As we progress our digital transformation, we are scaling our Platform Engineering capability to build and operate our Internal Developer Platform (IDP) on Microsoft Azure. We are seeking a Cloud Infrastructure Engineer with a track record of delivering secure, reliable, and automated cloud platforms at enterprise scale. You will help design, build and run paved roads (golden paths) that enable product teams to ship quickly and safely, applying SRE and DevSecOps practices throughout the software delivery lifecycle.
What you'll be doing
Design, build and operate the Azure-based Internal Developer Platform as a product, enabling self-service environment provisioning and repeatable golden paths.
Develop and maintain Infrastructure as Code (Terraform and/or Bicep) modules and reusable templates for AKS, networking, storage, databases, and app runtimes.
Implement and evolve CI/CD pipelines (HL version control set) with quality gates, automated testing, security scanning, and progressive delivery.
Introduce and run GitOps for Kubernetes (AKS preferred), patterns and multi-environment promotions.
Own platform observability: metrics, logs and traces using Azure Monitor / Log Analytics / Application Insights, plus Datadog/Grafana where appropriate.
Embed security by design: Azure Policy, Defender for Cloud, secrets management with Key Vault, SBOM and image scanning, policy-as-code and least privilege IAM.
Drive reliability using SRE practices: define SLIs/SLOs, error budgets, capacity planning, chaos testing, incident response and blameless post-incident reviews.
Partner with application squads to remove toil, improve developer experience (DX), and reduce lead time for changes through automation and platform enhancements.
Implement cost visibility and optimisation (FinOps) across the platform: tagging, budgets/alerts, rightsizing, autoscaling and usage reporting.
Maintain platform documentation, runbooks and service catalog entries; contribute to onboarding guides and demo sessions for consumers of the platform.
Participate in an on-call rota for critical platform services and lead/coordinate incident response when required.
About you
Strong hands-on experience with Microsoft Azure core services (networking, compute, storage) and platform services (AKS, App Services, API Management, Event Hub/Service Bus).
Proficiency with Infrastructure as Code: Terraform (essential) and/or Bicep (optional); module design, versioning and testing.
Solid CI/CD background using Azure DevOps or GitHub Actions (pipelines, environments, approvals, templates), including build and release strategies.
Kubernetes experience in production (AKS): cluster operations, node pools, networking (CNI), ingress, secrets, RBAC and workload identity.
Experience with GitOps, and container build pipelines (e.g., ACR, OPA policies, image scanning).
Working knowledge of observability tooling (Azure Monitor, Log Analytics, Application Insights, Datadog/Grafana) and alerting/response workflows.
Understanding of the Microsoft Cloud Adoption Framework, Azure Landing Zones and the Well-Architected Framework.
Familiarity with DevSecOps practices: threat modelling, dependency and container scanning, SBOM management, and shift-left security.
Comfortable collaborating with software engineers and SREs; able to translate platform capabilities into simple self-service experiences.
Excellent communication, documentation and stakeholder management skills; able to lead by influence and mentor others.
Qualifications
Microsoft AZ-104 (Administrator) - Required, or equivalent experience.
AZ-400 (DevOps Engineer Expert), AZ-305 (Solutions Architect), CKA/CKAD, HashiCorp Terraform Associate - Desired, one or more.
ITIL 4 Foundation or SRE Foundation - Desired.
Willingness to provide occasional out-of-hours and on call support as required.
Desirable
Experience building IDP capabilities such as service catalogues (e.g., Backstage), developer portals, or golden path templates.
Serverless and event-driven architectures (Functions, Logic Apps, Event Grid).
Experience in regulated industries (e.g., Financial Services) and with compliance standards (ISO 27001, SOC 2).
Knowledge of FinOps principles and cost governance on Azure.
Interview process
Stage 1 (remote): competency and technical interview including discussion of prior platform/DevOps work and scenario-based problem solving.
Stage 2 (on-site/remote): practical exercise (e.g., pipeline/IaC/Kubernetes task) and a short design presentation to a panel.
Working schedule
This role is permanent, full time, 37.5 hours per week, Monday to Friday. We offer a hybrid flexible working pattern to enable you the option of working from home and coming into the office.
Why us?
Here at HL, we're the UK's number 1 investment platform for private investors, based in Bristol. For more than 40 years we've helped investors save time, tax and money on their investments.
To achieve our mission, we believe we have a workplace like no other, with constant learning, dynamic teams, and a great ethos. We're steered by core values that promote service, quality, innovation, and opportunity in everything we do.
What's on offer?
Discretionary annual bonus* and annual pay review
25 days* holiday plus bank holidays and 1-day additional Christmas closure
Option to purchase an additional 5 days holiday**
Flexible working options available, including hybrid working
Enhanced parental leave
Pension scheme up to 11% employer contribution
Income Protection and Life insurance (4 x salary core level of cover)
Private medical insurance*
Health care cash plans - including optical, dental, and out patientcare
Health screening programme
Help@hand - confidential support including mental health counselling and remote GP
Wellhub - unlimited access to fitness providers and wellness coach sessions
Variety of travel to work schemes with bike storage and shower facilities
Inhouse barista and deli serving subsidised coffee and sandwiches
Two paid volunteering days per year
* dependant on role level
** only available to select during our annual benefits window, in November each year
Hargreaves Lansdown is an inclusive employer that values diversity in its workforce. We encourage applications from all individuals without regard to race, religion, gender, sexual orientation, national origin, disability or age.
This role may also be available on a flexible working or part time basis - please ask the Recruitment & Onboarding team for more information.
Please note, we are unable to provide employment sponsorship to candidates.
TPBN1_UKTJ
- Location:
- United Kingdom
- Job Type:
-
PartTime
- Category:
-
IT;IT;IT