Platform Engineer

Job Description

Join our company as we transform and innovate. We are at the forefront of research to deliver innovative health solutions that advance the prevention and treatment of diseases inpeopleand animals. We are currently seeking a Cloud & Infrastructure Technology Staff Engineer to help deliver our Container Platform product. This is also an exciting opportunity to contribute to the development of our broader companys container practice outside our team.

The Platform and Containers as a service product team provide development teams a pre-paved path to run and operate applications via a Platform-as-a-Service model. This enables application product teams by delivering infrastructure solutions and container platforms primarily through the development of Infrastructure-as-Code. The team also help develops the strategy and works with teams worldwide to govern grow and operate container solutions across the company. Our team embraces the regulatory challenges of our industry and drives innovative secure and compliant use of containers and container platforms. We operate as a business partner proposing ideas and innovative solutions that enable new organizational capabilities. We collaborate closely with internal and external partners worldwide to mature our ability to utilize Cloud Service Providers. We also impact cluster availability and integrity worldwide via our cloud-based container cluster Platform as a Service (PaaS & CaaS).

As a Platform Engineer you bring a strong background in cloud infrastructure networking PaaS and automation and a passion for eliminating toil through great engineering. Join our global team to build and evolve automated self-service platform experiences (think GitOps policy-as-code golden paths) so modern application teams can onboard quickly deploy reliably and focus on delivering value.

Primary job responsibilities:

• Architect design and engineer global platform servicesincluding Tanzu Application Service (Cloud Foundry) Oracle APEX container platforms and a multi-region Web Redirect Service

• Lead architecture and engineering of container image management (registry design signing/provenance SBOM retention geo-replication)

• Define codify and socialize best practices for containers and Application-Hosting PaaS (security baselines multi-tenancy networking cost controls) as policy-as-code

• Cultivate an engineering community of practiceshare patterns improve templates/playbooks and drive inner-source contributions

• Identify capability gaps via telemetry and stakeholder feedback; translate into roadmaps/MVPs and deliver solutions that close the gaps

• Automate and simplify platform maintenance and lifecycle (provisioning upgrades patching backup/DR) using GitOps and CI/CD; reduce manual toil and risk

• Maintain up-to-date cloud-native knowledge; evaluate and introduce fit-for-purpose technologies and practices

• Prioritize workloads and commitments; balance roadmap BAU operations and incident response against clear SLAs and timelines

• Partner with product managers and engineering teams to onboard workloads quickly and safely providing reference architectures and guardrails

• Ensure SDLC and company policy compliance through documentation reviews audits and secure-by-default controls

• Serve as Tier-3 escalation for customer support; lead incident response post-mortems and preventive action plans

• Design hybrid/multi-cloud networking: build secure connectivity with Direct Connect/ExpressRoute PrivateLink/Service Endpoints segmented VPC/VNet topologies and enterprise DNS (Route 53/Azure) with strict egress controls

• Drive FinOps & cost efficiency: implement tagging/chargeback rightsizing & autoscaling storage lifecycle policies (S3/EFS/FSx) and Savings Plans/Reservations with dashboards to track unit economics

• Harden data protection & key management: apply envelope encryption with AWS KMS/Azure Key Vault automate secrets rotation (Secrets Manager/Key Vault) and enforce backup/restore and cross-region DR for RDS/EFS/FSx

• Standardize IaC & GitOps at scale: deliver reusable Terraform/Bicep modules environment promotion via pipelines policy-as-code (OPA/Conftest/Checkov) and automated drift detection/remediation across AWS/Azure and container platforms

• Deep AWS proficiency: VPC Route 53 EC2 ALB/ELB/NLB S3 RDS IAM Lambda EventBridge SNS/SES CloudWatch/CloudTrail KMS Secrets Manager MSK Kendra ACM DRS EFS FSx for ONTAP

• Azure experience: Virtual Networks Resource Groups Application Gateway App Service/ASE v3 Autoscaling Azure Monitor Key Vault Secrets Management Storage Accounts

• Ecosystem & platforms: Broadcom Tanzu Platform Spectro Cloud (edge/K8s orchestration) Azure ASE v3 Oracle APEX

Requirements:

• BS Degree or equivalent in Computer Science Computer Engineering Information Systems or equivalent experience

• Relevant certification or completion of equivalent program in areas such as Software Development Computer Science or Computer Engineering

• Practical experience with container platforms: Kubernetes Amazon EKS/ECS Azure AKS; cloud-native tools such as Helm Cilium/Calico/Flannel Karpenter plus container image management (registry design signing/provenance SBOMs retention geo-replication)

• Direct involvement in architecture engineering and operations for Broadcom Tanzu Platform Azure ASE v3 Oracle APEX Spectro Cloud and multi-region platform services (e.g. web redirect services)

• Extensive hands-on work with AWS and Azure across IaaS and networking: VPC/VNet subnets security groups/NSGs NACLs routing enterprise DNS (Route 53/Azure DNS) ALB/ELB/NLB Application Gateway

• Hybrid/multi-cloud networking: Direct Connect / ExpressRoute PrivateLink / Service Endpoints segmented VPC/VNet topologies egress controls and inspection

• Strong understanding of HTTP/S TCP/IP DNS load balancing TLS/PKI and foundational routing concepts

• Practical Linux (RHEL/Ubuntu) administration: provisioning/migrations standardization performance tuning and HA clustering

• Proficiency in Python and Bash for automation; develop reusable Ansible playbooks/roles in Ansible Automation Platform

• Infrastructure as Code & GitOps: author reusable Terraform/Bicep modules; environment promotion via GitHub Actions/Azure DevOps/Jenkins/CloudBees; policy-as-code (OPA/Conftest/Checkov); automated drift detection/remediation

• Serverless & integrations: event-driven designs with AWS Lambda; messaging and orchestration via EventBridge SNS/SES

• Security & compliance: identity and access encryption at rest/in transit; KMS/Key Vault Secrets Manager/Key Vault with automated rotation; baseline hardening vulnerability remediation and compliance controls

• FinOps: tagging/chargeback rightsizing & autoscaling storage lifecycle policies (S3/EFS/FSx) reservations/savings plans and cost dashboards

• Reliability & DR: architect hybrid DR/BC with defined RTO/RPO automated failover backup/restore testing documented recovery runbooks

• Observability & SRE: create SLIs/SLOs alerting and dashboards with Dynatrace Prometheus Grafana Nobl9 (plus ELK/Datadog or equivalents); incident response post-mortems and preventive actions

• Ability to troubleshoot across infrastructure networks security and databases; Tier-3 escalation ownership

• Experience designing software/platform solutions with high-quality documentation; ensure SDLC and company policy compliance via reviews and audits

• Proven delivery using Agile/Scrum; prioritize roadmap vs. BAU/operational work against SLAs and timelines

• Workload onboarding & enablement: partner with product managers/engineering to provide reference architectures guardrails and safe rapid onboarding to platform services

• Experience deploying and managing Cloud Foundry or similar PaaS (e.g. Elastic Beanstalk)

• Familiarity with DevOps toolchain: Git Terraform Jira GitHub Actions Jenkins CloudBees Azure DevOps

Nice to haves:

• Possess 4 to 6 years of experience within the IT industry or related fields

• Capable of operating effectively in a matrixed and highly concurrent work environment

• Proven track record of planning and executing projects or experiments including defining milestones and endpoints

• Experience collaborating with global and diverse teams

• Proficient in using implementing or operating Kubernetes or similar container orchestration platforms

• Cloud platforms (AWS): VPC IAM EC2 S3 ELB/ALB/NLB RDS Route 53 CloudWatch CloudTrail EventBridge SES SNS KMS Secrets Manager Kendra Lambda MSK ACM DRS EFS FSx for ONTAP

• Cloud platforms (Azure): Virtual Networks Resource Groups Application Gateway App Service & ASE v3 Autoscaling Azure Monitor Key Vault Secrets Management Storage Accounts

• Containers & platforms: Broadcom Tanzu Platform Spectro Cloud (edge/K8s orchestration) Azure ASE v3 Oracle APEX

• Networking security & compliance: Hybrid architecture and network design; secure connectivity; identity & access; encryption; policy-as-code; compliance controls

• Serverless & integration: Event-driven architectures with AWS Lambda; integrations via EventBridge SNS SES

• Observability & SRE: Dynatrace Prometheus Grafana Nobl9; SLO/SLI design; alerting; dashboards

• Delivery & operations: End-to-end app design & deployment; troubleshooting; monitoring; continuous improvement; change control; strong analytical & problem-solving skills

• Built CI/CD workflows with Terraform on GitHub Actions (plan/apply policy checks environment promotion)

• Operate Azure DevOps pipelines to provision/manage Azure with ARM/Bicep/Terraform

• Develop reusable Ansible playbooks/roles in AAP for repeatable configuration and deployments

• Provision migrate and standardize RHEL and Ubuntu across physical/virtual infra including HA clusters

• Patching & security compliance (baseline hardening vulnerability remediation drift control) while tuning performance

• Architect hybrid DR/BC with defined RTO/RPO automated failover backup/restore testing and documented recovery runbooks

• Expertise with Amazon Web Services including VPC Route53 EC2 ALB S3 RDS IAM and others

• Hold relevant professional certifications (e.g. AWS Azure)

• Skilled in debugging software and scripting errors

• Experience in Go programming language

• Expect with troubleshooting infrastructure network database or security-related issues

• Background in delivering products and features utilizing Agile/Scrum methodologies

• Competent in DevOps tools such as Git Terraform Jira Jenkins CloudBees Github Actions among others

• Adept at System Development Lifecycle (SDLC) documentation

• Hands-on experience with Oracle APEX platform

• Exposure to resiliency and observability platforms

What we offer:

• Exciting work in a great team global projects international environment

• Opportunity to learn and grow professionally within the company globally

• Hybrid working model flexible role pattern

• Pension and health insurance contributions

• Internal reward system plus referral program

• 5 weeks annual leave 5 sick days 15 days of certified sick leave paid above statutory requirements annually 40 paid hours annually for volunteering activities 12 weeks of parental contribution

• Cafeteria for tax free benefits according to your choice (meal vouchers Lítačka sport culture health travel etc.) Multisport Card

• Vodafone Raiffeisen Bank Foodora and other discount programs

• Up-to-date laptop and iPhone

• Parking in the garage for drivers or showers for bikers

• Competitive salary incentive pay and many more

Ready to take up the challenge Apply now!
Know anybody who might be interested Refer this job!

The date shown below is the earliest possible closing date for this posting. However we sometimes extend the job posting period as needed so please feel free to apply anytime you see the Apply button may also reach out to the recruiter directly via Skills:

Preferred Skills:

Current Employees apply HERE

Current Contingent Workers apply HERE

Search Firm Representatives Please Read Carefully
Merck & Co. Inc. Rahway NJ USA also known as Merck Sharp & Dohme LLC Rahway NJ USA does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place introductions are position specific. Please no phone calls or emails.

Employee Status:

Relocation:

VISA Sponsorship:

Travel Requirements:

Flexible Work Arrangements:

Shift:

Valid Driving License:

Hazardous Material(s):

Job Posting End Date:

*A job posting is effective until 11:59:59PM on the day BEFOREthe listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.