Cloud Architect
Experis UK
- Oxford, England, United Kingdom
- Oxford, England, United Kingdom
Über
Define and socialise target state architectures across Azure/AWS/GCP (networking, identity, landing zones, operations).
Deliver reference architectures and reusable patterns for containerised, serverless, and data workloads.
Lead migration and modernisation (re‑host/re‑platform/re‑factor) for priority applications.
Implement IaC at scale (Terraform preferred; standard modules; pipelines).
Build observability (logs, metrics, traces, SLOs) and resilience (HA, DR, RTO/RPO).
Produce HLDs/LLDs, diagrams, ADRs, non‑functional requirements, and traceability to business goals.
Select and justify cloud services (compute, storage, data, AI/ML, integration).
Design identity and access (Azure AD/Microsoft Entra, AWS IAM, GCP IAM; SSO; workload identities).
Build/optimise Kubernetes platforms (AKS/EKS/GKE), service mesh (Istio/Linkerd), ingress, and autoscaling.
Implement CI/CD (GitHub Actions/Azure DevOps/GitLab), environment promotion, secrets management, artifact repos.
Security & Compliance
Define guardrails (CIS benchmarks), cloud security posture management (Defender for Cloud, AWS Security Hub, GCP SCC).
Vaulting and KMS (AWS KMS, Azure Key Vault, GCP KMS), key rotation, data classification & encryption.
Threat modelling, zero trust patterns, vulnerability management, incident runbooks.
Data & Integration
Reference architectures for streaming/batch (Kafka/MSK, Event Hubs, Pub/Sub), data lakes, warehouses (BigQuery, Synapse, Redshift), ETL/ELT.
Operations & Reliability
Performance testing, capacity planning, SLO/SLIs, error budgets.
Governance & Cost
Landing zone governance, tagging/labels, budget alerts, reserved/savings plans.
Operating model definition (RACI), platform backlog, roadmap, and risk management.
Stakeholder Management
Run workshops, architecture reviews, and design clinics.
Collaborate with InfoSec, Network, Data, and App teams; mentor engineers.
Required Experience
8+ years in cloud architecture/engineering; 3+ years multi‑cloud across
Azure, AWS, and GCP .
Proven delivery of
enterprise landing zones ,
Kubernetes ,
IaC
at scale, and
secure network architectures .
Strong track record in
app migration/modernisation
and
cost optimisation .
Comfortable in highly regulated environments (finance, healthcare, public sector) is a plus.
Technical Stack (Desired)
Networking:
DNS, TLS/mTLS, BGP, NAT, WAF, CDN, private endpoints, service endpoints.
Compute/Containers:
AKS/EKS/GKE, ECS/Fargate, VMSS/ASG, serverless (Lambda, Azure Functions, Cloud Functions).
Security:
Defender for Cloud, Sentinel, AWS GuardDuty/Security Hub, GCP SCC, OPA, HashiCorp Vault, KMS.
Scripting:
Python/Bash/PowerShell; strong Git and code review practices.
Certifications (Nice to Have)
AWS:
Solutions Architect Professional, DevOps Engineer
GCP:
Professional Cloud Architect, DevOps Engineer
Soft Skills
Excellent communicator—able to translate complex architecture into clear, actionable plans.
Pragmatic, delivery‑focused, and comfortable with ambiguity.
Strong stakeholder management and mentoring capabilities.
Cloud
Target Operating Model
& reference architectures.
Landing zone
designs and implementation (per cloud).
Network & identity
blueprints and runbooks.
IaC
repositories (Terraform modules, pipelines) with documentation.
Security patterns
(guardrails, policies, encryption standards).
Observability standards
(dashboards, alerts, SLOs).
Application
migration plans
(waves, dependency maps) and executed milestones.
FinOps
reports and cost optimisation recommendations.
KPIs / Success Measures
% workloads onboarded to landing zones with guardrails enforced.
Mean time to provision environments (baseline vs target).
% policy compliance (CIS/NIST) and critical vulnerabilities remediated.
Cost savings realised (rightsizing, reservations), forecast accuracy.
Uptime/SLO adherence and incident reduction.
Ways of Working
Hybrid:
2–3 days per week in Oxford; flexibility during key milestones.
Cadence:
Weekly architecture forum, sprint rituals with squads, monthly exec updates.
Documentation:
Diagrams (Draw.io/Visio), ADRs in Git, Confluence/SharePoint.
Tooling Access:
Provided by client (SSO, VPN, repositories).
Seniority level Mid-Senior level
Employment type Contract
Job function Other
Industries Construction
#J-18808-Ljbffr
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot stammt von einer Partnerplattform von TieTalent. Klicken Sie auf „Jetzt Bewerben“, um Ihre Bewerbung direkt auf deren Website einzureichen.