Platform Engineer

AWS Platform Engineer – London – Contract

A research-focused engineering organisation operating at serious compute scale is investing further in its AWS foundation, with a particular focus on landing zone design, multi-account governance, and the platform controls that underpin how workloads are safely and efficiently delivered across a large AWS estate.

The team owns the core AWS platform, account vending, organisational guardrails, network topology, and the automation that keeps it consistent and auditable at scale. This is a senior, deeply hands-on role suited to engineers who have built and operated production-grade landing zones, not just consumed them.

Key responsibilities:

  • Design, build, and evolve an AWS Landing Zone using AWS Control Tower and/or fully custom implementations via AWS Organizations, SCPs, and account factory automation
  • Own the multi-account strategy, account vending pipelines, OU structure, baseline account hardening, and lifecycle management at scale
  • Implement and maintain preventative and detective controls across the estate using SCPs, Config Rules, Security Hub, and Guard Duty with a governance-first mindset
  • Build the network foundations that span accounts, Transit Gateway, RAM-based VPC sharing, DNS delegation, and egress patterns — and keep them operationally sound
  • Drive Infrastructure as Code discipline across the platform, structuring Terraform for multi-account deployment, remote state isolation, and reusable baseline modules
  • Connect platform-level automation into internal engineering workflows including CI/CD pipelines, secrets management, and identity federation (SSO/IAM Identity Center)
  • Define and automate account-level standards so that new accounts arrive pre-configured, compliant, and ready for workloads without manual intervention

What you'll need:

  • Proven, hands-on experience designing or re-architecting AWS Landing Zones in a large, multi-account AWS Organisation
  • Deep knowledge of AWS Organizations, OU design, SCP authoring, account factory patterns (AFT or custom), and delegated admin models
  • Advanced Terraform capability with experience structuring codebases for multi-account deployment, including module design, state management strategy, and environment promotion patterns
  • Strong grasp of AWS networking at scale, Transit Gateway topologies, VPC sharing, hybrid connectivity, and DNS across account boundaries
  • Solid understanding of the AWS security and compliance toolchain, Control Tower, Security Hub, Config, GuardDuty, CloudTrail, and IAM Identity Center
  • Python engineering background applied to platform automation, account provisioning pipelines, compliance reporting, drift detection, or remediation tooling
  • Experience working with CI/CD tooling (Jenkins or equivalent) to deliver platform changes safely across environments
  • Comfort engaging directly with application and security teams to translate requirements into scalable, low-friction platform standards

You will shape the foundations that every engineering team in the organisation builds on. The environment is technically demanding, the blast radius of decisions is real, and the work is highly visible at a senior level.

Apply Now
Apply Now

Job Details

Company
Arcus Search
Location
London Area, United Kingdom
Posted