Principal Cloud Engineer

About The Position

Requirements

• 8+ years in cloud engineering, with at least 3 years at Principal, Staff, or Lead level
• Deep, hands-on Microsoft Azure across App Service, Azure Container Apps, Azure SQL, Front Door, Key Vault, Defender for Cloud, Azure Policy, networking, and Private Endpoints. AKS exposure optional.
• Production Terraform at scale: module authorship, AzureRM provider 4.x, state management, drift detection, and multi-environment promotion patterns
• GitHub Actions with OIDC federation, self-hosted runner platforms (KEDA-scaled preferred), and GitHub App-based automation for cross-repo workflows
• Hub-and-spoke networking, Private Endpoint design, and DNS architecture (Azure private DNS zones, hub-based forwarders, split-horizon resolution)
• SOC 2 and SOX-aware infrastructure design; PCI-DSS exposure a plus
• Strong written communication. ADRs, runbooks, and design docs are part of the role, not an afterthought.
• Comfort and enthusiasm with AI-assisted tools (Copilot, Claude, Gemini) as part of daily workflow

Nice To Haves

• Experience consolidating dual-cloud (Azure + AWS) footprints, particularly during a carve-out or post-acquisition consolidation
• Cloudflare experience (Tunnels, Workers, Zero Trust). Cloudflare Tunnels is our go-forward ingress standard, replacing Front Door for net-new workloads.
• Acrisure or other large enterprise-tenant Azure operating models: multi-subscription estates, PIM, Entra, and federated identity at scale
• HCM, payroll, or fintech domain background
• Container platform experience, Azure Container Apps preferred, AKS acceptable
• Azure Solutions Architect Expert (AZ-305) or Azure DevOps Engineer Expert (AZ-400) certifications
• Experience with Azure API Management or other API gateway and edge platforms
• Background scaling SaaS infrastructure for 50K to 200K+ users
• FinOps practices and large-estate Azure cost management

Responsibilities

• Drive landing zone standards - Own the architecture and ongoing evolution of the Auris Azure landing zone across sandbox, dev, test, stage, and prod subscriptions. Per-subscription hub-and-spoke, with zero cross-environment peering, is the operating model.
• Own the Terraform module catalog - Maintain and extend the composable workload modules (workload-base, workload-app, workload-containerapp, workload-sql, workload-keyvault, workload-storage, workload-frontdoor) that workloads consume. Author new modules as the catalog grows.
• Lead workload onboarding patterns - Define and shepherd the path that new applications take onto the platform. Set the bar for what a production-ready workload looks like at Auris and codify it as reference implementations.
• Own the runner platform - Operate the GitHub Actions runner platform built on KEDA-scaled Azure Container Apps, fronted by a GitHub App for cross-repo automation. Keep it secure, observable, and within cost envelope.
• Partner with security - Work directly with the Deputy CISO on security posture across Defender for Cloud, Azure Policy, Private Endpoints, Key Vault, and Entra controls. Translate SOC 2 and SOX requirements into platform guardrails.
• Mentor engineers across the org - Set the technical example for FTE cloud engineers, DevPro contributors, and Persistent engineers. Code review, pairing, and reference implementations are part of the job, not a side activity.
• Contribute to multi-subscription promotion strategy - Help define how workloads move from dev to test to stage to prod under our sealed-island subscription model, where promotion is CI/CD rather than network peering.
• Lead incident response on platform issues - Be the senior responder when something on the landing zone, runner platform, or shared infrastructure breaks. Drive root cause analysis, remediation, and prevention.
• Leverage AI to accelerate outcomes - Apply AI-assisted tooling to infrastructure code, documentation, and operational workflows, and help the team push the AI ceiling forward.

Benefits

• Competitive compensation and benefits
• health, dental, vision, 401(k), and more
• Comprehensive medical insurance, dental insurance, and vision insurance
• life and disability insurance
• fertility benefits
• wellness resources
• paid sick time
• Generous paid time off and holidays
• Employee Assistance Program (EAP)
• complimentary Calm app subscription
• Immediate vesting in a 401(k) plan
• Health Savings Account (HSA) and Flexible Spending Account (FSA) options
• commuter benefits
• employee discount programs
• Paid maternity leave and paid paternity leave (including for adoptive parents)
• legal plan options
• pet insurance coverage