Skills

Python Bash PowerShell Risk Management Encryption Cloud Security GitHub GitLab CI/CD DevOps Kubernetes Monitoring Azure DevOps Azure Functions Performance Testing Stakeholder Management Networking Architecture Cloud Architecture git Azure AWS Analytics GCP Gitlab CI Kafka Terraform Prometheus Grafana GitHub Actions

Job Specifications

Objectives & Outcomes

Define and socialise target state architectures across Azure/AWS/GCP (networking, identity, landing zones, operations).
Deliver reference architectures and reusable patterns for containerised, serverless, and data workloads.
Establish/extend Cloud Landing Zones (policy, guardrails, RBAC, tagging, network segmentation).
Lead migration and modernisation (re‑host/re‑platform/re‑factor) for priority applications.
Implement IaC at scale (Terraform preferred; standard modules; pipelines).
Build observability (logs, metrics, traces, SLOs) and resilience (HA, DR, RTO/RPO).
Drive FinOps—cost transparency, budgets, showback/chargeback, right‑sizing.
Embed security‑by‑design and compliance (CIS, NIST, ISO 27001, FCA/NHS/PCI as applicable).

Key Responsibilities

Architecture & Design
Produce HLDs/LLDs, diagrams, ADRs, non‑functional requirements, and traceability to business goals.
Select and justify cloud services (compute, storage, data, AI/ML, integration).
Define multi‑cloud connectivity (hub‑and‑spoke, transit gateways, ExpressRoute/Direct Connect/Cloud Interconnect, SD‑WAN).
Design identity and access (Azure AD/Microsoft Entra, AWS IAM, GCP IAM; SSO; workload identities).
Platform Engineering
Standardise Terraform modules; enforce code quality, policy‑as‑code (OPA/Conftest/Azure Policy).
Build/optimise Kubernetes platforms (AKS/EKS/GKE), service mesh (Istio/Linkerd), ingress, and autoscaling.
Implement CI/CD (GitHub Actions/Azure DevOps/GitLab), environment promotion, secrets management, artifact repos.
Security & Compliance
Define guardrails (CIS benchmarks), cloud security posture management (Defender for Cloud, AWS Security Hub, GCP SCC).
Vaulting and KMS (AWS KMS, Azure Key Vault, GCP KMS), key rotation, data classification & encryption.
Threat modelling, zero trust patterns, vulnerability management, incident runbooks.
Data & Integration
Reference architectures for streaming/batch (Kafka/MSK, Event Hubs, Pub/Sub), data lakes, warehouses (BigQuery, Synapse, Redshift), ETL/ELT.
API strategy (APIM/API Gateway/Apigee), messaging (SQS/SNS/Service Bus/PubSub), event‑driven design.
Operations & Reliability
Observability stack (CloudWatch/CloudTrail, Azure Monitor/Log Analytics, Cloud Logging/Monitoring; Prometheus/Grafana).
DR/BCP architectures (cross‑region, multi‑region, backups, runbooks; tested failover).
Performance testing, capacity planning, SLO/SLIs, error budgets.
Governance & Cost
Landing zone governance, tagging/labels, budget alerts, reserved/savings plans.
Operating model definition (RACI), platform backlog, roadmap, and risk management.
Stakeholder Management
Run workshops, architecture reviews, and design clinics.
Collaborate with InfoSec, Network, Data, and App teams; mentor engineers.

Required Experience

8+ years in cloud architecture/engineering; 3+ years multi‑cloud across Azure, AWS, and GCP.
Proven delivery of enterprise landing zones, Kubernetes, IaC at scale, and secure network architectures.
Strong track record in app migration/modernisation and cost optimisation.
Comfortable in highly regulated environments (finance, healthcare, public sector) is a plus.

Technical Stack (Desired)

Cloud: Azure (Resource Manager, Entra ID, Policy, Monitor), AWS (EC2, VPC, IAM, TGW), GCP (VPC, IAM, Interconnect).
Networking: DNS, TLS/mTLS, BGP, NAT, WAF, CDN, private endpoints, service endpoints.
Compute/Containers: AKS/EKS/GKE, ECS/Fargate, VMSS/ASG, serverless (Lambda, Azure Functions, Cloud Functions).
IaC & Pipelines: Terraform (required), Terragrunt (nice), Helm, Kustomize, GitHub Actions, Azure DevOps, GitLab CI.
Security: Defender for Cloud, Sentinel, AWS GuardDuty/Security Hub, GCP SCC, OPA, HashiCorp Vault, KMS.
Data/Integration: Event Hubs/Kafka/PubSub, API Gateway/APIM/Apigee, Data Factory/Glue/Cloud Data Fusion, BigQuery/Synapse/Redshift.
Observability: Prometheus/Grafana, OpenTelemetry, CloudWatch, Azure Monitor, Cloud Monitoring, ELK/Elastic.
Scripting: Python/Bash/PowerShell; strong Git and code review practices.

Certifications (Nice to Have)

Azure: AZ‑305 (Architect), AZ‑400 (DevOps)
AWS: Solutions Architect Professional, DevOps Engineer
GCP: Professional Cloud Architect, DevOps Engineer
Security/Architecture: CISSP, CISM, TOGAF, CCSP
FinOps: FinOps Certified Practitioner

Soft Skills

Excellent communicator—able to translate complex architecture into clear, actionable plans.
Pragmatic, delivery‑focused, and comfortable with ambiguity.
Strong stakeholder management and mentoring capabilities.

Deliverables

Cloud Target Operating Model & reference architectures.
Landing zone designs and implementation (per cloud).
Network & identity blueprints and runbooks.
IaC repositories (Terraform modules, pipelines) with documentation.
Security patterns (guardrails, policies, encryption standards).
Observability standards (dashboards, alerts, SLOs).
Application migration plans (waves, dependency maps) and executed milestones.
FinOps reports and cost optimisation recommendation

About the Company

Experis is a global leader in IT professional resourcing, project solutions and managed services. As the need for IT skills accelerates, we help organisations transform their digital infrastructure, enterprise applications, cloud and cyber security. Through Experis Academy, we deliver the powerful combination of in-demand technical skills together with the soft skills that are critical for business success. Experis is part of ManpowerGroup, a Fortune 500 Global Business and world leader in innovative workforce solutions. Know more