Cloud Platform Engineer

Title: Cloud Platform Engineer
Location: Remote
Duration: 6 months+
Compensation: $65-75/hour
Work Requirements: , Holders or Authorized to Work in the U.S. 

Cloud Platform Engineer

JOB DESCRIPTION / DUTIES
The Role
The Cloud Platform Engineer is the technical owner of the cloud landing zone estate and the workload subscriptions and accounts that sit on top of it. The role builds, maintains, and evolves the Infrastructure as Code that provisions every shared platform service, every governance control, and every workload landing zone across the global cloud footprint.
This role sits at the foundation of the global transformation programme. The Stabilize phase requires moving away from manual portal builds and routing all change through the repository, the pipeline, and the policy engine. Without disciplined platform engineering, the cloud estate accumulates drift, cost surprises, security exposure, and operational fragility. The Cloud Platform Engineer is the engineering counterpart to the Cloud Architect. Where the Architect sets the pattern, the Platform Engineer makes it real, repeatable, and version controlled.
The role primarily operates Azure as the strategic primary platform, while also covering AWS as the secondary platform where workloads remain or where workload teams have selected AWS for technical reasons. Working familiarity with Google Cloud Platform is desirable as a forward looking capability, recognising that the organisation is not currently operating Google Cloud Platform at scale. On the Azure side the role applies Azure Verified Modules, vWAN secure hub design, segmented DMZ patterns, Application Gateway with Web Application Firewall, Private DNS Resolvers, and ExpressRoute and Site to Site VPN connectivity. On the AWS side the role operates equivalent constructs including AWS Organizations and Control Tower, Transit Gateway, Direct Connect, and Identity and Access Management. The role works closely with Network, Identity, Cybersecurity, and FinOps to ensure landing zones are secure, observable, and cost transparent by default across providers.

Role Band
This role is sized to recruit at Mid level (four to seven years of cloud platform engineering experience with multi cloud exposure) or Senior level (eight years or more, with deep Terraform, Azure landing zone experience, working AWS coverage, and pattern ownership). The hiring manager will calibrate the offer to the candidate. Senior candidates are expected to set technical direction within their scope, mentor mid level engineers, and contribute to architecture decisions in partnership with the Cloud Architect.

Key Responsibilities
Infrastructure as Code Engineering

• Author and maintain Terraform modules: for shared platform services and workload landing zones, with a strong preference for Azure Verified Modules and consistent module interfaces across regions.
• Implement Bicep or ARM patterns: where Terraform coverage is incomplete or where native Azure feature parity is required.
• Operate the IaC repository: including module versioning, semantic versioning of releases, backward compatibility, deprecation policy, and consumer communications.
• Engineer reusable patterns: for management group hierarchy, subscription vending, resource group structure, naming, and tagging that scale across the global estate.
• Drive remediation of drift: between deployed state and IaC state through detection, reconciliation, and where required structured import of resources back under code control.

Multi Cloud Platform Coverage

• Operate the primary Azure estate: as the core focus of the role with full ownership of landing zones, platform services, and Infrastructure as Code modules across all global regions.
• Cover the AWS secondary estate: including landing zone equivalents, account structure, networking, identity, and core platform services for workloads that remain on AWS or that have selected AWS for technical reasons.
• Maintain working awareness of Google Cloud Platform: as a forward looking capability so the team is prepared to onboard the platform if and when a workload requires it. Active Google Cloud Platform operations are not in scope today.
• Engineer cross cloud consistency: in tagging, naming, identity integration, network connectivity, and observability so workload teams experience a coherent platform rather than disconnected ones.

Azure and AWS Landing Zone Operations

• Build and operate landing zones: for production, non production, sandbox, and platform subscriptions across multiple regions, ensuring consistent network, identity, monitoring, and security configuration.
• Provision and lifecycle manage: core platform services including Key Vault, Storage Accounts, Log Analytics workspaces, Application Insights, Private Endpoints, Private DNS zones, Application Gateway, and Azure Firewall where applicable.
• Integrate landing zones with the wider estate: via vWAN secure hubs, ExpressRoute circuits and gateways, Site to Site VPN, peering, and DNS resolution forwarding to and from on premises infrastructure.
• Support workload onboarding: including Kubernetes hosted machine learning and optimisation platforms with Cosmos DB, Azure Files, Azure Blob Storage, and Application Gateway integration.
• Engineer recovery and resilience: patterns including paired region replication, backup posture, and recovery testing through code.

Policy and Governance Enforcement

• Author Azure Policy and Initiative definitions: for region restriction, SKU restriction, encryption requirements, tagging enforcement, network controls, and resource type restrictions.
• Implement policy as code: with Open Policy Agent, Conftest, or equivalent for pre deployment policy validation in the pipeline.
• Engineer guardrails by default: into landing zone templates so that workload teams cannot deploy resources that violate enterprise standards without explicit approval.
• Operate the exception process: for policy waivers, ensuring exceptions are traceable, time bound, and reconciled at expiry.

FinOps Instrumentation

• Engineer cost allocation: by enforcing tagging at point of deployment for cost centre, application, environment, owner, and lifecycle expiry.
• Build cost dashboards: and exception reports using Azure Cost Management APIs, Azure Resource Graph, and Power BI or Grafana surfaces.
• Partner with FinOps Engineer and FinOps Business Partners: on commitment optimisation, right sizing analysis, and idle resource cleanup.
• Surface unit economics: of shared platform services so that consumption can be reported back to the business.

Reliability and Operational Excellence

• Define and maintain Service Level Objectives: for the Azure platform services owned by this role, partnering with the Site Reliability Engineer on instrumentation and error budget reporting.
• Engineer observability: into every deployed resource including diagnostic settings, log destinations, metric collection, and alerting.
• Author and maintain runbooks: for landing zone provisioning, decommissioning, incident response, and recovery.
• Participate in on call rotation: for the platform layer, including engineering driven first response to platform incidents.

Collaboration and Knowledge Sharing

• Partner with the Cloud Architect: to translate target patterns into working IaC modules and to feed lessons from operations back into the architecture practice.
• Support DevOps engineering colleagues: on pipeline integration, IaC validation, policy as code wiring, and release engineering for infrastructure changes.
• Contribute to internal enablement: including documentation, recorded walkthroughs, brown bag sessions, and onboarding material for workload teams consuming landing zones.
• Coach junior engineers: and review pull requests with a developmental focus.

Required Qualifications & Experience

• Education: Bachelor degree in Computer Science, Engineering, Information Systems, or equivalent practical experience.
• Experience: Four to seven years of cloud platform engineering experience for Mid level. Eight years or more for Senior level, with at least four years operating Azure at production scale.
• Terraform: Demonstrable production experience authoring and operating Terraform modules, with familiarity with state management, remote backends, workspaces, and module composition.
• Azure platform depth (primary): Strong working knowledge of Azure landing zones, management groups, RBAC, networking (vNet, vWAN, ExpressRoute, Application Gateway, Private DNS, Private Endpoints), and platform services (Key Vault, Log Analytics, Storage). Azure is the strategic primary platform and demands the deepest competence.
• AWS working knowledge (secondary): Production working experience with AWS landing zone equivalents (AWS Organizations, Control Tower or equivalent), core compute and storage services, networking (VPC, Transit Gateway, Direct Connect), and Identity and Access Management. Suitable for safely operating existing AWS workloads, not necessarily greenfield architecture.
• Google Cloud Platform awareness (emerging): Working familiarity with Google Cloud Platform terminology and core constructs is desirable as a forward looking capability. The organisation is not currently operating Google Cloud Platform at scale, so this is treated as upside rather than a hard requirement.
• Policy as code: Working experience with Azure Policy, Open Policy Agent, or Conftest.
• Container and Kubernetes familiarity: Working knowledge of Azure Kubernetes Service, container registries, and Helm based deployment patterns.
• Pipeline integration: Comfort operating IaC through GitHub Actions, Azure Pipelines, or equivalent CI / CD platforms.
• Scripting: Proficiency in PowerShell or Python for automation and tooling beyond IaC.
• Certifications: Microsoft Certified Azure Administrator (AZ-104) required. Azure Solutions Architect Expert (AZ-305) preferred for Senior. AWS Certified Solutions Architect Associate desirable. Terraform Associate desirable. AZ-400 DevOps Engineer Expert desirable for Senior.
• Source control discipline: Strong Git practice including branching strategy, pull request review, signed commits, and code ownership.
• Security awareness: Practical understanding of identity, secrets management, network segmentation, and shared responsibility model in Azure.
• Communication: Strong written and verbal communication, including the ability to translate platform decisions into business terms for non technical stakeholders.

Personal Characteristics & Behaviours

• Ownership: Takes accountability for end to end outcomes of the platform layer rather than only the tickets in front of them. Closes loops without prompting.
• Engineering rigour: Prefers small reviewed changes over large opaque ones. Treats infrastructure as a software engineering discipline, not a console activity.
• Pragmatism: Knows when a clean pattern is worth the investment and when a smaller fix is appropriate. Avoids over engineering.
• Curiosity: Reads the documentation and the source. Tries new cloud capabilities in a sandbox before recommending them, across all providers covered by the role.
• Collaboration: Works well across cybersecurity, network, identity, and application engineering boundaries. Comfortable being one voice in a room.
• Continuous learning: Maintains current knowledge of Azure and AWS platform releases and IaC ecosystem developments. Tracks Google Cloud Platform at a lighter cadence.

Travel Requirements
Limited international travel. Occasional travel to primary hub sites in Singapore and Dallas and major regional locations may be required to support workload onboarding, environment cutover, or in person collaboration with regional teams. Estimated travel commitment is up to ten percent.

 

Our benefits package includes: 

• Comprehensive medical benefits 

• Competitive pay 

• 401(k) retirement plan 

• …and much more! 

About INSPYR Solutions
Technology is our focus and quality is our commitment. As a national expert in delivering flexible technology and talent solutions, we strategically align industry and technical expertise with our clients'' business objectives and cultural needs. Our solutions are tailored to each client and include a wide variety of professional services, project, and talent solutions. By always striving for excellence and focusing on the human aspect of our business, we work seamlessly with our talent and clients to match the right solutions to the right opportunities. Learn more about us at inspyrsolutions.com.

INSPYR Solutions provides Equal Employment Opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. In addition to federal law requirements, INSPYR Solutions complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities.

#IND-TELECOM