Platform Engineer — NIHDI IT Platform Team

About the Role

The Platform Engineer is a key member of the Platform Team, responsible for enabling development, deployment, and operation of applications across the organization. You will design, build, and maintain the shared foundations — pipelines, infrastructure, and tooling — that development teams rely on to ship software faster, more securely, and more reliably.

You will own and evolve a shared Azure DevOps pipeline template library consumed by all application teams, manage Azure Kubernetes Service (AKS) clusters (including confidential compute), and automate infrastructure provisioning using Infrastructure as Code.

Key Responsibilities

Platform Engineering & Infrastructure

Design, build, and maintain Azure Kubernetes Service (AKS) clusters — both private and public — including node pool configuration, networking, ingress, autoscaling, and confidential compute workloads.

Manage and evolve the Azure cloud platform: subscriptions, resource groups, Key Vault, Azure Container Registry, Service Bus, Storage Accounts, and SQL databases.

Operate and support OpenShift environments where applicable.

Ensure platform security, reliability, and compliance with organizational standards (network policies, managed identities, TLS, RBAC).

CI/CD Pipeline Development & Maintenance

Develop and maintain shared, reusable CI/CD pipeline templates (YAML) in Azure DevOps, consumed by all application repositories across the organization.

Build and optimize multi-stage deployment pipelines covering build, test, package, and deploy for .NET 8 applications, including container image builds (Docker/ACR), database deployments (DACPAC/sqlpackage), and Service Bus provisioning.

Author and maintain PowerShell Core 7+ modules and scripts that drive pipeline logic — configuration generation, deployment map parsing, secret retrieval, Terraform variable construction, and Helm-based deployments.

Ensure pipelines enforce security, quality gates (SonarQube), and environment promotion controls (DEV → TST → VAL → Manual Gate → PRD).

Standardize deployment patterns so all project teams follow consistent, auditable release workflows.

Infrastructure as Code (IaC)

Design, author, and maintain Terraform modules for provisioning and configuring Azure resources: AKS workloads (via Helm provider), Keycloak identity clients, SQL users, managed identities, Key Vault HSM keys, and Service Bus RBAC.

Automate provisioning, scaling, and lifecycle management of infrastructure resources using Terraform, Azure CLI, and PowerShell.

Manage Terraform state (Azure Storage backend with AAD auth) and ensure safe, repeatable deployments across environments.

Repository & Azure DevOps Administration

Administer the shared Common/devops repository and associated deployment configuration repositories.

Support version control practices, branching strategy (GitFlow: DEV/MAIN/hotfix), and PR validation workflows.

Manage Azure DevOps service connections, agent pools, variable groups, and environment approvals.

Collaboration & Enablement

Serve as the bridge between infrastructure and application development teams, helping them integrate platform capabilities into their workflows.

Provide guidance and support on platform standards, deployment map configuration, pipeline extension patterns, and troubleshooting.

Write and maintain documentation (README, schema references, onboarding guides) for consuming teams.

Review contributions to shared platform code for architectural consistency and backward compatibility.

Required Skills & Experience

1. AKS: Hands-on experience operating and configuring Azure Kubernetes Service — networking, ingress, node pools, autoscaling, confidential compute, Helm chart deployments.

2. DevOps practices: Strong understanding of CI/CD principles, GitFlow branching, environment promotion, and deployment automation.

3. .NET: Familiarity with .NET 10 build toolchain (dotnet build), NuGet, solution/project structure, and containerizing .NET applications.

4. PowerShell: Proficiency in PowerShell Core 7+ — writing modules (.psm1), classes, Pester 5+ tests, and robust scripting with proper error handling.

5. Azure: Broad experience with Azure services: Key Vault, Container Registry, Service Bus, Storage Accounts, SQL Database, Managed Identities, RBAC.

6. Cloud: Understanding of cloud architecture principles — scalability, high availability, security, cost management.

7. Azure DevOps: Experience with Azure DevOps (TFS) — YAML pipelines, extends templates, repositories, service connections, agent pools, artifacts.

8. YAML Pipelines: Ability to author and maintain multi-stage YAML pipeline templates with parameterization, conditions, and template composition.

9. Terraform: Experience writing and maintaining Terraform configurations — modules, providers (azurerm, helm, keycloak, mssql, kubernetes), state management, plan/apply workflows.

10. Networking: Understanding of network concepts relevant to AKS and Azure — VNets, NSGs, private endpoints, DNS, ingress controllers, proxy configuration.

11. Architecture: Ability to reason about system architecture — separation of concerns, shared platform design, module boundaries, and extensibility.

Nice to Have

• Experience with Keycloak or OpenID Connect identity management.

• Familiarity with Docker and container image build optimization.

• Knowledge of database deployment automation (DACPAC, sqlpackage).

• Experience with SonarQube or similar code quality tooling.

• Familiarity with confidential computing on Azure.

• Experience with OpenShift container platform.