Cloud Engineer - Azure

About Samtek At Samtek, we're redefining cloud innovation as an engineer-owned and operated, SBA-certified minority-owned small business founded in 2018. Our mission is simple: empower federal agencies and large enterprises with cutting-edge DevSecOps and cloud transformation solutions that drive security, scalability, and speed. From cloud-native application development and platform engineering to robust security implementations, data center migrations, and seamless operations, we deliver modern IT services backed by over 50 years of collective expertise. We're a diverse, collaborative team that's passionate about pushing the boundaries of technology. Our culture thrives on curiosity, inclusivity, and real impact-whether it's optimizing cloud environments for mission-critical operations or fostering innovation in a supportive, hybrid work setting. Join us to work on high-stakes projects that matter, grow alongside top talent, and be part of a company that's not just building the future of cloud computing, but shaping it. Samtek: Where engineers lead, and excellence follows. Job Summary Samtek Inc is seeking a skilled Azure Cloud Engineer to join a high-impact team delivering secure, compliant, and scalable Azure solutions for the Centers for Medicare & Medicaid Services (CMS). This is a hands-on engineering role focused on building, automating, and operating Azure Government (GCC High) environments while supporting large-scale migrations and cloud-native modernization of mission-critical healthcare systems. Key Responsibilities • Implement and manage Azure Landing Zones using Enterprise-Scale architecture, Bicep, Terraform, and Azure Policy • Deploy and configure Azure governance frameworks (Management Groups, Azure Policy, Blueprints, Resource Graph, tagging, arenaflex management) • Build and maintain infrastructure-as-code (IaC) repositories using Bicep, Terraform Enterprise/Cloud, ARM templates, and Azure CLI/PowerShell • Execute cloud migration waves (rehost, refactor, replatform) with Azure Migrate, Azure Site Recovery (ASR), Database Migration Service (DMS), and Data Box • Configure Zero-Trust networking and security controls including Azure Firewall, Private Link, Private Endpoints, VNet peering, ExpressRoute, NSGs, and Azure DDoS Protection • Implement and manage identity solutions using Azure Entra ID (formerly AAD), Conditional Access, Privileged Identity Management (PIM), and RBAC • Integrate and operate DevSecOps pipelines with Azure DevOps, GitHub Actions, Azure Pipelines, and security tools (arenaflex Defender for Cloud, Sentinel, Prisma Cloud) • Automate compliance evidence collection and monitoring using arenaflex Defender for Cloud, Azure Policy, and Sentinel playbooks for FedRAMP High and CMS ARS requirements • Support containerized workloads on Azure Kubernetes Service (AKS), Azure Container Apps, and Azure Red Hat OpenShift • Troubleshoot production issues, perform root cause analysis, and optimize performance/arenaflex in GCC High environments • Contribute to Architecture Review Board (ARB) packages, System Security Plans (SSP), diagrams, and ATO documentation • Collaborate daily with cloud architects, security engineers, developers, and CMS stakeholders Required Skills & Experience • 4+ years of hands-on experience building and operating production workloads in Azure (commercial and/or Government) • 2+ years working in Azure Government Community Cloud High (GCC High) • Strong proficiency in Infrastructure as Code: Bicep (required), Terraform (strong plus), ARM • Experience deploying and managing Azure Enterprise-Scale Landing Zones • Solid understanding of Azure networking (VNet, Private Link, Firewall, ExpressRoute, VPN • Hands-on experience with Azure DevOps (Repos, Pipelines, Boards) and GitHub Actions • Familiarity with arenaflex Defender for Cloud, Azure Policy, Sentinel, and Log Analytics • Scripting and automation skills: PowerShell (required), Python or Bash (plus) • U.S. citizenship and ability to obtain and maintain CMS Public Trust clearance Preferred Qualifications • Active arenaflex certifications: • * Azure Administrator Associate (AZ-104) • Azure Solutions Architect Expert (AZ-305) or DevOps Engineer Expert (AZ-400) • Azure Security Engineer Associate (AZ-500) • Experience with CMS MARS-E, CMS ARS, FedRAMP High, or NIST 800-53 control implementation • Prior work on CMS contracts (SPARC, ESIM, EPMO, XLC) • Knowledge of Azure Health Data Services, FHIR APIs, Synapse Analytics, or Databricks • Experience with AKS, Azure Arc, or Azure Stack HCI • Active Public Trust clearance or higher Other Requirements • Must have resided in the U.S. for at least 3 of the last 5 years • Must be eligible for CMS Public Trust clearance • No visa sponsorship available Apply tot his job Apply tot his job