Cloud Infrastructure Engineer
Lansing, MI
Full Time
Experienced
About the Position
The Cloud Infrastructure Engineer is responsible for designing, deploying, managing, and optimizing BS&A Software’s hybrid infrastructure across Microsoft Azure and Azure Local (formerly Azure Stack HCI) to ensure high availability, security, resiliency, and operational efficiency. This role is focused on infrastructure engineering across cloud and on-premises environments, including compute, storage, identity, backup and disaster recovery, network connectivity, and related platform services.
This position serves as the internal owner of Azure governance through Microsoft’s Cloud Adoption Framework (CAF), including management group design, subscription topology, policy assignments, and tagging standards. The Cloud Infrastructure Engineer configures and supports Azure services, Azure Local platforms, and core network and security infrastructure, including Palo Alto firewalls and Cisco network equipment, and supports migration, modernization, and ongoing operation of legacy and current workloads in hybrid environments.
The Cloud Infrastructure Engineer collaborates with security, infrastructure, and IT operations teams to implement secure, scalable, and supportable solutions that align with BS&A’s business objectives, operational requirements, and compliance expectations. This role also serves as the internal technical counterpart to third-party infrastructure and network partners, ensuring designs, configurations, and handoffs are validated, documented, and supportable in-house. The position requires strong hands-on Azure and networking expertise, sound operational judgment, and the ability to work independently on complex technical assignments.
Position Qualifications
Education
(This is not an all-inclusive list of all job duties that may be required; employees will be required to perform other related duties as assigned.)
Knowledge of
Supervision
Reports to VP of IT and Security
BS&A Software uses E-Verify as part of the I-9 process to verify the work eligibility of all new hires.
BS&A Software provides Equal Employment Opportunity to all employees and applicants for employment without regard to race, color, religion, gender identity or expression, sex, sexual orientation, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state, and local laws. BS&A Software complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.
BS&A Software is not open to third party solicitation or resumes for our posted FTE positions. Resumes received from third party agencies that are unsolicited will be considered complimentary.
If you need accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to [email protected].
The Cloud Infrastructure Engineer is responsible for designing, deploying, managing, and optimizing BS&A Software’s hybrid infrastructure across Microsoft Azure and Azure Local (formerly Azure Stack HCI) to ensure high availability, security, resiliency, and operational efficiency. This role is focused on infrastructure engineering across cloud and on-premises environments, including compute, storage, identity, backup and disaster recovery, network connectivity, and related platform services.
This position serves as the internal owner of Azure governance through Microsoft’s Cloud Adoption Framework (CAF), including management group design, subscription topology, policy assignments, and tagging standards. The Cloud Infrastructure Engineer configures and supports Azure services, Azure Local platforms, and core network and security infrastructure, including Palo Alto firewalls and Cisco network equipment, and supports migration, modernization, and ongoing operation of legacy and current workloads in hybrid environments.
The Cloud Infrastructure Engineer collaborates with security, infrastructure, and IT operations teams to implement secure, scalable, and supportable solutions that align with BS&A’s business objectives, operational requirements, and compliance expectations. This role also serves as the internal technical counterpart to third-party infrastructure and network partners, ensuring designs, configurations, and handoffs are validated, documented, and supportable in-house. The position requires strong hands-on Azure and networking expertise, sound operational judgment, and the ability to work independently on complex technical assignments.
Position Qualifications
Education
- Bachelor’s degree in Computer Science, Information Technology, Engineering, or a related field preferred.
- Microsoft Azure certifications such as Azure Administrator, Azure Solutions Architect, or other relevant cloud, networking, or security certifications are preferred.
- Equivalent combinations of education, training, and relevant experience may be considered in lieu of a degree.
- Minimum of 4 years of experience in cloud engineering, infrastructure engineering, systems administration, or network engineering, with a strong focus on Microsoft Azure and hybrid infrastructure.
- Hands-on experience designing, deploying, and supporting Azure infrastructure, including Virtual Machines, Storage, Virtual Networks, backup and disaster recovery, monitoring, and identity services.
- Experience supporting hybrid environments that integrate on-premises infrastructure with Azure, including Azure Local (formerly Azure Stack HCI), Windows Server, Hyper-V, hyperconverged infrastructure, or comparable virtualization platforms preferred.
- Experience implementing and managing Microsoft’s Cloud Adoption Framework (CAF), including management groups, subscription structure, Azure Policy, and governance guardrails.
- Strong experience with enterprise networking, including routing, switching, VLANs, VPNs, DNS, load balancing, segmentation, and firewall policy management.
- Hands-on experience administering and troubleshooting Palo Alto firewalls and Cisco network infrastructure.
- Experience designing and supporting Azure networking components, including Virtual Networks, VPN Gateways, ExpressRoute, Network Security Groups, Azure Firewall, and hybrid connectivity.
- Experience implementing and supporting identity and access controls using Microsoft Entra ID, Conditional Access, RBAC, Privileged Identity Management, and hybrid identity integration.
- Experience supporting Azure Virtual Desktop (AVD), including host pools, session hosts, scaling, profile management, and security baselines, preferred.
- Working knowledge of Microsoft Intune and Windows Autopilot in enterprise environments, including endpoint compliance architecture, provisioning guardrails, and Conditional Access integration.
- Proficiency in scripting and automation using PowerShell and Azure CLI; Python experience is a plus.
- Experience with infrastructure standardization, repeatable deployment methods, and infrastructure-as-code (IaC) using tools such as Terraform, Bicep, or ARM templates preferred.
- Familiarity with Azure cost management, performance monitoring, and capacity planning, including tools and practices used to optimize cloud spend and operational efficiency.
- Experience supporting core hybrid infrastructure services, including Active Directory, DNS, DHCP, and file services, preferred.
- Experience working with third-party infrastructure or network partners, including reviewing designs, validating configurations, and receiving technical handoffs.
- Experience supporting infrastructure for multi-tenant hosted or SaaS environments, including tenant isolation, high availability, segmentation, and security controls for customer-facing workloads, preferred.
(This is not an all-inclusive list of all job duties that may be required; employees will be required to perform other related duties as assigned.)
- Design, deploy, administer, and support Azure and Azure Local infrastructure across production and non-production environments.
- Own and maintain Azure governance standards aligned with Microsoft’s Cloud Adoption Framework (CAF), including management groups, subscription topology, policy assignments, and tagging standards.
- Configure, manage, and troubleshoot Azure networking and hybrid connectivity, including Virtual Networks, VPN Gateways, ExpressRoute, DNS, segmentation, and firewall controls.
- Administer and support Palo Alto firewalls and Cisco network infrastructure, including policy management, routing, switching, connectivity troubleshooting, and security hardening.
- Support Azure Local and related on-premises infrastructure, including hosts, storage, clustering, virtualization, and connectivity components.
- Implement and maintain identity and access controls using Microsoft Entra ID, Conditional Access, RBAC, and Privileged Identity Management.
- Engineer, maintain, and optimize Azure Virtual Desktop (AVD) infrastructure, including session hosts, scaling plans, profile management, and security baselines.
- Monitor infrastructure health, performance, availability, and cost using Azure Monitor, Log Analytics, Azure Cost Management, and related operational tools; proactively identify and resolve issues.
- Support the migration, modernization, and ongoing operation of workloads across Azure, Azure Local, and hybrid environments.
- Implement and maintain backup, disaster recovery, and business continuity capabilities across cloud and hybrid environments.
- Apply security best practices across cloud and network infrastructure, including encryption, segmentation, secure administration, logging, and privileged access controls.
- Use scripting and automation to improve operational efficiency, standardize configurations, and reduce manual administrative effort.
- Serve as the internal technical counterpart for infrastructure and network implementation partners, validating designs, reviewing deliverables, and ensuring long-term maintainability of the environment.
- Collaborate with End User Support to define and maintain architectural guardrails for Microsoft Intune, Windows Autopilot, Conditional Access integration, and endpoint compliance standards.
- Maintain technical documentation, architecture diagrams, runbooks, standards, and support procedures.
- Participate in incident response, problem management, root cause analysis, maintenance activities, and on-call rotation as required.
- Collaborate with security, IT operations, and other technical teams to align infrastructure with organizational standards, operational requirements, and compliance expectations.
- Provide Tier 3 escalation support for complex infrastructure, networking, and identity issues that extend beyond day-to-day support operations.
- Prior to hiring, BS&A requires that all candidates pass a background review.
Knowledge of
- Microsoft Azure infrastructure services, including compute, storage, networking, backup and disaster recovery, monitoring, and identity services.
- Azure governance principles aligned with Microsoft’s Cloud Adoption Framework (CAF), including management groups, subscription organization, policy assignments, and tagging standards.
- Hybrid infrastructure architecture, including integration of on-premises environments with Azure and Azure Local.
- Enterprise networking concepts and technologies, including routing, switching, VLANs, DNS, VPN connectivity, network segmentation, firewalls, and secure remote access.
- Azure networking architecture, including Virtual Networks, VPN Gateways, ExpressRoute, Network Security Groups, Azure Firewall, load balancing, and DNS.
- Palo Alto firewall administration concepts and network security policy principles.
- Cisco network infrastructure concepts, including switching, routing, and general network operations.
- Azure Virtual Desktop architecture and operational considerations.
- Microsoft Entra ID, Conditional Access, RBAC, Privileged Identity Management, and hybrid identity integration.
- Cloud and infrastructure security best practices, including encryption, privileged access management, key management, logging, segmentation, and compliance support.
- Azure monitoring and operational tools, including Azure Monitor, Log Analytics, alerting, and observability capabilities.
- Cost management, capacity planning, and optimization strategies for Azure infrastructure.
- Backup, business continuity, disaster recovery, and high-availability solutions across cloud and hybrid environments.
- Infrastructure patterns and operational considerations for SaaS and multi-tenant hosted environments, including tenant isolation, high availability, secure connectivity, and security guardrails for customer-facing workloads.
- Designing, deploying, administering, and maintaining Azure, Azure Local, and hybrid infrastructure environments.
- Implementing and maintaining Azure governance controls and standards aligned with Microsoft’s Cloud Adoption Framework (CAF).
- Configuring, supporting, and troubleshooting Azure networking, hybrid connectivity, and related enterprise network infrastructure.
- Administering and troubleshooting Palo Alto firewalls and Cisco network infrastructure.
- Supporting and optimizing Azure Virtual Desktop (AVD) and related platform services.
- Automating infrastructure administration and operational tasks using PowerShell, Azure CLI, and similar tools.
- Implementing and managing identity and access controls using Microsoft Entra ID, Conditional Access, RBAC, and related Microsoft security services.
- Monitoring, analyzing, and improving infrastructure performance, availability, resiliency, and cost efficiency.
- Diagnosing and resolving infrastructure issues across compute, network, identity, storage, and security layers.
- Developing and maintaining infrastructure documentation, runbooks, standards, diagrams, and operational procedures.
- Prioritize and manage multiple assignments, projects, and operational issues in a dynamic, fast-paced environment.
- Analyze and resolve complex infrastructure and network issues across Azure, Azure Local, and hybrid environments.
- Design and implement secure, scalable, resilient, and supportable infrastructure solutions aligned with business and operational requirements.
- Work independently on complex technical assignments while collaborating effectively with infrastructure, security, IT operations, and end user support teams.
- Communicate technical issues, risks, and recommendations clearly to both technical and non-technical stakeholders.
- Maintain accurate technical documentation, operational standards, and support procedures.
- Apply sound judgment during incidents, outages, maintenance activities, and change implementation.
- Serve as an effective technical counterpart to third-party infrastructure and network partners during design, implementation, and handoff activities.
- Stay current with changes in Azure, Azure Local, networking, and infrastructure best practices to continuously improve the environment.
- Participate in on-call support and respond effectively to operational emergencies as required.
- Primarily indoors office environment
- Rarely outdoors, in temperatures above 90 degrees or below 40 degrees
- Must be available for on-call rotation and to respond to maintenance activities, outages, and emergencies outside normal business hours as needed.
- Lifting floor to waist fifty (50) lbs
- Lifting waist to shoulder twenty-five (25) lbs
- Lifting shoulder to overhead twenty (20) lbs
- Carrying fifty (50) lbs for 10 feet
- Pushing/pulling fifty (50) lbs for 10 feet
Supervision
Reports to VP of IT and Security
BS&A Software uses E-Verify as part of the I-9 process to verify the work eligibility of all new hires.
BS&A Software provides Equal Employment Opportunity to all employees and applicants for employment without regard to race, color, religion, gender identity or expression, sex, sexual orientation, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state, and local laws. BS&A Software complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.
BS&A Software is not open to third party solicitation or resumes for our posted FTE positions. Resumes received from third party agencies that are unsolicited will be considered complimentary.
If you need accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to [email protected].
Apply for this position
Required*