Cloud Infrastructure Engineer

About the Role 

We are seeking an experienced Cloud Infrastructure Engineer to design, deploy, and administer cloud environments with a strong emphasis on virtualization, automation, and security. 

 This role owns the full lifecycle of cloud infrastructure — from virtual machine provisioning and network architecture to Infrastructure as Code (IaC) deployments and continuous monitoring.  

The ideal candidate brings hands-on experience managing AWS and/or Azure environments, operating container platforms, and translating operational complexity into scalable, secure solutions. Experience working in regulated or compliance-driven industries (e.g., healthcare, defense, finance) is a strong plus. 

Key Responsibilities 

Cloud Infrastructure & Virtual Systems Administration 

• Administer and maintain AWS and/or Azure environments, including day-to-day operations of virtual machines, networking, and storage.
• Manage VPCs, subnets, routing tables, security groups, NACLs, and private networking constructs
• Deploy, maintain, and optimize EC2 instances, RDS, S3, IAM, KMS, Secrets Manager, and CloudTrail
• Build and manage hardened VM images (AMIs / golden images) for consistent, repeatable deployments
• Implement and support high availability, auto-scaling, and disaster recovery configurations
• Support multi-account or multi-subscription cloud governance structures (e.g., AWS Organizations, Azure Management Groups) 

Infrastructure as Code (IaC) 

• Design and maintain infrastructure using Terraform, including modular design, remote state management, and workspace strategies
• Lead or support migrations from legacy IaC tooling (e.g., CloudFormation) to modern frameworks
• Enforce policy-as-code guardrails and maintain version-controlled infrastructure repositories
• Build reusable, secure baseline modules for VPC architecture, IAM roles, logging, monitoring, and encryption 

Virtualization & Containerization 

• Administer virtualized workloads across cloud environments, including sizing, patching, lifecycle management, and cost optimization
• Support container-based workloads in ECS and/or EKS, including cluster management, networking, and image security
• Assist with transitions from legacy compute paradigms (e.g., EBS-backed instances) to modern container or serverless architectures
• Implement automated drift detection and remediation for both VMs and containerized environments 

Automation & DevSecOps Integration 

• Identify and implement automation opportunities to reduce manual operational overhead and improve team velocity
• Integrate infrastructure provisioning and security controls into CI/CD pipelines (GitHub Actions, GitLab CI, or equivalent)
• Implement and maintain secure secrets management practices
• Collaborate with DevSecOps and application engineering teams to enforce least-privilege IAM policies and secure-by-default configurations 

Security, Compliance & Monitoring 

• Apply and maintain security hardening baselines (CIS Benchmarks, DISA STIGs) for Linux and Windows virtual systems
• Configure and monitor AWS CloudTrail, GuardDuty, Security Hub, Config, and centralized logging pipelines
• Support SIEM integration (e.g., Splunk, Microsoft Sentinel) and assist with incident response
• Maintain vulnerability management lifecycle including patching, remediation tracking, and reporting
• Support compliance efforts aligned with relevant frameworks (NIST 800-171, CMMC, HIPAA, SOC 2, or FedRAMP as applicable) 

Cross-Functional Collaboration & Documentation 

• Partner with development, security, and IT operations teams to deliver reliable, scalable services
• Produce and maintain thorough documentation — architecture diagrams, runbooks, SOPs, and evidence artifacts for audits or assessments
• Contribute to budget management, resource planning, and capacity forecasting for cloud environments 

Required Qualifications 

• 5+ years of experience in systems administration, cloud operations, or infrastructure engineering
• 3+ years of hands-on experience managing AWS and/or Azure environments, including virtual machine administration
• Strong Terraform experience, including modular design and state management; experience leading IaC migrations is a plus
• Demonstrated ability to automate operational workflows and reduce manual effort at scale
• Strong understanding of IAM, encryption (KMS, TLS), and network segmentation
• Experience with Linux (RHEL/Amazon Linux) and/or Windows Server in a cloud context
• Familiarity with containerization technologies (Docker, ECS, EKS, or Kubernetes)
• Solid understanding of CI/CD pipelines and DevSecOps practices 

Preferred Qualifications 

• Multi-cloud experience spanning AWS and Azure
• Experience in regulated industries such as healthcare (HIPAA), defense (CMMC/NIST 800-171), or financial services (SOC 2)
• AWS certifications (Solutions Architect, SysOps Administrator, Security Specialty) or Azure equivalents
• CompTIA Security+ or equivalent security certification
• Experience with AWS Control Tower, Landing Zones, or equivalent governance tooling
• Familiarity with SIEM platforms (Splunk, Microsoft Sentinel)
• Experience managing or mentoring distributed technical teams
• PMP, CSM, or similar project/program management certification
• Active DoD security clearance (Secret or above) or ability to obtain and maintain one 

Core Competencies 

• Infrastructure Ownership — takes end-to-end accountability for cloud environment health, security, and performance
• Automation Mindset — proactively identifies manual processes and replaces them with scalable, repeatable solutions
• Security-First Thinking — embeds security practices into every layer of infrastructure design and operations
• Cross-Functional Communication — translates technical complexity for business and compliance stakeholders
• Disciplined Documentation — produces clear, audit-ready artifacts without being asked
• Adaptability — comfortable operating across cloud providers, toolchains, and evolving compliance landscapes 

What Success Looks Like 

• Cloud environments (AWS/Azure + EKS) are stable, secure, observable, and documented
• Infrastructure changes are repeatable through IaC with clear review and rollback paths
• Monitoring/logging and vulnerability remediation are routine—not scramble-driven
• Audit support artifacts (diagrams/runbooks/evidence) are kept current and usable 

What We Offer: 

• A fully remote, results-based environment
• Competitive salary, bonus, and equity package
• 100% employer paid, comprehensive health insurance including medical, dental, and vision for you and your family
• Unlimited PTO, with your manager’s approval
• Flexible work environment where you manage your work day
• 14 weeks of fully-paid parental leave

Salary Range: $140,000-$180,000. This represents the typical salary range for this position based on experience, skills, and other factors.