Logo for IMP Software

Head of Platform Engineering

Role overview

Qualifications

  • 5+ years running production SaaS systems, including incident ownership and response
  • Expert in Azure as our core cloud, with hands-on experience across Azure services
  • Strong containerisation skills and Azure networking
  • Deep security experience for cloud SaaS

Responsibilities

  • Own Azure infrastructure end to end and standardise infrastructure-as-code using Terraform/OpenTofu
  • Build a self-service developer platform and create guardrails for AI-first teams
  • Design, build and operate deep observability and alerting across the platform
  • Manage and develop the existing DevOps team into a high-impact Platform Engineering function

About the company

IMP Software logo

IMP Software

Trusted by multi-academy trusts to enable smarter financial management.

Company details

Company typeScaleup
Company size51 - 200

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Job Title: Head of Platform Engineering

Salary: DOE

Role Type: Hands-on leadership: around 80% technical, 20% leadership

About IMP

At IMP, we help Multi-Academy Trusts take control of their finances. Our MAT-first software is built by people who know the sector: former trust professionals, finance experts and product specialists. More than half of all MATs in the UK use IMP to plan with confidence and make smarter decisions.

We're independent, founder-led and growing fast. Investor-backed and ranked one of the UK's Top 25 Great Places to Work for mid-sized companies, we're investing significantly in R&D to build the next generation of our platform, one that scales across a growing suite of products.

The Opportunity

We're moving from an Azure PaaS .NET estate to a modern, modular, AI-first platform, built with small agentic delivery teams and designed to scale across multiple products.

The Head of Platform Engineering makes that possible. You'll own cloud infrastructure, CI/CD, observability, security, and reliability, and, just as importantly, the developer platform and guardrails that let our AI-first squads ship significant change quickly and safely.

This is a hands-on leadership role (around 80% technical, 20% leadership). You'll inherit a small DevOps team and develop it into a high-impact Platform Engineering function. You'll report to the CTO and work as a peer with the Head of Engineering and Lead Architect.

The Role

Platform and developer experience

Own Azure infrastructure end to end: subscriptions, networking, edge (Azure Front Door with WAF and CDN), Azure Container Apps, ingress, secrets, identity, and the base services everything sits on

Standardise infrastructure-as-code using Terraform/OpenTofu, with all changes Git-driven, reviewable and increasingly AI-assisted

Build a self-service developer platform that abstracts infrastructure complexity so engineering teams can focus on their products: service templates, starter repos, CI/CD pipelines and deployment automation

Create the guardrails that let AI-first teams move at speed without losing control: policy-as-code, automated quality gates and security scanning in pipelines

Work closely with the Lead Architect and the Architecture Working Group on platform architecture choices and create/maintain suitable platform documentation.

Reliability, observability and cost

Design, build and operate deep observability and alerting across the platform, so problems are spotted and triaged early

Set and operate to clear platform/infrastructure reliability and performance targets, with a proactive approach to capacity management

Lead platform incident management: act as incident commander when needed, run blameless post-mortems and make sure remediation lands

Design for high availability and disaster recovery, with rehearsed recovery procedures

Own cloud and AI cost governance: spend, environment hygiene, and visibility on model and agent usage

Security

Own the platform security posture end to end: identity and access, network segmentation, secrets, data protection, and vulnerability management, working with the Head of IT on corporate-side controls and cross-boundary incidents

Enforce zero-trust and private-by-default across the platform: managed identities everywhere, no long-lived keys or passwords, private networking with edge-only public entry, and least privilege as the default

Embed security into pipelines and infrastructure: SAST, DAST, SCA, IaC scanning, container image scanning, secrets scanning, and policy-as-code gates that block on critical findings

Own vulnerability management and threat detection for the platform: patching SLAs, CVE triage, Microsoft Defender for Cloud, security event aggregation, and evidence for audit and compliance (Cyber Essentials, UK GDPR) in partnership with the Head of IT

Design guardrails for AI-specific security risks: prompt injection defence, agent permission boundaries, and preventing model exposure to sensitive tenant data

Leadership

Manage and develop the existing DevOps team, growing it into a high-impact Platform Engineering function

Set the operating model: how the Platform team works with product squads, what it owns, and how it prioritises

Shift the culture from ticket-taking DevOps to Platform as a Product, serving internal customer teams

What Success Looks Like

Platform reliability: uptime against agreed SLOs is met, platform-caused incidents trend down, MTTR is short, and the incident management rota is sustainable.

Speed of safe change: infrastructure-as-code coverage approaches 100%, teams can stand up new services on the paved road in days, not weeks, and most do so without bespoke help.

Cost discipline: cloud spend is predictable and within budget, with clear visibility into per-product and per-tenant costs, model and agent spend, and unit economics that improve over time.

Security and compliance: critical vulnerability SLAs are met, secrets rotation and access reviews run on cadence, DR exercises are completed, and we go into audits without surprises.

Platform adoption: a measurable percentage of services run on the paved road, self-service capabilities expand quarter on quarter, and the team spends more time building improvements than firefighting tickets.

Team and capability: the DevOps team evolves into a high-impact Platform Engineering function, enabling us to hire and retain platform talent.

AI-first as the norm, not an experiment: infrastructure-as-code, deployments and routine platform work are built and maintained through agentic workflows under human review, manual toil shrinks every quarter with no loss of quality or control, and the platform team is the visible example of how AI-first engineering works at IMP.

What You'll Bring

Essential

5+ years running production SaaS systems, including incident ownership and response

Expert in Azure as our core cloud, with hands-on experience across Azure Container Apps, Azure Database for PostgreSQL and SQL Server, Azure Front Door (with WAF, CDN and managed certificates), Azure Service Bus, Cache for Redis, Key Vault, App Configuration, Blob Storage and Application Insights

Strong containerisation skills and Azure networking, with hands-on experience of Azure Container Apps (or equivalent managed container platforms)

Expert in infrastructure-as-code using Terraform/OpenTofu, with Azure DevOps and Git-based workflows

Strong observability and alerting: hands-on with OpenTelemetry and Application Insights, able to design, build and operate the depth of telemetry needed to run a mission-critical SaaS platform, with a proactive approach to capacity management

Hands-on experience with AI developer tooling (Claude Code, Copilot, Codex or similar), with a clear view on where AI accelerates platform work and what guardrails matter

Hands-on with multi-tenant SaaS isolation patterns (row-level security, shared-schema tenant partitioning, per-tenant storage containers, tenant-scoped cache keys)

Deep security experience for cloud SaaS: identity and access, network segmentation, secrets management, pipeline security (SAST, DAST, SCA, image and IaC scanning), vulnerability management and threat detection. Secure-by-design mindset, comfortable being personally accountable for the platform’s security posture

Track record of managing a team’s workload while mentoring and growing engineers

Strong communicator, comfortable working with product, engineering leadership and senior stakeholders

Nice to have

Policy-as-code experience (OPA, Azure Policy, Sentinel)

Experience navigating compliance frameworks (Cyber Essentials, ISO 27001 or SOC 2) as part of a platform team

Software supply chain security: SBOM, signed builds, image provenance, and dependency policy

Background migrating from PaaS to container-based architectures

.NET application hosting and deployment patterns

Building or transforming platform teams from the ground up

Familiarity with Dapr, KEDA or event-driven container workloads, plus Kubernetes background (useful since ACA runs on Kubernetes underneath)

Being a Legend at IMP

At IMP, we look for people who embody what it means to be a legend at work:

Owns it. Sees what needs to be done and acts without waiting to be asked.

Gets it done. Starts, ships, improves. Doesn't walk past problems.

Can be counted on. Consistent, high-quality work, and owns their mistakes.

Raises the bar. Always finds a better way and uses the best tools to do it.

Lifts the team. Makes colleagues, customers and the business better, without ego.

What We Offer

Competitive salary and benefits package

Fully remote role

The chance to build and shape a platform engineering function at a pivotal moment for the business

Funded CPD and professional development

Regular team socials and company events

Work with a passionate team solving real problems for the education sector

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Head of Technology Related jobs

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.