[Remote] Sr. Engineer, Cloud - Archimedes

Note: The job is a remote job and is open to candidates in USA. Navitus Health Solutions, through its Archimedes division, is a leader in specialty drug management solutions aiming to transform the PBM industry. The Sr. Engineer, Cloud will serve as the technical lead for Azure cloud architecture and governance, focusing on establishing cloud engineering standards and supporting enterprise applications, data platforms, and AI initiatives.

Responsibilities

• Serve as the technical lead for Azure cloud architecture, governance, networking, security, observability, and platform operations
• Define and maintain cloud engineering standards, landing zone architectures, reusable infrastructure patterns, and governance frameworks supporting enterprise cloud adoption
• Lead architecture reviews for cloud infrastructure, networking, security, identity, data platform infrastructure, and modernization initiatives
• Provide technical leadership and mentorship to Cloud Engineers, DevOps Engineers, and other engineering teams on Azure architecture, automation, governance, and operational best practices
• Partner with Data Engineering and DevOps teams to establish secure, scalable, and automated cloud foundations supporting Azure Databricks, Data Lake Storage, analytics platforms, and AI workloads
• Establish cloud governance controls including subscription strategy, management groups, policy-as-code, tagging standards, resource organization, and cost management practices
• Act as the highest-level escalation point for complex cloud infrastructure, networking, security, identity, and platform-related issues.Architect and deploy solutions using core Azure services, including Azure App Services, AKS, Azure SQL, Storage Accounts, Application Gateway, Azure Front Door, and Load Balancers
• Design and deploy scalable, secure solutions using core Azure services including App Services, AKS, Azure SQL, Storage Accounts, Application Gateway, Azure Front Door, Load Balancers, and related PaaS/IaaS components
• Design and support cloud infrastructure architectures that enable machine learning, generative AI, intelligent automation, analytics, and data science workloads
• Collaborate with Data Engineering, DevOps, and Software Engineering teams to establish cloud platform capabilities supporting AI model development, training, deployment, monitoring, and governance
• Implement cloud security, networking, identity, and governance controls supporting AI and machine learning workloads, ensuring compliance with organizational, regulatory, and cybersecurity requirements
• Support Azure services utilized for AI and advanced analytics initiatives, including Azure Databricks, Azure Machine Learning, Azure OpenAI, Cognitive Services, and related cloud-native capabilities
• Evaluate emerging cloud-native AI services, automation technologies, and platform capabilities to support enterprise AI adoption and operational efficiency
• Partner with architecture, security, and data teams to ensure AI platforms align with enterprise standards for scalability, resilience, privacy, governance, and responsible AI practices.Design, implement, and support cloud infrastructure and networking services that enable Azure Data Lake Storage Gen2, Azure Databricks, analytics platforms, and AI workloads
• Collaborate with Data Engineering and DevOps teams to establish secure, scalable, and automated cloud foundations for lake house architectures, data pipelines, and enterprise analytics platforms
• Implement private networking, identity management, access controls, encryption, monitoring, and governance controls supporting Azure Databricks, Data Lake Storage, and related analytics services
• Support deployment and operation of Azure Databricks workspaces, Unity Catalog integrations, managed identities, private endpoints, and secure service connectivity across cloud environments
• Partner with Data Engineering teams to optimize cloud infrastructure supporting data ingestion, transformation, storage, analytics, and machine learning workloads
• Automate infrastructure provisioning with reusable, version-controlled modules using Terraform, Bicep, and ARM templates, with standardized reusable modules and GitOps practices using Azure DevOps Pipelines
• Design scalable Virtual Network (VNet) architectures, including VNet peering, Private Endpoints, Service Endpoints, User Defined Routes (UDRs), Network Security Groups (NSGs), Azure Firewall, and ExpressRoute/VPN Gateway integrations
• Manage hybrid workloads, supporting both Azure-native and lift-and-shift workloads across IaaS and PaaS resources
• Develop and maintain infrastructure automation scripts using Azure CLI, PowerShell, and Python
• Implement and enforce tagging policies, naming standards, resource locks, and subscription-level policies using Azure Policy and Management Groups
• Configure and monitor autoscaling, high availability, zone redundancy, and backup/restore for critical services across production and non-production environments
• Develop automation tooling using Azure CLI, PowerShell, and Python to streamline provisioning, governance, and operational workflows
• Implement governance frameworks using Azure Policy, Management Groups, resource locks, tagging policies, and naming conventions for enterprise-scale environments
• Configure high availability and performance features, including autoscaling, zone redundancy, backup and disaster recovery across all critical environments
• Lead cost management efforts through Azure Cost Management, budget tracking, right-sizing recommendations, Reserved Instances, and cost anomaly detection
• Serve as Tier 2 escalation for complex infrastructure incidents and requests, working closely with operations and support teams
• Adopt ITSM best practices, contributing to incident, problem, and change management workflows using Jira Service Management or equivalent tools
• Drive cost optimization using Azure Cost Management, budgets, recommendations, and Reserved Instance planning
• Act as a Tier 2 escalation point for cloud infrastructure and platform-related incidents and service requests
• Manage cloud identity and access using Microsoft Entra ID (formerly Azure Active Directory), including configuration of user roles, enterprise applications, and secure authentication policies
• Implement secure external identity integrations using Entra B2B (guest access) and Entra B2C (customer identity), including custom policies, user flows, and application federation
• Administer Microsoft Intune for mobile device management (MDM) and mobile application management (MAM), enforcing compliance policies, conditional access, and device posture assessments
• Leverage ITSM best practices to support incident, change, and problem management processes
• Collaborate with IT and DevOps teams via Jira Service Management and ticketing systems to track work, escalate issues, and drive resolution
• Assist in root cause analysis, change approvals, and cross-functional resolution of infrastructure-related production issues
• Maintain knowledge base documentation, FAQs, and standard operating procedures for service desk support alignment
• Set up and tune observability tools including Azure Monitor, Log Analytics, Application Insights, Network Watcher, and Connection Monitor
• Develop Kusto Query Language (KQL) dashboards for operational visibility and alerting
• Support incident response and RCA using Activity Logs, Diagnostics Settings, and Change Analysis
• Implement secure identity and access management using Azure Active Directory, RBAC, Privileged Identity Management (PIM), Conditional Access, and Managed Identities
• Secure secrets and certificates using Azure Key Vault with access policies and key rotation
• Support SSO and OAuth2/OpenID Connect configurations for internal and external applications registered in Entra ID, managing permissions, scopes, and consent frameworks
• Configure Microsoft Defender for Cloud, Azure Security Center, Just-in-Time VM Access, and Sentinel integrations for threat detection and response
• Apply best practices aligned to the Azure Security Benchmark and Well-Architected Framework
• Ensure infrastructure compliance for regulatory standards such as HIPAA, SOC 2, and ISO 27001, and maintain an audit-readiness posture
• Participate in, adhere to, and support compliance, people and culture, and learning programs
• Perform other duties as assigned

Skills

• Bachelor's degree or equivalent work experience required
• 8+ years of experience in cloud infrastructure, cloud engineering, platform engineering, systems engineering, or Site Reliability Engineering (SRE) roles, including at least 5 years of hands-on Azure architecture and engineering experience required
• Demonstrated experience leading cloud modernization, platform engineering, infrastructure automation, governance, and operational excellence initiatives required
• Deep experience with Azure resource design, automation, Infrastructure-as-Code, and deployment strategies utilizing Terraform, Bicep, and ARM templates required
• Experience designing Azure landing zones, governance frameworks, enterprise networking architectures, private connectivity, and cloud operating models required
• Strong understanding of Azure networking, firewalls, DNS, load balancing, hybrid connectivity, ExpressRoute, VPN, and Zero Trust security architectures required
• Microsoft certifications such as Azure Solutions Architect Expert, Azure Administrator Associate, or Azure Security Engineer Associate preferred
• Experience supporting cloud infrastructure for machine learning, artificial intelligence, advanced analytics, or data science workloads preferred
• Familiarity with Azure Machine Learning, Azure OpenAI, Cognitive Services, Databricks ML, MLflow, vector databases, and AI platform architectures preferred
• Understanding of cloud security, governance, privacy, and operational considerations supporting AI and machine learning environments preferred
• Experience supporting Azure Data Lake Storage Gen2, Azure Databricks, Unity Catalog, Delta Lake, lake house architectures, analytics platforms, and AI-related workloads preferred
• Familiarity with data platform security, data governance controls, private connectivity patterns, and cloud-native analytics architectures preferred
• Experience mentoring engineers, conducting architecture reviews, and providing technical leadership across cloud infrastructure and platform initiatives preferred
• Experience working within regulated environments supporting HIPAA, HITRUST, SOC 2, ISO 27001, NIST, or similar compliance frameworks preferred
• Knowledge of Microsoft's Cloud Adoption Framework, Well-Architected Framework, Zero Trust principles, and cloud governance best practices preferred

Benefits

• Top of the industry benefits for Health, Dental, and Vision insurance
• 4 weeks paid parental leave
• 9 paid holidays
• 401K company match of up to 5% - No vesting requirement
• Adoption Assistance Program
• Flexible Spending Account
• Educational Assistance Plan and Professional Membership assistance
• Referral Bonus Program – up to $750!

Company Overview