Who We're Looking ForWe're looking a Principal Cloud Infrastructure Engineer with deep experience in Microsoft Azure to take full ownership of the
Azure environment - architecture, security, reliability, and execution.
You will be the senior technical authority on infrastructure, working directly with the client's CTO and providing technical direction to the distributed DevOps team. This is a hands-on ownership role: you are expected to design systems, raise engineering standards, and execute when needed, while remaining accountable for real production outcomes.
Primary Responsibilities- Own Azure architecture across all environments (prod, staging, dev).
- Build, review & improve existing Terraform IaC.
- Design and implement secure cloud landing zones (networking, IAM, governance).
- Design and drive infrastructure patterns for environment separation, multi-tenant, single-tenant, and regional deployments.
- Continuously work on improvement of Identity & Access Management (RBAC, PIM, Conditional Access).
- Drive improvement of existing backup and disaster recovery capabilities (RTO/RPO), including testing and ensuring full environment rebuild from IaC.
- Design and enforce network architecture (segmentation, private endpoints, firewall/WAF).
- Lead infrastructure-related incident response, root cause analysis and production support.
- Improve logging, monitoring, and alerting architecture.
- Implement security controls in infrastructure aligned with SOC 2 and ISO 27001 requirements.
- Provide technical direction and quality control for remote Platform/DevOps engineers.
- Document current architecture, identify gaps, and drive improvements.
- Optimize cloud cost, performance, and reliability.
- Establish runbooks and operational processes.
Some Must-Haves:- 7+ years in cloud infrastructure, SRE, or cloud security roles, with experience operating production systems.
- 4+ years deep, hands-on Azure experience in production SaaS environments.
- Experience operating at Staff-level scope, shaping infrastructure decisions and standards.
- Strong Terraform/Bicep experience at production scale (module design, environment structure, governance).
- Proven experience designing cloud architecture, not just implementing existing designs.
- Experience owning production systems, including uptime, reliability, and incident response.
- Experience designing and executing disaster recovery strategies (RTO/RPO, restore procedures).
- Strong hands-on experience across Azure core platform components (App Services, networking, managed databases, IAM, storage, monitoring, and logging).
- Deep experience with Entra ID / Azure AD (RBAC, PIM, Conditional Access).
- Strong understanding of cloud networking and security (segmentation, private endpoints, firewall/WAF, zero trust).
- Experience designing or evolving infrastructure for multi-tenant SaaS platforms.
- Experience designing or contributing to regional or multi-region architectures, including data residency considerations.
- Experience in working with distributed or offshore engineering teams.
- Experience mentoring team members or leading technical teams.
- Strong written and verbal communication skills in English.
Nice to Have:- Experience managing PostgreSQL or other cloud databases.
- Familiarity with Cloudflare (WAF, Access, Zero Trust).
- Experience defining or implementing single-tenant deployment models.
- Experience with Azure Defender for Cloud, Microsoft Sentinel, or similar cloud security tooling.
- Familiarity with containerization (Docker, Kubernetes/AKS).
- Experience supporting SOC 2, ISO 27001, or similar frameworks (technical implementation).
- Azure certification (AZ-305, AZ-500)
- High ownership mindset with ability to operate independently, make decisions, and drive outcomes in a fast-moving environment.
Where We're Looking For It:- Schenectady, New York or Remote
Compensation Package (Salary Transparency for US Based Employees)- Contract to Hire
- Salary Range: $130,000 - $250,000
- Salary is negotiable and variable based on experience
Other InformationThe work hours will be approximately 9:00 am to 5:00 pm EST, depending on workload, with the occasional late night when a tight deadline calls for it. We work for security-conscious clients, thus background checks will be required.
Position available immediately. 
