Infrastructure Cloud Engineer

Job Summary:
Creative Chaos is seeking a hands-on Cloud Engineer to design, automate, secure, and operate cloud workloads across Azure and AWS. This role owns core platform components including infrastructure as code (Terraform), Kubernetes (AKS/EKS), secure networking, CI/CD enablement, observability, and FinOps. You will work closely with DevOps, software, and web engineering teams to deliver resilient, scalable, and compliant cloud platforms. The ideal candidate is strong in multi-cloud architecture, Kubernetes operations, identity and access management, security guardrails, automation, and platform reliability—bringing a pragmatic, automation-first mindset to cloud engineering.

Key Responsibilities:

Platform Engineering

• Design and implement landing zones (hub-and-spoke, policy guardrails) across Azure and AWS.
• Build and maintain Terraform modules, workspaces, remote state, and automated environment provisioning (dev → prod).
• Operate and harden AKS/EKS clusters including node pools, autoscaling, ingress, image scanning/signing, and zero-downtime upgrades.
• Implement and enhance CI/CD pipelines (GitHub Actions, Azure DevOps, Jenkins) for build, test, scan, deploy, and gated promotions.
• Enable application platforms such as API Management/API Gateway, Azure Functions/AWS Lambda, and messaging services (Service Bus, SNS/SQS, EventBridge).
• Own observability across Azure Monitor, Log Analytics, App Insights, CloudWatch, X-Ray, and OpenTelemetry, ensuring actionable alerts, runbooks, SLIs/SLOs, and on-call participation.
• Drive FinOps practices including tagging standards, cost allocation, rightsizing, reserved instances/savings plans, egress optimization, and Well-Architected reviews.

Security, Governance & Operations

• Onboard logs/telemetry and integrate data sources with the SIEM.
• Implement and maintain security guardrails using Azure Policy, AWS Config, Defender for Cloud, Security Hub, GuardDuty, and WAF policies.
• Enforce least-privilege access across Entra ID (PIM, managed identities) and AWS IAM/Identity Center, including workload identity federation for CI/CD.
• Manage change control and audit processes through IaC-first workflows, along with runbooks and architectural decision records.
• Maintain patch and version hygiene for Kubernetes, node OS/AMIs, container images, and managed services, including automated drift detection.
• Lead incident investigations across Azure/AWS, perform RCA, and implement preventative controls (policies, guardrails, pipeline checks).
• Provide architectural input on security, reliability, networking, and cost during design reviews.