# Infrastructure Cloud Engineer > Creative Chaos · Pakistan (Remote) · — · Posted 2025-12-11 **Workplace:** remote **Department:** All Published Jobs ## Description Job Summary: Creative Chaos is seeking a hands-on Cloud Engineer to design, automate, secure, and operate cloud workloads across Azure and AWS. This role owns core platform components including infrastructure as code (Terraform), Kubernetes (AKS/EKS), secure networking, CI/CD enablement, observability, and FinOps. You will work closely with DevOps, software, and web engineering teams to deliver resilient, scalable, and compliant cloud platforms. The ideal candidate is strong in multi-cloud architecture, Kubernetes operations, identity and access management, security guardrails, automation, and platform reliability—bringing a pragmatic, automation-first mindset to cloud engineering. **Key Responsibilities: ** **Platform Engineering** - Design and implement landing zones (hub-and-spoke, policy guardrails) across Azure and AWS. - Build and maintain Terraform modules, workspaces, remote state, and automated environment provisioning (dev → prod). - Operate and harden AKS/EKS clusters including node pools, autoscaling, ingress, image scanning/signing, and zero-downtime upgrades. - Implement and enhance CI/CD pipelines (GitHub Actions, Azure DevOps, Jenkins) for build, test, scan, deploy, and gated promotions. - Enable application platforms such as API Management/API Gateway, Azure Functions/AWS Lambda, and messaging services (Service Bus, SNS/SQS, EventBridge). - Own observability across Azure Monitor, Log Analytics, App Insights, CloudWatch, X-Ray, and OpenTelemetry, ensuring actionable alerts, runbooks, SLIs/SLOs, and on-call participation. - Drive FinOps practices including tagging standards, cost allocation, rightsizing, reserved instances/savings plans, egress optimization, and Well-Architected reviews. **Security, Governance & Operations** - Onboard logs/telemetry and integrate data sources with the SIEM. - Implement and maintain security guardrails using Azure Policy, AWS Config, Defender for Cloud, Security Hub, GuardDuty, and WAF policies. - Enforce least-privilege access across Entra ID (PIM, managed identities) and AWS IAM/Identity Center, including workload identity federation for CI/CD. - Manage change control and audit processes through IaC-first workflows, along with runbooks and architectural decision records. - Maintain patch and version hygiene for Kubernetes, node OS/AMIs, container images, and managed services, including automated drift detection. - Lead incident investigations across Azure/AWS, perform RCA, and implement preventative controls (policies, guardrails, pipeline checks). - Provide architectural input on security, reliability, networking, and cost during design reviews. ## Requirements - Bachelors in IT, CS or related field - Minimum 5 years of related experience - Hands-on production experience in **both Azure and AWS**. - Deep expertise in **Terraform** (modules, workspaces, state, policy as code). - Strong Kubernetes operational experience (AKS/EKS), including Helm, ingress controllers, ACR/ECR. - Solid networking fundamentals: VNet/VPC, routing, VPNs, Private Link/Endpoints, ExpressRoute/Direct Connect, load balancers, WAF, DNS. - Strong identity & access management skills: **Entra ID** and **AWS IAM**, SSO/OIDC, secrets management (Key Vault/KMS). - CI/CD implementation experience with GitHub Actions, Azure DevOps, or Jenkins; security gates and artefact repositories. - Observability/SRE experience across metrics, logs, tracing, alerting, incident response, and post-mortems. - Strong scripting abilities (PowerShell, Bash) and OS-level expertise across Linux/Windows. - Experience with DR patterns (IaC rebuilds), HA architectures, RTO/RPO planning. **Desirable Skills** - M365 Conditional Access (global policies, break-glass, step-up). - AWS landing zone tooling (Control Tower, IAM Identity Center, account vending/guardrails). - Ability to read/maintain CloudFormation or Bicep where Terraform is primary. - Web hosting experience: CDN/WAF (Front Door/CloudFront), TLS/PKI, caching, performance tuning. - Data fundamentals: S3/Blob lifecycle, RDS/Aurora/SQL MI/Postgres, Redis/ElastiCache/Azure Cache. - Kubernetes and supply-chain security: admission controls, image signing, SBOM. **Certifications (Preferred)** - **Azure:** AZ-104, AZ-305, AZ-500 (AZ-700/AZ-400 are a bonus). - **AWS:** Solutions Architect – Associate; SA-Pro or DevOps Pro preferred; Security or Advanced Networking is a plus. - **Kubernetes/HashiCorp:** CKA, Terraform Associate (CKS is a plus). - **FinOps:** FinOps Certified Practitioner (bonus). ## Apply [Apply at Creative Chaos](https://apply.workable.com/creativechaos/j/2363223DE4/apply) --- Powered by [Workable](https://www.workable.com)