Cloud Platform Specialist

About The Position

Requirements

• Strong hands-on experience with Microsoft Azure including compute, networking, identity (Entra ID), and security services
• Experience designing and implementing CI/CD pipelines using GitHub Actions or Azure DevOps
• Experience with infrastructure as code tools including Bicep and Terraform
• Familiarity with containerization concepts including Docker and Linux-based runtimes, and their application to Azure-hosted workloads
• Experience reviewing third-party and citizen-developed applications for production readiness, security posture, and operational supportability
• Experience with Power Platform governance including DLP policy configuration, environment strategy, and connector management
• Solid understanding of identity and access management; specifically Azure AD/Entra ID, OAuth2/OIDC, app registrations, and service principals
• Experience governing or operating Azure AI Foundry, Azure OpenAI Service, or equivalent AI/ML platforms in an enterprise environment
• Familiarity with data classification frameworks and their application to cloud workloads and AI pipelines
• Working-level proficiency in Windows Server, Linux, and Azure IaaS administration sufficient to provide team secondary coverage
• Strong verbal and written communication skills with the ability to explain security and governance requirements to non-technical audiences
• Proven problem-solving skills with experience as a key contributor in an IT team

Nice To Haves

• Experience building or operating a formal citizen development governance program, including intake processes and promotion gate criteria
• Background in IT platform engineering or site reliability engineering (SRE)
• Familiarity with SharePoint Online, SPFx, and Power Platform as a development ecosystem
• Experience supporting low-code and no-code development ecosystems with mixed technical skill levels

Responsibilities

• Design and implement secure, scalable application hosting environments in Azure, including environment segmentation (dev/test/UAT/prod) and isolation strategies
• Establish identity, access, and secrets management patterns across all environments
• Build and maintain CI/CD pipelines for application deployment using Azure DevOps Pipelines and GitHub Actions; standardize release and promotion workflows across environments regardless of pipeline tooling
• Define and document approved deployment patterns for Power Platform solutions, custom-developed applications including AI-generated and low-code apps, and AI/ML-enabled workloads
• Implement infrastructure as code using Bicep and Terraform for consistent, repeatable environment provisioning; maintain standards for both Microsoft-native and open-source IaC tooling depending on workload requirements
• Define approved patterns for containerized workloads including Docker-based packaging and deployment to Azure Container Apps or AKS; maintain working proficiency in Linux as the primary runtime for containerized and serverless applications
• Define standards for event-driven and serverless compute patterns using Azure Functions and Logic Apps alongside open-source frameworks and runtimes; define approved language runtimes, dependency management practices, and cold-start mitigation approaches
• Ensure logging, monitoring, alerting, and compliance requirements are met by design in all managed environments
• Own the citizen development intake, review, and application promotion process; evaluate all citizen and staff-developed applications for security, compliance, and operational supportability before advancement through dev/test/UAT/prod environments
• Define and enforce data classification requirements for all applications and workloads, particularly those integrating with AI services, external APIs, Microsoft 365, or business-critical data sources
• Establish open-source software governance standards for all applications entering the promotion pipeline, including license compatibility review, dependency scanning, and policies governing the use of community-maintained packages in production workloads
• Develop and maintain secure development guidelines and reference materials for non-technical builders covering authentication patterns, data handling, API integration basics, and deployment standards.
• Partner with the integration developer and BIM developer to ensure citizen-developed solutions are compatible with enterprise integration patterns and supportable by Core Services
• Define production readiness criteria and ensure all deployed applications are supportable by the Service Desk and IT operations teams
• Govern Azure AI Foundry and Azure OpenAI Service access; define approved patterns for AI-enabled workloads including proprietary and open-weight model deployment standards, content filtering configuration, audit logging, and data residency compliance
• Reference established open standards including the OWASP Top 10 for LLM Applications when evaluating AI workload risk and defining guardrails for data flowing into AI services
• Define and maintain Power Platform environment strategy and DLP policy governance, including environment segmentation and access controls for citizen developers
• Establish API management standards for internally developed or citizen-developed applications that expose or consume APIs, including authentication patterns (OAuth2/Entra ID), secret management, connector approval workflows, and OpenAPI specification requirements for internally documented APIs
• Evaluate and approve requests for access to Azure AI Foundry from technical and non-technical staff; define and enforce guardrails for what data is permitted to flow into AI workloads
• Provide Tier 2/3 secondary coverage for Windows Server, Linux, and Azure IaaS operations
• Maintain working-level proficiency in Azure VM administration, storage, and networking sufficient to support team operations during planned or unplanned absences
• Participate in the execution of IT Service Management (ITSM) controls including incident, problem, and change management; this includes after-hours operations and maintenance
• Participate in audits and rehearsals associated with Information Security, Business Continuity, and Disaster Recovery

Benefits

• Employer paid health insurance (medical, dental, vision)
• Annual 401k profit sharing based on company profit for the year and account contribution
• Professional development reimbursements including state registration and professional association dues
• Employer paid commuter/parking stipend
• Cell phone stipend
• Life insurance and disability benefits
• Hybrid work schedule
• Employee Assistance Program
• 9 paid holidays including an additional employee-selected day
• Paid time off for sick leave, family leave, community service, holidays and vacation