Staff Cloud Platform Engineer

About The Position

Requirements

• Strong experience designing and operating secure, scalable Azure cloud platforms in hybrid (cloud and on-premises) environments
• Deep expertise in Azure architecture, landing zones, governance, and multi-tenant management
• Proficiency in Infrastructure as Code (Terraform, ARM/Bicep) with CI/CD pipeline integration and automated security validation
• Advanced knowledge of identity and access management, including Azure AD (Entra ID), RBAC, PIM, Conditional Access, and Zero Trust principles
• Hands-on experience with enterprise security tools such as Defender for Cloud, Sentinel, and Key Vault
• Experience implementing monitoring, logging, and alerting strategies across hybrid environments
• Strong understanding of backup, disaster recovery (DR), and high-availability design principles
• Solid foundation in virtualization (VMware), Active Directory, and Microsoft 365 administration
• Strong networking fundamentals including DNS, routing, firewalls, VLANs, and hybrid connectivity
• Proficiency in automation and scripting using Python and PowerShell
• 8+ years of infrastructure engineering experience
• 5+ years designing and operating Azure cloud platforms with experience in multi-tenant or enterprise-scale deployments
• Bachelor’s degree in Information Technology, Computer Science, or a related field, or equivalent practical experience

Nice To Haves

• Azure certifications (e.g., AZ-104, AZ-305, AZ-500)
• Experience implementing enterprise-scale landing zones using Microsoft Cloud Adoption Framework (CAF)
• Strong knowledge of Azure Policy and policy-as-code governance frameworks
• Experience with Microsoft Sentinel and advanced cloud security automation
• Experience leading technical initiatives or mentoring engineers
• Familiarity with identity governance platforms (e.g., SailPoint, Okta, or similar)
• Master’s degree in computer science, IT, or equivalent hands-on experience
• ITIL Foundation Certification

Responsibilities

• Design, implement, and evolve secure, scalable, multi-tenant Azure platform solutions.
• Build and maintain landing zone building blocks (identity baseline, networking baseline, logging baseline) and reusable platform patterns to accelerate tenant onboarding.
• Implement Azure Lighthouse capabilities to support scalable multi-tenant operations and delegated administration.
• Integrate IAM solutions (e.g., SailPoint IdentityNow or equivalent) for identity provisioning and lifecycle governance.
• Engineer secure hybrid cloud integrations between on-premises and Azure environments.
• Evaluate and implement Azure platform innovations and security best practices.
• Collaborate with engineering, InfoSec, and operations stakeholders to ensure technical alignment.
• Develop and maintain shared Terraform modules and ARM/Bicep templates that standardize approved platform patterns.
• Integrate IaC into CI/CD pipelines to enable automated, compliant infrastructure deployments.
• Define and implement tagging, naming, and configuration management standards.
• Automate shared services, networking configurations, RBAC policies, and platform governance controls.
• Maintain module versioning/release notes and migration guidance to drive adoption with minimal friction.
• Implement security validation tools within deployment pipelines.
• Apply version control and DevOps best practices to infrastructure delivery.
• Implement and maintain Azure RBAC, PIM, and Zero Trust controls across environments.
• Configure secure access models including JIT, NSGs, Key Vault, and conditional access.
• Automate security baselines using Defender for Cloud, Sentinel, and governance frameworks.
• Support audit and compliance activities in collaboration with InfoSec teams.
• Ensure platform security across hybrid cloud and virtualization environments.
• Engineer tenant provisioning workflows and onboarding automation.
• Build and maintain enterprise monitoring strategies for logs, metrics, and alerts across hybrid and multi-tenant environments.
• Design, implement, and maintain backup and disaster recovery (DR) strategies across cloud and on-premises infrastructure.
• Ensure regular backup validation, restore testing, and compliance with retention policies and business continuity requirements.
• Support distributed monitoring infrastructure across hybrid environments.
• Serve as escalation point for complex cloud and infrastructure troubleshooting.
• Maintain documentation, playbooks, and operational standards.
• Drive high availability, resiliency, and performance optimization.
• Strong understanding of virtualization technologies (vSphere, vCenter, ESXi, Azure VDI).
• Administration of Windows, macOS, and Linux operating systems.
• Microsoft 365 (O365) administration experience.
• Active Directory (AD) and Azure AD (Entra ID) administration.
• Networking fundamentals including DNS, VLANs, routing, firewalls, and hybrid connectivity.
• Experience in hybrid on-prem/cloud environments applying security and availability best practices.
• Proficiency in Python, PowerShell, and SQL scripting.
• Participate in enterprise ITSM-aligned change management processes.
• Lead technical Root Cause Analysis (RCA) for critical platform incidents; coordinate fixes across partnering teams and drive follow-through to prevention.
• Contribute to CAB discussions and cross-team escalation processes.
• Drive continuous improvement through lessons learned and automation.

Benefits

• medical
• dental
• vision
• 401k with employer match and defined contribution plan
• short and long term disability
• basic life and AD&D insurance
• employee assistance program
• tuition reimbursement and student loan repayment plans
• maternity and non-primary caregiver leave
• adoption assistance
• employee referral program
• vacation and paid holidays
• unique vehicle lease program that covers registration and insurance fees