Senior Cloud Platform Engineer

As a Senior Cloud Platform Engineer, you’ll take ownership of day‑to‑day operations and deliver impactful projects across Azure and IaaS (Windows and Linux). You’ll enhance landing zones, build reusable modules, and drive automation to strengthen our cloud platform. Working closely with Dev Ops and SRE teams, you’ll implement secure, reliable, and cost‑efficient patterns, while mentoring engineers and promoting best practices. Your focus will be high‑quality execution, ensuring stability, performance, and compliance, while contributing to continuous improvement and collaborating across teams to deliver a scalable, resilient platform that powers business growth and innovation.

• Operate and improve Azure platform services and IaaS workloads across Windows and Linux for stability, performance, and compliance
• Implement hardening baselines and patch orchestration, and maintain desired state with DSC or Ansible
• Enforce secure RBAC, Azure Policy, and identity patterns with AAD and PIM across subscriptions and management groups
• Own observability runbooks and baselines, including alerting, metrics, logs, dashboards, backups, and DR drills to reduce MTTR
• Administer Windows Server (AD, GPO, IIS) and provide Linux support including systemd, patching, and log management

• Contribute to landing zones and reusable platform modules using Bicep and Terraform
• Implement secure connectivity per the platform blueprint: hub‑and‑spoke or vWAN, Private Endpoints, DNS, and hybrid links via Express Route or VPN
• Support VMware‑to‑Azure migrations from readiness through cutover, rollback, and DR patterns
• Deliver CI/CD pipeline templates in Azure Dev Ops or Git Hub Actions with policy gates, secrets scanning, and SBOM generation
• Enable the Internal Developer Platform to support IaC/CaC‑based self‑service environment provisioning

• Embed secure‑by‑default patterns, integrate Defender and Conditional Access, and shift‑left security for images and IaC in pipelines
• Apply SRE practices such as SLOs and error budgets, and codify operability standards for new capabilities
• Support Fin Ops guardrails with tagging, budgets, and alerts; analyse usage and implement cost optimisations without impacting SLAs

• Mentor and coach platform engineers through pairing, PR reviews, runbook creation, and knowledge sharing
• Partner with Dev Ops and SRE to standardise container and registry patterns for AKS or ARO, deployments, and environment parity across stages
• Contribute to technical governance forums, propose incremental improvements, and document decisions and reusable patterns
• Collaborate with Principals and architecture boards on architectural approvals where required

• Azure platform operations across enterprise IaaS and PaaS, including landing zones, subscriptions, RBAC, policy, and governance
• Strong Windows Server administration (AD, GPO, IIS) with practical Linux experience (RHEL/Ubuntu) for broader support
• Infrastructure‑as‑Code with Terraform and/or Bicep, using reusable modules and Git‑based workflows
• Configuration‑as‑Code with Ansible and/or DSC to maintain hardened, compliant desired state
• Automation and scripting with Power Shell and Bash, with Python desirable for tooling
• CI/CD using Azure Dev Ops or Git Hub Actions, including quality gates, secrets/security scanning, and SBOM generation
• Azure networking fundamentals: VNets, vWAN, Express Route, VPN, Private Endpoints, and DNS, plus hybrid connectivity patterns
• Containers and Kubernetes exposure (AKS or ARO), image registry practices, and environment provisioning/on‑demand environments
• Observability and reliability: monitoring, logging, alerting baselines, SRE concepts (SLOs, error budgets), backup/DR, and patch orchestration
• Security and compliance:
  Zero Trust, identity and access management (AAD, PIM), and integration with Defender and vulnerability scanning
• Cost optimisation using Fin Ops practices, tagging strategies, budgeting, and guardrails

• Experience supporting VMware‑to‑Azure…