Medical Review Institute of America, LLC logo
Medical Review Institute of America, LLC

Quality, Innovation, and Experience: Setting Us Apart

Principal Cloud Engineer – Microsoft Azure

Cloud EngineerCloud EngineerFull TimeRemoteLeadTeam 501-1,000Since 1983H1B No SponsorCompany SiteLinkedIn

Location

United States

Posted

1 day ago

Salary

0

Seniority

Lead

Bachelor Degree10 yrs expEnglishAzureCloudDNSPythonTerraformVault

Job Description

Principal Cloud Engineer – Microsoft Azure

Medical Review Institute of America, LLC

• Our Principal Cloud Engineer is a senior technical leader responsible for designing, governing, and optimizing cloud infrastructure and platforms across the organization. • In this role, you will serve as the organization's senior technical authority for cloud architecture and infrastructure, bringing extensive expertise to establish engineering standards and governance, and to lead complex cloud initiatives from design through delivery. • Beyond technical leadership, you will mentor and guide the Systems Administration and Information Security teams, ensuring knowledge is shared through documentation, standards, and coaching. • You will translate complex technical concepts into clear business and operational decisions, provide leadership during critical production events, and set the benchmark for engineering excellence. • Roles: Serve as the highest-level technical authority and subject matter expert for all Azure cloud infrastructure and architecture • Define cloud engineering standards, architectural patterns, and governance practices that the organization adopts and follows • Own and lead cloud infrastructure projects end-to-end — from design and planning through execution, delivery, and post-deployment operations • Support the Manager of IT & IS on cloud strategy, architecture roadmap, and platform investment decisions • Mentor and develop the Systems Administration and Information Security teams — building organizational cloud competency through hands-on guidance, deliberate coaching, and knowledge transfer • Collaborate with Development teams to design and deliver application infrastructure on Azure • Provide Tier 2/3 escalation support to the IT Help Desk for complex infrastructure and cloud issues • Partner with the Information Security team to implement and evidence compliance controls for HITRUST 11.3r2 and SOC2

Job Requirements

  • 7–10 years of experience in infrastructure, systems, or cloud engineering
  • 5 years of senior or principal level experince in Microsoft Azure
  • Demonstrated experience building or establishing a cloud engineering practice or function — not just operating an existing one; comfort setting standards others follow
  • Expert-level knowledge of Azure networking including hub-spoke topology, Virtual Networks, NSGs, Azure Firewall, Application Gateway, ExpressRoute, Private Endpoints, and DNS
  • Proven ability to independently architect Azure environments — designing governance, security, and operational frameworks from the ground up, not inheriting them
  • Expert-level experience with Infrastructure as Code (Terraform or Azure Bicep) including module design, state management, CI/CD integration, and enforcement of no-manual-change disciplines
  • Strong experience with CI/CD pipeline tooling (Azure DevOps, GitLab, or GitHub Actions) including automated security scanning and progressive delivery practices
  • Demonstrated experience leading cloud migration projects including workload assessment, planning, execution, and legacy decommission
  • Strong project leadership — able to own and drive multiple complex initiatives simultaneously with minimal oversight
  • Proven ability to mentor and develop technical staff across multiple teams; experience building organizational capability through deliberate knowledge transfer and hands-on coaching
  • Experience establishing incident response, disaster recovery, and business continuity practices with defined and tested RPO/RTO targets
  • Expert-level knowledge of Azure identity and security services including Entra ID, RBAC, PIM, Key Vault, and Defender for Cloud
  • Strong networking and security fundamentals: network segmentation, secrets management, least-privilege access, and certificate lifecycle management
  • Proficiency in at least one scripting or automation language (PowerShell, Python, or Bash)
  • Working knowledge of compliance frameworks (HITRUST, SOC2, HIPAA) with experience building audit evidence processes that hold up under scrutiny
  • Clear written communication and sound judgment under production pressure — able to make decisions and convey technical context to non-technical stakeholders
  • Experience with Zero Trust Network Access (ZTNA) solutions preferred
  • Experience with Azure AI and platform services preferred
  • Familiarity with healthcare data exchange standards (EDI, HL7, or SFTP-based interfaces) preferred

Benefits

  • healthcare, vision, and dental insurance
  • a generous 401 (k) match
  • paid vacation
  • personal time
  • holidays
  • Growth and training opportunities
  • An award-winning remote work environment

Related Categories

Related Job Pages

More Cloud Engineer Jobs

Forward Deployed Engineer, AI Expert

Valtech

A pioneer in the fields of digital and technology, Valtech is a global business-transformation agency that was founded in 1993 to deliver "innovation with a pur

• Embed within customer engineering teams and lead technical discovery sessions with business stakeholders, engineering leadership, and security to translate ambiguous business problems into clear AI architectures and delivery plans. • Architect, code, and ship production-grade agentic AI solutions on Google Cloud — including multi-agent systems, MCP servers, sub-agents, skills, connectors, agentic wrappers, and safety guardrails — that move customers beyond pilots into measurable business value. • Design and implement Retrieval-Augmented Generation (RAG) pipelines and grounding architectures, including chunking strategy, vector databases, and embedding optimization to prevent hallucinations and ensure response quality. • Build the “connective tissue” between Google’s AI products and customer infrastructure, including APIs, legacy data silos, identity, and security perimeters. • Implement multi-agent patterns such as ReAct, self-reflection, and hierarchical delegation using frameworks like Google’s Agent Development Kit (ADK) or LangGraph • Build high-performance evaluation pipelines and observability frameworks for agentic systems, with attention to accuracy, safety, latency, cost-per-request, and tokens-per-second. • Debug agent logic and optimize tool selection in live, high-traffic environments, including tracing conversation and request IDs across microservices to resolve production failures. • Co-build with customer engineering teams and act as a hands-on advocate for AI-assisted development, introducing and operationalizing AI coding tools to accelerate delivery and elevate engineering practices. • Drive a deliberate handoff to the customer’s team, ensuring long-term ownership, documentation, and end-user adoption after the engagement concludes. • Develop and maintain technical documentation, architecture decision records, and evaluation results across all assigned engagements.

United States
$125K - $225K / year
adconova GmbH logo

Cloud & FinOps Engineer – AWS, MS Azure, GCP, Alibaba Cloud

adconova GmbH

We help to unleash your business capabilities: Get more speed, agility and adaptability with the cloud.

Full TimeRemoteTeam 11-50Since 2021H1B No Sponsor

• Advising our clients and working on platforms such as Google Cloud Platform as well as AWS, Azure, Alibaba Cloud or hybrid environments • Point of contact and implementer for technical inquiries and solutions (in the context of Technical FinOps, Cloud Governance, architecture, Kubernetes, migration strategies, etc.) • Designing and developing migration strategies in cloud computing with consideration for FinOps • Technical consulting for the implementation of cloud solutions (AWS, Azure, GCP, etc.) across different platforms and their technical implementation • Advising on the adoption of FinOps principles and FinOps strategies • Standardizing Continuous Integration and Continuous Delivery • Evaluating system and software engineering tools and processes • Developing system specifications for our clients' environments

Germany
€45K - €90K / year
Full TimeRemoteTeam 5,001-10,000Since 1995H1B No Sponsor

• Work across the full development cycle (design → build → test → deploy → operate) with AI support • Use agents and automations to execute multi-step tasks • Structure inputs (prompts, specs) to guide and control AI • Integrate with engineering tools: Git, CI/CD, observability • Evaluate the quality and safety of AI-generated outputs • Understand the architecture behind generated solutions, not just operate the tools

Brazil
Full TimeRemoteTeam 51-200

Role Description We are hiring a Cloud Engineer to help build and operate secure, scalable cloud landing zones as part of the company’s architecture modernization initiative. This role will support the consolidation of fragmented cloud and IT environments into standardized workload zones with shared identity, networking, logging, guardrails, and compliance. The Cloud Engineer will work across multiple cloud hosts in both the Commercial and Government Cloud sectors. This role will help establish the foundation for secure cloud operations, including: - Account/subscription vending - Identity federation - Logging baselines - KMS/key policy standards - Private endpoints - Egress controls - Workload guardrails - Automated evidence collection The ideal candidate is a hands-on cloud engineer with strong infrastructure-as-code experience, security-first thinking, and the ability to partner closely with Security, Network, SRE, IT, and other Engineering teams. This position is remote in the United States. Key Responsibilities - Cloud Landing Zone Design and Implementation: - Design, build, and maintain secure cloud landing zones across AWS and Azure environments. - Implement account and subscription structures that separate workload zones, including commercial workloads, government workloads, Corporate IT, security services, and restricted CUI/ITAR environments. - Build baseline controls for new cloud accounts and subscriptions, including owner tagging, logging, security baselines, routing, encryption, key policies, break-glass review, and monitoring requirements. - Support landing-zone acceptance criteria so new cloud environments are provisioned with required guardrails before workloads are deployed. - Identity, Access, and Privilege Controls: - Implement federated access patterns using SAML/OIDC, IAM Identity Center, Azure Entra ID, or comparable identity platforms. - Support least-privilege access, role lifecycle management, JIT/PIM/PAM workflows, service account controls, and removal of shared accounts. - Help automate credential rotation, secrets management, service account governance, and break-glass monitoring. - Partner with the Security team to ensure privileged cloud activity is authenticated, authorized, logged, reviewed, and tied to approved workflows. - Cloud Security Guardrails and Policy-as-Code: - Implement preventative and detective cloud guardrails using tools such as AWS Organizations, SCPs, AWS Config, Azure Policy, Defender for Cloud, Wiz, Terraform, CloudFormation, Bicep, or similar platforms. - Codify baseline configurations for logging, encryption, network controls, public exposure prevention, security-group rules, storage policies, KMS/key vault use, and workload tagging. - Monitor and remediate drift from approved cloud security baselines. - Support detection and automated response for public admin exposure, cloud policy drift, unapproved data movement, stale credentials, and overly permissive IAM roles. - Cloud Network and Private Access Integration: - Partner with the Network team to implement secure cloud network patterns, including hub-and-spoke networking, transit gateways, vWAN, private endpoints, centralized DNS, private admin paths, and controlled egress. - Ensure cloud workloads are not exposed through unnecessary public interfaces. - Support routing and connectivity decisions for radar telemetry and other cloud workload environments. - Implement cloud-side controls for SASE/ZTNA access, private application access, firewall inspection, flow logging, and route governance. - Telemetry, SIEM, and SOC Enablement: - Integrate cloud logs and security signals into centralized SIEM/SOC workflows. - Onboard and maintain telemetry sources such as CloudTrail, AWS Config, VPC Flow Logs, Azure Activity Logs, NSG Flow Logs, Entra ID logs, KMS/Key Vault events, storage access logs, CSPM findings, vulnerability findings, and workload security events. - Partner with the Security team to build detection use cases for exposed cloud services, privileged access anomalies, credential hygiene drift, data boundary violations, and cloud configuration drift. - Support retention tiers, immutable logging, audit trails, alert evidence, and compliance reporting requirements. - Compliance and Evidence Automation: - Help automate evidence collection for customer and governmental regulatory frameworks. - Create reusable artifacts such as policy exports, IaC repositories, drift reports, access reviews, logging configurations, encryption evidence, SIEM cases, and change records. - Support compliance control areas including access control, identification and authentication, audit and accountability, system and communications protection, configuration management, system integrity, and incident response. - Ensure that compliance evidence is generated from the same systems that enforce security controls, reducing manual artifact collection. - Operations, Documentation, and Cross-Functional Delivery: - Create clear documentation for landing-zone patterns, account vending, guardrails, IAM roles, logging flows, network integration, operational runbooks, and escalation paths. - Participate in architecture decision records, change control, incident response, and modernization planning. - Work with Security, Network, SRE, IT Support, and other Engineering teams to ensure cloud capabilities are operationally supportable. - Help define and execute the cloud modernization backlog across containment, capability buildout, and full modernization phases. Qualifications - Must be eligible to obtain and maintain a U.S. personnel security clearance - 5+ years of hands-on cloud engineering experience in AWS, Azure, or hybrid cloud environments. - Strong experience with AWS and/or Azure core services, including IAM, networking, logging, encryption, storage, compute, security monitoring, and account/subscription management. - Experience building or operating cloud landing zones, multi-account AWS environments, Azure management groups, or similar cloud governance structures. - Hands-on experience with infrastructure-as-code tools such as Terraform, CloudFormation, Bicep, CDK, Ansible, or similar. - Experience implementing cloud security controls, including IAM least privilege, logging baselines, encryption, key management, public exposure prevention, security groups, policy enforcement, and configuration monitoring. - Experience integrating cloud logs or findings into SIEM, SOAR, CSPM, or monitoring platforms. - Working knowledge of cloud networking, including VPC/VNet design, routing, private endpoints, security groups, NACLs/NSGs, flow logs, transit gateways, vWAN, VPNs, and egress controls. - Ability to document cloud designs, implementation plans, runbooks, and compliance evidence. - Strong collaboration skills with security, networking, infrastructure, SRE, and operations teams. Preferred Qualifications - Experience with AWS GovCloud, Azure Government, or other regulated cloud environments. - Experience supporting CUI, ITAR, NIST 800-171, CMMC 2.0 ML2, FedRAMP, or government/customer compliance requirements. - Experience with Microsoft Sentinel, Wiz, Dropzone AI, Defender for Cloud, Security Hub, GuardDuty, Inspector, Macie, or similar platforms. - Experience with SSO, SCIM lifecycle, MFA/FIDO2, PAM/PIM, JIT access, service account vaulting, and automated credential rotation. - Experience building policy-as-code or compliance-as-code frameworks. - Experience creating automated evidence artifacts from cloud control planes, SIEM platforms, CSPM tools, ticketing systems, and IaC pipelines. - Experience with secure data-boundary design, including CUI/ITAR enclaves, KMS/key policies, DLP, retention, immutable logs, and restricted access patterns. - Experience supporting cloud incident response, containment automation, or SOAR playbooks. Perks and Benefits - Global workforce: flexible remote/hybrid opportunities - Work on complex, meaningful missions with real-world impact - Unlimited paid time off for most roles - Competitive salary and equity packages - Comprehensive health, dental, and vision coverage - Access to the forefront of commercial space operations and defense innovation

United States