Lead the design, delivery, and governance of secure, scalable hybrid-cloud infrastructure (Azure, AWS, GCP + on-prem VMware/Hyper-V), embedding DevSecOps practices across provisioning, automation, and compliance workflows. Provide technical leadership to a small infrastructure squad, manage customer-facing projects, and act as the primary stakeholder interface for infrastructure and security-driven initiatives.

Responsibilities:

• Architect and manage hybrid infrastructure (on-prem VMware/Hyper-V + Azure/AWS/GCP), embedding security at every layer — including virtual networks, subnets, firewalls, load balancers, DNS, and VPN connectivity.
• Provision and configure cloud resources via Azure Portal, AWS Console, or GCP Console, following Infrastructure as Code (IaC) principles (Terraform, Bicep, Ansible), with integrated security policies and automated compliance checks.
• Deploy and maintain compute platforms – IaaS, PaaS, and container services such as AKS, EKS, GKE, or OpenShift, implementing secure configurations, vulnerability scanning, and continuous security validation.
• Design and enforce robust security controls across IAM, encryption, network segmentation, and policy enforcement; collaborate closely with Security and GRC teams to support audits, threat modelling, and incident response.
• Continuously monitor system usage, cost, availability, and security posture, generating dashboards and right-sizing recommendations; execute patching, backup, and disaster recovery run-books with security hardening best practices.
• Lead automation of security into CI/CD pipelines (shift-left security), integrating static (SAST) and dynamic (DAST) integrating static and dynamic code analysis, secret detection, and compliance scanning to accelerate safe application delivery using DevSecOps toolsets (Git, Kubernetes, Docker).
• Drive continuous improvement and innovation by researching emerging cloud security and DevSecOps technologies; champion secure coding practices and automate security testing, document standards, and mentor peers on cloud security and DevSecOps methodologies.
• Lead and mentor the cloud infrastructure team with a security-first mindset, setting objectives, reviewing technical and security designs, and fostering skills growth in secure development operations.
• Manage stakeholders by running workshops with product owners, security, and external clients to translate business requirements into secure and compliant technical roadmaps.

Experience:

• 7–10 years designing and operating hybrid cloud and virtualized data-center environments with a strong focus on security integration.
• 3+ years leading teams and managing customer-facing projects, embedding security throughout delivery lifecycles.
• Proven track record delivering Infrastructure as Code automation (Terraform, Bicep, Ansible) and container orchestration platforms (AKS/EKS/GKE/OpenShift) with integrated automated security controls and compliance.
• Hands-on Windows & Linux server administration, backup/DR planning, and cost/performance optimization with emphasis on secure configuration and risk mitigation.

Skills and Competencies:

• Expert knowledge of at least one major cloud platform (Azure, AWS, or GCP) with deep specialization and security expertise.
• Deep understanding of virtual networking, firewalls, load balancers, DNS, VPN, and network security enforcement.
• Proficiency in DevSecOps toolchains: Git, CI/CD pipelines with integrated security testing (SAST, DAST), Kubernetes, Docker, and security automation frameworks.
• Skilled in scripting (PowerShell, Bash, Python) to automate infrastructure and security workflows, including vulnerability scans, secret detection, and compliance validation.
• Familiarity with identity federation, access management, and security protocols (Azure AD Connect, SAML, LDAP).
• Working knowledge of ITIL incident and change management processes with a focus on security incident response and risk mitigation.
• Strong analytical, documentation, and communication skills committed to advancing a security-first culture across teams.