Cloud Infrastructure Engineer I

Description

Position Summary:

The Cloud Infrastructure Engineer - I role will develop, implement, and support related services and solutions for consulting clients. This position will build a customer-focused relationship with clients to identify business challenges and develop specifications and requirements to arrive at the best solution.

This is a technical and challenging but exciting and rewarding role that brings expectations for expertise across Azure Infrastructure, M365, and Entra ID – with security throughout and extending into adjacent technologies. Our team is predominantly customer-facing, dedicating most of each work week to direct consultations with clients.

This role will develop specializations around technology sets such as platform, infrastructure, and security and around multiple target customer profiles such as K-12, higher education, SMB, enterprise/commercial, and/or government. The Cloud Infrastructure Engineer I is expected to obtain and hold a minimum of three (3) certifications, to meet the demand and expectations of our customers and to meet the requirements of our partner designations. An individual certification path towards meeting these goals will be included on a professional development plan upon hire.

The Cloud Infrastructure Engineer I will specialize or possess a well-rounded combination of one of the following Microsoft Cloud focus areas: Azure Infrastructure (IaaS/PaaS), End-user Compute (EUC): Microsoft Intune and Defender for Endpoint/Server; and/or Security, with a focus on Microsoft Purview.

Roles and Responsibilities/ Essential Functions:

• Work as a member of the HBS Cloud Architecture Team (CAT) as a leader and contributor that provides consultative and proactive project support to Heartland Business Systems’ (HBS) account base.
• Collaborate across multiple internal teams to ensure successful delivery and timely execution of the scope of work.
• Contribute to product selection, configuration standards, and best practices.
• Provide support, maintenance, and administration for customer environments.
• Assist with the development and implementation of the Azure cloud security architecture for protecting PHI/PII/PCI data deployed into various cloud, hybrid, HBS Cloud, and on-premises systems.
• Implement and manage security architectures for cloud/hybrid systems.
• Assist in the process to assess, develop, implement, optimize, and document a comprehensive set of security technologies and processes, data protection, cryptography, key management, identity, and access management (IAM) within SaaS, IaaS, PaaS, and other cloud environments.
• Work in and always model a positive team atmosphere between regional and virtual practices while maintaining a professional and respectful demeanor. 
• Create and maintain detailed documentation of past projects to potentially provide time estimates and project scopes for new related projects.
• Obtain and maintain current vendor/industry specific certifications and stay current on new products and solutions by utilizing networks of resources.
• Minimum of 1,450 hours (billable + presales) per fiscal year prorated based on start date. These charge hour requirements will be balanced against professional development and on-the-job training.

Requirements

Competencies:

• Accountability - Ability to accept responsibility and account for his/her actions.
• Adaptability - Ability to fit into a changing environment.
• Ambition - Extent that an individual demonstrates drive and initiative in seeking personal advancement or recognition.
• Applied Learning - Applied learning looks at whether an individual takes part in needed learning activities in a way that makes the most of the learning experience.
• Decision Making - Selecting an effective course of action while controlling resources and expenditures.
• Detail Orientated - Ability of an individual to pay meticulous attention to all aspects of a situation or task, no matter how small or seemingly unimportant.
• Ethical - Ability to be guided by the company’s accepted principles of moral conduct.
• Interpersonal - Interpersonal skills look at the ability of the individual to develop and maintain relationships with others.
• Organized - Ability of an individual to be structured and methodical in working skills.
• Persistence - Ability to continue in a course of action in the face of adversity.
• Technical Aptitude - Ability to relate to topics which require an understanding or specialized knowledge.

Required Experience:

• 6 months to 1 year in a technical-related field, internship, or equivalent.

Preferred Experience:

• At least 1 year in a technical-related field.
• Experience working as a consultant.
• Microsoft Cloud and Identity solutions – Including but not limited to: 
• Entra ID (EID / Azure AD / AAD), Entra Connect, SAML SSO and OpenID Connect (OIDC), Conditional Access, Multi-Factor Authentication (MFA), Self-Service Password Reset (SSPR), Password Protection, Passwordless Authentication, Privileged Identity Management (PIM)
• Microsoft Azure Infrastructure:
• Virtual Machines and Azure Virtual Desktop (AVD)
• Networking and DNS, including Network Security Groups (NSGs), VPN Gateways, Traffic Managers, Load Balancers, Private Link, and ExpressRoute.
• Storage
• Azure Backup, Azure Site Recovery
• Azure Update Manager
• Pricing & Cost Management
• Azure Secure Score
• Designing and architecting systems-based solutions with a focus on the cloud: IaaS, PaaS, and SaaS.
• Installing and supporting Microsoft enterprise products, including Active Directory (AD) Domain Services (ADDS).
• Comprehensive understanding of IP networking protocols, including DNS, static routing, TCP, UDP, and ICMP.
• Configuring on-premises networking, especially firewalls (Palo Alto, Cisco, and/or Fortinet) – towards creating and supporting site-to-site IKE/IPSEC site-to-site (S2S) VPN connections with Azure environments.
• Microsoft Intune and Defender for Endpoint / Server: 
• Intune, Endpoint Management, Endpoint Security, Application Management, Windows Autopilot, Defender for Endpoint (MDfE / MDATP), Defender for Servers, Attack Surface Reduction (ASR) rules, Secure Score
• Microsoft Security: Purview – including, but not limited to:  
• Audit, Data Lifecycle Management / Retention Policies, eDiscovery, Data Loss Prevention (DLP), Information Protection (AIP), Defender for Office 365 (MDO / M365D), Defender for Identity (MDI / AATP), Defender for Cloud,Defender for Cloud Apps (MCAS / MDCA), Secure Score
• PowerShell, Python, or other scripting and development background.
• Azure Sentinel, including Kusto Query Language (KQL).
• Public Key Infrastructure (PKI), including working with X.509 certificates and CSRs.
• Orchestration and automation of cloud deployment (Bicep & ARM Templates, Terraform, Chef, Ansible, etc.)
• Developing and maintaining security architecture for PHI/PII/PCI data in various cloud, hybrid-cloud, HBS Cloud and on-premises systems.
• Thycotic / Delinea Secret Server Cloud (SSC) – deployment and configuration.
• Dynamic IP routing protocols, including BGP.
• Familiarity or experience with: 
• Microsoft Exchange, Linux, Cisco (Hyperflex, Nexus, UCS), HPE Nimble, HPE ProLiant, Dell PowerEdge, VMware ESXi, Nutanix, Hyper-V, Software Defined Networking (SDA, SD-WAN)
• ConnectWise and Hudu.

Required Skills, Education and/or Certifications:

• Bachelor’s Degree or equivalent (or relevant) certifications.
• One or more of the following certifications (or another equivalent or higher certification from the below preferred certifications): Microsoft Certified: Azure Fundamentals (AZ-900) or Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900)
• Must be able to successfully pass a background check per Criminal Justice Information Services (CJIS) requirements, including fingerprinting and criminal history review.

Preferred Skills, Education and/or Certifications:

All focus areas:

• Microsoft Certified: Security Operations Analyst Associate (SC-200)
• Microsoft Certified: Identity and Access Administrator Associate (SC-300)
• Microsoft 365 Certified: Administrator Expert (MS-102)
• Microsoft 365 Certified: Security Administrator Associate (MS-500, retired)
• Microsoft Azure Infrastructure:
• Microsoft Certified: Azure Administrator Associate (AZ-104)
• Microsoft Certified: Azure Virtual Desktop Specialty (AZ-140)
• Microsoft Certified: Azure Developer Associate (AZ-204)
• Microsoft Certified: Azure Solutions Architect Expert (AZ-305)
• Microsoft Certified: Azure Security Engineer Associate (AZ-500)
• Microsoft Certified: Azure Network Engineer Associate (AZ-700)
• Certified Linux Administrator (LPIC-1)
• Cisco Certified Network Associate (CCNA)
• VMware Certified Professional (VCP)
• Microsoft Intune and Defender for Endpoint / Server:
• Microsoft 365 Certified: Endpoint Administrator Associate (MD-102)
• Microsoft Certified: Windows Server Hybrid Administrator Associate (AZ-800, AZ-801)
• Microsoft Security / Purview:
• Microsoft Certified: Information Security Administrator Associate (SC-401)
• Microsoft Certified: Cybersecurity Architect Expert (SC-100)
• (ISC)2 Certified Information Systems Security Professional (CISSP)
• (ISC)2 Certified Cloud Security Professional (CCSP)
• (ISC)2 Certified Secure Software Lifecycle Professional (CSSLP)

Equal Opportunity Employer - Including Disabled and Veterans

#HBS