A large public finance organisation is building a robust hybrid cloud platform to host critical services and modernise how internal teams deploy and operate applications. This role focuses on cloud architecture and cloud security using AWS and infrastructure as code, working with CDK or CloudFormation and Terraform to define repeatable patterns and controls.
The mission
This assignment is part of a small core team (two senior cloud architects plus a medior cloud engineer) embedded with the organisation's ICT Service Operations and ICT Service Delivery pillars. The immediate project is to design and deploy a secure, scalable landing zone that links the cloud environment with on‑premise datacentres and supports production workloads under formal compliance requirements.
Day to day you will design and implement a secure landing zone and the organisation structure in IaC, define account-level controls such as SCPs, and put in place an Identity Center with an external SSO provider. You will also create CI/CD pipelines in GitLab, deliver golden path templates in Terraform or CloudFormation, and implement logging, archiving and backup strategies that meet NIS2 and ISO 27001 requirements.
Your responsibilities
- Design and deliver a secure, scalable landing zone that integrates two‑way networking with existing datacentres, reducing manual configuration and improving repeatability.
- Define and implement infrastructure as code patterns, producing golden path templates in Terraform or CloudFormation/CDK that teams can adopt.
- Implement identity and access controls, including an Identity Center and SSO integration, and apply Service Control Policies to enforce guardrails.
- Ensure cloud security and compliance, translating NIS2 and ISO 27001 requirements into automated checks, encryption rules and data classification policies.
- Build and maintain GitLab CI/CD pipelines to automate environment provisioning, testing and deployment, and enable observability with logging and archival pipelines.
- Share knowledge and upskill internal teams through documentation, templates and working sessions, accelerating adoption of the platform patterns.
Your profile
Essential skills
- Deep experience in AWS cloud architecture, including account strategy, networking and security controls.
- Proven ability to author infrastructure as code using Terraform and/or CloudFormation/CDK, producing reusable modules and templates.
- Practical knowledge of cloud security, identity and access management, SCPs and SSO integrations.
- Experience with GitLab CI/CD and automation of provisioning and deployment pipelines.
- Familiarity with Kubernetes and Java application deployment patterns is expected to advise platform consumers.
- Strong communication skills, able to translate compliance requirements into technical designs and coach other engineers.