Role Description We are seeking a Senior Cloud Infrastructure Engineer (Azure) with 10+ years of experience in enterprise cloud architecture, security, networking, and automation. This role is infrastructure-centric but modernization-focused, with a strong emphasis on the Azure Well-Architected Framework, Defender for Cloud posture management, and compliance (e.g., CIS Benchmarks, ISO/NIST). You will act as a technical driver to design and operate secure-by-design Azure environments based on Zero Trust principles, lead the architectural transition of legacy applications to modern standards, and implement robust network segmentation. You should have expert-level IaC (Terraform), deep knowledge of Azure networking and identity, and hands-on experience with Azure API Management (APIM), private endpoints, private DNS zones, and migrating legacy authentication to OAuth2 workflows. This is a role for a self-driven engineer who thrives in a fast-changing, fast-paced environment, can handle multiple projects at once, manage stressful situations, meet tight timelines, and deliver on time. Key Responsibilities - Infrastructure Design & Management - Architect and deploy Azure infrastructure aligned with the Azure Well-Architected Framework and Zero Trust security-first architecture principles. - Drive the infrastructure refactoring of .NET applications, including implementing Azure API Management to wrap legacy monoliths with modern security (OAuth2) and throttling policies. - Design hub-and-spoke network topologies, implement Private Endpoints, Private DNS Zones, and configure NSGs, route tables, and firewall rules to strictly isolate production workloads. - Architect the transition from legacy SMTP dependencies to modern, API-driven transactional email services (e.g., SendGrid integration) to ensure high deliverability and reliability. - Ensure robust network connectivity and performance, including Azure Load Balancer and Application Gateway for high availability. - Design and maintain disaster recovery strategies, multi-region failover, and backup solutions. - Security & Compliance - Implement and maintain security measures to protect data and infrastructure from threats, specifically focusing on PaaS hardening (SQL TDE, Storage Account Firewalls). - Apply Defender for Cloud and CIS Benchmarks to strengthen security posture and automate compliance reporting. - Configure Azure Entra ID, Azure AD B2C (Azure Entra External ID), Privileged Identity Management (PIM), and Just-In-Time (JIT) access controls to enforce least-privilege access. - Ensure compliance with ISO 27001, NIST, and familiarity with ISO 42001 for AI governance. - Automation & IaC - Drive pragmatic Terraform practices for infrastructure-as-code, creating modular, reusable code that prioritizes speed of delivery and maintainability over complexity. - Automate manual processes to improve efficiency and reduce errors across provisioning and configuration management. - Monitoring, Incident Management & On-Call - Implement centralized logging and monitoring solutions using Azure Monitor, Log Analytics, Application Insights, and New Relic to provide end-to-end visibility. - Integrate logs with Microsoft Sentinel and other SIEM platforms for real-time security and compliance visibility. - Lead incident management, root cause analysis, and preventive actions for critical infrastructure outages. - Participate in escalation and on-call rotations for product support, ensuring timely resolution of critical infrastructure issues. - Collaboration, Documentation & Knowledge Management - Collaborate with development and operations teams to bridge the gap between legacy code requirements and modern infrastructure standards. - Maintain comprehensive documentation, runbooks, and knowledge articles to support continuity and compliance. - Provide training and mentorship, leveraging 10–15 years of experience in knowledge management and best practices for enterprise-scale environments. Qualifications - Bachelor’s degree in Computer Science, IT, or equivalent experience. - 10+ years in cloud infrastructure engineering with expert-level Azure experience. - Expert-level proficiency in architecting enterprise-scale Azure Networking using Hub-and-Spoke topology, including advanced configuration of Azure Firewall/WAF, VNET peering, Hybrid Connection (VPN/ExpressRoute) and implementing Zero Trust connectivity for PaaS resources via Private Link, Private Endpoint and Private DNS Zones. - Proven expertise in Modernization: Demonstrated ability to implement Azure API Management, refactor legacy authentication flows (OAuth2), and modernize database security (TDE/Private Link). - Strong experience with Terraform (IaC) and automation frameworks. - Familiarity with Defender for Cloud, CIS Benchmarks, and centralized logging solutions. - Experience handling escalations and on-call responsibilities for critical infrastructure. Technical Skills - Azure services: Azure API Management (APIM), VMs, App Services (Containers), Azure SQL, Storage, Private Link, Private DNS, Azure Load Balancer, Application Gateway. - Networking: Hub-and-spoke, NSGs, route tables, Azure Firewall, VNET Peering. - Identity & Security: Azure Entra ID, Azure AD B2C, PIM/JIT, OAuth2/OIDC, Key Vault, SQL TDE. - Monitoring & Logging: Azure Monitor, Log Analytics, Application Insights, SIEM (Sentinel) integration. - Compliance: CIS Benchmarks, ISO/NIST frameworks. - Tooling: Terraform, Azure DevOps, Git, PowerShell/Az CLI. Soft Skills - Self-driven Finisher: Adaptable to fast-changing environments with a focus on closing tickets and delivering projects. - Ability to handle multiple projects, manage stress, and deliver on time. - Strong communication and documentation skills. Preferred Certifications - Microsoft Certified: Azure Solutions Architect Expert (AZ-305) - Microsoft Certified: Azure Administrator (AZ-104) - HashiCorp Certified: Terraform Associate Our core values: - Make sound decisions: We put ourselves in our customer's shoes, always ensuring we have the right facts and focus on solving the right problems. - Act like an owner: No matter the challenge, we overcome hurdles, seek out solutions, and follow through on commitments to consistently exceed expectations. - Get better every day: With our growth mindset and positive attitude, we apply our passion for innovation not just to our products, but also to ourselves. - We before me: Our collaborative spirit pushes us to act without ego, to communicate openly and honestly, and to win as a team. Benefits - Competitive salary and discretionary bonus - Flexible work environment - Career growth - Monthly team events - Industry-leading benefits plan

• Design, build, and operate core cloud infrastructure across compute, storage, databases, and networking layers. • Own and improve the reliability, scalability, and security of Valon’s production systems as we scale to support major enterprise deployments. • Evaluate, adopt, and operationalize new infrastructure technologies (e.g., Vitess, Clickhouse, Redis) to meet evolving product and scale requirements. • Collaborate with product engineering, platform, and operations teams to define infrastructure solutions that unlock product innovation and operational efficiency. • Participate in on-call rotations and incident response, driving improvements to system observability, alerting, and reliability practices. • Contribute to architectural decisions and technical strategy for the platform, with an emphasis on pragmatic, well-reasoned trade-offs. • Mentor teammates through code reviews, design discussions, and knowledge sharing.

• Set technical direction for cloud infrastructure at Valon, defining the architecture, standards, and roadmap for compute, storage, databases, and networking. • Lead the design and execution of complex, cross-cutting infrastructure initiatives—from new data store adoption to novel deployment architectures for enterprise customers. • Own the reliability, scalability, and security posture of Valon’s production infrastructure, driving systemic improvements across the stack. • Serve as a key technical partner to engineering leadership, product, and operations—translating business requirements into infrastructure strategy and ensuring alignment across teams. • Drive architectural decisions through design docs, RFCs, and technical reviews, setting a high bar for rigor and clarity. • Mentor and elevate the team through code reviews, design guidance, and active knowledge sharing, raising the overall technical bar. • Contribute to incident response and on-call, using incidents as opportunities to drive meaningful reliability improvements. • Identify and advocate for long-horizon infrastructure investments that position Valon for the next phase of scale and customer growth.

Sumsub is a leading full-cycle verification platform that enables scalable compliance. From identity and business verification to ongoing monitoring, our platform adapts to different risk appetites and market demands, ensuring global compliance. It allows customizing analytics and workflows with a no-code interface. Over 4,000 clients — including Bitpanda, Wirex, Avis, Bybit, Vodafone, Duolingo, Kaizen Gaming, and TransferGo — trust Sumsub to accelerate growth, prevent fraud, and maintain compliance worldwide. Now We are looking for a Operational Security Engineer to run and continuously improve day-to-day security operations. This role focuses on security alerts handling, phishing response, vulnerability coordination, and employee-facing security requests. You will focus on clarity, consistency, and visibility of security operations. What You Will Be Doing: - Design and implement security controls integrated into CI/CD pipelines - Build and operate infrastructure security guardrails (Terraform, cloud, Kubernetes) - Own security tooling as products (architecture, reliability, lifecycle) - Implement audit logging, change tracking, and security evidence generation - Design and evolve vulnerability management foundations (inventory, scoping, correlation) - Define and enforce infrastructure security baselines - Work with compliance teams to support audits (e.g., PCI DSS) through technical evidence - Collaborate with SOC and operational teams to ensure controls are usable in practice About You: - Strong experience with CI/CD systems (GitHub Actions, GitLab CI, Jenkins, etc.) - Infrastructure as Code (Terraform or similar) - Cloud platforms (AWS, GCP, Azure) - Container and Kubernetes security concepts (Falco, Trivy, etc.) - Logging, auditability, and change tracking - Understanding of vulnerability management fundamentals (CVEs, scanners, remediation, validation) Nice to have: - Runtime security and drift detection - Secret scanning and prevention - Experience building internal security tooling - Exposure to compliance frameworks (PCI DSS, SOC 2, ISO 27001) - Developing experience (Python, Go, etc.) What We Offer: - Remote-first, trust-based culture. Work from the place that works best for you. No mandatory office days, no attendance trackers. In some locations, we provide offices or coworking spaces, but the choice is yours. - True flexibility. We do not fix you to a 9-to-5 schedule. You can adjust your working hours when needed, as long as your day stays productive and in sync with the team. - Extra time off. Your birthday is a holiday here. Add to that 10 personal days each year, seven sick days without paperwork, and extra time to enjoy Christmas and New Year. Time to rest is part of the deal. - Work that matters. Our mission is to build a digital world that is secure, accessible and inclusive for everyone. From fighting fraud to making online services easier and safer to use, your work will have a real impact on how people experience trust online. - Compensation. We offer fair and transparent pay, benchmarked to the market. - Truly global. We work across continents and time zones, with teammates and customers from all over the world. You will run campaigns that cross borders, cultures, and languages, and see your ideas land worldwide. - Growth built in. Clear goals, open feedback and personal development plans. We support your progress with learning opportunities and by covering role-specific events, from design conferences to marketing forums. - Team offsites. Sometimes just Slack is not enough. That is why we meet in person a few times a year. Trips are fully covered, so you can meet, collaborate, and recharge together. - Getting you set up. We make sure you have access to the tools and hardware you need to do your work well. - Friendly by design. Our logo is a dog for a reason. We keep things human, open and kind. We welcome individuality, quirks and different perspectives, because that is what makes our work smarter and more fun. The hiring stages: TA screening -> Hiring Manager Interview -> Final Interview. Sounds like a great opportunity for your career development? Then go ahead and apply! We are a global community of innovators, creators, and thinkers, and we believe that diversity fuels our innovation. Sumsub is proud to be an equal opportunity employer, committed to building a diverse and inclusive workforce. We welcome applications from people of all backgrounds, cultures, genders, experiences, abilities and perspectives. Join us in shaping the future inclusively.