Cloud Platform Engineer

Position: Contract - Staff Cloud Platform Engineer
We are CARIAD, an automotive software development team with the Volkswagen Group. Our mission is to make the automotive experience safer, more sustainable, more comfortable, more digital, and more fun. To achieve that we are building the leading tech stack for the automotive industry and creating a unified software platform for over 10 million new vehicles per year. We're looking for talented, digital minds like you to help us create code that moves the world.

Together with you, we'll build outstanding digital experiences and products for all Volkswagen Group brands that will transform mobility. Join us as we shape the future of the car and everyone around it.

Role Summary:

The Cloud Platform Engineering role is responsible for designing, securing, automating, and operating a scalable, multi-tenant hybrid Azure and on-premises infrastructure environment. The position functions at a high level of technical ownership, leading major components of the Azure landing zone architecture and reusable platform patterns, Infrastructure as Code implementation, Zero Trust security controls, governance standards, and platform reliability strategies. The role partners cross-functionally with Engineering, Security, and Operations teams, serves as an escalation point for complex issues, and drives automation, compliance, resiliency, and continuous improvement across the organization's cloud and core infrastructure platforms.

Finally, the role acts as a technical lead within the Cloud Platform Engineering function; mentors other engineers and guides design reviews.

Role Responsibilities:

Cloud platform engineering and deployment (40%)

• Design, implement, and evolve secure, scalable, multi-tenant Azure platform solutions.
• Build and maintain landing zone building blocks (identity baseline, networking baseline, logging baseline) and reusable platform patterns to accelerate tenant onboarding.
• Implement Azure Lighthouse capabilities to support scalable multi-tenant operations and delegated administration.
• Integrate IAM solutions (e.g., SailPoint Identity Now or equivalent) for identity provisioning and lifecycle governance.
• Engineer secure hybrid cloud integrations between on-premises and Azure environments.
• Evaluate and implement Azure platform innovations and security best practices.
• Collaborate with engineering, Info Sec, and operations stakeholders to ensure technical alignment.

Infrastructure as Code (IaC) and automation (15%)

• Develop and maintain shared Terraform modules and ARM/Bicep templates that standardize approved platform patterns.
• Integrate IaC into CI/CD pipelines to enable automated, compliant infrastructure deployments.
• Define and implement tagging, naming, and configuration management standards.
• Automate shared services, networking configurations, RBAC policies, and platform governance controls.
• Maintain module versioning/release notes and migration guidance to drive adoption with minimal friction.
• Implement security validation tools within deployment pipelines.
• Apply version control and Dev Ops best practices to infrastructure delivery.

Security and compliance engineering (15%)

• Implement and maintain Azure RBAC, PIM, and Zero Trust controls across environments.
• Configure secure access models including JIT, NSGs, Key Vault, and conditional access.
• Automate security baselines using Defender for Cloud, Sentinel, and governance frameworks.
• Support audit and compliance activities in collaboration with Info Sec teams.
• Ensure platform security across hybrid cloud and virtualization environments.

Platform operations and reliability (15%)

• Engineer tenant provisioning workflows and onboarding automation.
• Build and maintain enterprise monitoring strategies for logs, metrics, and alerts across hybrid and multi-tenant environments.
• Design, implement, and maintain backup and disaster recovery (DR) strategies across cloud and on-premises infrastructure.
• Ensure regular backup validation, restore testing, and compliance with retention policies and business continuity requirements.
• Support distributed monitoring infrastructure across hybrid environments.
• Serve as escalation point for complex cloud and infrastructure troubleshooting.
• Maintain documentation, playbooks, and operational standards.
• Drive high availability, resiliency, and performance optimization.

Core infrastructure expertise (10%)

• Strong understanding of virtualization technologies (vSphere, vCenter, ESXi, Azure VDI).
• Administration of Windows, macOS, and Linux operating systems.
• Microsoft 365 (O365) administration experience.
• Active Directory (AD) and Azure AD (Entra ) administration.
• Networking fundamentals including DNS, VLANs, routing, firewalls, and hybrid connectivity.
• Experience in hybrid on-prem/cloud environments applying security and availability best practices.
• Proficiency in Python, Power Shell, and SQL scripting.

Change and incident management (5%)

• Participate in enterprise ITSM-aligned change management processes.
• Lead technical Root Cause Analysis (RCA) for critical platform incidents;…