KESC Cloud Systems Engineer

Arizona State University•Mesa, AZ

2d•Remote

About The Position

The Knowledge Enterprise Secure Cloud (KESC) is a suite of secure computing services at ASU that includes dedicated virtual machines, a HIPAA-compliant supercomputer, secure data storage, and public cloud environments. KESC technical staff in ASU Research Computing (RC) are entrusted with finding and supporting solutions for some of the most challenging problems at the university. As a cloud engineer in KESC, you will support regulated and restricted data, working directly with researchers managing sensitive datasets, including Controlled Unclassified Information (CUI) and HIPAA-regulated health data. This role requires expertise in Microsoft Azure, infrastructure as code (IaC), secure networking, and data management in regulated environments. You will collaborate closely with researchers and compliance experts to deliver secure computing solutions that directly impact innovative research at ASU. This position manages infrastructure and supports research subject toITAR(Title 22 of the US Code of Federal Regulations) andEAR(Title 15 of the US Code of Federal Regulations) control and requires candidates to meet the definition of US person as defined in as defined by22 C.F.R. § 120.62 and 15 C.F.R. § 772.1.

Requirements

Bachelor's degree and seven (7) years of experience appropriate to the area of assignment/field; OR, Any equivalent combination of experience and/or training from which comparable knowledge, skills and abilities have been achieved.

Nice To Haves

Secure and regulated data and systems-specific knowledge (HIPAA-regulated data, CUI)
Familiarity with NIST control frameworks, including 800-171 and/or 800-53
Regulated and restricted data environments
Azure (Azure Virtual Desktop, Entra ID, hybrid environments)
Google Cloud Platform (VPC Service Controls, Assured Workloads, Pub/Sub)
Terraform
CI/CD pipelines and other automation in the context of cloud infrastructure management
Version control (Gitlab, Github)
Scripting languages (bash, python, powershell)
Knowledge of networking (firewalls, routing, protocols)
Working with environments that have compliance requirements
Incident response activities (root cause analysis, event log analysis - in conjunction with other key personnel)

Responsibilities

Participate fully in building, configuring, and running secure environments within Microsoft Azure GCC High, ensuring compliance with Cybersecurity Maturity Model Certification (CMMC) L2 requirements (NIST 800-171r2 controls, DFARS 252.204-7012, 7019, 7020, 2021, and CFR 32 part 170).
Develop and maintain IaC using terraform, cloud build, and other tools to automate the provisioning and management of cloud resources.
Adopt and advocate for best practices in DevOps methodologies while adhering to strong security principles.
Abide by all regulated KESC policies and procedures for the maintenance, configuration, and operation of secure systems.
Work with researchers on issues pertinent to regulated data, during office hours or via support tickets.
Monitor systems and support and collaborate with researchers, IT (e.g., system administrators, network, and security), and external partners (including vendors) to resolve issues as they arise.
Collaborate with ASU’s cybersecurity and compliance teams, and external partners to ensure continuous monitoring, patching, and documentation to maintain regulatory requirements.
Participate in change control, audit evidence collection, and incident response processes.
Participate in the rotating on-call schedule (after hours emergencies and tickets).
Document new processes, update and contribute to existing documentation as needed.