Cloud Infrastructure Engineer

We are seeking a **Senior Cloud Infrastructure Engineer** to own and evolve a predominantly Azure-based infrastructure environment. This is a hands-on, senior-level individual contributor role with high autonomy and responsibility across cloud infrastructure, identity, endpoint management, and security. The right person serves as a technical authority across the Microsoft ecosystem, responsible for designing, operating, and continuously improving a cloud-first environment that supports a distributed workforce and field operations at scale. This role requires ownership, proactive communication, and the judgment to prioritize without constant direction. **Environment Overview** Cloud: Azure IaaS (primary platform) - VMs, Networking, Storage Accounts, Key Vaults, Azure Virtual Desktop Identity & Access: Microsoft Entra ID, Active Directory, RBAC, Conditional Access, MFA Data: SQL Server, Azure SQL Managed Instances Endpoints: ~2,000 Windows 11 field devices + ~800 Zebra Android handhelds Productivity: Microsoft 365 E5 - Exchange Online, Teams, SharePoint, Defender suite Network: All-Fortinet; day-to-day management handled by third-party vendor Security: Microsoft Defender for Endpoint, EDR, Vulnerability Management via M365 E5 stack **Core Responsibilities** Own day-to-day administration of Azure IaaS infrastructure - virtual machines, networking, storage, Key Vaults, and Azure Virtual Desktop Manage Entra ID and Active Directory: user lifecycle, RBAC, Conditional Access policies, MFA, and SSO integrations Administer SQL Server and Azure SQL Managed Instances including patching, performance monitoring, and availability Lead endpoint management across Windows 11 and Android (Zebra) devices via Microsoft Intune - policy configuration, compliance, app deployment, and the ongoing Zebra rollout Maintain and optimize Microsoft 365 E5 services: Exchange Online, Teams, SharePoint, and the Defender security suite Perform patch management, vulnerability remediation, and security baseline enforcement across the server and endpoint fleet Execute and maintain disaster recovery and backup procedures; participate in DR testing and unplanned outage response Develop and maintain PowerShell automation to reduce manual operational overhead for the team Document system configurations, architecture decisions, and change history; maintain operational runbooks Participate in on-call rotation; support planned maintenance windows and off-hours patching Act as escalation point for infrastructure issues from the broader IT team **Required Qualifications** 5+ years of hands-on Windows Server administration in production environments 4+ years of Azure IaaS experience - VMs, VNets, NSGs, Storage, Key Vaults, Azure Virtual Desktop Strong Entra ID (Azure AD) expertise: RBAC, Conditional Access, identity governance, hybrid identity Production experience with SQL Server and/or Azure SQL Managed Instances Proficiency in PowerShell scripting for infrastructure automation and operational tooling Experience with Microsoft 365 administration - Exchange Online, Teams, SharePoint Familiarity with Microsoft Defender suite and endpoint security operations within M365 E5 Solid understanding of networking fundamentals (TCP/IP, DNS, firewall concepts, VPN, routing) Demonstrated ability to work autonomously - self-direct priorities, manage workload without daily oversight Strong written and verbal English communication skills; comfortable in vendor and stakeholder calls **Preferred Qualifications** Fortinet experience - hands-on FortiGate administration or FortiManager familiarity is a strong differentiator Microsoft Intune & endpoint management - Intune policy authoring, compliance baselines, app deployment across Windows and Android devices Vulnerability management - experience with Defender Vulnerability Management or equivalent within the M365 E5 stack Android / mobile device management - prior Zebra or ruggedized Android device deployment experience a plus given the active rollout Relevant certifications - AZ-104 (Azure Administrator), AZ-305 (Azure Solutions Architect), SC-300 (Identity & Access), MS-102 (M365 Administrator) or equivalent **On-call expectations** Participation in a shared on-call rotation (~1 week every few weeks) Occasional off-hours maintenance windows for patching and upgrades Low-to-moderate incident volume, with a focus on proactive stability **What Makes a Great Fit** You treat infrastructure as a product - documented, repeatable, and improvable over time You proactively identify gaps and surface them with proposed solutions, not just problem reports You can context-switch between strategic architecture discussions and hands-on troubleshooting in the same day You communicate clearly with non-technical stakeholders and hold your ground constructively in vendor conversations You are comfortable owning work streams end-to-end with minimal hand-holding **Why This Role Matters** Own and shape a 99% Azure IaaS environment with minimal on-prem footprint Drive improvements across identity, endpoint management, and security posture Operate in a high-autonomy environment with direct impact on infrastructure direction Work with enterprise-scale systems supporting thousands of endpoints and users Influence standards, automation, and long-term infrastructure strategy **About Us** Established in 2011, Trinetix is a dynamic tech service provider supporting enterprise clients around the world. Headquartered in Nashville, Tennessee, we have a global team of over 1,000 professionals and delivery centers across Europe, the United States, and Argentina. We partner with leading global brands, delivering innovative digital solutions across Fintech, Professional Services, Logistics, Healthcare, and Agriculture. Our operations are driven by a strong business vision, a people-first culture, and a commitment to responsible growth. We actively give back to the community through various CSR activities and adhere to international principles for sustainable development and business ethics. To learn more about how we collect, process, and store your personal data, please review our Privacy Notice: <https://www.trinetix.com/corporate-policies/privacy-notice>