Informacje o stanowisku

The project involves transferring part of the infrastructure to the cloud. There are on-call duties (1 week per month). Frequent interventions are not expected.

Cloud Platform & Architecture

• Cloud platform expertise (OCI / AWS / Azure)
• Secure provisioning & tenancy hygiene
• Backup, DR, geo‑redundancy design
• PaaS service management
• Cloud governance & compliance frameworks

Infrastructure as Code & Automation

• Terraform (IaC, modules, drift control)
• CLI / PowerShell automation
• CI/CD for IaC with policy/test gates
• Environment promotion workflows

Security, Identity & Secrets

• IAM architecture (SSO, federation, workload identities)
• Conditional Access & JIT/PAM
• Least‑privilege access patterns
• KMS/HSM architecture
• Secret lifecycle management (rotation, envelope encryption, scanning)
• CSPM/CWPP tooling & security posture management

Networking & Connectivity

• VNet/VPC design & segmentation
• Private links/endpoints & service endpoints
• Routing, peering, DNS architecture
• Global load balancing
• Egress control & traffic governance

Policy‑as‑Code & Guardrails

• Azure Policy / Defender for Cloud
• AWS SCPs / Config
• OCI Policies / Cloud Guard
• Enforcement of tagging, naming, quota & region standards

Containers & Kubernetes

• AKS / EKS / OKE operations
• Cluster lifecycle & autoscaling
• Admission controllers
• Image signing & SBOM
• Registry governance
• Runtime hardening

FinOps & Cost Governance

• Cost optimisation & anomaly detection
• Commitment planning (RI / Savings Plans)
• Showback/chargeback models
• Cost allocation tagging & policies

Observability & Operations

• Monitoring & observability tooling
• ITSM automation
• SLOs, error budgets, toil reduction
• Runbook creation & incident command
• Post‑incident review facilitation

Migration & Platform Engineering

• Cloud migration planning & execution
• Data protection & residency compliance
• Backup immutability & retention alignment
• Standardisation into reusable blueprints

Leadership & Enablement

• Mentoring L2 analysts
• Cloud build standards coaching
• Troubleshooting guidance

The project involves transferring part of the infrastructure to the cloud. There are on-call duties (1 week per month). Frequent interventions are not expected.

,[Lead the provisioning, management, and optimisation of cloud infrastructure and services (OCI, AWS, Azure, Native Services, IaaS, PaaS)., Oversee the deployment and configuration of public cloud resources, ensuring security, scalability, and cost efficiency., Develop and maintain automation scripts and tools for cloud resource management., mplement Infrastructure-As-Code approach and develop Terraform scripts for all cloud Infrastructure deployments., Drive integration with DevOps workflows, supporting rapid deployment and continuous delivery., Mentor and guide L2 Support Analysts, promoting knowledge sharing and skill development. Organize an On-Call rota for this area., Lead cloud migration projects, ensuring minimal disruption and robust risk management., Participate in governance, reporting, and service review meetings., Establish and maintain cloud landing zones with policy‑as‑code guardrails (e.g., Azure Policy/Defender for Cloud, AWS Organizations/Control Tower SCPs, OCI Policies), including tagging, naming, quota, and region use standards., Own identity and access standards (enforce least privilege, SSO, role mapping, privileged access break‑glass, workload identities) and key/secrets management (KMS/HSM, rotation SLAs, secret scanning)., Define and operate network reference architectures (hub‑and‑spoke, private endpoints, service endpoints, egress controls, DNS, global load balancing, cross‑cloud connectivity) with security baselines., Lead container/Kubernetes platform operations (AKS/EKS/OKE): cluster lifecycle, node pools, autoscaling, admission control, image provenance, and supply chain security., Own FinOps operations (allocation/chargeback, budgets/alerts, rightsizing, RIs/Savings Plans/Flexible commitments, lifecycle policies for idle/orphaned resources)., Maintain golden images/base templates and patch pipelines for compute/container runtimes; ensure vulnerability management and CIS/NIST/CIS‑benchmark alignment. Requirements: AWS, Azure, IaC, CI/CD, Terraform Tools: . Additionally: Sport subscription, Private healthcare, Flat structure.

Praca Warszawa

Warszawa - Oferty pracy w okolicznych lokalizacjach