We are  CARIAD , an automotive software development team with the Volkswagen Group. Our mission is to make the automotive experience safer, more sustainable, more comfortable, more digital, and more fun. To achieve that we are building the leading tech stack for the automotive industry and creating a unified software platform for over 10 million new vehicles per year. We're looking for talented, digital minds like you to help us create code that moves the world. Together with you, we'll build outstanding digital experiences and products for all Volkswagen Group brands that will transform mobility. Join us as we shape the future of the car and everyone around it.

Title: Sr. Cloud Infrastructure Engineer, Managed Services (W2 Contract)

​ Role Summary:

The Senior Cloud Infrastructure Engineer (Contract) will play a critical role in architecting and deploying CARIAD's Managed IT Services Platform—a secure, scalable, multi-tenant environment built on Microsoft Azure. Key responsibilities include establishing centralized administration using Azure Lighthouse and integrating SailPoint IdentityNow to automate and access management.This role is responsible for defining the platform's technical foundation and delivering secure infrastructure using Infrastructure as Code (IaC) with Terraform and ARM templates. The engineer will ensure all solutions meet Volkswagen Group's cloud security and compliance standards.Blending deep hands-on engineering expertise with automation and architectural leadership, this position will drive the development of a reusable, governed, and operationally efficient cloud services platform that supports long-term scalability and onboarding for global customers. Workplace Flexibility: ​This is a contract W2 position with a hybrid office schedule. Locations are Mountain View, CA, or Bellevue, WARequires availability of off-hours work during critical deployments Key Responsibilities: Cloud Platform Architecture & Deployment

Architect and deploy a secure, scalable, multi-tenant Azure platform

Use Azure Lighthouse for centralized control and tenant isolation

Integrate SailPoint IdentityNow for IAM provisioning and lifecycle governance

Build reusable landing zones and reference architectures

Collaborate with stakeholders, DevOps, and InfoSec teams to ensure alignment

Continuously improve architecture using Azure innovations and security trends

Infrastructure as Code (IaC) & Automation

Develop Terraform modules and ARM templates for Azure infrastructure

Integrate IaC into CI/CD pipelines with full version control and lifecycle automation

Standardize tagging, naming conventions, and configuration management

Automate provisioning for shared services, network configurations, and RBAC

Use security validation tools (e.g., tfsec, Checkov) in all deployment pipelines

Security & Compliance

Implement Azure RBAC, PIM, and Zero Trust models across tenants

Enforce secure access policies (JIT, NSGs, Key Vault secrets)

Automate security baseline deployments using Defender for Cloud and Sentinel

Partner with InfoSec and audit teams for reviews, documentation, and compliance

Platform Operations & Integration

Manage tenant provisioning workflows and onboarding

Monitor platform health, logs, metrics, and alerts across environments

Troubleshoot infrastructure issues and support BAU operations

Maintain documentation and support guides

Change & Incident Management

Follow ITSM best practices for change control and incident resolution

Conduct RCA for critical issues and implement long-term fixes

Collaborate in CAB meetings and cross-team escalation paths

Required Skills & Qualifications:

Bachelor's degree in Computer Science, IT, or equivalent hands-on experience

8+ years in cloud infrastructure or platform engineering

4+ years in Microsoft Azure, with experience in multi-tenant or enterprise-scale deployments

Scripting experience: Powershell

Strong hands-on expertise in:

Azure Lighthouse, Terraform, ARM Templates

CI/CD pipeline integration (GitHub Actions, Azure DevOps, etc.)

SailPoint IdentityNow or equivalent IAM platforms

Azure security (RBAC, PIM, Policies, Key Vault, Zero Trust)

Familiar with infrastructure security testing (e.g., tfsec, Checkov).

Experience in regulated industries (automotive, OEMs, or similar) a plus

Strong communication skills and ability to work independently as a contractor

Certifications ():

Microsoft Certified: Azure Administrator Associate

HashiCorp Certified: Terraform Associate

AZ-500: Microsoft Azure Security Technologies

ITIL Foundation Certification

Compensation: Hourly range is dependent on factors such as geographical differentials, credentials or certifications, industry-based experience, qualification and training. In the city of Mountain View, CA, the hourly range for this contract position is $90 - $135/hr. CARIAD is an Equal Opportunity Employer.  We welcome and encourage applicants from all backgrounds, and do not discriminate based on , , , disability, , , , , /expression, marital status, veteran status, or any other characteristics protected by applicable laws.