[Remote] Sr. Engineer, Cloud - Archimedes
Note: The job is a remote job and is open to candidates in USA. Navitus Health Solutions, through its Archimedes division, is a leader in specialty drug management solutions aiming to transform the PBM industry. The Sr. Engineer, Cloud will serve as the technical lead for Azure cloud architecture and governance, focusing on establishing cloud engineering standards and supporting enterprise applications, data platforms, and AI initiatives.ResponsibilitiesServe as the technical lead for Azure cloud architecture, governance, networking, security, observability, and platform operationsDefine and maintain cloud engineering standards, landing zone architectures, reusable infrastructure patterns, and governance frameworks supporting enterprise cloud adoptionLead architecture reviews for cloud infrastructure, networking, security, identity, data platform infrastructure, and modernization initiativesProvide technical leadership and mentorship to Cloud Engineers, DevOps Engineers, and other engineering teams on Azure architecture, automation, governance, and operational best practicesPartner with Data Engineering and DevOps teams to establish secure, scalable, and automated cloud foundations supporting Azure Databricks, Data Lake Storage, analytics platforms, and AI workloadsEstablish cloud governance controls including subscription strategy, management groups, policy-as-code, tagging standards, resource organization, and cost management practicesAct as the highest-level escalation point for complex cloud infrastructure, networking, security, identity, and platform-related issues.Architect and deploy solutions using core Azure services, including Azure App Services, AKS, Azure SQL, Storage Accounts, Application Gateway, Azure Front Door, and Load BalancersDesign and deploy scalable, secure solutions using core Azure services including App Services, AKS, Azure SQL, Storage Accounts, Application Gateway, Azure Front Door, Load Balancers, and related PaaS/IaaS componentsDesign and support cloud infrastructure architectures that enable machine learning, generative AI, intelligent automation, analytics, and data science workloadsCollaborate with Data Engineering, DevOps, and Software Engineering teams to establish cloud platform capabilities supporting AI model development, training, deployment, monitoring, and governanceImplement cloud security, networking, identity, and governance controls supporting AI and machine learning workloads, ensuring compliance with organizational, regulatory, and cybersecurity requirementsSupport Azure services utilized for AI and advanced analytics initiatives, including Azure Databricks, Azure Machine Learning, Azure OpenAI, Cognitive Services, and related cloud-native capabilitiesEvaluate emerging cloud-native AI services, automation technologies, and platform capabilities to support enterprise AI adoption and operational efficiencyPartner with architecture, security, and data teams to ensure AI platforms align with enterprise standards for scalability, resilience, privacy, governance, and responsible AI practices.Design, implement, and support cloud infrastructure and networking services that enable Azure Data Lake Storage Gen2, Azure Databricks, analytics platforms, and AI workloadsCollaborate with Data Engineering and DevOps teams to establish secure, scalable, and automated cloud foundations for lake house architectures, data pipelines, and enterprise analytics platformsImplement private networking, identity management, access controls, encryption, monitoring, and governance controls supporting Azure Databricks, Data Lake Storage, and related analytics servicesSupport deployment and operation of Azure Databricks workspaces, Unity Catalog integrations, managed identities, private endpoints, and secure service connectivity across cloud environmentsPartner with Data Engineering teams to optimize cloud infrastructure supporting data ingestion, transformation, storage, analytics, and machine learning workloadsAutomate infrastructure provisioning with reusable, version-controlled modules using Terraform, Bicep, and ARM templates, with standardized reusable modules and GitOps practices using Azure DevOps PipelinesDesign scalable Virtual Network (VNet) architectures, including VNet peering, Private Endpoints, Service Endpoints, User Defined Routes (UDRs), Network Security Groups (NSGs), Azure Firewall, and ExpressRoute/VPN Gateway integrationsManage hybrid workloads, supporting both Azure-native and lift-and-shift workloads across IaaS and PaaS resourcesDevelop and maintain infrastructure automation scripts using Azure CLI, PowerShell, and PythonImplement and enforce tagging policies, naming standards, resource locks, and subscription-level policies using Azure Policy and Management GroupsConfigure and monitor autoscaling, high availability, zone redundancy, and backup/restore for critical services across production and non-production environmentsDevelop automation tooling using Azure CLI, PowerShell, and Python to streamline provisioning, governance, and operational workflowsImplement governance frameworks using Azure Policy, Management Groups, resource locks, tagging policies, and naming conventions for enterprise-scale environmentsConfigure high availability and performance features, including autoscaling, zone redundancy, backup and disaster recovery across all critical environmentsLead cost management efforts through Azure Cost Management, budget tracking, right-sizing recommendations, Reserved Instances, and cost anomaly detectionServe as Tier 2 escalation for complex infrastructure incidents and requests, working closely with operations and support teamsAdopt ITSM best practices, contributing to incident, problem, and change management workflows using Jira Service Management or equivalent toolsDrive cost optimization using Azure Cost Management, budgets, recommendations, and Reserved Instance planningAct as a Tier 2 escalation point for cloud infrastructure and platform-related incidents and service requestsManage cloud identity and access using Microsoft Entra ID (formerly Azure Active Directory), including configuration of user roles, enterprise applications, and secure authentication policiesImplement secure external identity integrations using Entra B2B (guest access) and Entra B2C (customer identity), including custom policies, user flows, and application federationAdminister Microsoft Intune for mobile device management (MDM) and mobile application management (MAM), enforcing compliance policies, conditional access, and device posture assessmentsLeverage ITSM best practices to support incident, change, and problem management processesCollaborate with IT and DevOps teams via Jira Service Management and ticketing systems to track work, escalate issues, and drive resolutionAssist in root cause analysis, change approvals, and cross-functional resolution of infrastructure-related production issuesMaintain knowledge base documentation, FAQs, and standard operating procedures for service desk support alignmentSet up and tune observability tools including Azure Monitor, Log Analytics, Application Insights, Network Watcher, and Connection MonitorDevelop Kusto Query Language (KQL) dashboards for operational visibility and alertingSupport incident response and RCA using Activity Logs, Diagnostics Settings, and Change AnalysisImplement secure identity and access management using Azure Active Directory, RBAC, Privileged Identity Management (PIM), Conditional Access, and Managed IdentitiesSecure secrets and certificates using Azure Key Vault with access policies and key rotationSupport SSO and OAuth2/OpenID Connect configurations for internal and external applications registered in Entra ID, managing permissions, scopes, and consent frameworksConfigure Microsoft Defender for Cloud, Azure Security Center, Just-in-Time VM Access, and Sentinel integrations for threat detection and responseApply best practices aligned to the Azure Security Benchmark and Well-Architected FrameworkEnsure infrastructure compliance for regulatory standards such as HIPAA, SOC 2, and ISO 27001, and maintain an audit-readiness postureParticipate in, adhere to, and support compliance, people and culture, and learning programsPerform other duties as assignedSkillsBachelor's degree or equivalent work experience required8+ years of experience in cloud infrastructure, cloud engineering, platform engineering, systems engineering, or Site Reliability Engineering (SRE) roles, including at least 5 years of hands-on Azure architecture and engineering experience requiredDemonstrated experience leading cloud modernization, platform engineering, infrastructure automation, governance, and operational excellence initiatives requiredDeep experience with Azure resource design, automation, Infrastructure-as-Code, and deployment strategies utilizing Terraform, Bicep, and ARM templates requiredExperience designing Azure landing zones, governance frameworks, enterprise networking architectures, private connectivity, and cloud operating models requiredStrong understanding of Azure networking, firewalls, DNS, load balancing, hybrid connectivity, ExpressRoute, VPN, and Zero Trust security architectures requiredMicrosoft certifications such as Azure Solutions Architect Expert, Azure Administrator Associate, or Azure Security Engineer Associate preferredExperience supporting cloud infrastructure for machine learning, artificial intelligence, advanced analytics, or data science workloads preferredFamiliarity with Azure Machine Learning, Azure OpenAI, Cognitive Services, Databricks ML, MLflow, vector databases, and AI platform architectures preferredUnderstanding of cloud security, governance, privacy, and operational considerations supporting AI and machine learning environments preferredExperience supporting Azure Data Lake Storage Gen2, Azure Databricks, Unity Catalog, Delta Lake, lake house architectures, analytics platforms, and AI-related workloads preferredFamiliarity with data platform security, data governance controls, private connectivity patterns, and cloud-native analytics architectures preferredExperience mentoring engineers, conducting architecture reviews, and providing technical leadership across cloud infrastructure and platform initiatives preferredExperience working within regulated environments supporting HIPAA, HITRUST, SOC 2, ISO 27001, NIST, or similar compliance frameworks preferredKnowledge of Microsoft's Cloud Adoption Framework, Well-Architected Framework, Zero Trust principles, and cloud governance best practices preferredBenefitsTop of the industry benefits for Health, Dental, and Vision insurance4 weeks paid parental leave9 paid holidays401K company match of up to 5% - No vesting requirementAdoption Assistance ProgramFlexible Spending AccountEducational Assistance Plan and Professional Membership assistanceReferral Bonus Program – up to $750!Company OverviewNavitus Health Solutions LLC is a full service, URAC-accredited pharmacy benefit management company. It was founded in 2003, and is headquartered in Appleton, Wisconsin, USA, with a workforce of 1001-5000 employees. Its website is https://www.navitus.com/.