Cloud Platform Operations Engineer

The project involves transferring part of the infrastructure to the cloud with on-call duties (1 week per month) and infrequent interventions.

• Expertise in cloud platforms: OCI, AWS, Azure
• Experience with Infrastructure as Code, specifically Terraform (modules, drift control)
• Proficiency in CLI / PowerShell automation
• Knowledge of CI/CD pipelines for IaC with policy/test gates
• Understanding of IAM architecture including SSO, federation, workload identities
• Experience with Conditional Access, JIT/PAM, and least-privilege access patterns
• Familiarity with KMS/HSM architecture and secret lifecycle management
• Experience with CSPM/CWPP tooling and security posture management
• Skills in VNet/VPC design, segmentation, private links/endpoints, routing, peering, DNS, global load balancing, and egress control
• Knowledge of policy-as-code tools: Azure Policy, AWS SCPs, OCI Policies
• Experience with container and Kubernetes operations (AKS, EKS, OKE)
• Understanding of FinOps practices including cost optimisation, anomaly detection, commitment planning, and cost allocation
• Experience with monitoring, observability tooling, ITSM automation, SLOs, runbook creation, and incident management
• Experience in cloud migration planning and execution
• Ability to mentor L2 analysts and provide cloud build standards coaching
• Willingness to participate in on-call duties (1 week per month)

Cloud Platform & Architecture:

• Cloud platform expertise (OCI / AWS / Azure)
• Secure provisioning & tenancy hygiene
• Backup, DR, geo‑redundancy design
• PaaS service management
• Cloud governance & compliance frameworks

Infrastructure as Code & Automation:

• Terraform (IaC, modules, drift control)
• CLI / PowerShell automation
• CI/CD for IaC with policy/test gates
• Environment promotion workflows

Security, Identity & Secrets:

• IAM architecture (SSO, federation, workload identities)
• Conditional Access & JIT/PAM
• Least‑privilege access patterns
• KMS/HSM architecture
• Secret lifecycle management (rotation, envelope encryption, scanning)
• CSPM/CWPP tooling & security posture management

Networking & Connectivity:

• VNet/VPC design & segmentation
• Private links/endpoints & service endpoints
• Routing, peering, DNS architecture
• Global load balancing
• Egress control & traffic governance

Policy‑as‑Code & Guardrails:

• Azure Policy / Defender for Cloud
• AWS SCPs / Config
• OCI Policies / Cloud Guard
• Enforcement of tagging, naming, quota & region standards

Containers & Kubernetes:

• AKS / EKS / OKE operations
• Cluster lifecycle & autoscaling
• Admission controllers
• Image signing & SBOM
• Registry governance
• Runtime hardening

FinOps & Cost Governance:

• Cost optimisation & anomaly detection
• Commitment planning (RI / Savings Plans)
• Showback/chargeback models
• Cost allocation tagging & policies

Observability & Operations:

• Monitoring & observability tooling
• ITSM automation
• SLOs, error budgets, toil reduction
• Runbook creation & incident command
• Post‑incident review facilitation

Migration & Platform Engineering:

• Cloud migration planning & execution
• Data protection & residency compliance
• Backup immutability & retention alignment
• Standardisation into reusable blueprints

Leadership & Enablement:

• Mentoring L2 analysts

• Cloud build standards coaching

• Troubleshooting guidance

• Lead provisioning, management, and optimisation of cloud infrastructure and services (OCI, AWS, Azure, Native Services, IaaS, PaaS).

• Oversee deployment and configuration of public cloud resources ensuring security, scalability, and cost efficiency.

• Develop and maintain automation scripts and tools for cloud resource management.

• Implement Infrastructure-As-Code approach and develop Terraform scripts for all cloud infrastructure deployments.

• Drive integration with DevOps workflows supporting rapid deployment and continuous delivery.

• Mentor and guide L2 Support Analysts, promoting knowledge sharing and skill development.

• Organize an On-Call rota for this area.

• Lead cloud migration projects ensuring minimal disruption and robust risk management.

• Participate in governance, reporting, and service review meetings.

• Establish and maintain cloud landing zones with policy‑as‑code guardrails including tagging, naming, quota, and region use standards.

• Own identity and access standards and key/secrets management.

• Define and operate network reference architectures with security baselines.

• Lead container/Kubernetes platform operations.

• Own FinOps operations including allocation/chargeback, budgets/alerts, rightsizing, and lifecycle policies.

• Maintain golden images/base templates and patch pipelines for compute/container runtimes ensuring vulnerability management and compliance.

• Sport subscription
• Private healthcare
• Flat structure