Come and See FoundationRemote
Cloud Platform Engineer
United States of America
Full Time
2 hours ago
$125,000 - $140,000 USD
Visa Sponsor
Key skills
GoAWSAzureGoogle CloudKubernetesHelmSource ControlService MeshCDNSaaSJiraCI/CDLeadershipProject ManagementSonarQubeNetwork SecurityCloud SecurityWAF
About this role
Come and See Foundation is dedicated to supporting and expanding the global reach of The Chosen, a multi-season television series about the life of Jesus Christ. They are seeking a Cloud Platform Engineer to manage and govern cloud environments, define standards, and ensure the reliability and security of the platform as the organization grows.
Responsibilities:
- Manage and govern CAS cloud environments across AWS, Google Cloud, and Azure
- Define and maintain environment strategy across platforms (dev, test, staging, production)
- Manage network architecture, security boundaries, and cloud account structure
- Support a broad range of cloud workloads including application environments, marketing infrastructure, media asset management storage, and other organizational needs
- Manage cost monitoring, billing oversight, and FinOps practices across cloud platforms
- Drive capacity planning in partnership with business and technology stakeholders
- Manage and verify disaster recovery planning, backup strategy, and resilience standards
- Build and manage the Kubernetes platform layer — cluster lifecycle, networking, ingress, service mesh, and namespace management
- Manage container orchestration including Helm chart development and lifecycle management
- Define and maintain deployment patterns, resource boundaries, and service contracts for product teams
- Manage cluster upgrades, scaling, and cost optimization
- Design and maintain internal developer platforms that abstract infrastructure complexity and accelerate delivery
- Build and evolve self-service tooling for provisioning, deployment, and observability
- Define infrastructure standards through reusable modules, templates, and guardrails
- Evaluate and integrate platform tooling including service catalogs and developer portals
- Collaborate with product and engineering teams to improve developer experience and delivery velocity
- Manage and verify infrastructure as code standards, state management, and module library across cloud environments
- Review and approve necessary infrastructure changes
- Ensure foundational modules — networking, identity, security — are CAS-owned and well-governed
- Drive completeness and coverage of IaC across environments and workloads
- Define and enforce pipeline standards and deployment gates
- Manage and verify branch protection and source control standards
- Ensure deployments are automated end-to-end — no manual production changes
- Partner with our managed services provider on pipeline implementation and maintenance
- Manage pipeline security and code quality scanning standards
- Manage secrets, configuration, and environment promotion across dev, staging, and production
- Serve as CAS's authoritative internal expert on platform, infrastructure, and delivery standards
- Define CAS standards across security, resilience, backup and recovery, observability, and operational process
- Represent CAS in technical conversations with our managed services and development partner — ensuring contractor teams are adhering to CAS standards and operating within defined governance boundaries
- Manage the technical oversight relationship with our services providers — holding them accountable for delivery quality, security posture, and operational excellence
- Manage cloud security tooling and configuration across environments
- Manage identity and access control — serving as the authoritative owner of who has access to what across CAS cloud environments and platform tools
- Define and verify secrets management and credential governance
- Implement and maintain encryption at rest and in transit across environments
- Drive patching policy and ensure remediation SLAs are met
- Participate in security compliance initiatives including vulnerability scanning, audit logging, and enforcement of compliance controls
- Conduct regular IaC configuration drift reviews — identifying and remediating infrastructure that has deviated from defined standards
- Partner with our Director of Data on technical implementation of compliance and privacy requirements, including PCI DSS obligations
- Conduct quarterly access reviews across systems and tools
- Ensure monitoring and observability standards across environments
- Define alerting thresholds, escalation policies, and on-call structure
- Manage the relationship with our managed services provider on incident response — ensuring processes, runbooks, and escalation paths meet CAS standards
- Serve as escalation point for infrastructure-level incidents
- Lead post-incident reviews and drive systemic improvements back into the platform
- Produce monthly governance reports on platform health, security posture, and change activity for technology leadership
- Manage Jira-based change oversight — ensuring infrastructure and platform changes are tracked, reviewed, and auditable
- Administer identity and access management as the source of truth for cloud and platform access
- Manage user provisioning and deprovisioning across CAS-owned tools and platforms
- Manage and verify contractor access governance — scoped, time-limited, and audited
- Administer platform tooling including source control, project management, and monitoring platforms
- Serve as the primary infrastructure and platform partner to the Product team — ensuring platform capabilities, constraints, and standards are understood and incorporated into product planning from the start
- Participate in product planning conversations to provide infrastructure context before features are designed, not after they are built
- Partner with Product Managers on release planning, deployment windows, and production go/no-go decisions — bringing an infrastructure and security lens to release readiness without creating friction or blocking delivery
- Translate technical infrastructure and security requirements into clear, actionable guidance that Product teams can work with
- Work collaboratively with Product to prioritize platform improvements that directly enable product delivery velocity and reliability
- Build and maintain a trusted working relationship with the Product team — acting as an enabler of product goals, not a gatekeeper
- Provide technical expertise for SaaS tool integrations and API connectivity needs across the organization
- Support teams requiring integration between CAS systems and third-party platforms
- Advise on integration architecture, security, and data handling for new tool onboarding
Requirements:
- 4+ years of experience in cloud infrastructure, platform engineering, or a related discipline
- Hands-on experience across multiple cloud platforms — AWS required; Google Cloud and/or Azure experience strongly preferred
- Strong infrastructure as code experience — writing, reviewing, and governing cloud infrastructure programmatically
- Experience with CI/CD pipeline design, implementation, and governance
- Linux administration experience
- Experience with cloud monitoring, observability, and alerting platforms
- Strong understanding of security best practices — identity and access management, secrets management, network security, vulnerability management, backup and recovery
- Experience defining and enforcing technical standards across contractor or vendor teams
- Ability to represent technical requirements and standards to non-technical stakeholders clearly and confidently
- Experience with SaaS integrations and API connectivity
- Comfortable working autonomously in a fast-moving environment with incomplete information
- Bachelor's degree in Computer Science, Information Technology, Engineering, or a related field; advanced degree preferred
- Minimum 7 years of experience in cloud infrastructure, platform engineering, DevOps, Site Reliability Engineering, or a related role with demonstrated ownership of production systems at scale
- Demonstrated experience owning and operating secure, scalable production platforms, including cloud infrastructure, delivery automation, reliability, and technical governance
- Experience in nonprofit, faith-based, or mission-driven organizations a plus
- Experience governing a managed services or contractor relationship — holding vendors accountable to defined standards
- Familiarity with pipeline security and code quality tooling — SAST tools such as SonarQube or equivalent
- Familiarity with PCI DSS 4.0.1 compliance requirements and their infrastructure implications
- Experience managing CDN, WAF, or edge platform configurations
- Mobile app deployment experience — Apple Developer Program, Google Play Console
- Software engineering background — ability to read and review application code and understand full-stack implications of infrastructure decisions
- Cloud certification (AWS Solutions Architect, Google Cloud Professional, Azure Administrator, or equivalent)
- Experience with media asset management or marketing technology infrastructure