Job Description
INFRASTRUCTURE AND PLATFORM ARCHITECT L2
Location: London
Mandatory Skills: Google Cloud Admin
We are looking for an experienced Infrastructure Engineer with deep Google Cloud
Platform (GCP) networking expertise to design, build, automate, and operate cloud
network services at scale. The role includes DNS as a Service offering, IP Address
Management (IPAM), integrations with ServiceNow, FinOps automation (including
tagging), Terraform-based infrastructure as code, and policy as code for compliance.
You’ll partner with Operations, Security, FinOps, and Platform Engineering to deliver
reliable, compliant, and cost-optimized cloud networking services.
Key Responsibilities
Network Design & Operations (GCP)
• Design, implement, and operate GCP networking: VPCs, subnets, routing
(Cloud Router/BGP), VPC peering, Private Service Connect, Cloud NAT,
Cloud Firewall, Cloud Armor, load balancing (L7/L4).
• Build scalable DNS and IPAM capabilities (DDI) across cloud and hybrid
environments; manage Cloud DNS, forwarders, split-horizon, and DNSSEC
where applicable.
• Define and enforce network security controls and segmentation aligned with
compliance frameworks and internal policies.
• Troubleshoot complex network issues using packet capture, flow logs, and
observability tooling.
DNS as a Service (DNSaaS)
• Own design and rollout of DNS as a Service—self-service APIs/portals, role[1]based access, change governance, auditability, and automated validations.
• Standardize DNS zones, records, naming conventions, and lifecycle
management across environments.
IP Address Management (IPAM)
• Implement and manage IPAM across GCP and hybrid networks; maintain
authoritative inventory of IP allocations, subnets, and DHCP scopes.
• Integrate IPAM with provisioning pipelines and ServiceNow for streamlined
requests and approvals.
Automation & Integrations
• Develop automation for provisioning, changes, tagging, and governance using
Python (and optionally Go) and CI/CD pipelines.
• Build integrations with ServiceNow (CMDB, Change, Catalog), FinOps
platforms, tagging workflows, and reporting.
• Author and maintain Terraform modules for network patterns; establish
standards and reusable templates.
Policy as Code & Compliance
• Implement policy as code using OPA/Conftest or Sentinel; enforce guardrails
on Terraform plans and runtime configs.
• Build compliance controls and continuous validation (CIS benchmarks, least
privilege, route/firewall policies, DNS change governance).
Cost Optimization (FinOps)
• Partner with FinOps to drive cost visibility and optimization: resource tagging
automation, rightsizing, data egress analysis, load balancer/caching strategies,
and vanity/private endpoints.
• Integrate with FinOps tooling (e.g., Apptio, Turbonomic) to analyze utilization
and automate recommendations.
Reliability & Observability
• Establish SLOs for network services (DNS, routing, LB, NAT); build dashboards,
alerts, and runbooks.
• Participate in on-call rotation and continuous improvement via post-incident
reviews.
Required Qualifications
• 5–10+ years in infrastructure/network engineering with 3+ years focused on GCP networking.
• Strong hands-on with: GCP: VPC, subnets, Cloud Router/BGP, VPC peering, Private Service
Connect, Cloud NAT, Cloud Firewall, Cloud Armor, global/regional load balancers, Cloud DNS.
o DNS/IPAM/DDI concepts: authoritative/recursive DNS, split-horizon, DNSSEC, record types (A/AAAA/CNAME/TXT/SRV), DHCP lease management.
• Automation & IaC: Terraform (authoring modules, state management,
workspaces), Python scripting, CI/CD (GitHub Actions/GitLab CI/Azure
DevOps).
• Policy as Code: OPA/Conftest or HashiCorp Sentinel; pre-commit hooks and
plan enforcement.
• ServiceNow integrations**: Catalog/Change/CMDB; API-based workflows for
provisioning and approvals.
• Solid understanding of network security (firewalls, segmentation, WAF/CDN,
identity-aware proxies, TLS, certificates).
• Experience with observability (logs/metrics/traces), flow logs, packet capture
tools, and performance tuning.
• Strong documentation, stakeholder communication, and operational discipline
(runbooks, change governance).
Nice to Have
• Experience with Apptio, Turbonomic for cost and performance optimization.
• Hands-on with DDI platforms (e.g., Infoblox, BlueCat), PKI/cert management.
• Kubernetes networking (CNI, Ingress, Service Mesh, NetworkPolicies).
• Multi-cloud exposure (AWS/Azure) and hybrid connectivity (VPN, Direct
Peering/Interconnect).
• GCP Professional Cloud Network Engineer certification; Terraform Associate.
• Experience with RESTful API design, event-driven automation, and GitOps
practices
Read Less
