Platform Engineer (AWS)

TL;DR

Platform Engineer (AWS): Designing and evolving a large-scale AWS foundation with an accent on landing zone design, multi-account governance, and platform controls. Focus on automating account vending, implementing organizational guardrails, and structuring Terraform for multi-account deployment.

Location: Hybrid (London Area, United Kingdom)

Company

A research-focused engineering organisation operating at serious compute scale.

What you will do

• Design and evolve AWS Landing Zones using AWS Control Tower or custom implementations via AWS Organizations and SCPs.
• Manage the multi-account strategy, account vending pipelines, OU structure, and lifecycle management.
• Implement preventative and detective controls using SCPs, Config Rules, Security Hub, and GuardDuty.
• Build and maintain network foundations including Transit Gateway, RAM-based VPC sharing, and DNS delegation.
• Drive Infrastructure as Code (IaC) discipline using Terraform for multi-account deployment and reusable modules.
• Automate account-level standards to ensure new accounts are pre-configured and compliant.

Requirements

• Proven hands-on experience designing or re-architecting AWS Landing Zones in large, multi-account environments.
• Deep knowledge of AWS Organizations, OU design, SCP authoring, and account factory patterns.
• Advanced Terraform capability, including module design and state management strategies.
• Strong grasp of AWS networking at scale (Transit Gateway, VPC sharing, hybrid connectivity).
• Proficiency with the AWS security toolchain (Control Tower, GuardDuty, CloudTrail, IAM Identity Center).
• Python engineering background for platform automation and compliance tooling.

Nice to have

• Experience with CI/CD tooling such as Jenkins to deliver platform changes.
• Ability to translate requirements from application and security teams into scalable platform standards.