Responsibilities:
• Lead the provisioning, management, and optimisation of cloud infrastructure and services (OCI, AWS, Azure, native services, IaaS, PaaS).
• Oversee the deployment and configuration of public cloud resources, ensuring security, scalability, and cost efficiency.
• Develop and maintain automation scripts and tools for cloud resource management.
• Implement an Infrastructure-as-Code approach and develop Terraform scripts for all cloud infrastructure deployments.
• Ensure compliance with organisational policies, regulatory requirements, and best practices.
• Drive integration with DevOps workflows, supporting rapid deployment and continuous delivery.
• Manage cloud cost optimisation initiatives, monitoring usage and implementing savings strategies.
• Lead incident response and troubleshooting for cloud platform issues.
• Oversee backup, disaster recovery, and business continuity planning for cloud environments.
• Maintain comprehensive documentation of cloud architectures, configurations, and operational procedures.
• Mentor and guide L2 Support Analysts, promoting knowledge sharing and skill development. Organize an on-call rota for this area.
• Collaborate with application, security, and infrastructure teams to ensure seamless cloud operations.
• Conduct regular reviews of cloud resource utilisation and performance.
• Lead cloud migration projects, ensuring minimal disruption and robust risk management.
• Participate in governance, reporting, and service review meetings.
• Ensure alignment with SLA requirements for service levels, reporting, and compliance.
• Stay current with emerging cloud technologies and best practices.
• Manage vendor relationships and coordinate with third-party cloud providers.
• Support audit and compliance activities for cloud operations.
• Lead the response to audit findings, ensuring timely remediation.
• Drive continuous improvement in cloud platform operations.
• Establish and maintain cloud landing zones with policy-as-code guardrails (e.g., Azure Policy/Defender for Cloud, AWS Organizations/Control Tower SCPs, OCI Policies), including tagging, naming, quota, and region-use standards.
• Own identity and access standards (enforce least privilege, SSO, role mapping, privileged access break-glass, workload identities) and key/secrets management (KMS/HSM, rotation SLAs, secret scanning).
• Define and operate network reference architectures (hub-and-spoke, private endpoints, service endpoints, egress controls, DNS, global load balancing, cross-cloud connectivity) with security baselines.
• Lead container/Kubernetes platform operations (AKS/EKS/OKE): cluster lifecycle, node pools, autoscaling, admission control, image provenance, and supply chain security.
• Implement observability at scale (centralised logs, metrics, traces), integrate with SIEM/SOAR, and enforce runbook-driven incident response and post-incident reviews.
• Embed SRE practices (SLOs, error budgets, capacity policies, toil reduction), and automate health checks, drift detection, and remediations.
• Own FinOps operations (allocation/chargeback, budgets/alerts, rightsizing, RIs/Savings Plans/flexible commitments, lifecycle policies for idle/orphaned resources).
• Integrate IaC pipelines with pre-merge security and compliance testing (OPA/Conftest, static analysis, terraform validate/plan gates) and maintain drift detection with auto-remediation where safe.
• Maintain golden images/base templates and patch pipelines for compute and container runtimes; ensure vulnerability management and CIS/NIST benchmark alignment.
• Define RTO/RPO targets and participate in restore drills.
• Ensure CMDB/ITSM integration (auto-discovery, service mapping), event enrichment, and change automation (standard changes) with audit-ready evidence.
• Curate and operate a cloud service catalog (approved blueprints for common stacks), enabling governed self-service and faster time-to-value.

Requirements:
• Expertise in cloud platform management (OCI, AWS, Azure), including secure provisioning and tenancy hygiene.
• Skills in infrastructure automation (Terraform, CLI, PowerShell), Infrastructure-as-Code (IaC), and drift control.
• Knowledge of cloud cost optimisation and FinOps principles.
• Experience in backup, disaster recovery, and geo-redundancy for cloud environments.
• Strong understanding of network and security baselines for cloud resources.
• Proficiency in PaaS management, identity integration, and secret governance.
• Observability and ITSM automation skills for cloud operations.
• Migration planning and execution for cloud projects.
• Governance and compliance knowledge for cloud platforms.
• Ability to mentor L2 analysts in cloud build standards and troubleshooting.
• Hands-on experience with policy-as-code and guardrails (Azure Policy/Defender, AWS SCPs/Config, OCI Policies & Cloud Guard).
• Deep IAM skills (federation/SSO, workload identities, conditional access, JIT/PAM, least-privilege design patterns).
• KMS/HSM design and secret lifecycle management (rotation, envelope encryption, secret scanning tooling).
• Cloud networking patterns (VNet/VPC design, private links/endpoints, service endpoints, routing/peering, DNS, global load balancing, egress control).
• Kubernetes/container operations (AKS/EKS/OKE), admission controllers, image signing (SBOM), registry governance, autoscaling.
• SRE/operability practices: SLOs, error budgets, toil reduction, runbook creation, incident command, post-incident review facilitation.
• Security posture and compliance expertise: CSPM/CWPP tools, CIS/NIST/ISO mapping, vulnerability management, patch baselines, workload hardening.
• FinOps tooling (budgets, anomaly detection, commitment planning, showback/chargeback, cost allocation tags and policies).
• CI/CD for IaC with policy and test gates (terraform validate/plan, OPA/Conftest), and controlled promotion across environments.
• Data protection and residency awareness (encryption at rest/in transit, regional restrictions, backup immutability, retention law alignment).
• Strong documentation and coaching skills; ability to standardise patterns into reusable blueprints and service catalog items.