Sr Systems Engineer - Azure

About The Position

Requirements

• Bachelor's degree in Computer Science, Information Technology, Information Systems, or a directly related field; OR equivalent combination of education and verifiable professional experience
• 7+ years of hands-on, production-environment experience administering and engineering Microsoft Azure infrastructure and Microsoft identity technologies
• 5+ years administering Active Directory Domain Services in a multi-domain enterprise environment — Group Policy, OU structure, trust relationships, and schema-level understanding
• 4+ years with Entra ID (Azure Active Directory) including Conditional Access policy authoring, PIM configuration, and Azure AD Connect sync administration in a hybrid identity environment
• 3+ years of experience in a federally regulated industry — banking, financial services, healthcare, or government — with direct exposure to audit processes, change management requirements, and compliance documentation
• Demonstrated experience designing and maintaining Azure Virtual Network topology — hub-spoke architecture, NSG management, and on-premises connectivity
• Demonstrated experience with Defender for Cloud and Azure Policy including hands-on security recommendation remediation — not limited to monitoring
• Demonstrated experience with Azure Cost Management including budget configuration, cost anomaly detection, and spend forecasting across multiple subscriptions
• Proficiency in PowerShell scripting for Azure and Active Directory automation — scripts that are maintainable and executable by other engineers
• Microsoft Certified: Azure Administrator Associate (AZ-104)

Responsibilities

• Azure Infrastructure Design, deploy, and maintain Azure subscription architecture including management groups, resource groups, and naming and tagging governance across all subscriptions
• Own and administer Azure Virtual Network topology including hub-spoke design, VNets, subnets, NSGs, route tables, and VNet peering aligned to bank security requirements
• Manage IaaS and PaaS resource lifecycle — provisioning, scaling, monitoring, and decommission — with full change management documentation in ServiceNow
• Maintain the documented baseline state of the Azure environment; identify and remediate configuration drift from established standards on a defined cycle
• Serve as the primary technical owner for Azure-dependent infrastructure projects including AXOS Private Cloud and data lake infrastructure initiatives
• Identity and Access Management Administer and maintain Entra ID (Azure Active Directory) tenancy health — user lifecycle, group management, application registrations, and service principal governance
• Design, implement, and maintain Conditional Access policies, named locations, sign-in risk policies, and MFA enforcement in alignment with bank security policy and FFIEC guidance
• Manage Privileged Identity Management (PIM) including role activation policy, access reviews for privileged accounts, and just-in-time access configuration
• Monitor and maintain Azure AD Connect synchronization health; resolve sync conflicts; coordinate with the Sr. Architect on hybrid identity topology changes
• Coordinate with the Intune/GPO/Entra sub-team on endpoint compliance integration with Conditional Access and device-based authentication requirements
• Conduct and document semi-annual Azure RBAC assignment reviews and deliver findings to the Audit and Compliance Engineer
• Security and Compliance Posture Own Defender for Cloud operational posture — monitor, prioritize, and drive hands-on remediation of high and critical recommendations, not dashboard observation alone
• Manage Azure Policy assignments for baseline compliance enforcement; author and test policy definitions as bank requirements evolve
• Design and maintain RBAC assignments across Azure resources in alignment with least-privilege principles; document all role assignments with business justification
• Produce quarterly Azure security posture reports for the Audit and Compliance Engineer; provide documentation sufficient to satisfy KPMG audit requests related to Azure infrastructure and identity
• Participate as the Azure technical SME in KPMG audit preparation and response
• Maintain working knowledge of FFIEC IT examination guidance and align Azure governance practices accordingly
• Cost Management and Governance Own Azure Cost Management analysis, reporting, budget alert configuration, and anomaly detection across all Azure subscriptions
• Enforce tagging policy compliance; identify and remediate untagged or incorrectly tagged resources on a defined cycle
• Provide monthly cost forecasting and variance analysis to the Sr. IT Manager — communicate material spend changes before they appear in billing, not after
• Identify and recommend cost optimization opportunities including right-sizing, reserved instance analysis, and elimination of unused resources
• Automation and Operational Excellence Develop and maintain Azure Automation runbooks and PowerShell/Python scripts for operational task automation; prioritize progressive elimination of manual repetitive processes
• Configure and maintain Azure Monitor alerts, Log Analytics workspaces, and operational dashboards for infrastructure health and performance visibility
• Author and maintain runbook documentation for all operational procedures within the Azure domain — sufficient for another senior engineer to execute independently
• Participate in quarterly cross-team cross-training; contribute at least one procedural training session per cycle
• Architectural Partnership Serve as primary backup to the Sr. Engineer and Technology Architect for Azure decisions, architecture reviews, and cross-domain escalation during periods of unavailability
• Partner with the Sr. Engineer and Technology Architect on changes to hybrid identity topology, Entra tenant configuration, and Azure AD Connect sync rules — this is a genuine peer relationship with shared architectural ownership, not a sign-off chain
• Contribute to architectural discussions, design reviews, and platform standards development as a senior technical voice on the Microsoft Operations team
• Participate in the weekly leads synchronization meeting and contribute Azure platform status, blockers, and capacity to the standing agenda
• ServiceNow and Change Management You believe that undocumented work did not happen. Every change, request, incident, and proactive task gets a ServiceNow ticket before execution — full stop
• Complete ServiceNow change requests for all Standard, Normal, and Emergency changes including full description, rollback plan, and approval routing per change management policy
• Maintain change records with sufficient technical detail to serve as KPMG audit evidence
• Author ServiceNow knowledge base articles for any procedure that required meaningful effort to develop, debug, or resolve — the team does not re-solve the same problem twice

Benefits

• Medical, Dental, Vision, and Life Insurance
• Paid Sick Leave, 3 weeks’ Vacation, and Holidays (about 11 a year)
• HSA or FSA account and other voluntary benefits
• 401(k) Retirement Saving Plan with Employer Match Program and 529 Savings Plan
• Employee Mortgage Loan Program and free access to an Axos Bank Account with Self-Directed Trading