Staff Cloud Platform Engineer

â??The Cloud Platform Engineering role is responsible for designing, securing, automating, and operating a scalable, multi-tenant hybrid Azure and on-premises infrastructure environment. The position functions at a high level of technical ownership, leading major components of the Azure landing zone architecture and reusable platform patterns, Infrastructure as Code implementation, Zero Trust security controls, governance standards, and platform reliability strategies. The role partners cross-functionally with Engineering, Security, and Operations teams, serves as an escalation point for complex issues, and drives automation, compliance, resiliency, and continuous improvement across the organization's cloud and core infrastructure platforms. Finally, the role acts as a technical lead within the Cloud Platform Engineering function; mentors other engineers and guides design reviews.

Role Responsibilities:

Cloud platform engineering and deployment (40%)

• Design, implement, and evolve secure, scalable, multi-tenant Azure platform solutions.
• Build and maintain landing zone building blocks (identity baseline, networking baseline, logging baseline) and reusable platform patterns to accelerate tenant onboarding.
• Implement Azure Lighthouse capabilities to support scalable multi-tenant operations and delegated administration.
• Integrate IAM solutions (e.g., SailPoint IdentityNow or equivalent) for identity provisioning and lifecycle governance.
• Engineer secure hybrid cloud integrations between on-premises and Azure environments.
• Evaluate and implement Azure platform innovations and security best practices.
• Collaborate with engineering, InfoSec, and operations stakeholders to ensure technical alignment.

Infrastructure as Code (IaC) and automation (15%)

• Develop and maintain shared Terraform modules and ARM/Bicep templates that standardize approved platform patterns.
• Integrate IaC into CI/CD pipelines to enable automated, compliant infrastructure deployments.
• Define and implement tagging, naming, and configuration management standards.
• Automate shared services, networking configurations, RBAC policies, and platform governance controls.
• Maintain module versioning/release notes and migration guidance to drive adoption with minimal friction.
• Implement security validation tools within deployment pipelines.
• Apply version control and DevOps best practices to infrastructure delivery.

Security and compliance engineering (15%)

• Implement and maintain Azure RBAC, PIM, and Zero Trust controls across environments.
• Configure secure access models including JIT, NSGs, Key Vault, and conditional access.
• Automate security baselines using Defender for Cloud, Sentinel, and governance frameworks.
• Support audit and compliance activities in collaboration with InfoSec teams.
• Ensure platform security across hybrid cloud and virtualization environments.

Platform operations and reliability (15%)

• Engineer tenant provisioning workflows and onboarding automation.
• Build and maintain enterprise monitoring strategies for logs, metrics, and alerts across hybrid and multi-tenant environments.
• Design, implement, and maintain backup and disaster recovery (DR) strategies across cloud and on-premises infrastructure.
• Ensure regular backup validation, restore testing, and compliance with retention policies and business continuity requirements.
• Support distributed monitoring infrastructure across hybrid environments.
• Serve as escalation point for complex cloud and infrastructure troubleshooting.
• Maintain documentation, playbooks, and operational standards.
• Drive high availability, resiliency, and performance optimization.

Core infrastructure expertise (10%)

• Strong understanding of virtualization technologies (vSphere, vCenter, ESXi, Azure VDI).
• Administration of Windows, macOS, and Linux operating systems.
• Microsoft 365 (O365) administration experience.
• Active Directory (AD) and Azure AD (Entra ID) administration.
• Networking fundamentals including DNS, VLANs, routing, firewalls, and hybrid connectivity.
• Experience in hybrid on-prem/cloud environments applying security and availability best practices.
• Proficiency in Python, PowerShell, and SQL scripting.

Change and incident management (5%)

• Participate in enterprise ITSM-aligned change management processes.
• Lead technical Root Cause Analysis (RCA) for critical platform incidents; coordinate fixes across partnering teams and drive follow-through to prevention.
• Contribute to CAB discussions and cross-team escalation processes.
• Drive continuous improvement through lessons learned and automation.

• Strategic systems thinking: Ability to design and manage complex, multi-tenant, hybrid environments while understanding how identity, networking, security, and operations interconnect.
• Advanced problem-solving and root cause analysis: Strong troubleshooting skills with the ability to lead deep technical investigations and resolve complex infrastructure issues.
• Security-first mindset: Consistently thinking about risk, access control, governance, and compliance when designing or modifying systems.
• Automation and standardization: Drive to eliminate manual processes, create repeatable patterns, and enforce consistency across environments.
• Operational discipline: Commitment to structured change management, documentation, backup validation, monitoring, and reliability standards.
• Cross-functional collaboration: Ability to align with engineering, InfoSec, and operations teams to ensure governance, security, and technical requirements are met.
• Ownership and accountability: Taking responsibility for platform stability, tenant onboarding, reliability, and long-term maintainability.
• Risk-based decision making: Balancing innovation, speed, and scalability with governance and compliance requirements.
• Clear technical communication: Explaining complex cloud, security, and infrastructure concepts clearly to stakeholders at different levels.
• Continuous improvement and learning agility: Staying current with cloud innovations and proactively improving platform security, automation, and reliability.

â??Required Specialized Skills:

• Strong experience designing and operating secure, scalable Azure cloud platforms in hybrid (cloud and on-premises) environments
• Deep expertise in Azure architecture, landing zones, governance, and multi-tenant management
• Proficiency in Infrastructure as Code (Terraform, ARM/Bicep) with CI/CD pipeline integration and automated security validation
• Advanced knowledge of identity and access management, including Azure AD (Entra ID), RBAC, PIM, Conditional Access, and Zero Trust principles
• Hands-on experience with enterprise security tools such as Defender for Cloud, Sentinel, and Key Vault
• Experience implementing monitoring, logging, and alerting strategies across hybrid environments
• Strong understanding of backup, disaster recovery (DR), and high-availability design principles
• Solid foundation in virtualization (VMware), Active Directory, and Microsoft 365 administration
• Strong networking fundamentals including DNS, routing, firewalls, VLANs, and hybrid connectivity
• Proficiency in automation and scripting using Python and PowerShell

â??Desired Skills:

• Azure certifications (e.g., AZ-104, AZ-305, AZ-500)
• Experience implementing enterprise-scale landing zones using Microsoft Cloud Adoption Framework (CAF)
• Strong knowledge of Azure Policy and policy-as-code governance frameworks
• Experience with Microsoft Sentinel and advanced cloud security automation
• Experience leading technical initiatives or mentoring engineers
• Familiarity with identity governance platforms (e.g., SailPoint, Okta, or similar)

â??Workplace Flexibility:

• A flexible work schedule is required, including the ability to address issues outside of standard business hours.
• May require occasional travel - up to 20%.

â??Years of Relevant Experience:

• 8+ years of infrastructure engineering experience
• 5+ years designing and operating Azure cloud platforms with experience in multi-tenant or enterprise-scale deployments

â??Required Education:

• Bachelor's degree in Information Technology, Computer Science, or a related field, or equivalent practical experience

â??Desired Education:

• Master's degree in computer science, IT, or equivalent hands-on experience
• ITIL Foundation Certification

Salary range is dependent on factors such as geographical differentials, credentials or certifications, industry-based experience, qualification and training. In the city of Mountain View, CA, the salary range for this position is $166,561.00 - $203,958.00.

CARIAD, Inc. provides performance based merits and annual bonus along with a competitive benefits package. Benefits include medical, dental, vision, 401k with employer match and defined contribution plan, short and long term disability, basic life and AD&D insurance, employee assistance program, tuition reimbursement and student loan repayment plans, maternity and non-primary caregiver leave, adoption assistance, employee referral program and vacation and paid holidays. We also offer a unique vehicle lease program that covers registration and insurance fees.

We are CARIAD, an automotive software development team with the Volkswagen Group. Our mission is to make the automotive experience safer, more sustainable, more comfortable, more digital, and more fun. To achieve that we are building the leading tech stack for the automotive industry and creating a unified software platform for over 10 million new vehicles per year. We're looking for talented, digital minds like you to help us create code that moves the world. Together with you, we'll build outstanding digital experiences and products for all Volkswagen Group brands that will transform mobility. Join us as we shape the future of the car and everyone around it.