Senior Infrastructure & Platform Engineer

Reusable launch systems are the key to seamlessly connecting Earth and space. Just as our rocket systems are designed to be reliable, automated, and efficient, our infrastructure must embody these same principles to enable our engineering teams to move fast while maintaining the highest standards of security and compliance.

We are looking for a Senior Infrastructure & Platform Engineer to own and evolve the foundational infrastructure that powers Stoke's engineering operations. You will be responsible for AWS GovCloud and commercial cloud architecture, Infrastructure as Code development, GitHub Enterprise Server operations, and the platform engineering systems that enable our teams to build rockets. This role requires deep technical expertise in AWS, networking, security compliance (ITAR/FedRAMP), and automation, combined with a passion for building reliable, self-service infrastructure that scales with our mission.

You will work closely with engineering teams across Stoke to understand their infrastructure needs, design and implement robust solutions using Pulumi and TypeScript, and build the tools and automation that make infrastructure operations seamless. This is a high-impact role where your work directly enables rocket development, test operations, and mission-critical systems.

You must be ready to stay focused, move quickly, self-direct, and learn on the fly., * Design, develop, and maintain Pulumi projects across multiple AWS accounts using TypeScript, implementing best practices for modularity, testing, and deployment automation

• Own the administration, scaling, and reliability of our self-hosted GitHub Enterprise Server instance and custom ephemeral runner system built on AWS Spot Fleet
• Design and implement AWS architectures across GovCloud and commercial regions, including VPC design, Transit Gateway networking, VPN connectivity, and cross-account access patterns
• Implement and maintain infrastructure controls for ITAR and FedRAMP compliance, including IAM policies, KMS encryption, CloudTrail audit logging, VPC security, and network segmentation
• Build self-service tools and automation for internal developers, including CI/CD integrations, developer portal infrastructure, and workflow automation systems
• Develop and maintain CI/CD pipelines, including 100+ GitHub Actions workflows; implement OIDC authentication for secure cloud deployments; optimize build and deployment pipelines
• Design and implement multi-region network architectures, including Transit Gateway peering, site-to-site VPNs, routing policies, NACLs, and security group strategies
• Operate container platforms across Docker, ECS/Fargate, and EKS, including image management and runtime security
• Implement comprehensive monitoring and alerting (CloudWatch, Datadog), perform cost analysis and optimization, and establish operational excellence practices
• Troubleshoot infrastructure issues across the stack, respond to security events, and implement post-incident improvements to prevent recurrence
• Produce clear technical documentation, runbooks, and architectural decision records; mentor team members on infrastructure best practices

• Bachelor's or Master's degree in Computer Science, Software Engineering, or a related technical field, or equivalent practical experience
• 5-8 years of experience in infrastructure engineering, platform engineering, DevOps, or site reliability engineering roles
• Proven track record of designing and implementing production AWS infrastructure at scale
• Experience working with security and compliance requirements (ITAR, FedRAMP, SOC 2, or similar frameworks)
• Strong proficiency in Infrastructure as Code using Pulumi (TypeScript preferred)
• Deep experience with AWS GovCloud and core services, including EC2, VPC, IAM, KMS, S3, Lambda, RDS, ECS/Fargate, CloudWatch, and CloudTrail
• Strong understanding of VPC design, subnets, routing tables, Transit Gateway, VPNs, security groups, NACLs, and network security principles
• Comfortable with command-line tools, shell scripting, system services, and troubleshooting
• Experience with Git workflows, GitHub Actions, workflow automation, and OIDC-based authentication
• Practical experience building, deploying, and troubleshooting containerized applications
• Strong understanding of IAM least-privilege principles, encryption at rest and in transit, audit logging, and defense-in-depth strategies, * Direct experience implementing and maintaining compliant infrastructure
• Experience with container orchestration, Helm charts, service mesh, and cluster operations
• Experience designing for high availability, disaster recovery, and cross- region replication
• Experience with security group chaining, network segmentation, egress filtering, and Zero Trust architectures
• Experience with distributed tracing, metrics aggregation, log analysis, and SLO/SLI frameworks
• Excellent communication skills and ability to explain technical concepts to diverse audiences
• Passion for learning new technologies and sharing knowledge with teammates

• Equity - We know that our employees are the reason we succeed. To give everyone a stake in our future, we are pleased to offer equity in the form of stock options to all regular, full-time employees.
• Comprehensive benefits program including subsidized medical, dental, and vision insurance
• Company-paid life and disability insurance
• 401(k) plan with employer match
• 4 weeks' Paid Time Off
• Holidays - 10 days (including an end-of-year closure)
• Paid Family/Parental Leave
• On-site gym or monthly wellness stipend (depending on location)
• Dog friendly offices!

Compensation

Target Levels:

• Level 3 Range: $154,350 - $231,525
• Level 4 Range: $192,885 - $289,380

Our job posts are intentionally written to attract a wide variety of experience levels, and we make decisions about the right fit on a per-candidate basis.

Your actual level and base salary will be decided based on your specific experience and skill level.

ITAR Requirements

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR), you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.