Senior Cloud Infrastructure Engineer (AWS)

The National Archives is the UK government's archive. Our Digital Archiving services are live and evolving-supporting the transfer, preservation and access of government records at national scale. Robust, secure cloud foundations are essential to keep these services reliable and safe. As our Senior Cloud Infrastructure Engineer (AWS), you'll take technical ownership of those foundations and raise our cloud engineering maturity across teams. What you'll do

• Design and improve secure AWS infrastructure that underpins Digital Archiving services-making change safe, repeatable and auditable with Terraform and automation.
• Create "secure by default" patterns and shared, repeatable environments that multiple teams can use with confidence.
• Bridge Digital Archiving, IT Operations and Security-turning constraints into practical guardrails and clear, plain English guidance.
• Mentor two DevOps apprentices and help build the next generation of cloud skills at TNA.

Team culture-how we work

• Our culture is shaped by staff and focuses on connection, belonging and meaningful recognition. You'll see this in cross organisation culture work, EVP development and recognition initiatives.
• We take hybrid/flexible working seriously and design roles so people can do their best work while meeting service needs.
• We're embedding Secure by Design across teams-early threat modelling, open design reviews, and practical guardrails that make secure the default. You'll help turn policy into usable
• Regular department sessions (demos, lunch and learns) and cross team updates keep work visible and encourage healthy challenge.
• We invest in early career talent (DevOps apprenticeships) and expect seniors to mentor-pairing on real work, building habits around IaC, reviews and clear documentation.

Why this is a great place to do this work

• Your decisions protect public trust and access to the record in a digital age-and sit at the heart of our 2025-2030 strategy to renew our technology and become the living digital archive of the state.
• We're strengthening cyber resilience and embedding Secure by Design ways of working; your craft directly shapes safer, more resilient services.
• Inclusion, wellbeing and recognition are part of how we work, not bolt ons.

Who this role would suit

• A senior AWS/platform/DevOps engineer who enjoys hands-on build as much as shaping patterns and guardrails.
• Someone who balances risk and usability, can explain trade offs clearly, and is comfortable influencing across teams.
• A natural coach or mentor who wants to help apprentices grow while lifting engineering standards department wide

SC clearance/willingness to obtain SC clearance will be required for this role. This requires candidates to have been resident in the UK for at least the past three years. Please do not apply if you have been resident in the UK for less than three years as your application will be rejected.

Working pattern & location Hybrid working with an expectation of being on-site at Kew around 60% of the time (more initially while you get set up).

Application process: Interviews: Interviews will be held on site and will include a technical test. It is likely that they will be held week commencing 4th May. Application: Please submit your work history and a response to the scenario question below (max 800 words). Use concrete examples and show your judgement.

Scenario A team has recently built AWS infrastructure for a new service as part of a four-week spike. As this was a prototype, the environment was created manually to save time, with members of the team have broad access. The prototype was a success, and the team have now been asked to productionise this service. You have been brought into the team to help them achieve this. Security has asked all teams to tighten IAM and avoid drift from Infrastructure as Code. Budgets are tight. You can involve others if essential, but there's no time for a large programme of work. What would you do? In your answer, demonstrate:

1. how you'd balance speed vs risk (what you'd do now vs later);
2. how you'd use Terraform/IaC to keep the environment repeatable and auditable (avoiding one offs);
3. a pragmatic access design (least privilege, auditable access; whether you'd allow a time boxed break glass and how you'd control it);
4. how you'd communicate the plan and trade offs to the team and security so everyone stays aligned., The National Archives (TNA) preserves the digital record of government for future generations. Our Digital Archiving services are live and evolving, supporting teams across Transfer, Preservation, Access, and Data - and they depend on robust, secure cloud infrastructure to keep them reliable and safe.

As a Senior Cloud Infrastructure Engineer (AWS), you will take technical ownership of the cloud foundations that underpin our services. You'll design and improve secure, repeatable infrastructure using Infrastructure as Code and automation, so teams can deliver confidently without workarounds or fragile bespoke setups.

This is a senior, impact-focused role. You will work across Digital Archiving, IT Operations and Security to solve complex cross-cutting problems, establish shared patterns and guardrails, and raise cloud engineering maturity across the department.

A key part of the role is mentoring two DevOps apprentices, helping build the next generation of cloud and infrastructure skills at TNA.

Role and Responsibilities

1. Build and improve our AWS foundations

• Design, implement and improve secure AWS infrastructure that underpins Digital Archiving services.
• Build and maintain Infrastructure as Code (Terraform) patterns that make change safe, repeatable and auditable.
• Use scripting and automation to reduce operational toil and remove recurring pain points for delivery teams.

2. Create repeatable environments and "secure by default" patterns

• Design and oversee shared, secure environments (for example test environments) that support collaboration across multiple teams.
• Establish practical guardrails for cloud identity and access so engineers can work securely without unnecessary barriers.
• Work with colleagues to standardise approaches so teams can move faster with confidence and consistency.

3. Bridge teams and influence outcomes (Band F scope)

• Act as a connector between Digital Archiving, IT Operations and Security - translating constraints and requirements into shared understanding and deliverable solutions.
• Explain technical and security requirements in plain language to both technical and non-technical stakeholders, helping people understand the "why" as well as the "what".
• Provide expert guidance and recommendations on infrastructure approaches, balancing risk, usability, and long-term sustainability.

4. Mentor and grow capability (including two DevOps apprentices)

• Mentor and support two DevOps apprentices, helping them develop technical skills, confidence, and strong engineering habits.
• Share knowledge through pairing, documentation, and lightweight coaching to strengthen cloud capability across the team.

Significant experience in cloud infrastructure / platform / DevOps engineering, with a strong focus on secure practices (e.g. least privilege access, secure configuration by default, automation with guardrails). Cloud architecture decision making experience: able to describe trade offs between approaches/services (e.g. reliability vs cost, managed vs self managed, speed vs risk) and how security considerations influenced the outcome. Hands-on AWS experience, including identity and access management patterns (e.g. access design, roles/policies, SSO/IAM patterns) and how you keep access auditable and maintainable. Infrastructure as Code and automation: strong proficiency with Terraform and scripting/automation (Python, Bash, or PowerShell), with an emphasis on repeatability and maintainability (e.g. modules, testing approaches, code review habits). Strong incident diagnosis/troubleshooting: confident tracing and debugging issues across cloud services, including where logs/metrics/traces go, what you look for, and how you work with teams to identify root cause and fix forward (not just quick patches). Ability to work across teams and stakeholders, influencing decisions and improving ways of working (e.g. introducing shared patterns, raising maturity, removing friction safely). Strong communication skills - explain technical concepts and security implications clearly to mixed audiences and produce usable guidance/documentation

Artificial Intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please visit the Civil Service Careers website where you can find further information on the use of AI in the application guidance section., * Significant experience in cloud infrastructure / platform / DevOps engineering, with a strong focus on secure practices (for example: least-privilege access, secure configuration by default, automation with guardrails).

• Cloud architecture decision-making experience: able to describe trade-offs between approaches/services (for example reliability vs cost, managed services vs self-managed, speed vs risk), including how security considerations influenced the outcome.

• Hands-on AWS experience, including identity and access management patterns (for example: access design, roles/policies, SSO/IAM patterns, and how you keep access auditable and maintainable).

• Infrastructure as Code and automation: strong proficiency with Terraform and scripting/automation (Python, Bash, or PowerShell), with an emphasis on repeatability and maintainability (for example: modules, testing approaches, code review habits).

• Strong incident diagnosis / troubleshooting capability: confident tracing and debugging issues across cloud services, including where logs/metrics/traces go, what you look for, and how you work with teams to identify root cause and fix forward (not just quick patches).

• Ability to work across teams and stakeholders, influencing decisions and improving ways of working (for example: introducing shared patterns, raising maturity, removing friction safely).

• Strong communication skills - able to explain technical concepts and security implications clearly to mixed audiences and produce usable guidance/documentation. Demonstrable commitment to mentoring and developing others, including early-career engineers (and willingness to actively support two DevOps apprentices to grow).

Desirable skills and experience

• Experience designing and managing shared environments for multi-team use (for example: non-prod strategies, safe defaults, access patterns, reducing duplication).
• Familiarity with CI/CD and embedding security into delivery workflows (for example: automated checks, secure pipelines, policy-as-code or equivalent approaches).
• Experience managing or configuring developer tooling (for example GitHub) in a secure and usable way.

• Normal office environment
• Display Screen Equipment user
• A combination of onsite and home working is available. Applicants should be able to travel to our Kew site 60% of their time (TW9 4DU), possibly more often when new to the role., Generous benefits package, including pension, sports and social club facilities, onsite gym, discounted rates at our on-site cafe and opportunities for training and development. Annual leave entitlement of 22 days per calendar year (rising to 25 after the first year, and incrementally to 30 days after six years) and 10½ days public and privilege holidays per annum.

Any move to The National Archives from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax-Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk/ ( opens in new window)

Reasonable adjustments

If a person with disabilities is put at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes.

If you need a change to be made so that you can make your application, you should:

• Contact The National Archives via careers@nationalarchives.gov.uk as soon as possible before the closing date to discuss your needs
• Complete the 'Reasonable Adjustments' section of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you're deaf, a Language Service Professional

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must pass a disclosure and barring security check.

People working with government assets must complete basic personnel security standard checks (opens in new window)

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in new window)

Working for the Civil Service

The Civil Service Code (opens in new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles . (opens in new window)

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

This vacancy is part of the Great Place to Work for Veterans initiative . (opens in new window)

As the living, growing home of our national story, The National Archives is already a special place to work. We're an institution nearly 200 years old with a collection spanning 1,000 years of history. But it's where we go next that makes things really interesting .