Target Range:$120,000.00 /Yr. - $150,000.00 /Yr.
Actual starting pay will vary based on factors including, but not limited to, geographic location, experience, skills, specialty, and education.
Eligible for an Annual Discretionary Cash Bonus Target: 10%
Eligible for an Annual Discretionary Restricted Stock Units Bonus Target: 10%
These discretionary target bonuses may be awarded semi-annually based upon your achievement of performance goals and targets.
About This JobAxos Bank is seeking an experienced and technically deep Sr. Microsoft Azure Engineer to join the Microsoft Operations team in San Diego. This is a senior individual contributor role with full ownership of the Azure cloud platform and a primary partnership role alongside our Sr. Engineer and Technology Architect covering the broader Microsoft environment.
This is not a ticket-closing role. You will own the Azure platform, infrastructure, identity governance, security posture, cost management, and operational automation for a federally regulated financial institution. You will serve as technical peer and backup to our Sr. Architect, coordinate with sub-team leads covering identity, endpoint, and messaging domains, and play a direct role in positioning the team to support the bank's growing AI and data lake initiatives.
The right candidate is a well-rounded senior engineer who has operated in a regulated environment, brings genuine depth in both Azure infrastructure and Microsoft identity, and treats operational discipline, ticketing, documentation, change management, as a professional standard rather than an administrative requirement
Responsibilities:Azure Infrastructure- Design, deploy, and maintain Azure subscription architecture including management groups, resource groups, and naming and tagging governance across all subscriptions
- Own and administer Azure Virtual Network topology including hub-spoke design, VNets, subnets, NSGs, route tables, and VNet peering aligned to bank security requirements
- Manage IaaS and PaaS resource lifecycle - provisioning, scaling, monitoring, and decommission - with full change management documentation in ServiceNow
- Maintain the documented baseline state of the Azure environment; identify and remediate configuration drift from established standards on a defined cycle
- Serve as the primary technical owner for Azure-dependent infrastructure projects including AXOS Private Cloud and data lake infrastructure initiatives
Identity and Access Management- Administer and maintain Entra ID (Azure Active Directory) tenancy health - user lifecycle, group management, application registrations, and service principal governance
- Design, implement, and maintain Conditional Access policies, named locations, sign-in risk policies, and MFA enforcement in alignment with bank security policy and FFIEC guidance
- Manage Privileged Identity Management (PIM) including role activation policy, access reviews for privileged accounts, and just-in-time access configuration
- Monitor and maintain Azure AD Connect synchronization health; resolve sync conflicts; coordinate with the Sr. Architect on hybrid identity topology changes
- Coordinate with the Intune/GPO/Entra sub-team on endpoint compliance integration with Conditional Access and device-based authentication requirements
- Conduct and document semi-annual Azure RBAC assignment reviews and deliver findings to the Audit and Compliance Engineer
Security and Compliance Posture- Own Defender for Cloud operational posture - monitor, prioritize, and drive hands-on remediation of high and critical recommendations, not dashboard observation alone
- Manage Azure Policy assignments for baseline compliance enforcement; author and test policy definitions as bank requirements evolve
- Design and maintain RBAC assignments across Azure resources in alignment with least-privilege principles; document all role assignments with business justification
- Produce quarterly Azure security posture reports for the Audit and Compliance Engineer; provide documentation sufficient to satisfy KPMG audit requests related to Azure infrastructure and identity
- Participate as the Azure technical SME in KPMG audit preparation and response
- Maintain working knowledge of FFIEC IT examination guidance and align Azure governance practices accordingly
Cost Management and Governance- Own Azure Cost Management analysis, reporting, budget alert configuration, and anomaly detection across all Azure subscriptions
- Enforce tagging policy compliance; identify and remediate untagged or incorrectly tagged resources on a defined cycle
- Provide monthly cost forecasting and variance analysis to the Sr. IT Manager - communicate material spend changes before they appear in billing, not after
- Identify and recommend cost optimization opportunities including right-sizing, reserved instance analysis, and elimination of unused resources
Automation and Operational Excellence- Develop and maintain Azure Automation runbooks and PowerShell/Python scripts for operational task automation; prioritize progressive elimination of manual repetitive processes
- Configure and maintain Azure Monitor alerts, Log Analytics workspaces, and operational dashboards for infrastructure health and performance visibility
- Author and maintain runbook documentation for all operational procedures within the Azure domain - sufficient for another senior engineer to execute independently
- Participate in quarterly cross-team cross-training; contribute at least one procedural training session per cycle
Architectural Partnership- Serve as primary backup to the Sr. Engineer and Technology Architect for Azure decisions, architecture reviews, and cross-domain escalation during periods of unavailability
- Partner with the Sr. Engineer and Technology Architect on changes to hybrid identity topology, Entra tenant configuration, and Azure AD Connect sync rules - this is a genuine peer relationship with shared architectural ownership, not a sign-off chain
- Contribute to architectural discussions, design reviews, and platform standards development as a senior technical voice on the Microsoft Operations team
- Participate in the weekly leads synchronization meeting and contribute Azure platform status, blockers, and capacity to the standing agenda
ServiceNow and Change Management- You believe that undocumented work did not happen. Every change, request, incident, and proactive task gets a ServiceNow ticket before execution - full stop
- Complete ServiceNow change requests for all Standard, Normal, and Emergency changes including full description, rollback plan, and approval routing per change management policy
- Maintain change records with sufficient technical detail to serve as KPMG audit evidence
- Author ServiceNow knowledge base articles for any procedure that required meaningful effort to develop, debug, or resolve - the team does not re-solve the same problem twice
Requirements:- Bachelor's degree in Computer Science, Information Technology, Information Systems, or a directly related field; OR equivalent combination of education and verifiable professional experience
- 7+ years of hands-on, production-environment experience administering and engineering Microsoft Azure infrastructure and Microsoft identity technologies
- 5+ years administering Active Directory Domain Services in a multi-domain enterprise environment - Group Policy, OU structure, trust relationships, and schema-level understanding
- 4+ years with Entra ID (Azure Active Directory) including Conditional Access policy authoring, PIM configuration, and Azure AD Connect sync administration in a hybrid identity environment
- 3+ years of experience in a federally regulated industry - banking, financial services, healthcare, or government - with direct exposure to audit processes, change management requirements, and compliance documentation
- Demonstrated experience designing and maintaining Azure Virtual Network topology - hub-spoke architecture, NSG management, and on-premises connectivity
- Demonstrated experience with Defender for Cloud and Azure Policy including hands-on security recommendation remediation - not limited to monitoring
- Demonstrated experience with Azure Cost Management including budget configuration, cost anomaly detection, and spend forecasting across multiple subscriptions
- Proficiency in PowerShell scripting for Azure and Active Directory automation - scripts that are maintainable and executable by other engineers
Required Certification- Microsoft Certified: Azure Administrator Associate (AZ-104)
Axos Employee Benefits May Include:- Medical, Dental, Vision, and Life Insurance
- Paid Sick Leave, 3 weeks' Vacation, and Holidays (about 11 a year)
- HSA or FSA account and other voluntary benefits
- 401(k) Retirement Saving Plan with Employer Match Program and 529 Savings Plan
- Employee Mortgage Loan Program and free access to an Axos Bank Account with Self-Directed Trading
