Infrastructure Cloud Engineer

Location: Pakistan

Department: All Published Jobs

Workplace: remote

Description

Job Summary:
Creative Chaos is seeking a hands-on Cloud Engineer to design, automate, secure, and operate cloud workloads across Azure and AWS. This role owns core platform components including infrastructure as code (Terraform), Kubernetes (AKS/EKS), secure networking, CI/CD enablement, observability, and FinOps. You will work closely with DevOps, software, and web engineering teams to deliver resilient, scalable, and compliant cloud platforms. The ideal candidate is strong in multi-cloud architecture, Kubernetes operations, identity and access management, security guardrails, automation, and platform reliability—bringing a pragmatic, automation-first mindset to cloud engineering.

Key Responsibilities:

Platform Engineering

• Design and implement landing zones (hub-and-spoke, policy guardrails) across Azure and AWS.
• Build and maintain Terraform modules, workspaces, remote state, and automated environment provisioning (dev → prod).
• Operate and harden AKS/EKS clusters including node pools, autoscaling, ingress, image scanning/signing, and zero-downtime upgrades.
• Implement and enhance CI/CD pipelines (GitHub Actions, Azure DevOps, Jenkins) for build, test, scan, deploy, and gated promotions.
• Enable application platforms such as API Management/API Gateway, Azure Functions/AWS Lambda, and messaging services (Service Bus, SNS/SQS, EventBridge).
• Own observability across Azure Monitor, Log Analytics, App Insights, CloudWatch, X-Ray, and OpenTelemetry, ensuring actionable alerts, runbooks, SLIs/SLOs, and on-call participation.
• Drive FinOps practices including tagging standards, cost allocation, rightsizing, reserved instances/savings plans, egress optimization, and Well-Architected reviews.

Security, Governance & Operations

• Onboard logs/telemetry and integrate data sources with the SIEM.
• Implement and maintain security guardrails using Azure Policy, AWS Config, Defender for Cloud, Security Hub, GuardDuty, and WAF policies.
• Enforce least-privilege access across Entra ID (PIM, managed identities) and AWS IAM/Identity Center, including workload identity federation for CI/CD.
• Manage change control and audit processes through IaC-first workflows, along with runbooks and architectural decision records.
• Maintain patch and version hygiene for Kubernetes, node OS/AMIs, container images, and managed services, including automated drift detection.
• Lead incident investigations across Azure/AWS, perform RCA, and implement preventative controls (policies, guardrails, pipeline checks).
• Provide architectural input on security, reliability, networking, and cost during design reviews.

Requirements

• Bachelors in IT, CS or related field
• Minimum 5 years of related experience
• Hands-on production experience in both Azure and AWS.
• Deep expertise in Terraform (modules, workspaces, state, policy as code).
• Strong Kubernetes operational experience (AKS/EKS), including Helm, ingress controllers, ACR/ECR.
• Solid networking fundamentals: VNet/VPC, routing, VPNs, Private Link/Endpoints, ExpressRoute/Direct Connect, load balancers, WAF, DNS.
• Strong identity & access management skills: Entra ID and AWS IAM, SSO/OIDC, secrets management (Key Vault/KMS).
• CI/CD implementation experience with GitHub Actions, Azure DevOps, or Jenkins; security gates and artefact repositories.
• Observability/SRE experience across metrics, logs, tracing, alerting, incident response, and post-mortems.
• Strong scripting abilities (PowerShell, Bash) and OS-level expertise across Linux/Windows.
• Experience with DR patterns (IaC rebuilds), HA architectures, RTO/RPO planning.

Desirable Skills

• M365 Conditional Access (global policies, break-glass, step-up).
• AWS landing zone tooling (Control Tower, IAM Identity Center, account vending/guardrails).
• Ability to read/maintain CloudFormation or Bicep where Terraform is primary.
• Web hosting experience: CDN/WAF (Front Door/CloudFront), TLS/PKI, caching, performance tuning.
• Data fundamentals: S3/Blob lifecycle, RDS/Aurora/SQL MI/Postgres, Redis/ElastiCache/Azure Cache.
• Kubernetes and supply-chain security: admission controls, image signing, SBOM.

Certifications (Preferred)

• Azure: AZ-104, AZ-305, AZ-500 (AZ-700/AZ-400 are a bonus).
• AWS: Solutions Architect – Associate; SA-Pro or DevOps Pro preferred; Security or Advanced Networking is a plus.
• Kubernetes/HashiCorp: CKA, Terraform Associate (CKS is a plus).
• FinOps: FinOps Certified Practitioner (bonus).