Cloud Platform Engineer

Organizational OverviewThe Come and See Foundation is dedicated to supporting and expanding the global reach of The Chosen, the first-ever multi-season television series about the life of Jesus Christ. The Chosen has captivated millions around the world with its powerful storytelling, high production values, and authentic portrayal of the life and ministry of Jesus. As a faith-driven initiative, the Foundation plays a pivotal role in funding, distributing, and engaging audiences to ensure that the message of The Chosen continues to inspire and touch lives across diverse cultures and communities. By fostering a collaborative and innovative work environment, the Come and See Foundation is committed to amplifying the impact of The Chosen and creating transformative experiences that resonate with audiences worldwide.Position SummaryCAS is building out its technology and infrastructure function and is looking for a Cloud Platform Engineer to own the foundation that our products and operations run on. This is a critical, high-visibility role spanning cloud infrastructure, security, observability, and software delivery — working closely with our Director of Technology, Head of Product, Technical Product team members, other department leaders, and our managed services and development partner to establish and maintain a secure, reliable, and well-governed platform across multiple cloud environments.You will be the internal expert and CAS's authoritative voice on cloud infrastructure, delivery standards, and platform governance. You will define and verify the standards that our contractor teams build and operate within, and you will ensure those standards are met. As CAS grows and new products come online, you will own those environments end-to-end — building the platform capability that scales with the organization.This is not a hands-off governance role. You will be deeply technical and actively involved in day-to-day platform work while also thinking strategically about where the platform needs to go. This role is the foundation of our growing technology team and will have significant influence over how CAS builds and operates software for years to come.Key ResponsibilitiesMulti-Cloud InfrastructureManage and govern CAS cloud environments across AWS, Google Cloud, and AzureDefine and maintain environment strategy across platforms (dev, test, staging, production)Manage network architecture, security boundaries, and cloud account structureSupport a broad range of cloud workloads including application environments, marketing infrastructure, media asset management storage, and other organizational needsManage cost monitoring, billing oversight, and FinOps practices across cloud platformsDrive capacity planning in partnership with business and technology stakeholdersManage and verify disaster recovery planning, backup strategy, and resilience standardsKubernetes & Container OrchestrationBuild and manage the Kubernetes platform layer — cluster lifecycle, networking, ingress, service mesh, and namespace managementManage container orchestration including Helm chart development and lifecycle managementDefine and maintain deployment patterns, resource boundaries, and service contracts for product teamsManage cluster upgrades, scaling, and cost optimizationInternal Developer PlatformDesign and maintain internal developer platforms that abstract infrastructure complexity and accelerate deliveryBuild and evolve self-service tooling for provisioning, deployment, and observabilityDefine infrastructure standards through reusable modules, templates, and guardrailsEvaluate and integrate platform tooling including service catalogs and developer portalsCollaborate with product and engineering teams to improve developer experience and delivery velocityInfrastructure as CodeManage and verify infrastructure as code standards, state management, and module library across cloud environmentsReview and approve necessary infrastructure changesEnsure foundational modules — networking, identity, security — are CAS-owned and well-governedDrive completeness and coverage of IaC across environments and workloadsCI/CD & Delivery PipelineDefine and enforce pipeline standards and deployment gatesManage and verify branch protection and source control standardsEnsure deployments are automated end-to-end — no manual production changesPartner with our managed services provider on pipeline implementation and maintenanceManage pipeline security and code quality scanning standardsManage secrets, configuration, and environment promotion across dev, staging, and productionPlatform Standards & Contractor GovernanceServe as CAS's authoritative internal expert on platform, infrastructure, and delivery standardsDefine CAS standards across security, resilience, backup and recovery, observability, and operational processRepresent CAS in technical conversations with our managed services and development partner — ensuring contractor teams are adhering to CAS standards and operating within defined governance boundariesManage the technical oversight relationship with our services providers — holding them accountable for delivery quality, security posture, and operational excellenceAs new products and workloads come online, build and manage those environments end-to-end directlySecurity & ComplianceManage cloud security tooling and configuration across environmentsManage identity and access control — serving as the authoritative owner of who has access to what across CAS cloud environments and platform toolsDefine and verify secrets management and credential governanceImplement and maintain encryption at rest and in transit across environmentsDrive patching policy and ensure remediation SLAs are metParticipate in security compliance initiatives including vulnerability scanning, audit logging, and enforcement of compliance controlsConduct regular IaC configuration drift reviews — identifying and remediating infrastructure that has deviated from defined standardsPartner with our Director of Data on technical implementation of compliance and privacy requirements, including PCI DSS obligationsConduct quarterly access reviews across systems and toolsObservability, Monitoring & Incident ResponseEnsure monitoring and observability standards across environmentsDefine alerting thresholds, escalation policies, and on-call structureManage the relationship with our managed services provider on incident response — ensuring processes, runbooks, and escalation paths meet CAS standardsServe as escalation point for infrastructure-level incidentsLead post-incident reviews and drive systemic improvements back into the platformProduce monthly governance reports on platform health, security posture, and change activity for technology leadershipManage Jira-based change oversight — ensuring infrastructure and platform changes are tracked, reviewed, and auditableAccess, Identity & Tool AdministrationAdminister identity and access management as the source of truth for cloud and platform accessManage user provisioning and deprovisioning across CAS-owned tools and platformsManage and verify contractor access governance — scoped, time-limited, and auditedAdminister platform tooling including source control, project management, and monitoring platformsProduct Team PartnershipServe as the primary infrastructure and platform partner to the Product team — ensuring platform capabilities, constraints, and standards are understood and incorporated into product planning from the startParticipate in product planning conversations to provide infrastructure context before features are designed, not after they are builtPartner with Product Managers on release planning, deployment windows, and production go/no-go decisions — bringing an infrastructure and security lens to release readiness without creating friction or blocking deliveryTranslate technical infrastructure and security requirements into clear, actionable guidance that Product teams can work withWork collaboratively with Product to prioritize platform improvements that directly enable product delivery velocity and reliabilityBuild and maintain a trusted working relationship with the Product team — acting as an enabler of product goals, not a gatekeeperProvide technical expertise for SaaS tool integrations and API connectivity needs across the organizationSupport teams requiring integration between CAS systems and third-party platformsAdvise on integration architecture, security, and data handling for new tool onboardingRequiredKnowledge, Skills and Abilities4+ years of experience in cloud infrastructure, platform engineering, or a related disciplineHands-on experience across multiple cloud platforms — AWS required; Google Cloud and/or Azure experience strongly preferredStrong infrastructure as code experience — writing, reviewing, and governing cloud infrastructure programmaticallyExperience with CI/CD pipeline design, implementation, and governanceLinux administration experienceExperience with cloud monitoring, observability, and alerting platformsStrong understanding of security best practices — identity and access management, secrets management, network security, vulnerability management, backup and recoveryExperience defining and enforcing technical standards across contractor or vendor teamsAbility to represent technical requirements and standards to non-technical stakeholders clearly and confidentlyExperience with SaaS integrations and API connectivityComfortable working autonomously in a fast-moving environment with incomplete informationStrongly PreferredExperience governing a managed services or contractor relationship — holding vendors accountable to defined standardsFamiliarity with pipeline security and code quality tooling — SAST tools such as SonarQube or equivalentFamiliarity with PCI DSS 4.0.1 compliance requirements and their infrastructure implicationsExperience managing CDN, WAF, or edge platform configurationsMobile app deployment experience — Apple Developer Program, Google Play ConsoleSoftware engineering background — ability to read and review application code and understand full-stack implications of infrastructure decisionsCloud certification (AWS Solutions Architect, Google Cloud Professional, Azure Administrator, or equivalent)Experience with media asset management or marketing technology infrastructureDemonstrated Attributes for SuccessOwnership Mindset | Systems Thinker | Execution Oriented | Sound Judgment | Simplifies the Complex | Strong Communicator | Independent | Innovative | Collaborative | Natural Project Leader | Financial Awareness | Security Minded | Calm Under Pressure | Adaptable | Self Starter | Teachable | Servant Minded | Faith DrivenEducation and ExperienceBachelor’s degree in Computer Science, Information Technology, Engineering , or a related field; advanced degree preferredMinimum 7 years of experience in cloud infrastructure, platform engineering, DevOps, Site Reliability Engineering, or a related role with demonstrated ownership of production systems at scaleDemonstrated experience owning and operating secure, scalable production platforms, including cloud infrastructure, delivery automation, reliability, and technical governance.Experience in nonprofit, faith-based, or mission-driven organizations a plusPhysical Demands/Working ConditionsThe physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.Working Conditions: Office setting with a forty-hour (+) workweek. This position is remote, with the option to work in our Colorado Springs location.Physical Demands: Frequent sitting and use of standard office equipment. Ability to lift approximately 15-20 pounds. Ability to hear phone calls and clearly communicate verbally.Our Beliefs, Culture, and CommitmentAt Come and See, every staff member is a critical and valuable part of our mission and ministry. We consider ministry readiness and an individual's capacity to represent our culture and Christian beliefs during the selection process for all staff positions. An essential function within every position held by a staff member at Come and See is to uphold and represent Jesus in how we live and behave.While we unite around our mission, we know unity doesn't mean uniformity. Our calling is too great, and our mission is too important not to be intentional about strengthening our team with people from all backgrounds. We believe that varied perspectives—across race, ethnicity, life experience, age, and gender—enrich our ability to share the story of Jesus with the world and help everyone, everywhere, experience the authentic Jesus.