Key skills
SQLAWSAmazon Web ServicesAzureGoogle CloudTerraformKubernetesVaultEKSAKSGKEEC2S3RDSIAMAzure SQLBlob StorageAzure ADEntra IDCloud StoragePrometheusGrafanaDatadogGitHubGitLabGitOpsCI/CDLeadershipCommunication
About this role
Dice is seeking a highly experienced Infrastructure Staff Engineer to join their platform engineering team. The role involves leading the design, building, and governance of cloud infrastructure across multi-cloud environments while ensuring scalability, security, and operational excellence. The engineer will also focus on migrating infrastructure management into HCP Terraform and establishing best practices across the organization.
Responsibilities:
- Architect, design, and manage complex infrastructure solutions across Google Cloud Platform (Google Cloud Platform), Amazon Web Services (AWS), and Microsoft Azure
- Serve as the subject matter expert for multi-cloud infrastructure patterns, networking, compute, storage, and security configurations
- Evaluate and recommend cloud services and architectures that align with business requirements, cost efficiency, and performance goals
- Identify and remediate infrastructure risks, technical debt, and inefficiencies across all cloud environments
- Define and enforce infrastructure standards, naming conventions, tagging strategies, and cost governance policies across all cloud providers
- Serve as the organizational authority on HashiCorp Cloud Platform (HCP) Terraform and all of its capabilities, including: Workspaces — design and manage workspace structures that reflect team boundaries, environments, and blast radius controls
- Variable Sets — standardize reusable variable configurations across workspaces and projects
- Private Registry — publish, version, and maintain internal Terraform modules to promote reusability and consistency
- Sentinel Policy Framework — author, test, and enforce policy-as-code using Sentinel to ensure compliance, security, and governance guardrails
- Run Triggers & Remote State — design workspace dependency graphs and manage state sharing patterns
- Team & Role-Based Access Control (RBAC) — implement fine-grained access controls aligned with the principle of least privilege
- Audit Logging & Notifications — configure audit trails and integrate with SIEM or alerting systems
- VCS Integration — manage integrations with GitHub, GitLab, or other VCS providers to enable GitOps-style infrastructure workflows
- Cost Estimation — leverage Terraform cost estimation features to drive infrastructure spend awareness
- Define and document HCP Terraform usage guidelines, workspace naming conventions, module standards, and team onboarding processes
- Author and maintain a Sentinel policy library that enforces guardrails around security, compliance, tagging, and resource configuration without impeding developer velocity
- Lead the end-to-end migration of existing infrastructure management tooling (e.g., manual provisioning, legacy scripts, other IaC tools) into HCP Terraform
- Develop a phased migration roadmap that minimizes disruption to production workloads while progressively increasing coverage
- Refactor and modularize existing Terraform codebases into well-structured, reusable, and version-controlled modules
- Partner with application and platform teams to onboard their infrastructure into HCP Terraform workflows, providing hands-on guidance and support
- Establish state migration strategies, including terraform import workflows and statefile management best practices
- Define rollback plans and risk mitigation strategies for all infrastructure migrations
- Define infrastructure-as-code standards and contribute to internal developer documentation, runbooks, and wikis
- Develop and evangelize sensible policy guardrails that protect the organization without creating unnecessary friction for engineering teams
- Design policies that enforce requirements such as mandatory resource tagging, approved instance types, encryption-at-rest and in-transit requirements, prohibited public exposure of sensitive resources, and region and data residency restrictions
- Champion infrastructure security best practices including secrets management, IAM least privilege, network segmentation, and drift detection
- Build internal enablement resources — including templates, examples, and self-service tooling — to increase infrastructure engineering velocity across teams
- Act as a technical mentor and escalation point for infrastructure engineers and DevOps practitioners across the organization
- Participate in architecture reviews, design discussions, and RFC processes, providing infrastructure perspective and expert guidance
- Collaborate with security, compliance, and engineering leadership to ensure infrastructure practices meet regulatory and organizational requirements
- Stay current with the Terraform and HashiCorp ecosystem, cloud provider feature releases, and industry trends — and bring relevant insights back to the team
Requirements:
- 8+ years of experience in infrastructure engineering, platform engineering, or DevOps roles
- Deep, hands-on expertise with HCP Terraform, including workspaces, the private module registry, Sentinel policies, variable sets, RBAC, VCS integrations, and remote operations
- Strong proficiency across all three major cloud providers: Google Cloud Platform — VPC networking, GKE, IAM, Cloud SQL, Cloud Storage, Secret Manager, Artifact Registry, and related services; AWS — VPC, EC2, EKS, RDS, S3, IAM, KMS, Route 53, and related services; Azure — Virtual Networks, AKS, Azure SQL, Blob Storage, Azure AD/Entra ID, Key Vault, and related services
- Proven experience leading large-scale infrastructure migrations with minimal downtime and well-managed risk
- Strong experience writing Sentinel policies and policy-as-code with a focus on practical, balanced governance
- Proficiency with GitOps workflows and CI/CD pipeline integration for infrastructure delivery
- Strong understanding of networking fundamentals — subnets, routing, VPNs, VPC peering, private endpoints, and DNS
- Experience with secrets management solutions such as HashiCorp Vault, AWS Secrets Manager, Google Cloud Platform Secret Manager, or Azure Key Vault
- Excellent written and verbal communication skills with the ability to document complex systems clearly and present to both technical and non-technical audiences
- HashiCorp Terraform Associate or Professional certification
- Cloud provider certifications (AWS Solutions Architect, Google Cloud Platform Professional Cloud Architect, Azure Solutions Architect Expert)
- Experience with container orchestration platforms (Kubernetes / GKE / EKS / AKS)
- Familiarity with HashiCorp Vault for secrets management and dynamic credentials
- Experience with observability and monitoring tooling (Datadog, Prometheus, Grafana, Cloud-native monitoring)
- Background working in regulated industries (SOC 2, HIPAA, PCI-DSS, FedRAMP)
- Experience with infrastructure cost optimization strategies and FinOps practices