Platform Engineer

Job Description

Join our company as we transform and innovate. We are at the forefront of research to deliver innovative health solutions that advance the prevention and treatment of diseases in people and animals. We are currently seeking a Cloud & Infrastructure Technology Staff Engineer to help deliver our Container Platform product. This is also an exciting opportunity to contribute to the development of our broader company's container practice outside our team.

The Platform and Containers as a service product team provide development teams a pre-paved path to run and operate applications via a Platform-as-a-Service model. This enables application product teams by delivering infrastructure solutions and container platforms, primarily through the development of Infrastructure-as-Code. The team also help develops the strategy and works with teams worldwide to govern, grow, and operate container solutions across the company. Our team embraces the regulatory challenges of our industry and drives innovative, secure, and compliant use of containers and container platforms. We operate as a business partner proposing ideas and innovative solutions that enable new organizational capabilities. We collaborate closely with internal and external partners worldwide to mature our ability to utilize Cloud Service Providers. We also impact cluster availability and integrity worldwide via our cloud-based container cluster Platform as a Service (PaaS & CaaS).

As a Platform Engineer, you bring a strong background in cloud infrastructure, networking, PaaS, and automation and a passion for eliminating toil through great engineering. Join our global team to build and evolve automated, self-service platform experiences (think GitOps, policy-as-code, golden paths) so modern application teams can onboard quickly, deploy reliably, and focus on delivering value.

Primary job responsibilities:

• Architect, design, and engineer global platform services—including Tanzu Application Service (Cloud Foundry), Oracle APEX, container platforms, and a multi-region Web Redirect Service
• Lead architecture and engineering of container image management (registry design, signing/provenance, SBOM, retention, geo-replication)
• Define, codify, and socialize best practices for containers and Application-Hosting PaaS (security baselines, multi-tenancy, networking, cost controls) as policy-as-code
• Cultivate an engineering community of practice—share patterns, improve templates/playbooks, and drive inner-source contributions
• Identify capability gaps via telemetry and stakeholder feedback; translate into roadmaps/MVPs and deliver solutions that close the gaps
• Automate and simplify platform maintenance and lifecycle (provisioning, upgrades, patching, backup/DR) using GitOps and CI/CD; reduce manual toil and risk
• Maintain up-to-date cloud-native knowledge; evaluate and introduce fit-for-purpose technologies and practices
• Prioritize workloads and commitments; balance roadmap, BAU operations, and incident response against clear SLAs and timelines
• Partner with product managers and engineering teams to onboard workloads quickly and safely, providing reference architectures and guardrails
• Ensure SDLC and company policy compliance through documentation, reviews, audits, and secure-by-default controls
• Serve as Tier-3 escalation for customer support; lead incident response, post-mortems, and preventive action plans
• Design hybrid/multi-cloud networking: build secure connectivity with Direct Connect/ExpressRoute, PrivateLink/Service Endpoints, segmented VPC/VNet topologies, and enterprise DNS (Route 53/Azure) with strict egress controls
• Drive FinOps & cost efficiency: implement tagging/chargeback, rightsizing & autoscaling, storage lifecycle policies (S3/EFS/FSx), and Savings Plans/Reservations, with dashboards to track unit economics
• Harden data protection & key management: apply envelope encryption with AWS KMS/Azure Key Vault, automate secrets rotation (Secrets Manager/Key Vault), and enforce backup/restore and cross-region DR for RDS/EFS/FSx
• Standardize IaC & GitOps at scale: deliver reusable Terraform/Bicep modules, environment promotion via pipelines, policy-as-code (OPA/Conftest/Checkov), and automated drift detection/remediation across AWS/Azure and container platforms
• Deep AWS proficiency: VPC, Route 53, EC2, ALB/ELB/NLB, S3, RDS, IAM, Lambda, EventBridge, SNS/SES, CloudWatch/CloudTrail, KMS, Secrets Manager, MSK, Kendra, ACM, DRS, EFS, FSx for ONTAP
• Azure experience: Virtual Networks, Resource Groups, Application Gateway, App Service/ASE v3, Autoscaling, Azure Monitor, Key Vault, Secrets Management, Storage Accounts
• Ecosystem & platforms: Broadcom Tanzu Platform, Spectro Cloud (edge/K8s orchestration), Azure ASE v3, Oracle APEX

Requirements:

• BS Degree or equivalent in Computer Science, Computer Engineering, Information Systems, or equivalent experience
• Relevant certification or completion of equivalent program in areas such as Software Development, Computer Science, or Computer Engineering
• Practical experience with container platforms: Kubernetes, Amazon EKS/ECS, Azure AKS; cloud-native tools such as Helm, Cilium/Calico/Flannel, Karpenter, plus container image management (registry design, signing/provenance, SBOMs, retention, geo-replication)
• Direct involvement in architecture, engineering, and operations for Broadcom Tanzu Platform, Azure ASE v3, Oracle APEX, Spectro Cloud, and multi-region platform services (e.g., web redirect services)
• Extensive hands-on work with AWS and Azure across IaaS and networking: VPC/VNet, subnets, security groups/NSGs, NACLs, routing, enterprise DNS (Route 53/Azure DNS), ALB/ELB/NLB, Application Gateway
• Hybrid/multi-cloud networking: Direct Connect / ExpressRoute, PrivateLink / Service Endpoints, segmented VPC/VNet topologies, egress controls and inspection
• Strong understanding of HTTP/S, TCP/IP, DNS, load balancing, TLS/PKI, and foundational routing concepts
• Practical Linux (RHEL/Ubuntu) administration: provisioning/migrations, standardization, performance tuning, and HA clustering
• Proficiency in Python and Bash for automation; develop reusable Ansible playbooks/roles in Ansible Automation Platform
• Infrastructure as Code & GitOps: author reusable Terraform/Bicep modules; environment promotion via GitHub Actions/Azure DevOps/Jenkins/CloudBees; policy-as-code (OPA/Conftest/Checkov); automated drift detection/remediation
• Serverless & integrations: event-driven designs with AWS Lambda; messaging and orchestration via EventBridge, SNS/SES
• Security & compliance: identity and access, encryption at rest/in transit; KMS/Key Vault, Secrets Manager/Key Vault with automated rotation; baseline hardening, vulnerability remediation, and compliance controls
• FinOps: tagging/chargeback, rightsizing & autoscaling, storage lifecycle policies (S3/EFS/FSx), reservations/savings plans, and cost dashboards
• Reliability & DR: architect hybrid DR/BC with defined RTO/RPO, automated failover, backup/restore testing, documented recovery runbooks
• Observability & SRE: create SLIs/SLOs, alerting, and dashboards with Dynatrace, Prometheus, Grafana, Nobl9 (plus ELK/Datadog or equivalents); incident response, post-mortems, and preventive actions
• Ability to troubleshoot across infrastructure, networks, security, and databases; Tier-3 escalation ownership
• Experience designing software/platform solutions with high-quality documentation; ensure SDLC and company policy compliance via reviews and audits
• Proven delivery using Agile/Scrum; prioritize roadmap vs. BAU/operational work against SLAs and timelines
• Workload onboarding & enablement: partner with product managers/engineering to provide reference architectures, guardrails, and safe, rapid onboarding to platform services
• Experience deploying and managing Cloud Foundry or similar PaaS (e.g., Elastic Beanstalk)
• Familiarity with DevOps toolchain: Git, Terraform, Jira, GitHub Actions, Jenkins, CloudBees, Azure DevOps

Nice to haves:

• Possess 4 to 6 years of experience within the IT industry or related fields
• Capable of operating effectively in a matrixed and highly concurrent work environment
• Proven track record of planning and executing projects or experiments, including defining milestones and endpoints
• Experience collaborating with global and diverse teams
• Proficient in using, implementing, or operating Kubernetes or similar container orchestration platforms
• Cloud platforms (AWS): VPC, IAM, EC2, S3, ELB/ALB/NLB, RDS, Route 53, CloudWatch, CloudTrail, EventBridge, SES, SNS, KMS, Secrets Manager, Kendra, Lambda, MSK, ACM, DRS, EFS, FSx for ONTAP
• Cloud platforms (Azure): Virtual Networks, Resource Groups, Application Gateway, App Service & ASE v3, Autoscaling, Azure Monitor, Key Vault, Secrets Management, Storage Accounts
• Containers & platforms: Broadcom Tanzu Platform, Spectro Cloud (edge/K8s orchestration), Azure ASE v3, Oracle APEX
• Networking, security & compliance: Hybrid architecture and network design; secure connectivity; identity & access; encryption; policy-as-code; compliance controls
• Serverless & integration: Event-driven architectures with AWS Lambda; integrations via EventBridge, SNS, SES
• Observability & SRE: Dynatrace, Prometheus, Grafana, Nobl9; SLO/SLI design; alerting; dashboards
• Delivery & operations: End-to-end app design & deployment; troubleshooting; monitoring; continuous improvement; change control; strong analytical & problem-solving skills
• Built CI/CD workflows with Terraform on GitHub Actions (plan/apply, policy checks, environment promotion)
• Operate Azure DevOps pipelines to provision/manage Azure with ARM/Bicep/Terraform
• Develop reusable Ansible playbooks/roles in AAP for repeatable configuration and deployments
• Provision, migrate, and standardize RHEL and Ubuntu across physical/virtual infra, including HA clusters
• Patching & security compliance (baseline hardening, vulnerability remediation, drift control) while tuning performance
• Architect hybrid DR/BC with defined RTO/RPO, automated failover, backup/restore testing, and documented recovery runbooks
• Expertise with Amazon Web Services, including VPC, Route53, EC2, ALB, S3, RDS, IAM, and others
• Hold relevant professional certifications (e.g., AWS, Azure)
• Skilled in debugging software and scripting errors
• Experience in Go programming language
• Expect with troubleshooting infrastructure, network, database, or security-related issues
• Background in delivering products and features utilizing Agile/Scrum methodologies
• Competent in DevOps tools such as Git, Terraform, Jira, Jenkins, CloudBees, Github Actions, among others
• Adept at System Development Lifecycle (SDLC) documentation
• Hands-on experience with Oracle APEX platform
• Exposure to resiliency and observability platforms

What we offer:

• Exciting work in a great team, global projects, international environment
• Opportunity to learn and grow professionally within the company globally
• Hybrid working model, flexible role pattern
• Pension and health insurance contributions
• Internal reward system plus referral program
• 5 weeks annual leave, 5 sick days, 15 days of certified sick leave paid above statutory requirements annually, 40 paid hours annually for volunteering activities, 12 weeks of parental contribution
• Cafeteria for tax free benefits according to your choice (meal vouchers, Lítačka, sport, culture, health, travel, etc.), Multisport Card
• Vodafone, Raiffeisen Bank, Foodora, and other discount programs
• Up-to-date laptop and iPhone
• Parking in the garage for drivers or showers for bikers
• Competitive salary, incentive pay, and many more

Ready to take up the challenge? Apply now

Know anybody who might be interested? Refer this job

The date shown below is the earliest possible closing date for this posting. However, we sometimes extend the job posting period as needed, so please feel free to apply anytime you see the "Apply" button available. You may also reach out to the recruiter directly via

Required Skills:

Preferred Skills:

Current Employees apply HERE

Current Contingent Workers apply HERE

Search Firm Representatives Please Read Carefully

Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.

Employee Status:

Regular

Relocation:

VISA Sponsorship:

Travel Requirements:

Flexible Work Arrangements:

Hybrid

Shift:

Valid Driving License:

Hazardous Material(s):

Job Posting End Date:

11/22/2025

• A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.

Requisition ID:R373016