Ginesys One
Website:
ginesys.in
Job details:
Job Description: Senior Cloud Platform Engineer
L3 / Senior | 5–8 Years Experience | Architecture & Design
Job Title
Senior Cloud Platform Engineer
Level
L3 — Senior
Department
Cloud Infrastructure & Platform
Reporting To
Cloud Platform Architect
Collaborates With
Principal Architect, Product Heads, DevOps, Security
Experience
5–8 years (3+ years in cloud-native / Azure architecture)
Employment Type
Full-time
Location
Kolkata
About The Role
The Senior Cloud Platform Engineer is the primary owner of the modern application platform for the Ginesys One retail SaaS suite. The core mandate is to design, build, and continuously evolve a container-native platform on Azure — making it scalable, stable, and manageable at SaaS scale. This role leads AKS adoption across Ginesys One product services, drives CI/CD maturity, and works closely with the Cloud Platform Architect to ensure the platform aligns with the Well-Architected Framework. It serves as the primary technical escalation point for platform engineering decisions.
Core Responsibilities
- AKS & Modern Application Platform
- Own the design, deployment, and evolution of Azure Kubernetes Service (AKS) as the primary hosting platform for Ginesys One product services.
- Assess containerisation readiness of individual product services; define and drive the migration path from IaaS to AKS.
- Design cluster topology for SaaS scale — multi-tenancy, node pools, namespaces, resource quotas, and auto-scaling policies (HPA / VPA / KEDA).
- Architect for platform stability — define pod disruption budgets, liveness/readiness probes, graceful drain, and upgrade strategies.
- Design for manageability — standardise Helm chart structures, config management, and environment promotion across dev/staging/prod.
- Collaborate with product engineering teams to align container and service design with platform capabilities.
- Work with the Security team to baseline AKS security — RBAC, network policies, pod security standards, and image scanning policies.
- CI/CD & DevOps Engineering
- Design and own the CI/CD pipeline architecture for all Ginesys One product services running on the platform.
- Establish pipeline standards — build, test, security scan, image publish, and deployment stages using Azure DevOps or GitHub Actions.
- Implement GitOps practices for AKS workload delivery; evaluate and adopt tooling such as Flux or ArgoCD.
- Define environment promotion gates — automated quality, compliance, and rollback triggers between dev, staging, and production.
- Drive IaC adoption using Terraform or Bicep for all platform infrastructure; enforce version control and peer-review discipline.
- Establish release management standards — versioning, changelogs, blue-green and canary deployment patterns.
- Scalability, Stability & Platform Architecture
- Collaborate with the Cloud Platform Architect and Principal Architect on platform roadmap and architecture decisions.
- Design for horizontal and vertical scalability — workload-aware auto-scaling, cluster auto-provisioner, and burst capacity strategies.
- Conduct architecture reviews and produce Architecture Decision Records (ADRs) for significant platform changes.
- Evaluate new Azure and CNCF ecosystem capabilities; recommend adoption where they improve scalability, stability, or manageability.
- Contribute to Well-Architected Framework reviews — with focus on Reliability, Operational Excellence, and Performance Efficiency.
- Networking Optimisation — Placement & Grouping
- Design and optimise VNet topology — hub-spoke architecture, peering, and segmentation for AKS and supporting services.
- Define subnet placement strategy aligned to workload classification (prod, non-prod, data, app, management).
- Evaluate and implement private endpoints, service endpoints, and DNS private zones for PaaS services.
- Optimise egress paths, NAT gateway usage, and bandwidth cost.
- Review NSG rule sets for operational efficiency and correctness; coordinate with the Security team for hardening.
- Disaster Recovery & High Availability
- Define RTO/RPO targets per product tier in alignment with business requirements.
- Design and document DR architecture — geo-redundancy, backup strategy, failover procedures.
- Implement and periodically test HA configurations for critical workloads (DB clusters, AKS, app tiers).
- Establish and validate runbooks for partial, complete, and degraded-performance outage scenarios.
- Cost Estimation, Budgeting & Optimisation
- Produce Azure cost models for new architectures and migration scenarios using Azure Pricing Calculator and Retail Prices API.
- Conduct monthly cost reviews; identify and act on rightsizing, reserved instance, and savings plan opportunities.
- Define cost allocation tagging taxonomy and governance; ensure 100% tag compliance.
- Present cost vs. architecture trade-offs to stakeholders for informed decision-making.
Skills & Qualifications
Area : AKS / Containers
AKS design and operations; Docker; Helm; Kubernetes networking, scaling, upgrades (MUST HAVE)
Area: CI/CD & DevOps
Azure DevOps or GitHub Actions; GitOps (Flux / ArgoCD); release management; Jenkins
Area: IaC
Terraform or Bicep — production-grade, version-controlled infrastructure (MUST HAVE)
Area: Cloud Platform
Azure — advanced IaaS/PaaS, architecture patterns, landing zones
Area: Networking
Hub-spoke VNet design, NSG, DNS, private endpoints, routing concepts
Area: DR / HA
Azure Site Recovery, geo-redundancy, backup design, RTO/RPO modelling
Area: Multi-cloud
AWS / GCP architecture awareness — strong added advantage
Area: OS / Infra
Windows Server & Linux — working knowledge; not a primary focus
Area: WAF / Security
Well-Architected Framework; Defender for Cloud, RBAC, WAF — knowledge is a plus
Area: Observability
Azure Monitor, Log Analytics, Prometheus, Grafana, APM — knowledge is a plus
CERTIFICATIONS
- AZ-104 + AZ-305: Required (Solutions Architect Expert strongly preferred).
- CKA / CKAD (Kubernetes): Preferred.
- AZ-400 (DevOps Engineer): Preferred.
- AZ-700 (Network Engineer): Preferred.
- AZ-500 (Security Engineer): Good to have.
- AWS Solutions Architect Associate / GCP Professional Cloud Architect — significant advantage.
BEHAVIOURAL COMPETENCIES
- Systems thinking — sees platform-wide implications of individual design choices.
- Collaborative by default — designs are shaped with teams, not handed to them.
- Bias for documentation — decisions, trade-offs, and designs are written down.
- Cost-aware engineering — considers financial impact as a first-class design constraint.
- Mentorship — actively raises the technical bar of the L1/L2 operations team.
- Vendor-neutral judgement — selects the right tool, not the familiar one.
Click on Apply to know more.