Role: Platform Engineer
Experience: 10years
Location: London
Work mode: Hybrid
Build and run an internal platform that makes delivery safer and faster in a regulated bank: paved roads, self-service, and guardrails by default. You’ll own platform capabilities across Kubernetes, GitOps, developer experience, and “AI-assisted operations” that proposes changes via PRs (human-in-the-loop).
Expected Outcomes
- A secure, repeatable platform blueprint deployable across clouds (or on-prem Kubernetes where needed).
- Golden paths (templates + pipelines + policies) that teams adopt voluntarily because it removes toil.
- Measurable improvement in deployment reliability, lead time, and audit evidence quality.
- AI-assisted workflows that detect issues (red pipelines/alerts) and open PRs with recommended fixes—reviewable, traceable, and policy-gated.
Key responsibilities
- Design and implement a cloud-agnostic Kubernetes platform foundation (cluster add-ons, ingress, networking, secrets, config, tenancy).
- Build and operate GitOps workflows using ArgoCD (environments, promotion, drift detection, rollback patterns).
- Provide self-service developer experience via an Internal Developer Portal (Backstage or Atlassian Compass) including:
- Service catalog + ownership + documentation
- Golden-path scaffolding (service templates)
- Operational visibility (dashboards/runbooks/alerts links)
- Establish platform security controls aligned to banking needs:
- Policy-as-code, least privilege, secrets management, audit logs, provenance/traceability.
- Partner with architects and delivery teams to align platform boundaries with DDD (domain segregation, ownership boundaries, cross-domain integration patterns).
- Enable the AI capability in a controlled way:
- Integrate alerting/pipeline signals → generate PRs with proposed changes
- Enforce approvals, testing gates, and traceable rationale (e.g., link PR to incident/ticket and evidence)
Required experience / must-haves
- Strong hands-on engineering background building platforms on Kubernetes in production.
- GitOps with ArgoCD (multi-env, multi-team setups; drift, rollback, promotion strategies).
- Infrastructure provisioning with Terraform / OpenTofu or Pulumi (modules/components, state management, secure patterns).
- Strong Git-based workflows; familiarity with GitHub or Bitbucket and their permission/policy models.
- Experience designing for regulated environments: audit trails, change control, separation of duties, evidence capture.
- Clear documentation skills and the ability to work client-facing (workshops, trade-offs, “why this design”).
Nice-to-haves
- Backstage plugin development and/or Compass integration patterns.
- Supply-chain security (SBOMs, signing, provenance), container image hardening.
- Multi-cloud networking patterns; experience with ECR/ACR/Docker Hub governance.
- Experience integrating “AIOps”/LLM-assisted workflows with guardrails (human approval, scoped permissions, rollback).