A major public sector organisation is strengthening its hybrid-cloud platform and needs senior cloud architecture expertise to design a robust, compliant landing zone. The work focuses on AWS native tooling and infrastructure as code, using Terraform and CDK/CloudFormation to codify account structures, security controls and CI/CD pipelines with GitLab, and to support Java and Kubernetes workloads.
The mission
The immediate project is to build a scalable, secure landing zone that connects the organisation's AWS environment with existing on‑prem datacentres. The technical landscape includes account structure and SCPs, an Identity Center with external SSO, centralized logging/archiving and backup strategies, encryption and data classification rules, and compliance with NIS2 and ISO 27001. You will work alongside internal ICT Service Operations and ICT Service Delivery teams and contribute to the organisation's cloud governance baseline.
You will join a small external team of two senior cloud architects and one medior cloud engineer that partners with several internal squads. Day to day you will design and implement IaC (Terraform, CDK/CloudFormation), author golden path modules, create GitLab CI/CD pipelines, configure network peering with on‑prem datacentres, and run knowledge transfer sessions so internal teams can operate and extend the platform.
Your responsibilities
- Lead the design and delivery of an AWS landing zone, producing reusable terraform golden path templates and IaC modules that other teams can consume
- Implement and enforce cloud security controls, including SCPs, Identity Center with external SSO, data classification, encryption rules and logging/archiving to meet NIS2 and ISO 27001 requirements
- Build and maintain GitLab CI/CD pipelines for infrastructure and platform code, ensuring repeatable, auditable deployments
- Design secure network connectivity in two‑way configuration with existing datacentres and validate routing, firewall and transit configurations
- Collaborate with platform, operations and application teams to onboard Java and Kubernetes workloads, documenting operational runbooks and delivering targeted knowledge transfer
- Validate backup and archival strategies and implement monitoring and alerting for platform health and compliance
Your profile
Essential skills
- Proven senior cloud architect experience designing enterprise AWS environments and landing zones
- Hands‑on expertise with terraform, CDK or CloudFormation for account structure and module development
- Strong cloud security and compliance background, familiar with NIS2 and ISO 27001 controls and application to cloud platforms
- Practical experience building GitLab CI/CD pipelines and automating infrastructure delivery
- Experience integrating Identity Center and external SSO providers, and implementing SCPs
- Familiarity with Kubernetes and Java application deployment patterns on cloud platforms
- Ability to explain architectural decisions to technical and non‑technical stakeholders and to run focused knowledge transfer sessions