About the role
Reporting to: IT manager
Job type: Permanent
Working Pattern & Hours: Monday-Friday, 37.5 hours per week
Location: Hybrid/Flexible (Office located: London, SE1 or Lancashire, WN8)
We are seeking an experienced Cloud Engineer to join our Infrastructure & IT Operations team. In this role, you will manage and evolve our AWS-based cloud environment, ensuring high availability, security, performance, and cost‑efficiency across all cloud services. You will work closely with engineering, security, and operations teams to deliver scalable infrastructure solutions, as well as hardening, reviewing, and advising on cloud architecture, security, and operational excellence.
Key Responsibilities
This role will take ownership of our AWS platform, ensuring it remains secure, reliable, well‑architected and cost‑effective as the business grows. You’ll be responsible for the following key areas:
AWS Infrastructure Management
* Own and maintain our AWS estate across multiple accounts, including VPCs, subnets, security groups, route tables, and network ACLs
* Manage Application Load Balancers, target groups, and traffic routing for high availability
* Administer CloudFront CDN distributions (with domain and WAF management in CloudFlare)
* Provision, right‑size, patch, and lifecycle EC2 instances and ECS workloads.
Container Orchestration (ECS)
* Manage Amazon ECS clusters (Fargate): cluster configuration, capacity providers, auto‑scaling, and networking
* Maintain ECR repositories and container build, scan, and promotion pipelines
* Partner with engineering teams on task definitions, service configuration, and production troubleshooting; lead on platform‑level incidents.
Serverless Orchestration (ECS)
* Engineering teams own the build of our serverless estate (Lambda, API Gateway, DynamoDB, EventBridge, SQS, SNS, Step Functions) using AWS CDK. Your role is to keep that estate healthy, secure, and well‑architected
* Review CDK and architectural designs; advise on Well‑Architected patterns, security, scalability, and cost
* Harden defaults and shared concerns: VPC connectivity for serverless workloads, IAM scoping, encryption, secrets handling, network egress
* Monitor operational health and cost across the serverless estate and feed insights back to the engineering teams.
Platform Standards & Guardrails
* Define and maintain the guardrails that let engineering teams move fast safely: AWS Organizations and SCPs, AWS Config rules, IAM baselines, and shared IaC modules
* Set and evolve our cloud standards - naming, tagging, account structure, network topology, deployment patterns.
Security & Identity Management
* Own AWS IAM end‑to‑end: policies, roles, groups, permission boundaries, and SSO integration
* Enforce least‑privilege access principles and conduct regular IAM audits
* Implement and maintain cloud security measures, including encryption, key management (KMS), and security group policies
* Monitor security events and work with the security team on incident response and remediation.
Database Administration
* Manage Amazon RDS and Aurora clusters supporting our services - provisioning, backups, replication, parameter tuning, and patching
* Monitor database health, query performance, and storage utilisation, making optimisations as required
* Support schema changes, migrations, and patching activities in coordination with engineering teams
* Support DynamoDB operational concerns (capacity modes, indexes, backups) for serverless workloads, in partnership with the engineering teams who own the table designs.
Infrastructure as Code (IaC)
* Own IaC for foundational and shared infrastructure (VPCs, ECS clusters, RDS, IAM baselines, networking, platform services) using Terraform and/or AWS CDK
* Review and contribute to dev‑authored CDK for services and serverless workloads — pull requests, design reviews, and pairing were useful
* Build and maintain reusable IaC modules, patterns, and templates that engineering teams consume
* Embed IaC into our CI/CD pipelines (GitHub Actions or equivalent).
Server Maintenance & Patching
* Manage the patching and updating of virtual Linux servers, ensuring compliance with security and operational standards
* Maintain server baselines and apply OS‑level hardening in line with CIS‑aligned baselines and best practices
* Continuously evaluate cost‑to‑performance ratios across EC2 instances, RDS, and other cloud services
* Identify and implement cost‑saving opportunities such as Reserved Instances, Savings Plans, and rightsizing
* Produce regular cost and utilisation reports for leadership review
* Build and maintain dashboards, logs, metrics, and alerting using CloudWatch and our wider observability tooling.
* Proactively identify and recommend new AWS services, architectural improvements, or additional services that may be required to support business growth
* Stay current with AWS releases and cloud industry trends, bringing relevant innovations to the team
* Document infrastructure architecture, runbooks, and operational procedures.
About You
The successful Cloud Engineer will be proactive, self‑motivated, detail‑oriented, and able to take ownership and drive projects through from start to finish. An effective communicator, they will clearly articulate risks and rewards to stakeholders, enabling informed and confident decision‑making.
Qualifications & Experience
Required
* Minimum 5 years of hands‑on experience in a Cloud Engineer, Cloud Administrator, or equivalent role
* Strong expertise in AWS services, particularly ECS, EC2, VPC, IAM, RDS, API Gateway, Lambda, CloudFront and CloudWatch
* Proven experience managing ECS in a production environment
* Solid experience with Infrastructure as Code (Terraform, CloudFormation, or similar)
* Proficiency in Linux system administration, including patching, hardening, and troubleshooting
* Strong understanding of networking concepts: TCP/IP, DNS, HTTP/S, VPN, load balancing
* Experience owning AWS IAM and implementing security best practices
* Demonstrable experience with cloud cost analysis and optimisation strategies.
Preferred
* Experience advising on or operating AWS Serverless and event‑driven systems (Lambda, EventBridge, SQS, SNS, Step Functions, DynamoDB)
* Experience defining cloud guardrails (AWS Organizations, SCPs, Config rules, shared IaC modules)
* AWS certifications (e.g. Solutions Architect, SysOps Administrator, DevOps Engineer)
* Familiarity with CI/CD pipelines and DevOps practices (GitHub Actions)
* Experience with monitoring tools such as CloudWatch, Prometheus, or Grafana
* Scripting skills in Python, Bash, or similar languages.
Company Benefits
* Discounted gym membership
* Funded training
* Enhanced Maternity & Paternity
* 30 days’ annual leave, including Christmas Day, Boxing Day, and New Year’s Day, with all other bank holidays flexible to take at your convenience
* Sick Pay Scheme
* Blue light card membership is available
* Free seasonal flu vaccination
Equal Opportunity Statement
We are committed to ensuring an inclusive and accessible recruitment process. If you require any reasonable adjustments at any stage, such as support with your application, interview arrangements, or assessment, please let us know, and we will be happy to help.
The role is open until Friday 22nd May 2026 but may close earlier if we receive a high number of applications.
#J-18808-Ljbffr