
Head of Platform Engineering
Posted 1 hour ago

Posted 1 hour ago
This is a fully remote position, open to applicants in United Kingdom.
• Take full ownership of Azure infrastructure from start to finish: managing subscriptions, networking, edge services (including Azure Front Door with WAF and CDN), Azure Container Apps, ingress, secrets, identity, and foundational services.
• Establish standardized infrastructure-as-code practices using Terraform/OpenTofu, ensuring all modifications are Git-driven, reviewable, and progressively enhanced by AI.
• Develop a self-service developer platform that simplifies infrastructure complexities, enabling engineering teams to concentrate on their products through service templates, starter repositories, CI/CD pipelines, and deployment automation.
• Implement guardrails that allow AI-first teams to operate swiftly without losing oversight: including policy-as-code, automated quality gates, and security scanning within pipelines.
• Collaborate closely with the Lead Architect and the Architecture Working Group on platform architecture decisions and maintain appropriate platform documentation.
• Design, construct, and manage deep observability and alerting across the platform, ensuring early detection and triaging of issues.
• Set and maintain clear reliability and performance targets for the platform/infrastructure, adopting a proactive stance on capacity management.
• Lead the incident management process for the platform: serve as incident commander when necessary, conduct blameless post-mortems, and ensure successful remediation.
• Design for high availability and disaster recovery, with established recovery procedures in place.
• Oversee cloud and AI cost governance: monitoring expenditure, ensuring environment hygiene, and maintaining visibility on model and agent usage.
• Manage the comprehensive security posture of the platform: covering identity and access, network segmentation, secrets, data protection, and vulnerability management, in collaboration with the Head of IT for corporate controls and cross-boundary incidents.
• Implement zero-trust and private-by-default principles across the platform: utilizing managed identities, avoiding long-lived keys or passwords, ensuring private networking with edge-only public access, and adopting least privilege as the standard.
• Integrate security within pipelines and infrastructure: including SAST, DAST, SCA, IaC scanning, container image scanning, secrets scanning, and policy-as-code gates that block critical findings.
• Manage vulnerability oversight and threat detection for the platform: establishing patching SLAs, conducting CVE triage, using Microsoft Defender for Cloud, aggregating security events, and providing evidence for audit and compliance (Cyber Essentials, UK GDPR) alongside the Head of IT.
• Design and implement guardrails addressing AI-specific security risks: including prompt injection defenses, agent permission boundaries, and safeguards against model exposure to sensitive tenant data.
• Lead and develop the existing DevOps team, evolving it into a high-impact Platform Engineering function.
• Define the operating model: clarify how the Platform team collaborates with product squads, what responsibilities it holds, and how it prioritizes tasks.
• Transition the culture from a reactive DevOps approach to treating the Platform as a Product, catering to internal customer teams.
• Over 5 years of experience managing production SaaS systems, including ownership and response to incidents.
• Proficient in Azure as the core cloud platform, with hands-on experience in Azure Container Apps, Azure Database for PostgreSQL and SQL Server, Azure Front Door (including WAF, CDN, and managed certificates), Azure Service Bus, Cache for Redis, Key Vault, App Configuration, Blob Storage, and Application Insights.
• Strong skills in containerization and Azure networking, with practical experience using Azure Container Apps (or equivalent managed container platforms).
• Expertise in infrastructure-as-code practices with Terraform/OpenTofu, utilizing Azure DevOps and Git-based workflows.
• Robust observability and alerting capabilities: hands-on experience with OpenTelemetry and Application Insights, capable of designing, building, and operating the necessary telemetry to manage a mission-critical SaaS platform, with a proactive approach to capacity management.
• Practical experience with AI developer tools (such as Claude Code, Copilot, Codex, or similar), with insight on how AI can enhance platform work and what essential guardrails are required.
• Familiarity with multi-tenant SaaS isolation patterns (including row-level security, shared-schema tenant partitioning, per-tenant storage containers, and tenant-scoped cache keys).
• Extensive security experience in cloud SaaS environments: covering identity and access, network segmentation, secrets management, pipeline security (SAST, DAST, SCA, image and IaC scanning), vulnerability management, and threat detection. A secure-by-design mindset with a willingness to take personal accountability for the platform’s security posture.
• Proven ability to manage a team’s workload while mentoring and developing engineers.
• Excellent communication skills, comfortable engaging with product teams, engineering leadership, and senior stakeholders.
• Competitive salary and comprehensive benefits package.
• Fully remote work opportunity.
• The opportunity to shape and build a platform engineering function at a crucial time for the organization.
• Funded continuing professional development and training.
• Regular team social events and company gatherings.
• Join a dedicated team that is addressing real challenges in the education sector.
Coder
DraftKings Inc.
DATAGROUP
Calendly
Get handpicked remote jobs straight to your inbox weekly.