Staff Platform Engineer, Platform Development

District Partners is deeply engaged with a growing technology company on a search for a Staff-level engineer to anchor the architecture of the cloud platform behind one of their government programs. The cloud footprint has matured faster than the architecture standards behind it, and the platform team has reached the point where they need a senior technical owner to bring the discipline and scale required for the next phase of growth. This role partners directly with engineering leadership on architecture and execution.

Why You'll Actually Care

This is the platform that the program's product surface runs on. The team has matured into a focused capability function, and the next phase is not greenfield product building. It is hardening, scaling, and getting the architecture into a state that can support a meaningful expansion of the customer footprint over the next 24 months. You would own the cloud network design across a sizeable AWS environment, the IaC patterns that govern how the platform evolves, and the security controls that have to hold up under regulated scrutiny. This is a role for a senior IC who can own architecture and execution and represent the function credibly in any cross-functional forum.

The Basics

A growing technology company operating in a regulated, mission-critical infrastructure space. Engineering operates as a distributed team with a focused capability model. The platform function within this program owns the cloud infrastructure, cloud networking, hosted services, security tooling infrastructure, and the directory services environment that support delivery.

What You'll Be Owning

• Technical strategy and architecture for the platform end-to-end, from initial concept through delivery and ongoing maintenance
• Cloud network architecture across a multi-account AWS estate (VPCs, subnets, Route53, Transit Gateways, network firewalls, multi-account traffic routing). This is the single biggest current focus area.
• The IaC backbone (CloudFormation or Terraform), Python or Node.js automation, and pipeline-driven infrastructure changes that govern how the platform evolves
• Replatforming and rehosting work as services are modernized and consolidated within AWS
• Identity and access architecture across the AWS estate, including IAM at scale, AWS Organizations, SCPs, and federated access patterns
• The Windows domain environment, hybrid identity, and the security tooling infrastructure that supports the security function
• Observability, reliability, and disaster recovery design including monitoring, alerting, SLOs, and runbook automation
• CI/CD pipeline standards and testing rigor for platform components
• Cross-functional representation of the platform function in technical and leadership forums across engineering, product, and operations
• Mentorship and technical leadership across the team through design reviews, code reviews, and standards-setting

The Environment

A small dev plus ops team within the program's engineering organization. The hiring leader is looking for a senior technical partner who can own architecture and execution and step into any meeting and represent the function credibly. The split is roughly 60% deep technical contribution on the hardest implementations and 40% planning, cross-team representation, scope definition with product owners, work breakdown, and process improvement. Expect a meaningful share of time in technical and leadership meetings; this is not a heads-down IC role. The current emphasis is expanding the production footprint, not greenfield product development. Expect a small-company environment with real technology constraints. Additional mid-level and senior engineers are planned to grow the team beneath this hire over the coming year.

Must-Haves

• Deep AWS expertise, including cloud networking at scale (VPCs, Route53, Transit Gateways, network firewalls, multi-account traffic routing)
• Production-grade Automation and IaC (CloudFormation or Terraform; Python or Node.js)
• Working knowledge of security controls and compliance for regulated workloads

What You Bring To The Table

• 7 to 15 years of professional engineering experience building, delivering, and operating scalable, secure, reliable cloud systems
• Deep AWS expertise across compute, systems management, databases, scaling strategies, and resilient multi-AZ architecture (EC2, SSM, RDS or equivalent, Auto Scaling, Load Balancers)
• Strong AWS cloud networking depth: VPCs, subnets, Route53, Transit Gateways, network firewalls, PrivateLink, peering, multi-account traffic routing
• Production-grade IaC in CloudFormation or Terraform, and proficiency in Python or Node.js
• Demonstrated experience replatforming or rehosting services and applications within AWS
• Working knowledge of security controls and compliance for regulated and federal workloads, including IAM at scale, KMS, secrets management, audit logging, and least-privilege patterns
• A track record at Staff or Principal level navigating significant technical ambiguity and leading large-scale cross-functional technical efforts
• Strong written and verbal communication. This role represents the platform function in meetings constantly.
• Ability to use AI tooling as an accelerator without depending on it for core technical thinking. Internal AI tool availability is constrained by contracting policy.

Nice To Have

• Professional AWS Certifications (Solutions Architect Professional, DevOps Engineer Professional)
• Windows domain and Active Directory at depth (hybrid identity, GPO, DC operations)
• Observability and monitoring at scale: Splunk, Datadog, CloudWatch, Prometheus or Grafana
• Operational intelligence, industrial technology, or federal mission environments
• Container orchestration at production scale (Kubernetes or ECS)
• Formal SRE practice exposure, chaos engineering, or service mesh patterns
• Prior experience in a sub-100 person company, or comfort adapting from a larger org into one

A Few Things Worth Knowing

• Compensation: $180,000 to $265,000 base, depending on experience and location
• Location: Denver metro strongly preferred. Other US metros considered for the right candidate, but the hiring leader has a clear preference for local.
• Work model: hybrid for local candidates with regular in-office presence. Quarterly in-person team time at minimum for any non-local hire. Travel is otherwise minimal.
• US citizenship required. Must be able to obtain a federal network account, CAC, and Secret Clearance. Candidates may start without active clearance. Security-relevant certification (Security+, Cloud+, AWS Solutions Architect, or AWS DevOps Engineer) required for production access within 90 days of hire.