Location ACT,NSW, QLD
NV1 Clearance required
Calleo is seeking a Lead Technology Architect for one of our federal clients.
- Technology Architects/ Senior Cloud Engineer determine the appropriate technologies to be used in the service development and delivery environment. They monitor emerging technologies and plan technology exploration, implementation and retirement.
- You will specialise in either Azure or AWS public cloud platforms, with the capability to design, implement, and optimise environments from new (greenfield) implementations as well as enhance existing setups (brownfield). This role is focused on building secure-by-design architectures, incorporating reusable patterns and Infrastructure as Code (IaC) to deliver scalable, compliant cloud solutions in line with APS frameworks and regulations.
- Senior Cloud Engineer will collaborate with Architecture, Cyber Security, and Core Infrastructure teams in the group to establish foundational infrastructure, enforce governance, and apply best practices across networking and resource management in your primary platform, while demonstrating skills in both Azure and AWS.
- The Senior Cloud Engineer is expected to operate with a significant degree of independence with a high level of autonomy, while also maintaining close working relationships with key stakeholders and strict adherence to agency processes and procedures.
- In performing the role, the candidate will be required to identify and drive innovation, manage and lead change, and has an active role in contributing to and implementing the agency’s strategic direction with decision-making and advice to others highly dependent on their own judgement.
- Design and deploy greenfield and brownfield cloud platforms in either Azure or AWS, including foundational structures like Azure Landing Zones/Management Groups or AWS Landing Zone/Organizations/Control Tower, to support organisational scalability and hierarchy.
- Implement Infrastructure as Code (IaC) using tools such as Terraform, ARM/Bicep (Azure), or CloudFormation (AWS) for reusable, automated, and secure deployments.
- Configure and manage core services, such as Azure Key Vault/Blob Storage/Virtual Machines or AWS Secrets Manager/S3/EC2, ensuring secure-by-design principles like least privilege, encryption at rest/transit, and threat modelling.
- Establish robust networking components, including Azure VNets/Subnets/NSGs/Firewall or AWS VPCs/Subnets/Security Groups/Transit Gateway, with focus on secure connectivity (e.g., VPN/ExpressRoute in Azure or Direct Connect in AWS).
- Develop and enforce governance frameworks, including policies and guardrails via Azure Policy/RBAC or AWS Control Tower/IAM, to align with Australian government standards (e.g., ISM, PSPF), incorporating security assessments, cost optimisation, and compliance monitoring.
- Integrate secure-by-design practices throughout the lifecycle, such as zero-trust models, automated vulnerability scanning, and identity federation.
- Provide technical guidance, documentation, and training to teams on best practices for both Azure and AWS environments.
- Document, present and discuss the end-to-end implementation options, recommendations and implications, to facilitate and support the decision-making process.
- 5+ years of hands-on experience as a Cloud Engineer, with expertise in building greenfield and brownfield setups in either Azure OR AWS public clouds, including IaC implementations and secure-by-design principles.
- Proven track record with foundational elements in Azure (Landing Zones, Management Groups, Resource Groups, Key Vault, Blob Storage, Virtual Machines) OR AWS equivalents (Landing Zone, Organizations, VPCs, Secrets Manager, S3, EC2).
- Strong knowledge of networking in either or both platforms: Azure (VNets, peering, NSGs, routing) and/or AWS (VPCs, subnets, security groups, NAT gateways), including hybrid connectivity.
- Experience in governance and security: Implementing policies, guardrails, RBAC/IAM, and tools like Azure Security Center or AWS Security Hub.
- Experience with DevOps practices, CI/CD pipelines (e.g., Azure DevOps, AWS CodePipeline), and scripting (PowerShell, Python, Bash).
- Understanding of Australian government cloud requirements, including data sovereignty, security classifications, and regulatory compliance.
- Proficiency in relevant technologies, frameworks, and tools, as well as the ability to translate complex technical requirements into scalable and sustainable solutions is imperative.
- Certifications such as AZ-104/AZ-305 (Azure) or AWS SysOps/CloudOps highly desirable.
Must be Australian Citizen with NV1 Clearance.
If interested, please apply directly through the links provided.
Alternately, please feel free to contact Luci for more information – zainab.afzaal@callleo.com.au
Follow Calleo on LinkedIn and visit our website to keep up to date on all our current job vacancies:
www.linkedin.com/company/calleoresourcing
www.calleo.com.au
Calleo is an equal opportunity employer and we encourage applications from all people including Aboriginal and Torres Strait Islander peoples .
