INFRASTRUCTURE AND PLATFORM ARCHITECT

INFRASTRUCTURE AND PLATFORM ARCHITECT L2

Location: London

Mandatory Skills: Google Cloud Admin

We are looking for an experienced Infrastructure Engineer with deep Google Cloud Platform (GCP) networking expertise to design, build, automate, and operate cloud network services at scale. The role includes DNS as a Service offering, IP Address Management (IPAM), integrations with ServiceNow, FinOps automation (including tagging), Terraform-based infrastructure as code, and policy as code for compliance.

You'll partner with Operations, Security, FinOps, and Platform Engineering to deliver reliable, compliant, and cost-optimized cloud networking services.

Key Responsibilities

• Network Design & Operations (GCP): Design, implement, and operate GCP networking - VPCs, subnets, routing.
• Build scalable DNS and IPAM capabilities across cloud and hybrid environments; manage Cloud DNS, forwarders, split-horizon, and DNSSEC where applicable.
• Define and enforce network security controls and segmentation aligned with compliance frameworks and internal policies.
• Troubleshoot complex network issues using packet capture, flow logs, and observability tooling.
• Owner of DNS as a Service (DNSaaS): design and rollout self-service APIs/portals, role-based access, change governance, auditability, and automated validations.
• Standardize DNS zones, records, naming conventions, and lifecycle.
• Implement and manage IPAM across GCP and hybrid networks; maintain authoritative inventory of IP allocations, subnets, and DHCP scopes.
• Integrate IPAM with provisioning pipelines and ServiceNow for streamlined requests and approvals.
• Develop automation for provisioning, changes, tagging, and governance using Python (and optionally Go) and CI/CD pipelines.
• Build integrations with ServiceNow (CMDB, Change, Catalog), FinOps platforms, tagging workflows, and reporting.
• Author and maintain Terraform modules for network patterns; establish standards and reusable templates.
• Implement policy as code using OPA/Conftest or Sentinel; enforce guardrails on Terraform plans and runtime configs.
• Build compliance controls and continuous validation (CIS benchmarks, least privilege, route/firewall policies, DNS change governance).
• Partner with FinOps to drive cost visibility and optimization: resource tagging automation, rightsizing, data egress analysis, load balancer/caching strategies.
• Integrate with FinOps tooling (e.g., Apptio, Turbonomic) to analyze utilization and automate recommendations.
• Participate in on-call rotation and continuous improvement via post-incident reviews.

Required Qualifications

• 5-10+ years in infrastructure/network engineering with 3+ years focused on GCP networking.
• Strong hands on expertise with GCP VPC, subnets, Cloud Router/BGP, VPC peering, Private Service DNS/IPAM/DDI concepts: authoritative/recursive DNS, split-horizon, DNSSEC, record types (A/AAAA/CNAME/TXT/SRV), DHCP lease management.
• Policy as Code: OPA/Conftest or HashiCorp Sentinel; pre commit hooks and automation.
• ServiceNow integrations - Catalog, Change, CMDB; API based workflows for provisioning and approvals.
• Solid understanding of network security (firewalls, segmentation, WAF/CDN).
• Experience with observability (logs/metrics/traces), flow logs, packet capture tools, and performance tuning.
• Strong documentation, stakeholder communication, and operational discipline.

Nice to Have

• Experience with Apptio, Turbonomic for cost and performance optimization.
• Hands on with DDI platforms (Infoblox, BlueCat), PKI/cert management.
• Multi cloud exposure (AWS/Azure) and hybrid connectivity (VPN, Direct Connect).
• Experience with RESTful API design, event driven automation, and GitOps.