We are looking for a Principal Cloud Engineer to join our Architecture and Cloud Engineering (ACE) team, reporting to the VP of Architecture and Cloud Engineering. You will be the senior technical voice on the platform that everything else at Auris runs on: our Azure landing zone, our Terraform module catalog, our CI/CD posture, and the workload onboarding paradigm that lets product teams ship safely and quickly. This is a hands-on role for a senior engineer who wants to own platform direction. You will work directly with the VP of Architecture and Cloud Engineering, partner with the Deputy CISO on security posture, and mentor cloud engineers across the broader organization (FTEs, DevPro, and Persistent contributors). The work is high-leverage. The decisions you make on the platform shape how every workload, from HCM to Payroll to internal tooling, gets built and run. What You'll Do • Drive landing zone standards - Own the architecture and ongoing evolution of the Auris Azure landing zone across sandbox, dev, test, stage, and prod subscriptions. Per-subscription hub-and-spoke, with zero cross-environment peering, is the operating model. • Own the Terraform module catalog - Maintain and extend the composable workload modules (workload-base, workload-app, workload-containerapp, workload-sql, workload-keyvault, workload-storage, workload-frontdoor) that workloads consume. Author new modules as the catalog grows. • Lead workload onboarding patterns - Define and shepherd the path that new applications take onto the platform. Set the bar for what a production-ready workload looks like at Auris and codify it as reference implementations. • Own the runner platform - Operate the GitHub Actions runner platform built on KEDA-scaled Azure Container Apps, fronted by a GitHub App for cross-repo automation. Keep it secure, observable, and within cost envelope. • Partner with security - Work directly with the Deputy CISO on security posture across Defender for Cloud, Azure Policy, Private Endpoints, Key Vault, and Entra controls. Translate SOC 2 and SOX requirements into platform guardrails. • Mentor engineers across the org - Set the technical example for FTE cloud engineers, DevPro contributors, and Persistent engineers. Code review, pairing, and reference implementations are part of the job, not a side activity. • Contribute to multi-subscription promotion strategy - Help define how workloads move from dev to test to stage to prod under our sealed-island subscription model, where promotion is CI/CD rather than network peering. • Lead incident response on platform issues - Be the senior responder when something on the landing zone, runner platform, or shared infrastructure breaks. Drive root cause analysis, remediation, and prevention. • Leverage AI to accelerate outcomes - Apply AI-assisted tooling to infrastructure code, documentation, and operational workflows, and help the team push the AI ceiling forward. What You Bring Required • 8+ years in cloud engineering, with at least 3 years at Principal, Staff, or Lead level • Deep, hands-on Microsoft Azure across App Service, Azure Container Apps, Azure SQL, Front Door, Key Vault, Defender for Cloud, Azure Policy, networking, and Private Endpoints. AKS exposure optional. • Production Terraform at scale: module authorship, AzureRM provider 4.x, state management, drift detection, and multi-environment promotion patterns • GitHub Actions with OIDC federation, self-hosted runner platforms (KEDA-scaled preferred), and GitHub App-based automation for cross-repo workflows • Hub-and-spoke networking, Private Endpoint design, and DNS architecture (Azure private DNS zones, hub-based forwarders, split-horizon resolution) • SOC 2 and SOX-aware infrastructure design; PCI-DSS exposure a plus • Strong written communication. ADRs, runbooks, and design docs are part of the role, not an afterthought. • Comfort and enthusiasm with AI-assisted tools (Copilot, Claude, Gemini) as part of daily workflow Highly Valued • Experience consolidating dual-cloud (Azure + AWS) footprints, particularly during a carve-out or post-acquisition consolidation • Cloudflare experience (Tunnels, Workers, Zero Trust). Cloudflare Tunnels is our go-forward ingress standard, replacing Front Door for net-new workloads. • Acrisure or other large enterprise-tenant Azure operating models: multi-subscription estates, PIM, Entra, and federated identity at scale • HCM, payroll, or fintech domain background • Container platform experience, Azure Container Apps preferred, AKS acceptable Nice to Have • Azure Solutions Architect Expert (AZ-305) or Azure DevOps Engineer Expert (AZ-400) certifications • Experience with Azure API Management or other API gateway and edge platforms • Background scaling SaaS infrastructure for 50K to 200K+ users • FinOps practices and large-estate Azure cost management What We Offer • A senior seat on the team that owns the platform every other team at Auris depends on • Direct collaboration with the VP of Architecture and Cloud Engineering, the Deputy CISO, and the broader Solutions Architect bench • Flexible work arrangements - We have offices in Oklahoma City, OK and Brook Park, OH. Candidates in those areas can work in-office or hybrid (in the greater OKC area, we prefer at least 3 days per week in-office). Remote work is available for candidates outside those locations. • Professional development - Every team member is expected to attend at least one conference or training per year, and we invest in keeping the team sharp • Competitive compensation and benefits - Including health, dental, vision, 401(k), and more • An AI-forward culture - We actively encourage and expect team members to use AI tools (Copilot, Claude, Gemini, Palantir) in their daily work. We are early in our AI journey and looking for people who want to help us push it forward. Candidates should be comfortable with an on-site presence to support collaboration, team leadership, and cross-functional partnership.