Platform Engineer

We’re looking for a Platform Engineer to build and run the engineering foundations that let Cloud Gateway deliver productised managed services repeatably: infrastructure-as-code, CI/CD, automation, secure-by-default patterns, and observable, operable systems.

This role turns platform intent into working “golden paths” that reduce manual toil, increase change safety, and lower cost-to-serve across our Connect–Protect–Observe portfolio.

Key responsibilities

1) Infrastructure as Code and environment management

• Build and maintain IaC using Terraform/Pulumi (as appropriate) to provision platform components and shared services.
• Create reusable modules with clear inputs/outputs, versioning, testing, and documentation.
• Manage environments (dev/test/prod) and deployment safety (state, drift detection, rollbacks).

2) CI/CD and delivery automation

• Design and maintain CI/CD pipelines (GitHub Actions/GitLab CI or equivalent), including build/test/deploy and controlled promotion.
• Implement release patterns that support safe change (progressive delivery where relevant, gated approvals, reproducibility).
• Standardise pipeline templates so teams ship consistently, not bespoke.

3) Kubernetes and platform runtime operations

• Operate and improve our Kubernetes foundations (where used): cluster configuration, ingress, networking policies, secrets, upgrades, and workload deployment patterns.
• Provide secure, repeatable deployment scaffolding and “platform contracts” for Product Engineering teams.

4) DevSecOps and secure-by-design guardrails

• Embed security checks into pipelines: SAST/SCA, SBOM generation, image scanning, policy checks, provenance controls as applicable.
• Implement secrets management patterns and least‑privilege access for automation identities.
• Partner with Security Architecture to translate guardrails into implementable templates.

5) Observability and reliability engineering

• Instrument platform workflows and key components: metrics, logs, traces as appropriate.
• Create dashboards and alerts that reflect service reality; reduce noise and increase actionable signal.
• Contribute to incident response improvements: post‑incident actions, reliability backlog, automation for remediation.

6) Integration with ITSM and evidence‑by‑construction

• Integrate automation with Freshservice (our ITSM) so changes and fulfilment runs produce consistent tickets, approvals, and artefacts.
• Ensure every automated workflow generates audit‑friendly evidence (inputs, approvals, outputs, validation steps).

7) Enablement and documentation

• Produce practical docs: runbooks, “how‑to” guides, reference architectures, and templates.
• Coach teams on using the golden paths; improve adoption and reduce reliance on tribal knowledge.

Must‑have capabilities

• Strong hands‑on IaC experience (Terraform and/or Pulumi) and environment management discipline.
• Practical Kubernetes experience (deployments, networking/ingress, secrets, upgrades; not just “used it once”).
• Operational mindset: observability basics, incident empathy, change safety, rollback thinking.
• Security fundamentals in practice: secrets handling, least privilege, supply chain awareness, secure defaults.
• Strong written communication and documentation habits.

Nice‑to‑have

• Experience in regulated/public sector environments
• SRE practices: SLOs/SLIs, error budgets as a concept, postmortems, toil reduction.
• Experience building reusable “secure‑by‑design” blueprints adopted across teams.
• Golang/Python proficiency for tooling, operators, custom exporters, and workflow glue.
• Experience with progressive delivery tooling (ArgoCD/Argo Rollouts/Flux), service mesh/network policies, and secrets platforms (Vault/KMS).

Company Benefits

• Private medical insurance including dental and optical allowances
• Group income protection
• Life assurance
• 25 days holiday per annum, increasing one day each year of service up to 30 days
• Your birthday off each year in addition to annual leave
• Generous pension scheme which the company pays 7% into
• Quarterly all paid company socials from games nights to speed boats down the Thames!
• Learning & development budget (£1,000 annually)
• Wellbeing budget (£250 annually)
• Volunteering days at least twice a year
• Cycle to work scheme
• Enhanced Maternity, Paternity and Adoption Leave

Interview Process

• Screening call
• Online interview with the hiring manager
• Technical interview with multiple team members
• Culture interview with senior leadership

#J-18808-Ljbffr…