Cloud & Core Services Engineer

About The Position

Requirements

• Deep expertise in cloud services, identity, network, and cybersecurity, within financial services
• Demonstrated expertise in three or more of the following: Azure architecture, networking, and identity
• Identity and Access Management lifecycle architecture and capabilities
• Cloud-native protection services, including CSPM and CWPP
• Network security (firewalls, IDS/IPS, NAC)
• Kubernetes / container security
• IaC & DevSecOps automation (Terraform, GitHub Actions, Argo)
• Familiarity with FFIEC, GLBA, and NIST CSF or SP?800-53 frameworks.
• Scripting skills in PowerShell, Bash, or Python for automation and SOAR.
• Strong ability to assess risk and develop long-term strategies
• Comfortable operating effectively in a dynamic and changing environment (often with unstructured and/or virtual teams)
• Ability to manage multiple priorities, meet deadlines, and deliver business results
• Strong communication and presentation skills
• Ability to influence even when holding a position contrary to the majority
• 8+?years of hands-on security engineering or system administration in regulated financial-services or cloud-first environments.

Nice To Haves

• Security certifications, such as CISSP, AZ-500, or GIAC, are a plus.

Responsibilities

• Design, build, and operate the enterprise Azure “base service” (landing zones, subscription strategy, management groups, RBAC, tags, budgets) for technology teams across the bank.
• Define and maintain the Azure service catalog (self-service templates, guardrails, quotas, request workflows) that enables fast, safe provisioning for app teams.
• Work with IT Operations and Security Engineering to establish platform SLOs, capacity plans, backup and disaster recovery standards, and cost governance (FinOps tagging, budgets).
• Work with Security Engineering to design and operate Microsoft Entra ID and Okta as core services: conditional access, MFA, SSO, federation, SCIM provisioning, and lifecycle automation.
• Implement least-privilege access with PIM/PAM, JIT elevation, and policy-as-code guardrails.
• Advance Zero Trust by aligning identity, device posture, network controls, and data protections across cloud and on-prem.
• Design and run hybrid network foundations, including vWAN, VNets/VNet peering, SD-WAN, Private Link, DNS, and Azure Firewall.
• Build reusable, secure IaC modules using Terraform for repeatable, compliant deployments.
• Encode governance via Azure Policy and Terraform deployment pipelines to enforce configuration baselines and drift detection.
• Provide shared platform components (such as App Service, Functions, Key Vault, Event Hub/Service Bus) with opinionated, secure defaults.
• Embed security and compliance checks into CI/CD (image signing, policy enforcement, SAST/DAST/secret scanning) and automate result evaluation.
• Work with Security Operations to integrate cloud services with the enterprise SIEM and other detection and prevention tools, and help to develop analytics, response playbooks, and platform-level detections.
• Lead hardening after incidents and add improvements into baselines, policies, and IaC for durable risk reduction.
• Map platform controls to FFIEC, GLBA, SOX, PCI-DSS, and NIST CSF 2.0
• Automate evidence collection from Azure native services and pipelines to streamline audits.
• Diagnose and respond to outages of cloud services in collaboration with other operations and app teams.
• Perform root cause analysis (RCA) and post-incident reviews.
• Investigate and troubleshoot failed resource deployments.
• Maintain documentation and procedures (runbooks, playbooks, standards, etc.).

Benefits

• Medical Coverage: Choose from three competitive medical plans to find the coverage that best fits your needs and lifestyle.
• Health Savings Account (HSA): Available with eligible medical plans, offering tax advantages and employer contributions.
• Flexible Spending Accounts (FSA): Options for healthcare and dependent care expenses to help you save on out-of-pocket costs.
• Dental and Vision Insurance: Plans?to keep you and your family smiling and seeing clearly.
• Life Insurance: Company-paid basic life insurance with options to purchase additional coverage for yourself and your dependents.
• Long-Term /Short-Term Disability (LTD): Income protection in the event of a long-term illness or injury.
• Supplemental Benefits: Including Hospital Indemnity, Accident Insurance, and Critical Illness coverage to provide extra financial support when you need it most.
• 401(k) Retirement Plan: A competitive retirement savings plan with company matching to help you plan for the future.
• Paid Time Off: Generous vacation and sick leave policies to support your time away from work.
• Holidays: Enjoy 11 paid holidays throughout the year.