Platform Architect

We are seeking a skilled Cloud Infrastructure Architect/Engineer to design, implement, and optimize scalable, resilient cloud environments across Azure and AWS. This role requires deep expertise in infrastructure automation, security governance, networking, landing zone design, guardrails, and multi-cloud architecture to support our strategic cloud initiatives and establish secure, compliant cloud foundations.

• Architect highly available, fault-tolerant multi-cloud solutions aligned with business objectives and cloud governance standards

• Design and implement enterprise landing zones (AWS Control Tower/Organizations, Azure Landing Zones/Management Groups) and account/subscription baselines for secure, scalable on‑boarding

• Define and enforce guardrails using SCPs, Azure Policy, Azure Blueprints, AWS Config, Cloud Custodian, and policy-as-code to prevent risky configurations and ensure continuous compliance

• Develop technical documentation, architectural blueprints, landing zone runbooks, guardrail catalogs, and best practices for cloud adoption and operations

• Evaluate and recommend cloud services, managed offerings, and emerging technologies to enhance infrastructure efficiency and security posture

• Automate provisioning, scaling, and resource lifecycle management with Terraform (multi-cloud modules), Ansible, and CI/CD pipelines; maintain reusable IaC landing zone modules

• Build and maintain centralized logging, monitoring, and observability (CloudTrail, CloudWatch, GuardDuty, Security Hub, Azure Monitor, Azure Sentinel) in a secure, immutable audit account/subscription

• Collaborate with Business, Application, Operations, Network, and Security teams to troubleshoot AWS/Azure issues and implement governance controls across environments

• Work with Security and Compliance teams to design identity, encryption, access control, key management (AWS KMS, Azure Key Vault), secrets management, and regulatory compliance controls (SOC2, PCI-DSS, HIPAA)

• Work with Network and Security teams to design hybrid network architectures (hub-and-spoke, Transit Gateway, Azure Virtual WAN), VPCs/subnets, VPNs, Direct Connect/ExpressRoute, and network segmentation guardrails

• Develop and document load balancing, DNS, traffic routing, and egress control strategies to optimize performance and security

• Implement service control policies and approved service catalogs, standardized AMIs/container base images, and marketplace governance rules

• Lead incident response integrations, automated remediation playbooks, drift detection, and periodic compliance reporting for cloud estates

• Provide technical mentorship, deliver training on landing zones/guardrails, and collaborate with Infrastructure, Operations, and Security teams

• Participate in architecture reviews, SRE and FinOps discussions, and present solutions to leadership and stakeholders

• Stay current on cloud innovations, security trends, and industry advancements

Qualifications • Proven experience in infrastructure engineering & cloud architecture (Azure & AWS) with hands-on implementation of landing zones and guardrails required

• Expert-level Terraform development for multi-cloud automation; experience producing modular, tested landing zone modules required

• Hands-on IaC experience with Terraform, CloudFormation, or Azure ARM/Bicep; CI/CD integration experience required

• Proficiency in AWS/Azure CLIs, Python, PowerShell, or Bash scripting required

• Experience deploying and managing AWS Control Tower, Organizations, Azure Landing Zones, Management Groups, and policy frameworks required

• Strong knowledge of Azure Virtual Networks, Resource Manager, Active Directory/Azure AD, Key Vault, and Azure Policy required

• Expertise in AWS Transit Gateway, VPC design, Route Tables, Gateway Load Balancers, IAM, Lambda, KMS, and SCPs required

• Knowledge of hybrid cloud connectivity, VPN, Direct Connect, ExpressRoute, network security, and optimization required

• Experience with centralized logging, monitoring, threat detection (GuardDuty, Sentinel), and compliance automation required

• Expertise in secrets management, KMS key policies, encryption standards, and data protection required

• Familiarity with container orchestration (Docker, EKS, AKS), cloud-native monitoring (CloudWatch, Azure Monitor), SRE practices, and FinOps preferred

��� Hands-on experience with compliance frameworks (SOC2, PCI-DSS, HIPAA), vulnerability management, incident response, disaster recovery, and business continuity planning preferred

• Strong communication skills, ability to produce clear runbooks and training materials, and experience presenting to technical and executive stakeholders required

• Bachelor’s degree in Computer Science, Engineering, or related field preferred