planning, execution, and decommissioning of the legacy VMware estate
* Support the deployment and administration of the Hyper‑V virtualisation environment on new hardware for residual on‑premises workloads
* Administer and maintain on‑premises Windows Server infrastructure including Active Directory, Group Policy, DNS, DHCP, and patch management
* Design and manage Azure networking including VNets, peering, subnets, NSGs, firewalls, and hybrid connectivity
* Support the on‑premises Cisco network infrastructure including switching, routing, and troubleshooting across multiple sites
* Contribute to infrastructure‑as‑code standards using Terraform, with CI/CD pipelines via GitHub Actions and OIDC authentication
Infrastructure as Code & DevOps
* Develop, maintain, and version Terraform modules for Azure infrastructure provisioning and state management
* Manage GitHub Enterprise repositories, branch protection rulesets, and pull request workflows
* Build and maintain CI/CD pipelines using GitHub Actions with OIDC‑based authentication to Azure
* Enforce naming conventions, tagging standards, and policy compliance through code
Microsoft 365 & SharePoint
* Architect and administer the Microsoft 365 tenant, including Exchange Online, Teams, OneDrive, and SharePoint
* Design and govern SharePoint environments for collaboration, document management, and intranet use
* Drive adoption of M365 productivity tools, advising stakeholders on capability and best practice
* Manage licensing, tenant configuration, and service health
Network & Connectivity
* Perform basic Cisco switch and wireless access point troubleshooting, including connectivity checks, port resets, and escalating issues to the other engineers as required
* Carry out routine network tasks such as VLAN assignments, switch port configuration, and password resets on Cisco devices
* Assist with monitoring network alerts and raising incidents, including identifying common issues such as link failures or rogue devices using available management tools
* Follow documented procedures for basic Wi‑Fi support, including restarting access points, checking controller status, and logging faults for the other engineers to review
* Assisting the Infrastructure Team with on‑prem network upgrades
Security & Governance
* Collaborate with the deployment and configuration of Microsoft Purview for data governance, compliance, and information protection
* Collaboratively Administer and optimise Purview & Varonis for data access monitoring, risk detection, and remediation
* Configure and manage AvePoint for Microsoft 365 backup, migration, and governance policies
* Manage Microsoft Entra ID (formerly Azure AD) including identity governance, conditional access, and Privileged Identity Management (PIM)
* Administer Microsoft Intune for device management, compliance policies, and endpoint security across all platforms
* Develop and maintain security baselines aligned to CIS Benchmarks, NIST, Cyber Essentials or ISO 27001 frameworks
Stakeholder Engagement & Leadership
* Serve as one of the technical leads and subject matter experts for infrastructure and Microsoft technology decisions
* Produce architecture documentation, solution designs, and technical roadmaps
* Mentor junior engineers and promote knowledge sharing across the team
* Engage with vendors, partners, and auditors on technical matters
Skills & Experience
* Significant hands‑on experience in an infrastructure, cloud, or engineering role
* Deep expertise in Microsoft Azure including networking (VNets, peering, NSGs, firewalls), compute, storage, and security services
* Strong experience with Windows Server administration including Active Directory, Group Policy, DNS, and DHCP
* Hands‑on experience with Cisco networking – switches, routers, VLANs, and troubleshooting in a multi‑site enterprise environment
* Practical experience with VMware vSphere/vCenter in an enterprise setting
* Experience with Hyper‑V deployment, administration, and VM management
* Strong working knowledge of Microsoft 365 administration and architecture
* Experience designing and managing SharePoint Online environments at scale
* Proficiency with Microsoft Entra ID – SSO, MFA, Conditional Access, identity governance, PIM
* Hands‑on experience with Microsoft Intune for endpoint management and compliance
* Working knowledge of Microsoft Purview for data classification, DLP, and compliance
* Practical experience with Terraform for Azure infrastructure provisioning, including module development and state management
* Experience with Git‑based workflows, GitHub, and CI/CD pipeline development (GitHub Actions preferred)
* Experience working in a regulated, security‑conscious environment (sport, media, finance, or public sector)
* Experience with cloud migration projects using Azure Migrate or equivalent tooling
* Experience with Hyper‑V deployment and management in an enterprise setting
* Experience with Varonis Data Security Platform – DatAdvantage, Data Classification Engine
* Hands‑on experience with AvePoint products for M365 backup, migration, or governance
* Familiarity with Azure Landing Zone architecture patterns (hub‑spoke, management group hierarchy, Azure Policy)
* Awareness of data platform technologies such as Databricks, including integration with Azure networking and identity
* Microsoft certifications: AZ‑305 (Solutions Architect Expert), MS‑102 (M365 Administrator), SC‑400 (Information Protection)
* Cisco certifications: CCNA or CCNP
* PowerShell scripting and Azure CLI proficiency
* To embody the club’s BLUE behaviours (Brave, Lead, Unity, Edge) in the approach to work and interaction with others
* To adhere to the club’s policies and procedures, including Health & Safety, Financial Authorisation, Confidentiality and GDPR
* To act as an ambassador for diversity, equality, and inclusion, and demonstrate a positive commitment by treating others fairly in line with our Equality, Diversity & Inclusion Policy and reporting any acts of discrimination through appropriate channels
* To create a safe environment and act to protect all young people and vulnerable adults that are either in your care or attending club premises, and report any concerns to the Safeguarding Lead
* To report any misconduct or suspected misconduct to the HR Department
Our commitment to Equality, Diversity and Inclusion
At Chelsea we recognise that the diversity of our people is one of our greatest strengths and we are taking positive action to ensure our existing colleagues and job applicants can fully be themselves and bring their own unique experiences and perspectives to Chelsea FC. This means giving full and fair consideration to all applicants regardless of age, disability, gender reassignment, race, religion or belief, sex, sexual orientation, marriage and civil partnership, and pregnancy and maternity.
If you need reasonable adjustments made to the recruitment process, please reach out to your recruiter, who will be able to advise and support you.
Chelsea FC is fully committed to ensuring the safety and well‑being of all children, young people and adults at risk (vulnerable groups). We therefore require all successful applicants to complete a DBS Check prior to starting employment. Depending on the role, successful applicants may also be required to undergo other child protection screening where appropriate.
This Job Description is not intended to be exhaustive; the duties and responsibilities may therefore vary over time according to the changing needs of the Club.
#J-18808-Ljbffr