Senior Cloud Engineer

WE’RE HIRING AS A SENIOR CLOUD ENGINEER IN INDIA!

Excis is a global organisation driven by people, innovation and collaboration.

We’re looking for a hands-on Azure & AWS Cloud Engineer to lead Engineering initiatives—think greenfield builds, cloud migrations, modernization programs, platform engineering, landing zone setup, and automation—across enterprise environments. You’ll collaborate with architects, SRE/DevOps, security, and application teams to design, build, automate, and handover robust cloud platforms and workloads, with a heavy focus on Infrastructure as Code (IaC), CI/CD, security by design, and repeatable patternsStart your journey with Excis and grow with us!

Cloud Platform Build & Landing Zones

• Design and implement multi‑account/subscription landing zones (AWS Control Tower / Azure Landing Zone), including org hierarchy, account/subscription vending, baseline guardrails, and network segmentation.
• Build shared services (centralized logging, monitoring, DNS, secrets, image galleries/AMIs, patch baselines).

Workload Migrations & Modernization

• Lead rehost/replatform/refactor migrations to Azure and AWS; create migration runbooks, cutover plans, and rollback strategies.
• Containerize apps (Docker), orchestrate with AKS/EKS, implement blue/green or canary deployments.

Infrastructure as Code & Automation

• Author and maintain IaC using Terraform (preferred) and/or Bicep/ARM, CloudFormation.
• Build reusable modules, pipelines, and golden templates; enforce policy as code (Azure Policy, OPA/Conftest).
• Implement CI/CD pipelines (Azure DevOps, GitHub Actions, AWS CodePipeline) for infra and app artifacts.

Networking & Security (Security by Design)

• Design hub-and-spoke/VPC-VPN/Transit Gateway/ExpressRoute/Direct Connect; implement private endpoints and service endpoints.
• Apply identity and access best practices (Azure AD/Entra ID, IAM, roles, SCPs), KMS/Key Vault, secret management, and least privilege.
• Implement guardrails and compliance controls (CIS, NIST, ISO), with drift detection and remediation.

Observability & Reliability

• Configure end‑to‑end logging, metrics, traces (CloudWatch, AWS X-Ray, Azure Monitor, Log Analytics, Application Insights).
• Define SLO/SLIs, error budgets, and readiness criteria; conduct performance tests and game days before handover.

Cost, Performance & FinOps

• Right‑size resources, implement tagging standards, budgets, anomaly detection, and showback/chargeback.
• Provide cost/perf benchmarks and optimization recommendations pre‑ and post‑go‑live.

Documentation & Handover

• Produce HLD/LLD, runbooks, DR plans, security patterns, and knowledge transfer packages.
• Conduct enablement sessions for operations/BAU teams.

Cloud Automation (Primary Focus)

• Design and implement end‑to‑end cloud automation frameworks using Terraform, Bicep/ARM, CloudFormation, PowerShell, Python, and Bash.
• Build reusable Terraform modules, IaC pipelines, guardrail policies, and golden templates for Azure and AWS.
• Automate provisioning of cloud infrastructure, networking, monitoring, cost governance, and storage.
• Implement GitOps-based automation using GitHub Actions, Azure DevOps, Argo CD, or Flux.
• Develop automation for:
  • Account/subscription vending
  • Network builds (VPC/VNet, TGW, Hubs)
  • AKS/EKS cluster deployments
  • Policy-as-Code (Azure Policy, SCPs, OPA)
  • Secrets rotation and identity automation
• Create automation to support zero‑touch deployments, self‑service catalogues, and blueprint-driven cloud adoption.
  

• 8+ years total IT experience with 5+ years in public cloud engineering across Azure and AWS.
• Demonstrable track record delivering Engineering/non‑BAU initiatives: landing zones, migrations, platform builds, container platforms, or large app modernizations.
• IaC: Strong in Terraform (modules, workspaces, state mgmt), plus Bicep/ARM or CloudFormation