HashiCorp (HCP) Terraform/DevOps Engineer

Position: Infrastructure Staff EngineerLocation: Remote (PST hours)Duration: 6 Months Contract About the Role: We are looking for a highly experienced and technically driven Infrastructure Staff Engineer to join our platform engineering team. In this role, you will serve as a technical leader and subject matter expert responsible for designing, building, and governing cloud infrastructure across multi-cloud environments. You will play a pivotal role in leading the migration and standardization of infrastructure management into HCP Terraform, ensuring scalability, security, and operational excellence across the organization.This is a senior individual contributor role with significant cross-functional influence. You will work closely with engineering, security, and DevOps teams to define infrastructure strategy, establish best practices, and drive meaningful outcomes at scale.Key Responsibilities:Multi-Cloud Infrastructure Leadership

• Architect, design, and manage complex infrastructure solutions across Google Cloud Platform (Google Cloud Platform), Amazon Web Services (AWS), and Microsoft Azure.
• Serve as the subject matter expert for multi-cloud infrastructure patterns, networking, compute, storage, and security configurations.
• Evaluate and recommend cloud services and architectures that align with business requirements, cost efficiency, and performance goals.
• Identify and remediate infrastructure risks, technical debt, and inefficiencies across all cloud environments.
• Define and enforce infrastructure standards, naming conventions, tagging strategies, and cost governance policies across all cloud providers.

HCP Terraform Leadership & Governance

• Serve as the organizational authority on HashiCorp Cloud Platform (HCP) Terraform and all of its capabilities, including:
• Workspaces — design and manage workspace structures that reflect team boundaries, environments, and blast radius controls.
• Variable Sets — standardize reusable variable configurations across workspaces and projects.
• Private Registry — publish, version, and maintain internal Terraform modules to promote reusability and consistency.
• Sentinel Policy Framework — author, test, and enforce policy-as-code using Sentinel to ensure compliance, security, and governance guardrails.
• Run Triggers & Remote State — design workspace dependency graphs and manage state sharing patterns.
• Team & Role-Based Access Control (RBAC) — implement fine-grained access controls aligned with the principle of least privilege.
• Audit Logging & Notifications — configure audit trails and integrate with SIEM or alerting systems.
• VCS Integration — manage integrations with GitHub, GitLab, or other VCS providers to enable GitOps-style infrastructure workflows.
• Cost Estimation — leverage Terraform cost estimation features to drive infrastructure spend awareness.

Define and document HCP Terraform usage guidelines, workspace naming conventions, module standards, and team onboarding processes.Author and maintain a Sentinel policy library that enforces guardrails around security, compliance, tagging, and resource configuration without impeding developer velocity.Migration Leadership

• Lead the end-to-end migration of existing infrastructure management tooling (e.g., manual provisioning, legacy scripts, other IaC tools) into HCP Terraform.
• Develop a phased migration roadmap that minimizes disruption to production workloads while progressively increasing coverage.
• Refactor and modularize existing Terraform codebases into well-structured, reusable, and version-controlled modules.
• Partner with application and platform teams to onboard their infrastructure into HCP Terraform workflows, providing hands-on guidance and support.
• Establish state migration strategies, including terraform import workflows and statefile management best practices.
• Define rollback plans and risk mitigation strategies for all infrastructure migrations.

Standards, Policy & Enablement

• Define infrastructure-as-code standards and contribute to internal developer documentation, runbooks, and wikis.
• Develop and evangelize sensible policy guardrails that protect the organization without creating unnecessary friction for engineering teams.
• Design policies that enforce requirements such as mandatory resource tagging, approved instance types, encryption-at-rest and in-transit requirements, prohibited public exposure of sensitive resources, and region and data residency restrictions.
• Champion infrastructure security best practices including secrets management, IAM least privilege, network segmentation, and drift detection.
• Build internal enablement resources — including templates, examples, and self-service tooling — to increase infrastructure engineering velocity across teams.

Technical Leadership & Mentorship

• Act as a technical mentor and escalation point for infrastructure engineers and DevOps practitioners across the organization.
• Participate in architecture reviews, design discussions, and RFC processes, providing infrastructure perspective and expert guidance.
• Collaborate with security, compliance, and engineering leadership to ensure infrastructure practices meet regulatory and organizational requirements.
• Stay current with the Terraform and HashiCorp ecosystem, cloud provider feature releases, and industry trends — and bring relevant insights back to the team.

Required Qualifications

• 8+ years of experience in infrastructure engineering, platform engineering, or DevOps roles.
• Deep, hands-on expertise with HCP Terraform, including workspaces, the private module registry, Sentinel policies, variable sets, RBAC, VCS integrations, and remote operations.
• Strong proficiency across all three major cloud providers:
• Google Cloud Platform — VPC networking, GKE, IAM, Cloud SQL, Cloud Storage, Secret Manager, Artifact Registry, and related services.
• AWS — VPC, EC2, EKS, RDS, S3, IAM, KMS, Route 53, and related services.
• Azure — Virtual Networks, AKS, Azure SQL, Blob Storage, Azure AD/Entra ID, Key Vault, and related services.

Proven experience leading large-scale infrastructure migrations with minimal downtime and well-managed risk.Strong experience writing Sentinel policies and policy-as-code with a focus on practical, balanced governance.Proficiency with GitOps workflows and CI/CD pipeline integration for infrastructure delivery.Strong understanding of networking fundamentals — subnets, routing, VPNs, VPC peering, private endpoints, and DNS.Experience with secrets management solutions such as HashiCorp Vault, AWS Secrets Manager, Google Cloud Platform Secret Manager, or Azure Key Vault.Excellent written and verbal communication skills with the ability to document complex systems clearly and present to both technical and non-technical audiences.Preferred Qualifications

• HashiCorp Terraform Associate or Professional certification.
• Cloud provider certifications (AWS Solutions Architect, Google Cloud Platform Professional Cloud Architect, Azure Solutions Architect Expert).
• Experience with container orchestration platforms (Kubernetes / GKE / EKS / AKS).
• Familiarity with HashiCorp Vault for secrets management and dynamic credentials.
• Experience with observability and monitoring tooling (Datadog, Prometheus, Grafana, Cloud-native monitoring).
• Background working in regulated industries (SOC 2, HIPAA, PCI-DSS, FedRAMP).
• Experience with infrastructure cost optimization strategies and FinOps practices.

What Success Looks LikeWithin the first 30 days, you will have:

• Gained a thorough understanding of the current infrastructure landscape and identified key gaps and migration priorities.
• Established relationships with key engineering and platform stakeholders.
• Completed an audit of existing Terraform usage, HCP Terraform configuration, and policy coverage.

Within 60 days, you will have:

• Delivered a migration roadmap and governance framework proposal.
• Authored an initial set of Sentinel policies covering the most critical compliance and security requirements.
• Begun onboarding at least one team or workload into HCP Terraform.

Within 90 days, you will have:

• Demonstrated measurable progress on the migration roadmap.
• Published the first version of the internal module registry with documented standards.
• Established recurring infrastructure governance practices and reporting.

Apply tot his job Apply To this Job