Cloud Platform Operations Engineer

O projekcie: The project involves transferring part of the infrastructure to the cloud. There are on-call duties (1 week per month). Frequent interventions are not expected. Wymagania: Cloud Platform & Architecture - Cloud platform expertise (OCI / AWS / Azure) - Secure provisioning & tenancy hygiene - Backup, DR, geo‑redundancy design - PaaS service management - Cloud governance & compliance frameworks Infrastructure as Code & Automation - Terraform (IaC, modules, drift control) - CLI / PowerShell automation - CI/CD for IaC with policy/test gates - Environment promotion workflows Security, Identity & Secrets - IAM architecture (SSO, federation, workload identities) - Conditional Access & JIT/PAM - Least‑privilege access patterns - KMS/HSM architecture - Secret lifecycle management (rotation, envelope encryption, scanning) - CSPM/CWPP tooling & security posture management Networking & Connectivity - VNet/VPC design & segmentation - Private links/endpoints & service endpoints - Routing, peering, DNS architecture - Global load balancing - Egress control & traffic governance Policy‑as‑Code & Guardrails - Azure Policy / Defender for Cloud - AWS SCPs / Config - OCI Policies / Cloud Guard - Enforcement of tagging, naming, quota & region standards Containers & Kubernetes - AKS / EKS / OKE operations - Cluster lifecycle & autoscaling - Admission controllers - Image signing & SBOM - Registry governance - Runtime hardening FinOps & Cost Governance - Cost optimisation & anomaly detection - Commitment planning (RI / Savings Plans) - Showback/chargeback models - Cost allocation tagging & policies Observability & Operations - Monitoring & observability tooling - ITSM automation - SLOs, error budgets, toil reduction - Runbook creation & incident command - Post‑incident review facilitation Migration & Platform Engineering - Cloud migration planning & execution - Data protection & residency compliance - Backup immutability & retention alignment - Standardisation into reusable blueprints Leadership & Enablement - Mentoring L2 analysts - Cloud build standards coaching - Troubleshooting guidance Codzienne zadania: - Lead the provisioning, management, and optimisation of cloud infrastructure and services (OCI, AWS, Azure, Native Services, IaaS, PaaS). - Oversee the deployment and configuration of public cloud resources, ensuring security, scalability, and cost efficiency. - Develop and maintain automation scripts and tools for cloud resource management. - mplement Infrastructure-As-Code approach and develop Terraform scripts for all cloud Infrastructure deployments. - Drive integration with DevOps workflows, supporting rapid deployment and continuous delivery. - Mentor and guide L2 Support Analysts, promoting knowledge sharing and skill development. Organize an On-Call rota for this area. - Lead cloud migration projects, ensuring minimal disruption and robust risk management. - Participate in governance, reporting, and service review meetings. - Establish and maintain cloud landing zones with policy‑as‑code guardrails (e.g., Azure Policy/Defender for Cloud, AWS Organizations/Control Tower SCPs, OCI Policies), including tagging, naming, quota, and region use standards. - Own identity and access standards (enforce least privilege, SSO, role mapping, privileged access break‑glass, workload identities) and key/secrets management (KMS/HSM, rotation SLAs, secret scanning). - Define and operate network reference architectures (hub‑and‑spoke, private endpoints, service endpoints, egress controls, DNS, global load balancing, cross‑cloud connectivity) with security baselines. - Lead container/Kubernetes platform operations (AKS/EKS/OKE): cluster lifecycle, node pools, autoscaling, admission control, image provenance, and supply chain security. - Own FinOps operations (allocation/chargeback, budgets/alerts, rightsizing, RIs/Savings Plans/Flexible commitments, lifecycle policies for idle/orphaned resources). - Maintain golden images/base templates and patch pipelines for compute/container runtimes; ensure vulnerability management and CIS/NIST/CIS‑benchmark alignment.